Privacy & Security

Last Updated: December 2025

1. Introduction

At Focus Agents, we believe in 'Managed Intelligence.' This means we provide the reasoning engine, but we do not store the fuel. This policy outlines our commitment to ephemeral, zero-retention processing.

2. Zero-Retention Architecture

Focus Agents operates on a strict 'Ephemeral Processing' model. When you deploy an agent, data (such as transcripts or Figma frames) is streamed into our secure memory environment solely for the duration of the analysis. Once the artifact (Slide Deck, PDF, or Ticket) is generated, the raw input cache is instantaneously and permanently wiped. We do not maintain a database of your intellectual property.

3. AI Model Isolation

We utilize commercial enterprise tiers of LLMs (via Anthropic & OpenAI) that explicitly opt-out of model training. Your strategic data, roadmaps, and research never become training fodder for public AI models. Your IP remains yours.

4. Permissions & Draft Mode

Our agents act as 'Drafting Partners,' not admins. For tools like Jira, our agents request only the minimum permissions necessary to stage tickets in a 'Draft' or 'Backlog' state. The agent cannot publish, delete, or alter live production data without human approval.

5. Security Infrastructure

Our managed workflows are hosted on private, isolated instances. All data in transit is encrypted via TLS 1.3. For Enterprise clients, we support deploying agents directly into your own VPC (Virtual Private Cloud), ensuring data never leaves your perimeter.

6. Enterprise BYOK Customers

For Enterprise BYOK (Bring Your Own Key) customers: We store your encrypted Anthropic API key in our n8n workflow automation platform using AES-256 encryption with per-customer isolation. We do NOT retain AI request/response bodies (this is controlled by your Anthropic account settings). You are responsible for enabling Zero Data Retention in your Anthropic Console. We act as a data processor; you are the data controller for all AI processing. Upon termination, we delete your API key and archive your dedicated workflow instance within 30 days.