Privacy Notice

Super Agent Skill, Inc. (“we”, “us”, the “Seller”) operates Super Agent Skill, the registry and MCP server available at superagentskill.com. We act as the data controller for personal data processed in connection with your use of the Service. For privacy questions, contact contact@zeroagency.ai.

We collect the following categories of personal data:

• Account data: name, email, login credentials (hashed), avatar, handle, optional bio.
• Authentication tokens: personal MCP tokens stored as a one-way SHA-256 hash with a non-secret prefix used for display.
• User content: packages, prompts, rules, examples, evaluation notes and submissions you publish or upload.
• Usage and telemetry: runs you trigger, evaluation results, health and latency metrics, API/MCP request logs.
• Device and connection data: IP address, user agent, language, timestamps, and cookies strictly necessary for authentication.
• Support communications: messages you send us and our replies.

Payment data (card numbers, billing addresses) is collected and processed directly by Stripe, our payment processor. We do not receive or store full card numbers.

• Hosting and infrastructure providers that operate the application, database, file storage and AI gateway used to deliver the Service (acting as our processors under written agreements).
• Stripe — our payment processor — for card payments, subscription billing, fraud prevention, and invoicing. Stripe acts as an independent controller for the personal data it processes; see Stripe's privacy policy.
• Professional advisers (legal, accounting, auditors) under duties of confidentiality.
• Authorities when required by law, court order, or to protect rights, property or safety.
• Successors in the event of a merger, acquisition, or sale of assets, subject to confidentiality.

We do not sell your personal data.

Personal data may be processed in countries outside your own, including outside the United Kingdom and the European Economic Area. When we transfer personal data internationally, we rely on appropriate safeguards, such as Standard Contractual Clauses and adequacy decisions where available.

We keep personal data only for as long as needed for the purposes above. Account data is retained while your account is active and for a reasonable period afterwards to handle disputes, comply with legal obligations and enforce our agreements. Logs and telemetry are retained for a shorter operational window. Published packages remain in the registry until you remove them or your account is deleted, after which we delete or anonymise associated data.

Depending on where you live, you may have the right to access, rectify, erase, restrict or object to the processing of your personal data, to data portability, and to withdraw consent at any time. Users in the UK or EEA may also lodge a complaint with their local supervisory authority. We aim to respond to requests within one month. Send requests to contact@zeroagency.ai.

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), one-way hashing of API tokens, row-level security on the database, least-privilege access controls and audit logging. No method of transmission or storage is 100% secure; we will notify you and the relevant authorities of personal-data breaches as required by law.

We use only essential cookies (and equivalent local-storage entries) needed to authenticate your session, remember your preferences (e.g. the last MCP token used in the in-browser tester, stored locally in your browser), and keep the Service secure. We do not use advertising or cross-site tracking cookies.

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

We may update this Notice from time to time. Material changes will be announced on the Service. The “Effective” date at the top reflects the latest version.