Privacy Policy

Last Updated: February 19, 2026

This Privacy Policy ("Policy") describes how Metadiv Technology Limited ("Company", "we", "us", or "our") collects, uses, and handles information in connection with the OperAgent platform and related services accessible at operagent.io (collectively, the "Service"). By accessing or using the Service, you ("User", "you", or "your") acknowledge that you have read and understood this Policy.

THIS SERVICE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. WE MAKE NO REPRESENTATIONS OR WARRANTIES REGARDING THE SECURITY OR PRIVACY OF YOUR DATA BEYOND WHAT IS EXPRESSLY STATED IN THIS POLICY.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Authentication credentials (verification codes, OAuth tokens)

We do not collect your name, phone number, physical address, or any other personal identifiers unless you voluntarily provide them within the Service (e.g., in chat messages).

1.2 Usage Data

We automatically collect limited technical data when you use the Service:

• IP address (for authentication purposes only)
• User agent string (browser/device type)
• Token usage metrics (prompt and completion token counts, associated costs)

1.3 User-Generated Content

The Service allows you to create and submit content, including but not limited to:

• Chat messages and conversations
• Uploaded files (images, documents, archives)
• Agent configurations (names, descriptions, prompts)
• Scheduled task configurations
• Agent memory entries

You are solely responsible for the content you submit to the Service. We do not monitor, verify, or endorse User-Generated Content. You must not submit any sensitive personal data (including but not limited to government identifiers, health information, financial account numbers, or information relating to minors) through the Service unless you accept full responsibility for doing so.

1.4 OAuth Tokens

If you connect third-party services (e.g., Google Calendar, Gmail, Google Drive), we store encrypted OAuth access tokens and refresh tokens solely to facilitate the integrations you have authorized. We do not access your third-party account data beyond what is necessary to perform the specific actions you request through the Service.

2. How We Use Information

We use the information collected strictly for the following purposes:

• Providing the Service: Processing your requests, facilitating AI agent interactions, and executing automations.
• Authentication: Verifying your identity and maintaining your session.
• Usage tracking: Recording AI agent usage for operational and analytics purposes.
• Service Operation: Maintaining, troubleshooting, and improving the Service.
• Legal Compliance: Responding to lawful requests from governmental authorities where required by applicable law.

We do not use your information for:

• Advertising or marketing to third parties
• Selling or renting your personal data
• Profiling for purposes unrelated to the Service
• Training AI models on your content

3. Third-Party Services

The Service integrates with the following third-party services, each of which operates under its own privacy policy. We are not responsible for the privacy practices, data handling, or security of any third-party service.

When you use the Service, your data (including chat messages and uploaded files) may be transmitted to these third-party providers to fulfill your requests. By using the Service, you acknowledge and consent to such transmission. We have no control over how third-party providers process data once transmitted.

4. Data Storage and Security

4.1 Storage

Your data is stored on third-party infrastructure providers. We use commercially reasonable efforts to protect your data, but we do not guarantee the absolute security of any information transmitted to or stored by the Service.

4.2 Security Measures

We implement the following measures:

• Encrypted storage of OAuth tokens
• JWT-based authentication with token expiration
• HTTPS for data transmission

No method of electronic transmission or storage is 100% secure. We cannot and do not guarantee that your data will not be accessed, disclosed, altered, or destroyed by breach of any of our safeguards.

4.3 Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. We do not commit to any specific data retention schedule. If you wish to delete your account and associated data, you may contact us at the address provided below. We will make reasonable efforts to delete your data, subject to any legal obligations requiring retention.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Third-Party Service Providers: As described in Section 3, to operate the Service.
• Legal Requirements: If required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: Where you have explicitly authorized such sharing.

6. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data, including:

• Access: Request a copy of data we hold about you.
• Deletion: Request deletion of your account and associated data.
• Withdrawal of Consent: Revoke OAuth authorizations for connected third-party services at any time through the Service or through the respective third-party provider's settings.

To exercise any of these rights, contact us at the address provided below. We will respond within a reasonable timeframe. We reserve the right to verify your identity before processing any request and to decline requests that are unreasonable, repetitive, or technically impractical.

We do not guarantee compliance with any specific data protection regulation (including but not limited to GDPR, CCPA, or PDPO) beyond what is expressly stated in this Policy. If you are located in a jurisdiction with data protection laws that provide rights beyond those described here, you should assess whether the Service meets your requirements before use.

7. Cookies and Tracking

The Service does not use cookies for tracking or advertising purposes. We use browser local storage solely to maintain your authentication session (JWT token). No third-party tracking scripts, analytics tools, or advertising pixels are deployed by us on the Service.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will take reasonable steps to delete such information.

9. International Data Transfers

The Service may process and store data in jurisdictions outside your country of residence. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction. We make no representations that the Service is appropriate or available for use in any particular jurisdiction.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• WE SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, OR ALTERATION, THEFT, OR DESTRUCTION OF, YOUR DATA, WHETHER THROUGH BREACH, NEGLIGENCE, OR ANY OTHER CAUSE.
• WE SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE ARISING FROM YOUR USE OF THIRD-PARTY SERVICES ACCESSED THROUGH THE SERVICE.
• WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO YOUR USE OF THE SERVICE OR THIS POLICY.
• OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE AMOUNT YOU HAVE PAID US IN THE THREE (3) MONTHS PRECEDING THE CLAIM, OR TEN US DOLLARS (USD $10), WHICHEVER IS GREATER.

11. Indemnification

You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from or relating to: (a) your use of the Service; (b) your violation of this Policy; (c) your User-Generated Content; or (d) your violation of any rights of a third party.

12. Disclaimer

THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR DATA ACCURACY. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.

13. Changes to This Policy

We may update this Policy at any time by posting the revised version on the Service. The "Last Updated" date at the top will be revised accordingly. Your continued use of the Service after any changes constitutes acceptance of the updated Policy. We are not obligated to notify you of changes.

14. Governing Law

This Policy shall be governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Hong Kong.

15. Severability

If any provision of this Policy is held to be unenforceable or invalid, such provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.

16. Contact Us

If you have questions about this Policy, please contact us at:

Metadiv Technology Limited
Email: nelson@metadiv.io

This Privacy Policy constitutes the entire agreement between you and the Company regarding the privacy practices described herein. This document does not create any contractual or other legal rights in or on behalf of any third party.