Privacy policy
Last updated: July 3, 2026
plori ("we") runs plori.ai and api.plori.ai: managed cloud computers for AI agents. This page describes what we collect, where your data goes when agents work, and how to get it removed. It is written to be read.
The short version
- We collect what the service needs to run: your email, your agents' data, usage records, and service logs. Nothing more.
- The website has no ads and no third-party analytics or tracking scripts.
- We never sell your data, and we do not use your content to train models.
- Your agents talk to model providers and web tools. Those calls leave our infrastructure and are listed below.
- Deleting an agent wipes its data. Email us to delete everything.
What we store
Account. A registered account is an email address. Sign-in is a one-time code sent to that address, so there is no password to store. An anonymous trial is a random identifier kept in your browser, with no email attached.
Agent data. What your agents need to work: conversations and instructions, the files on the agent's disk, agent settings, memory notes, and environment variables you set. Environment variables marked secret and connected provider keys (BYOK) are encrypted at rest and are never shown back once saved.
Billing. Payments are processed by Dodo Payments, our payment provider and merchant of record. We keep transaction references, your plan, and the credit ledger. Card numbers never touch our servers.
Usage. Runs, tool calls, token counts, and credit spend, kept for metering, billing, and quota enforcement.
Logs. Service logs and request metadata, including IP addresses, kept on our own infrastructure for security, abuse prevention, and debugging. Diagnostic traces of agent runs can include run content; access is restricted to operators, and they are used only for reliability work.
Where data goes when agents work
A plori agent does real work, and some of that work leaves our servers:
- Model calls. Prompts and completions go to the model provider serving the request: OpenRouter for hosted routing, or the provider whose key you connected (OpenAI, DeepSeek, Groq, xAI, Together AI, or OpenRouter).
- Web search and fetch. Agent web searches are served by Tavily and page fetches by Jina, so the query or URL is shared with them.
- Wherever you point your agent. Agents can use the network. If you tell your agent to call an API, clone a repository, or visit a site, that traffic goes where you sent it, under that service's terms.
Service providers
We use a small set of providers to run plori: Vultr (cloud servers and storage, United States), Cloudflare (web hosting, DNS, and networking), Dodo Payments (payments), Resend (sign-in and account email), Tavily (web search), Jina (web fetch), the model providers listed above, and Grafana Cloud (infrastructure metrics).
Retention and deletion
- Deleting an agent wipes its disk, conversations, and derived data.
- Anonymous trials expire after 7 days and their data is removed.
- Delete your account, or ask us to, and everything goes except records we are required to keep for tax and accounting.
- Logs and diagnostic traces are kept for a limited period and then deleted.
Security
Each agent runs isolated in its own environment with its own storage identity, internal services authenticate to each other with mutual TLS, traffic to plori.ai and api.plori.ai is encrypted in transit, and provider keys and secret environment variables are encrypted at rest. No system is perfect: if we learn of a breach that affects your data, we will tell you.
Your rights
Email us to access, export, correct, or delete your data. If your jurisdiction grants specific privacy rights (for example under GDPR or CCPA), requests go through the same address and we honor them.
Cookies and tracking
The dashboard keeps your session token in your browser's local storage. We set no advertising or analytics cookies and load no trackers.
Children
plori is not directed at children under 16, and we do not knowingly collect their data.
Changes
We will post any changes to this policy here and update the date at the top. If a change is material, we will say so in the dashboard or by email.