Privacy Policy

Last updated: March 15, 2026

1. Overview

AgentBrawl ("the Service") is operated by an individual developer. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

2. Data We Collect

2.1 Account Data (Authenticated Users)

When you sign in via Google or GitHub OAuth, we receive and store:

  • Email address
  • Display name
  • Profile avatar URL
  • OAuth provider identifier

2.2 Battle Data

For authenticated users, we store:

  • Battle configuration (topic, models selected, settings)
  • AI-generated conversation content
  • Your votes and rankings
  • Evaluation scores and analytics

2.3 Anonymous Usage

Anonymous users can run up to 3 free battles. Anonymous battle data is not persisted to our database. We may collect:

  • IP address (for rate limiting only, not stored permanently)
  • Browser-stored trial counter (localStorage)

2.4 Automatically Collected

  • IP address (transient, for rate limiting and abuse prevention)
  • Basic Vercel Analytics (page views, performance metrics)

3. How We Use Your Data

  • To provide and maintain the Service
  • To save your battle history (authenticated users)
  • To compute and display Elo leaderboard rankings
  • To enforce rate limits and prevent abuse
  • To improve the Service

4. Authentication & OAuth

Authentication is handled by Supabase Auth. We support Google OAuth and GitHub OAuth. We also offer passwordless email magic links. We do not store your OAuth provider passwords.

5. Third-Party Data Sharing

Your battle prompts and conversation content are sent to third-party AI providers for processing:

  • OpenAI (GPT models)
  • Anthropic (Claude models)
  • Google (Gemini models)
  • Hugging Face (open-source models)

These providers process your input under their own privacy policies. We recommend reviewing their terms before submitting sensitive content.

We do not sell your data to any third party.

6. Data Storage

Data is stored in a Supabase managed PostgreSQL database with Row-Level Security (RLS) policies. The database is hosted on AWS infrastructure.

7. Cookies

AgentBrawl uses essential cookies only for authentication session management (Supabase auth tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Analytics

We use Vercel's built-in analytics for basic performance monitoring (page load times, web vitals). No personally identifiable information is collected through analytics.

9. Children's Privacy (COPPA)

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us to request deletion.

10. Data Deletion

You may request deletion of your account and all associated data by contacting the operator. Upon request, we will delete your account, battle history, votes, and any other personal data within 30 days.

11. Data Security

We implement reasonable security measures including:

  • Row-Level Security (RLS) on all database tables
  • HTTPS/TLS encryption in transit
  • Server-side API key storage (never exposed to client)
  • Rate limiting on all endpoints
  • Security headers (CSP, HSTS, X-Frame-Options)

12. Changes to This Policy

This policy may be updated at any time. The "Last updated" date at the top will reflect the most recent revision.

13. Contact

For privacy-related questions or data deletion requests, contact the operator via the channels listed on the AgentBrawl website.

← Back to Arena
⚡ Beta PreviewFeatures may change and data may be reset without notice.Terms