Privacy & data handling

What we collect, where it goes, how long it stays. AgentDrive is in beta — this page is updated as the data flow changes. Last updated 2026-05-19.

What you put in your drive

Artifacts you (or your agents) upload are stored in Google Cloud Storage in the us-central1 region. The artifact body lives at a content-addressed key under a per-drive prefix; artifact metadata (path, size, content type, visibility, your supplied metadata dict) lives in our Postgres database (Cloud SQL, same region). Artifacts marked private are gated by your bearer token or your signed-in session cookie — they are not reachable by URL without one of those.

What gets sent to third parties

• No LLM processing. AgentDrive is currently running with the wiki/indexing feature disabled. Uploaded artifact contents stay in AgentDrive and Google Cloud Storage and are never sent to any third-party LLM provider.
• Resend (email delivery). Sign-in magic-links are sent via Resend. We pass your email address and the sign-in link; Resend's privacy policy applies to delivery and bounce processing.
• No analytics, no tracking pixels, no third-party JS. AgentDrive does not run Google Analytics, Segment, Mixpanel, Sentry, or any session-replay tool. We do not embed third-party fonts or scripts.

Logs & retention

• Application logs (errors, indexer activity) and Cloud Run access logs (request method, path, status, latency, source IP) are retained for 30 days by default.
• Magic-link tokens never appear in access logs. The email link puts the token in the URL fragment, which browsers do not send to the server.
• Sign-in failure logs use a redacted form of your address (***@domain.tld); the local-part is never logged.
• Cloud SQL automated backups are kept for 7 days for disaster-recovery. A deleted drive is removed from the live database immediately, but it may remain in a backup snapshot until that snapshot ages out (up to 7 days).
• Cloud Storage object versioning is not enabled. Deleted bytes are removed from GCS within seconds of the delete request.

Account deletion

Deleting your account from /settings/danger triggers, in order:

1. Drive row deleted from Postgres (immediate).
2. All artifact rows cascade-deleted (immediate, same transaction).
3. All blobs in your cas/<drive_id>/ GCS prefix deleted (best-effort, leaks logged).
4. Any magic-link tokens tied to your email are deleted.
5. Your row may persist in Cloud SQL backup snapshots for up to 7 days.

Your data, your access

• Read everything. Use the API (GET /v0/artifacts, GET /v0/artifacts/<path>) or MCP (list_artifacts, read) to enumerate and download every artifact in your drive.
• Delete anything. DELETE /v0/artifacts/<path> or MCP delete. Removes from DB + GCS.
• Delete the whole drive. /settings/danger.

Cookies

AgentDrive uses one cookie: ad_session, a signed session cookie that holds your drive id and a CSRF token. It is HttpOnly, SameSite=Lax, and (in production) Secure. We use no advertising or analytics cookies.

Contact

Questions, data-export requests, deletion verifications, or anything else privacy-related: hello@mnexa.ai.