Privacy Policy
Last updated: June 18, 2026
This Privacy Policy explains how camolabs collects, uses, and protects information when customers use the camolabs platform.
Information We Collect
camolabs may collect:
- Account information, such as name, email address, organization membership, and authentication metadata.
- Site configuration, such as domains, Agent Page drafts, Actions, and required fields.
- Agent Page activity, such as preview views, Agent Page served at source URLs, Action access, validation visits, task completions, and task failures.
- Technical data, such as IP address, device and browser information, logs, diagnostics, and request metadata.
- Support communications and other information provided directly to camolabs.
How We Use Information
camolabs uses information to:
- Provide, secure, maintain, and improve the platform.
- Authenticate users and manage organization, site, Agent Page, and Action settings.
- Publish customer-approved Agent Pages and describe customer-approved Actions.
- Measure scan state, Agent Page usage, task validation outcomes, Action access, completions, and failures.
- Communicate about the service, including support and important product updates.
Customer Content
Customers control the Agent Pages, Actions, and required fields they configure in camolabs. Customers are responsible for ensuring they have the right to publish content and process information through their approved Actions.
Service Providers and Subprocessors
camolabs uses third-party service providers to operate, secure, and improve the platform. These providers may process limited customer or personal data on behalf of camolabs for purposes such as hosting, authentication, database services, application monitoring, transactional email, site scanning, and AI page generation.
Current camolabs subprocessors include:
| Subprocessor | Purpose | Data categories |
|---|---|---|
| WorkOS | Authentication, organization membership, and session management | User account data, organization identifiers, authentication metadata |
| Supabase | Database and application data services | Organization data, site configuration, Agent Page configuration, activity events |
| Upstash Redis | Rate limiting and abuse prevention | Hashed rate-limit keys, request counters, limited request metadata |
| Cloudflare | Application hosting and edge delivery | Request metadata, application logs, public site assets |
| Sentry | Error monitoring and application diagnostics | Error traces, request metadata, diagnostic context |
| Resend | Transactional email sent by camolabs | Email addresses, message content needed for delivery |
| Firecrawl | Site scanning and page content extraction | Public site page content and crawl metadata |
| OpenAI | AI generation of agent-ready pages and task validation | Public site page content, model prompts, and model outputs |
| Anthropic | AI generation of agent-ready pages and task validation | Public site page content, model prompts, and model outputs |
| Gemini AI generation of agent-ready pages and task validation | Public site page content, model prompts, and model outputs |
This list covers providers camolabs uses to run the service. It does not list customer-owned webhook endpoints configured for Actions.
camolabs may also share information when required by law, to protect rights and security, or in connection with a business transaction.
Retention
camolabs retains information for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Customers may request deletion according to their agreement with camolabs.
Security
camolabs uses administrative, technical, and organizational safeguards designed to protect information. Customer data is protected with row-level security, encryption at rest, and HTTPS/TLS encryption in transit.
camolabs publishes customer-approved Agent Pages and Action metadata to agents while keeping scan internals and workspace settings private to authorized workspace members. No system is perfectly secure, so customers should limit workspace access to authorized users.