Agent Kits Lab · Agent-ready Repo Audit
Agent-ready Repo Audit

Service Policy

Version 1.1 · Effective 2026-07-11

This is a plain-language service operating policy, not legal advice or a guarantee of legal compliance. It applies when incorporated into an accepted scope.

1. AI processing disclosure

2. Authorization and data minimization

3. Execution and isolation

4. Retention and deletion

Data classDefault retentionDisposal
Intake and authorization record30 days after deliveryDelete from active working storage
Repository/worktree and raw artifacts7 days after accepted deliveryPractical secure deletion from active workspace
Report and QA record90 daysDelete, or retain with customer approval
Billing/transaction recordsAs legally/payment requiredAccording to obligation
Security-incident evidenceOnly as neededRestricted deletion after closure

5. Confidentiality boundary

6. Security incidents

  1. Stop processing and contain access.
  2. Preserve minimum evidence.
  3. Notify the customer promptly with known scope and unknowns.
  4. Recommend credential rotation where relevant.
  5. Document remediation and deletion.
  6. Do not publicly disclose customer details without permission unless required.

No absolute security guarantee is offered.

7. Delivery, corrections, and revisions

8. Disputes, refunds, and limitations

9. Material service providers and changes

10. Acceptance record

Intake is complete only when it records requester/authorization, exact snapshot/exclusions, execution permission, remote-AI mode/providers, retention exception, policy version, recipient, Agent Kits Lab scope acceptance, private checkout, and cleared-payment receipt.

Submitting an inquiry or intake does not itself create an accepted order. Scope is confirmed before private checkout.