Last updated: March 2026 (Experiment Phase)
Aeqnt operates on a Bring Your Own Keys (BYOK) model. Your API keys are encrypted at rest and used solely to make requests to your chosen LLM providers on your behalf. We do not use your keys for any other purpose.
API calls are routed through our server to the provider using your keys. We process request and response data for platform functionality (agent routing, execution tracing, cost tracking) but do not store the content of your LLM interactions beyond what is needed to display results in your workspace.
Your data is stored on secure infrastructure using a multi-tenant architecture with logical per-user isolation. Each user has a private workspace directory — your agents, chat history, files, and configuration are separated from other users at the storage level.
API keys are encrypted at rest using AES-256 (Fernet). Passwords are one-way hashed with bcrypt. Session tokens are signed with HMAC-SHA256. No user can access another user's workspace, keys, or execution history.
Users can expose agents publicly via MCP (Model Context Protocol) and A2A (Agent-to-Agent) protocols. When external callers invoke a shared agent:
All API endpoints are protected by rate limiting. Per-user and per-IP limits are enforced to prevent abuse. Public-facing endpoints (MCP, A2A) have tighter rate limits than authenticated user endpoints. Repeated violations may result in temporary or permanent access restrictions.
Your data is retained as long as your account is active. You can request deletion of your account and all associated data by contacting hello@aeqnt.com. We will process deletion requests within 30 days.
For privacy-related questions: hello@aeqnt.com
Last updated: March 2026 (Experiment Phase)
Session Cookie (session_token)
Essential for authentication. Set when you log in, expires after 7 days. HttpOnly and Secure flags are set — cannot be accessed by JavaScript or transmitted over unencrypted connections. SameSite attribute is set to Lax to prevent cross-site request forgery (CSRF).
CSRF Protection
State-changing requests are protected against cross-site request forgery. Session cookies use the SameSite=Lax attribute, and sensitive endpoints validate request origin.
Theme Preference (aeqnt-theme)
Stores your light/dark mode preference in localStorage. Not transmitted to our servers.
Our infrastructure uses Cloudflare for SSL termination and DDoS protection. Cloudflare may set its own cookies (e.g., __cf_bm) for bot management and security purposes. These are strictly functional and not used for tracking. See Cloudflare's cookie policy for details.
During the experiment phase, we keep cookie usage minimal. This policy will be updated if we introduce analytics before general availability.
Last updated: March 2026 (Experiment Phase)
Aeqnt is currently in a limited experiment mode. The service is provided as-is, without guarantees of availability, performance, or continuity. Features may change, break, or be removed without notice. By participating, you acknowledge the experimental nature of the platform.
Access requires admin approval during the experiment phase. You are responsible for maintaining the security of your account credentials. One account per person.
Aeqnt uses a Bring Your Own Keys model. You provide API keys for LLM providers (Anthropic, OpenAI, Google, etc.). You are solely responsible for costs incurred through your API keys. Aeqnt does not charge for platform usage during the experiment phase.
We implement multiple layers of security to protect you and the platform:
You can expose your agents publicly via MCP (Model Context Protocol) and A2A (Agent-to-Agent) protocols. When you share an agent:
You are responsible for the agents you expose. Shared agents must comply with the Acceptable Use policy below.
Aeqnt routes requests to multiple LLM providers (Anthropic, OpenAI, Google, xAI, Azure OpenAI, Groq, Mistral, Cerebras, Together AI, OpenRouter) based on your configuration. You are responsible for complying with each provider's terms of service and acceptable use policies. Aeqnt is not liable for actions taken by third-party providers.
You agree not to:
You can export your agents as portable packages (ZIP files containing agent configuration, skills, and metadata). You can export your chat history. You can request full deletion of your data at any time — see our Privacy Policy for details.
Content you create using Aeqnt (artifacts, agents, skills) belongs to you. The Aeqnt platform, including its routing algorithms, agent-building pipeline, and composable architecture, is proprietary.
To the maximum extent permitted by law, Aeqnt and its operators are not liable for any indirect, incidental, or consequential damages arising from your use of the platform. This includes but is not limited to: costs from API key usage, data loss, or service interruptions.
We reserve the right to terminate or suspend access at any time during the experiment, with or without cause. You may leave the experiment at any time by requesting account deletion.
We're a small team building in public.
About the Experiment
Aeqnt is a composable AI agent platform. We're testing with a small group of participants before wider availability. If you're interested in joining, visit the signup page and request access.