Privacy and data
AGAS has three scope levels for capabilities:
| Scope | Who sees it | Example |
|---|---|---|
| `org` | Only your business | Your intranet, a SharePoint site |
| `private` | Only specific users | Custom sensitive capabilities |
What's shared
Recipes for public capabilities are pooled across tenants. This means AGAS learns how to extract BNA dollar once — the next tenant who asks gets a replay for free. That's the core of the platform's economics.
Before a recipe is marked public, AGAS staff reviews screenshots (scrubbed of tenant-specific data) to ensure nothing sensitive leaks.
What's never shared
Your datasets: — every tenant's data is strictly isolated. Another tenant using the same public capability accumulates its own history, separately.
Screenshots of your sessions: — any screenshots captured during org/private capability exploration stay in your tenant bucket.
Credentials: — AGAS does not store credentials. The browser extension uses your existing browser session (cookies, SSO tokens). If you log out, Sol can't access that site.
Your process definitions: — even if two tenants have the same process conceptually, the definitions are separate.
RLS (Row Level Security)
At the database level, every query from a user session is filtered by their business_id. Staff can bypass this with service role for support and debugging — this is audited.
What AGAS can see (for support)
For your business AGAS staff can read:
Your traces (when investigating an incident)
Your datasets (sample rows for debugging)
Your cost ledger (for billing / support)
Your capabilities and recipes
Staff access is logged. For GDPR / LGPD / Ley 25.326 compliance we can produce an access report on request.
Data deletion
Request deletion at support@agas.ar. We hard-delete:
All capabilities you own
All datasets (including rows)
All process executions and traces
All cost_ledger entries
Public capabilities (that were originally learned from your session but promoted to public after staff review) are retained as part of the shared pool — if you need them removed too, specify that in the request.
Compliance roadmap
Target certifications in priority order:
ISO 27001 — evaluate at ≥2 Pilots requiring it
DPA templates per country (AR, BR, MX, CL, CO)
LGPD (Brazil)
Ley 25.326 (Argentina)
CPRA (Mexico) — on demand
SOC2 is explicitly parked until US pipeline justifies the cost.