Privacy Policy

Peta Privacy Policy

Last updated: December 2025

Peta keeps secrets server-side and routes risky agent actions through human approvals. This policy explains what we collect, how we use it, and how we protect it.

Vault-backed secrets Zero-trust MCP gateway Short-lived tokens Audit trails Human approvals

1. Information We Collect

  • Account details you provide (name, email, workspace metadata).
  • Configuration data for agents, tools, policies, and approvals.
  • Product usage and audit events (for security, reliability, and compliance).
  • Support communications you send to our team.

2. How We Use Information

  • To operate the agent vault, MCP gateway, and Peta Desk approvals.
  • To secure accounts, enforce policies, and investigate abuse.
  • To provide support, product updates, and reliability improvements.

3. Secrets & Security

External credentials stay encrypted in Vault and are injected server-side at runtime. Agents and users receive short-lived tokens instead of raw API keys. Access, approvals, and decryptions are logged for audit.

We segregate environments and tenants, follow least-privilege, and never sell your data.

4. Your Choices

  • Access, update, or delete your account data.
  • Export audit logs for compliance reviews.
  • Opt out of non-essential communications.

5. Data Retention

We retain account and audit records while you use the service. You may request deletion of account data; some logs may be retained where required for security or legal purposes.

6. Contact

Questions about this policy? Email privacy@peta.io.