Privacy policy.

Dragons is the control plane for autonomous agents. The product runs inside your boundary and reasons over hashes, lease scopes, and liveness — not over the contents of the work your agents do. This policy describes the two distinct surfaces where data exists: the Dragons control plane that you operate, and this marketing site (dragons.dev) that you are reading now. They have different data postures, and we keep them separate on purpose.

We have written this plainly. Where a thing is collected, we say what it is. Where a thing is not collected, we say so rather than leaving you to assume.

Agent execution, the WorkLedger, and the evidence chain live inside your tenant boundary. Health truth is read from real runtime receipts in your environment, not from a vendor-side mirror. Dragons governs identity, leases, evidence, and liveness — it does not exfiltrate task payloads. The control plane commits to the hash of a work cycle, not its contents.

In practical terms: the goals your agents pursue, the code they ship, the customer data they touch, and the outcomes they produce do not flow to us. We could not read them if we wanted to — the design reasons over commitments, not plaintext. Cross-tenant access has no implicit path; a lease issued for one tenant authorizes nothing in another.

If you self-host Dragons, none of your runtime data reaches MOGOS infrastructure at all. If you use a managed deployment, the data-handling terms of that deployment govern — and they keep the same boundary discipline described here.

This website is a static site. It collects the minimum needed to know whether the site works and whether anyone reads it. We do not run behavioral ad trackers, we do not sell data, and we do not build cross-site profiles.

We use the data above for three things, and only these three: to operate and secure the site, to understand which content is useful, and to respond to people who contact us. We do not use it to train models, we do not enrich it against data brokers, and we do not repurpose a trial inquiry into a marketing profile.

Edge request logs are retained for up to 30 days, then discarded. Aggregate analytics counts have no personal data to retain — they are already anonymized at collection. Correspondence and trial-inquiry details are kept while the relationship is active and removed on request, or when they no longer serve a purpose. We do not keep data indefinitely on the theory that it might be useful later.

This site is served from a content-delivery and edge platform that necessarily processes request metadata to route traffic and block abuse. Email you send us is handled by our mail provider. These are infrastructure processors acting on our instructions — not advertising partners, not data buyers. We do not share marketing-site data with third parties for their own purposes, and we do not sell it under any definition.

You can ask what we hold about you, ask for a copy, ask for correction, or ask for deletion. Because we collect so little, most of these requests resolve quickly. Email privacy@dragons.dev and we will respond. We will not make you jump through a dark-pattern maze to exercise a right that is yours.

When this policy changes, we update the date at the top of the page. Material changes — anything that broadens what we collect or how we use it — are called out plainly rather than buried. The current version is the one you are reading; superseded versions are not the operative terms.