Agent Panel

Privacy Policy

Agent Panel is a browser workspace for managing Claude Code, Codex, and Gemini sessions running on your machines. This Privacy Policy explains what information Conn Castle Studios collects, how we use it, when we share it, and the choices available to you.

Last updated: April 29, 2026

This Privacy Policy applies to the Agent Panel marketing site, sign-up and sign-in flows, hosted web application, billing flows, support interactions, the relay service used to connect your browser to your machines, and the Agent Panel client software (collectively, the "Services").

In this Policy, "Conn Castle Studios," "we," "us," and "our" refer to Hardware Breakout LLC doing business as Conn Castle Studios. "You" refers to the person or entity using the Services.

1. Information We Collect

We collect different categories of information depending on how you interact with Agent Panel.

Information you provide or authorize

  • Account information used to create and maintain access to Agent Panel, such as your email address and the account identifiers managed through Clerk.
  • Billing and transaction information needed to sell and administer paid plans, including your Stripe customer and subscription identifiers and the billing details Stripe shares with us for plan administration.
  • Information you send to us in support requests, feedback, waitlist forms, or other direct communications.

Control-plane and workspace data

  • Client registration data such as client names, machine identifiers, device identity public keys, operating system family, operating system display names, and heartbeat timestamps.
  • Project registry data such as project names and local file paths associated with your connected machines.
  • Workspace data such as saved layouts, recent layouts, layout trees, pane structure, top-project summaries, current workspace drafts, and user preferences that sync across browsers.
  • Billing snapshots and ledger data, including plan slug, billing period, subscription status, payment method brand, payment method last four digits, expiration month/year, invoice references, Stripe event references, and reconciliation timestamps.

Usage, device, and diagnostic information

  • Device, browser, and request information such as IP address, user agent, timestamps, page paths, navigation type, and similar service-usage metadata.
  • Waitlist and acquisition metadata such as landing page, referrer, campaign parameters, allowed ad click identifiers, and first-party event identifiers used to understand which public pages and campaigns lead to waitlist sign-ups.
  • Performance and reliability data, including first-party web vitals and startup-performance events that we log to our infrastructure for operational monitoring.
  • Error-reporting data from the browser, server, relay, and client software, including crash diagnostics and related technical context. In the browser, Sentry replay is configured only on error and is masked to hide text, inputs, and media.
  • Security and authentication records such as token timestamps, refresh-token family data, auth-code metadata, webhook processing records, and service logs used to operate the platform.

Session traffic and session-related metadata

  • When you actively use Agent Panel, the relay and client transmit session payloads needed to render the product, which can include terminal output, prompts, responses, file content, diffs, command output, and other interactive workspace data.
  • Agent Panel is designed so that this session traffic is forwarded as encrypted-in-transit payloads between your browser and the client running on your machine. Our control-plane database is not intended to store this session content as part of normal operation.
  • We may still process limited session metadata such as session identifiers, client identifiers, routing data, timestamps, and error context needed to authenticate, transport, secure, and troubleshoot the Services.

2. Sources of Information

We collect information from several sources:

  • Directly from you when you sign up, subscribe, connect a client, save a layout, or contact us.
  • From service providers you choose to use with Agent Panel, including Clerk for authentication and Stripe for payments and subscription management.
  • Automatically from your browser, device, relay connections, and client software when you use the Services.
  • From our infrastructure and logging systems when we monitor performance, availability, fraud, abuse, and operational health.

3. How We Use Information

We use personal information to:

  • Provide the Services, including authentication, account creation, client registration, project and layout management, workspace recovery, and paid-plan administration.
  • Connect your browser to your machines, route encrypted session traffic, maintain active relay sessions, and preserve service continuity across browsers and devices.
  • Process payments, manage subscriptions, reconcile billing snapshots, prevent payment abuse, and deliver receipts or billing notices.
  • Monitor, secure, debug, and improve the Services, including investigating bugs, crashes, failed sessions, suspicious activity, and performance bottlenecks.
  • Enforce our Terms, protect our rights and users, respond to lawful requests, and comply with legal, accounting, and tax obligations.
  • Communicate with you about account activity, product updates, security notices, support responses, and other service-related matters.

4. Cookies, Browser Storage, and Similar Technologies

Agent Panel uses a limited set of cookies and similar browser technologies for functional and operational purposes.

  • Clerk session cookies are used to keep you signed in and to secure authenticated browser access.
  • If we run a coming-soon or invite gate, we may set an invite bypass cookie so invited visitors do not need to re-enter an invite token on every visit.
  • The app may use browser cookies or similar local browser state for product preferences and UI state, such as sidebar or layout preferences.
  • Public marketing pages may use first-party session storage to preserve campaign source and landing-page attribution through waitlist submission.
  • We do not currently use advertising cookies or third-party cross-context behavioral advertising trackers in Agent Panel.

You can control cookies through your browser settings, but some parts of the Services may not work properly if required cookies are blocked or deleted.

5. How We Disclose Information

We disclose information only as reasonably necessary to operate Agent Panel, fulfill your requests, or comply with law.

  • Authentication provider: Clerk helps us run sign-up, sign-in, and authenticated browser sessions.
  • Payment processor: Stripe helps us create customer records, host checkout and billing portal flows, process charges, and manage subscription events.
  • Hosting and database providers: We use Fly.io for application and relay hosting, Tigris for staging client-binary storage, Axiom for structured log storage, and Neon-managed Postgres for control-plane data.
  • Error-reporting provider: Sentry receives browser, server, relay, and client diagnostic events subject to the masking and scrubbing controls built into the product.
  • Professional advisors and legal process: We may disclose information to lawyers, auditors, insurers, regulators, or law enforcement when required or reasonably necessary to protect the Services, our users, or our rights.
  • Business transfers: We may disclose information in connection with a merger, financing, acquisition, reorganization, or sale of all or part of our business.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

6. Data Retention

We retain information for as long as reasonably necessary to provide the Services, maintain security, comply with legal and accounting obligations, resolve disputes, and enforce our agreements.

  • Account records, connected-client records, projects, layouts, and user preferences are generally retained while your account is active and for a reasonable period afterward.
  • Billing records, Stripe webhook ledgers, and related payment data may be retained longer to comply with finance, tax, fraud-prevention, and audit requirements.
  • Diagnostic logs, performance logs, and error-reporting data are generally retained according to operational need and the retention settings of the systems that store them.
  • Encrypted relay session traffic is intended to be forwarded for transport rather than stored as persistent control-plane content, although related metadata and troubleshooting records may remain in logs or diagnostics.

7. Your Choices and Rights

Depending on where you live, you may have the right to request access to, correction of, deletion of, or information about the personal information we maintain about you. You may also have the right to object to certain processing or appeal a denied privacy request.

Agent Panel also offers practical controls that may help you manage your data:

  • You can manage account access and many authentication settings through the Clerk-powered account experience.
  • You can manage paid subscriptions and payment methods through Stripe-hosted billing flows when those are available for your account.
  • You can disable client-side crash telemetry in the Agent Panel CLI with agent-panel telemetry off or by setting AGENT_PANEL_TELEMETRY=off.
  • You can clear or block non-essential browser storage through your browser settings, subject to the functional limits described above.

To submit a privacy request, use the contact information in the Contact section below. We may ask you to verify your identity before completing a request.

8. International Transfers

Conn Castle Studios is based in the United States, and the Services are hosted and supported through providers that may process information in the United States and other countries where they operate. By using the Services, you understand that your information may be transferred to and processed in jurisdictions that may have different data-protection laws than your home country.

9. Children's Privacy

Agent Panel is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us so we can review and address the issue.

10. Security

We use administrative, technical, and organizational measures designed to protect personal information, including authentication controls, access restrictions, provider security features, and encryption in transit. Browser sessions use authenticated access, and Agent Panel's relay forwards encrypted session traffic in transit between your browser and the client running on your machine.

No security measure is perfect, and we cannot guarantee that information will always remain secure. You should also protect your own devices, accounts, and credentials.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, the law, or our practices. When we do, we will post the revised version here and update the "Last updated" date at the top of the page. If a change is material, we may also provide additional notice through the Services or by other appropriate means.

12. Contact

Conn Castle Studios
Hardware Breakout LLC
3 Cressier Ct.
Fairport, NY 14450

If you have questions about this Privacy Policy or want to make a privacy request, please contact us at the address above.