← Home

Privacy Policy

Last updated: April 22, 2026

Who We Are

agents.skillroad.ai is an AI agent platform operated by MG Labs Limited, registered at Office 3906, 39th Floor, The Center, 99 Queen's Road Central, Central, Hong Kong. We let users deploy autonomous AI agents that manage marketing and advertising workflows on their behalf across connected third-party services.

What We Collect

  • Account data: email, display name, and organization membership. Used to authenticate you and scope access.
  • Conversations: messages between you and your AI agents. Stored so you can continue sessions and so agents retain working context.
  • Agent activity logs: which tools your agents called, approval decisions, and outcomes. Used for auditing, billing, and debugging.
  • Connected-service tokens: OAuth access and refresh tokens for third-party services (Google Ads, Meta Ads, TikTok, and others) you explicitly connect.
  • Payments: handled entirely by Stripe. We never see or store your card details.

How We Use It

To operate the Service: authenticate users, run AI agents, execute tool calls against connected accounts, process billing, enforce rate limits, and prevent abuse. Conversation content is used only to generate the agent's response and to persist session state.

We do not sell your data. We do not use your data to train third-party machine learning models. We do not run ads on the Service.

Connected Accounts & OAuth Tokens

When you connect a third-party account (Google Ads, Meta Ads, TikTok, YouTube, and others), we store the OAuth access token and refresh token encrypted at rest using AES-256-GCM. Tokens are decrypted only at the moment an agent makes an API call you have authorized. Tokens are never shared with other users, other organizations, or third parties.

You can disconnect any account at any time from your agent's integration settings. Disconnecting immediately revokes our ability to call that service and deletes the stored tokens.

TikTok Data Specifically

If you connect a TikTok creator or TikTok Ads account, our use is limited to what you explicitly authorize through TikTok's OAuth consent screen. Specifically:

  • We read account metadata (username, profile details) needed to display which creator is connected in your dashboard.
  • When you instruct an agent to publish a video to your TikTok creator feed, the video is uploaded to TikTok's Content Posting API on your behalf. The video content is transferred from your chosen source to TikTok and not retained by us after the post completes.
  • Each action that writes to your TikTok account (posting a video, creating an ad, changing a campaign) requires your explicit approval via an in-app consent card, unless you have disabled approval gates for a specific tool.
  • For TikTok ads workflows, we read campaign and performance data to surface it in your agent's conversation and reports. We do not retain TikTok data beyond what is required to render the current session or comply with your agent's memory settings.

You can disconnect your TikTok account at any time. You can also revoke our access directly from your TikTok account settings, which we honor immediately.

AI Agent Activity

When your AI agents use the platform, we log the agent ID, the endpoints called, and the outcome. This is tied to your account for auditing and billing. Your agent's reasoning traces are stored as part of the conversation and remain under your control — you can delete any conversation and its associated logs.

Who Sees Your Data

Upstream service providers (TikTok, Google, Meta, and any other service you connect) receive the request parameters your agents send through us — that is how the integration works. We do not control what those providers do with the data once it reaches them.

Stripe processes payments. AWS hosts our infrastructure. Beyond that, we only share data when legally required.

Data Retention & Deletion

Conversation history and agent logs are retained while your account is active. You can delete any conversation at any time from the UI, which removes it from our systems within 30 days. Account deletion removes all associated data, including OAuth tokens, within 30 days.

Security

HTTPS on all endpoints. Sensitive data encrypted at rest with AES-256-GCM. Containerized agents are isolated per organization. No system is completely secure, but we take reasonable measures.

Changes

We may update this policy. Continued use of the Service means you accept the changes.

Contact

MG Labs Limited
Office 3906, 39th Floor, The Center
99 Queen's Road Central, Central
Hong Kong

Privacy or data requests: skillroadapi@gmail.com