Privacy Policy
Last updated: April 16, 2026
1. Controller
The controller responsible for data processing on this website and through the Azent service is Azent.
2. What data we collect
We collect and process the following categories of personal data:
- Account data: email address, name, and Azure DevOps organization identifier provided during registration.
- Payment data: billing information processed by our payment provider Polar.sh. We do not store credit card numbers.
- Service data: source code, work items, pull requests, and other Azure DevOps content that you grant Azent access to in order to perform its tasks. This data is processed transiently and not stored beyond the duration of the agent run.
- Usage data: analytics data collected via PostHog, including pages visited, feature usage, browser type, and approximate location derived from IP address. IP addresses are anonymized.
- Contact data: name, email address, and message content submitted through our contact form.
3. Why we process your data
We process personal data for the following purposes:
- Service delivery: to operate Azent, execute agent tasks, and provide dashboard access (legal basis: contract performance).
- Payment processing: to manage subscriptions and billing (legal basis: contract performance).
- Product improvement: to understand how the service is used and improve it (legal basis: legitimate interest).
- Communication: to respond to support requests and send service-related notices (legal basis: contract performance and legitimate interest).
4. Third-party processors
Your data may be processed by the following third-party service providers, all of which are bound by data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Microsoft Azure | Hosting and compute | Europe |
| Azure AI Foundry | AI code generation (depending on configuration) | Depends on deployment |
| OpenAI | AI code generation (depending on configuration) | United States |
| Anthropic | AI code generation (depending on configuration) | United States |
| Polar.sh | Payment processing and subscription management | European Union |
| PostHog | Product analytics | European Union |
5. AI processing and your code
To perform its tasks, Azent sends source code, work item descriptions, and pull request content from your Azure DevOps organization to third-party AI providers. The specific providers used depend on your workspace configuration and may include:
- Azure AI Foundry — governed by Microsoft's licensing terms and privacy statement.
- OpenAI — governed by OpenAI's terms of use and privacy policy.
- Anthropic — governed by Anthropic's terms of service and privacy policy.
Data is sent to AI providers only when you explicitly trigger an agent run. How that data is processed, retained, or used is subject to the respective provider's terms and privacy policy — Azent does not control or guarantee the behavior of third-party AI providers.
For self-hosted deployments, you configure your own AI provider API keys and the data flows directly from your infrastructure to the provider without passing through Azent's servers.
6. International data transfers
Your data is primarily hosted in Europe. When data is transferred to AI providers in the United States, these transfers are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.
7. Data retention
- Account data: retained for the duration of your subscription and as long as required by applicable law.
- Service data (code, work items): processed transiently during agent runs and not persisted.
- Agent run logs: retained for 90 days for debugging and support purposes.
- Payment records: retained as required by applicable tax law.
- Analytics data: retained according to PostHog's default retention settings.
8. Your rights
Under applicable data protection law, you have the right to:
- Access your personal data and receive a copy.
- Rectify inaccurate personal data.
- Delete your personal data ("right to be forgotten").
- Restrict processing of your personal data.
- Port your data to another service provider.
- Object to processing based on legitimate interest.
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, reach out via our contact form. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection supervisory authority.
9. Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. All infrastructure runs on Microsoft Azure with enterprise-grade security controls.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the website. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For any questions about this Privacy Policy or your personal data, reach out via our contact form.