Privacy Policy

Last updated: March 20, 2026

1. What AgentMeter Is

AgentMeter is a GitHub App and companion GitHub Action that tracks token usage and cost for AI coding agent runs in GitHub Actions. This Privacy Policy explains what data we collect, how we use it, and what rights you have over it. It is provided by Hensonism LLC, DBA Foo ("we," "us," "our").

2. What We Collect

AgentMeter collects only the following data:

  • Your GitHub user ID, login username, and avatar URL (from GitHub OAuth)
  • Your GitHub organization or account name
  • Repository names and IDs where the AgentMeter App is installed
  • Per-run metadata: GitHub Actions run ID, workflow name, trigger type (issue label, PR comment, etc.), issue or PR number, AI engine identifier, model name, run status, duration, number of agent turns, and resulting PR number if any
  • Token counts: input tokens, output tokens, cache read tokens, cache write tokens
  • Calculated cost in USD cents (derived from token counts × published model pricing)
  • Timestamps for run start and completion

3. What We Do NOT Collect

AgentMeter is designed to be minimally invasive. We never collect or store:

  • Your source code or diffs
  • Prompts sent to AI models
  • AI model responses or generated code
  • Issue body text or PR descriptions
  • Commit messages or file contents
  • Your Anthropic, OpenAI, or other AI provider API keys (these stay in your GitHub secrets)

4. How We Use Your Data

The data we collect is used to:

  • Display your run history, costs, and token breakdowns in the AgentMeter dashboard
  • Post cost summary comments on GitHub PRs and issues
  • Calculate budget alert thresholds (Pro plan)
  • Generate trends and aggregate analytics (Pro plan)
  • Authenticate your dashboard sessions via GitHub OAuth
  • Improve the AgentMeter service via anonymized product analytics (see Section 8 below)

We do not use your data for advertising, model training, or any purpose beyond operating and improving the AgentMeter service.

5. Data Retention

  • Free plan: Run data is retained for 30 days. Runs older than 30 days are permanently deleted via an automated daily job.
  • Pro plan: Run data is retained for 90 days.
  • We will notify you in the dashboard when data is within 3 days of the retention cutoff.

6. Data Deletion

  • App uninstall: When you uninstall the AgentMeter GitHub App from a repository, run data for that repository will be deleted within 7 days.
  • Account deletion: When you delete your AgentMeter account from Settings → Danger Zone, all associated data — runs, repos, sessions, and org records — will be permanently deleted within 7 days.

7. Cookies and Sessions

AgentMeter uses a single HTTP-only session cookie (am_session) to maintain your authenticated dashboard session. This cookie expires after 7 days. We do not use advertising cookies or tracking cookies for targeted advertising.

We also set cookies required by PostHog (see Section 8) for product analytics purposes. PostHog cookies are used solely to understand how the service is used and to improve it — never for advertising.

8. Product Analytics (PostHog)

We use PostHog to collect anonymized product analytics. PostHog helps us understand how features are used so we can make AgentMeter better. We track events such as:

  • Page views and navigation patterns
  • Sign-up and sign-in events
  • Feature interactions (e.g., invite sent, API key regenerated)
  • Subscription lifecycle events (plan upgrades, cancellations)

These analytics are associated with your GitHub login as a stable identifier, but are never sold or shared with third parties. PostHog's Privacy Policy governs how PostHog handles this data on our behalf.

9. GitHub OAuth

When you sign in with GitHub, we receive your GitHub user ID, login, display name, and avatar URL. We store your GitHub access token encrypted at rest using AES-256-GCM. We request the minimum necessary OAuth scopes: read:user and read:org. We do not request access to your code or private repositories beyond what is needed to verify app installation.

10. Data Sharing

We do not sell, rent, or share your data with third parties except as required to operate the service:

  • Neon (PostgreSQL hosting): Your data is stored in Neon's managed PostgreSQL service.
  • Vercel (hosting): The AgentMeter application runs on Vercel's infrastructure.
  • Stripe (billing): Pro plan payment processing. Stripe handles payment card data; AgentMeter never sees card numbers. Stripe's Privacy Policy applies.
  • PostHog (product analytics): Anonymized usage events are sent to PostHog to improve the service. PostHog's Privacy Policy applies.

11. Security

All data is transmitted over HTTPS. GitHub access tokens are encrypted at rest. API keys are stored as SHA-256 hashes — we cannot recover your raw API key after generation. Database credentials are never exposed in client-side code or source control.

12. Your Rights

You may:

  • Export your run data (Pro plan, CSV export)
  • Delete your account and all associated data at any time from Settings → Danger Zone
  • Contact us to request a copy of your data or ask questions about what we store

13. Changes to This Policy

We may update this Privacy Policy as the product evolves. Material changes will be communicated via a dashboard notification or email. Continued use of AgentMeter after changes constitutes acceptance of the updated policy.

14. Contact

Questions about this policy or your data? hello@foo.software