Privacy Policy

Last updated: June 17, 2026

1. What AgentMeter Is

AgentMeter is a cost-tracking and observability service for AI coding agents. It tracks token usage and spend across two sources:

  • Local sessions — via the @agentmeter/cli npm package, which reads session data that Claude Code and Cursor already write to your machine.
  • CI agent runs — via the AgentMeter GitHub Action, which collects run metadata from GitHub Actions workflows.

This Privacy Policy explains what data we collect from each source, how we use it, and what rights you have over it. It is provided by Hensonism LLC ("we," "us," "our").

2. What We Collect

From the CLI (local sessions)

When you run @agentmeter/cli, the tool reads session data already stored on your machine by Claude Code and Cursor. It extracts and submits only:

  • Your AgentMeter personal API key (to attribute sessions to you)
  • Device name (set during npx @agentmeter/cli init)
  • AI engine identifier (e.g., claude, cursor)
  • Model name (e.g., claude-sonnet-4-5)
  • Session start and end timestamps
  • Session duration
  • Project path — the first two path components only (e.g., /Users/alice/myproject becomes alice/myproject). Full paths are never sent.
  • The first line of the session as a title (for display purposes). Subsequent conversation content is never extracted.
  • Token counts: input, output, cache read, cache write
  • Calculated cost in USD cents (derived from token counts × published model pricing)
  • A stable session ID (to prevent duplicate submissions on re-sync)

From the GitHub Action (CI agent runs)

When the AgentMeter Action runs in a GitHub Actions workflow, it submits:

  • Your GitHub user ID, login username, and avatar URL (from GitHub OAuth)
  • Your GitHub organization or account name
  • Repository names and IDs where the AgentMeter App is installed
  • Per-run metadata: GitHub Actions run ID, workflow name, trigger type (issue label, PR comment, etc.), issue or PR number, AI engine identifier, model name, run status, duration, number of agent turns, and resulting PR number if any
  • Token counts: input tokens, output tokens, cache read tokens, cache write tokens
  • Calculated cost in USD cents (derived from token counts × published model pricing)
  • Timestamps for run start and completion

3. What We Do NOT Collect

AgentMeter is designed to be minimally invasive. We never collect or store:

  • Your source code or diffs
  • Prompts sent to AI models
  • AI model responses or generated code
  • Issue body text or PR descriptions
  • Commit messages or file contents
  • Full file system paths beyond the first two path components
  • Conversation content beyond the first line of a session title
  • Your Anthropic, OpenAI, or other AI provider API keys (these stay in your GitHub Secrets or local environment — the CLI never reads or transmits them)

4. How We Use Your Data

The data we collect is used to:

  • Display your run and session history, costs, and token breakdowns in the AgentMeter dashboard
  • Attribute local sessions to individual engineers for per-person cost reporting
  • Post cost summary comments on GitHub PRs and issues (CI runs)
  • Calculate budget alert thresholds (Pro plan)
  • Generate trends and aggregate analytics across both local and CI sources (Pro plan)
  • Authenticate your dashboard sessions via GitHub OAuth
  • Improve the AgentMeter service via anonymized product analytics (see Section 8 below)

We do not use your data for advertising, model training, or any purpose beyond operating and improving the AgentMeter service.

5. Data Retention

  • Free plan: Run and session data is retained for 30 days. Data older than 30 days is permanently deleted via an automated daily job.
  • Pro plan: Run and session data is retained for 90 days.
  • We will notify you in the dashboard when data is within 3 days of the retention cutoff.

6. Data Deletion

  • CLI uninstall: Uninstalling @agentmeter/cli from your machine stops future syncs. Existing session records are subject to normal data retention; contact us to request early deletion.
  • App uninstall: When you uninstall the AgentMeter GitHub App from a repository, run data for that repository will be deleted within 7 days.
  • Account deletion: When you delete your AgentMeter account from Settings → Danger Zone, all associated data — runs, sessions, repos, and org records — will be permanently deleted within 7 days.

7. Cookies and Sessions

AgentMeter uses a single HTTP-only session cookie (am_session) to maintain your authenticated dashboard session. This cookie expires after 7 days. We do not use advertising cookies or tracking cookies for targeted advertising.

We also set cookies required by PostHog (see Section 8) for product analytics purposes. PostHog cookies are used solely to understand how the service is used and to improve it — never for advertising.

8. Product Analytics (PostHog)

We use PostHog to collect anonymized product analytics. PostHog helps us understand how features are used so we can make AgentMeter better. We track events such as:

  • Page views and navigation patterns
  • Sign-up and sign-in events
  • Feature interactions (e.g., invite sent, API key regenerated)
  • Subscription lifecycle events (plan upgrades, cancellations)

These analytics are associated with your GitHub login as a stable identifier, but are never sold or shared with third parties. PostHog's Privacy Policy governs how PostHog handles this data on our behalf.

9. GitHub OAuth

When you sign in with GitHub, we receive your GitHub user ID, login, display name, and avatar URL. We store your GitHub access token encrypted at rest using AES-256-GCM. We request the minimum necessary OAuth scopes: read:user and read:org. We do not request access to your code or private repositories beyond what is needed to verify app installation.

10. Data Sharing

We do not sell, rent, or share your data with third parties except as required to operate the service:

  • Neon (PostgreSQL hosting): Your data is stored in Neon's managed PostgreSQL service.
  • Vercel (hosting): The AgentMeter application runs on Vercel's infrastructure.
  • Stripe (billing): Pro plan payment processing. Stripe handles payment card data; AgentMeter never sees card numbers. Stripe's Privacy Policy applies.
  • PostHog (product analytics): Anonymized usage events are sent to PostHog to improve the service. PostHog's Privacy Policy applies.

11. Security

All data is transmitted over HTTPS. GitHub access tokens are encrypted at rest using AES-256-GCM. API keys are stored as SHA-256 hashes — we cannot recover your raw API key after generation. The CLI communicates with the AgentMeter API over HTTPS and never stores credentials beyond your local config file. Database credentials are never exposed in client-side code or source control.

12. Your Rights

You may:

  • Export your run and session data (Pro plan, CSV export)
  • Delete your account and all associated data at any time from Settings → Danger Zone
  • Contact us to request a copy of your data or ask questions about what we store

13. Changes to This Policy

We may update this Privacy Policy as the product evolves. Material changes will be communicated via a dashboard notification or email. Continued use of AgentMeter after changes constitutes acceptance of the updated policy.

14. Contact

Questions about this policy or your data? hello@agentmeter.app

Terms of ServicePrivacy Policy