1. Who We Are
Agentify AI is the controller of personal data described in Section 3 ("Account & Visitor Data"). For Customer Data that you upload, capture or process through the Service about your end users, you are the controller and we act as your processor under our Terms of Service and Data Processing Addendum (DPA), available at privacy@agentify.ai.
Contact us at privacy@agentify.ai for any privacy matter.
2. Scope
This policy applies to our marketing website, the authenticated Agentify application, embedded chatbot widgets, public APIs, and any other channel that links to it. It does not apply to third-party sites or to the operations of our customers using the Service to interact with their own end users — those customers maintain their own privacy notices.
3. Personal Data We Collect
Account & Visitor Data (Agentify as controller)
- Account details: name, email, password hash, company, industry, role.
- Authentication data: session tokens, sign-in provider (Google), IP address and device metadata.
- Billing data: plan, subscription status and history. Card numbers are never seen or stored by us — they are handled directly by our payments provider Paddle, the Merchant of Record.
- Support and communications: messages you send us by email, chat or form, including attachments.
- Usage telemetry: pages viewed, features used, error logs, approximate location derived from IP, and aggregated metrics used to improve the Service.
- Cookies and similar technologies: see Section 9.
Customer Data (you are the controller, we are processor)
- Conversation content: messages, transcripts, recordings (where you enable them) and call metadata exchanged between your end users and your AI Chatbots, Voice Agents or Calling Agents.
- CRM records: leads, contacts, deals, notes, appointments and custom fields you create or import.
- Knowledge base content: documents, URLs and structured data you upload to train your agents.
- Configuration: prompts, automations, integrations and credentials you connect.
You determine what end-user data flows into the Service. You must have a lawful basis and provide appropriate notices to your end users.
4. How We Use Personal Data
- Provide and operate the Service — create your account, run AI requests, store conversations, deliver features and integrations.
- Billing and account administration — manage subscriptions, prevent fraud, handle refunds via Paddle.
- Security and abuse prevention — monitor for unauthorized access, enforce rate limits and acceptable use, investigate incidents.
- Customer support — respond to questions and troubleshoot issues.
- Product improvement and analytics — understand aggregate feature usage, debug, prioritise improvements. We do not use Customer Data (your end-user conversations, CRM records or knowledge base content) to train foundation models.
- Marketing — send product updates and newsletters where you have opted in or where permitted by law; you can unsubscribe at any time.
- Legal compliance — comply with applicable laws and respond to lawful requests.
5. Legal Bases (GDPR / UK GDPR)
- Contract — to provide the Service you signed up for and process payments.
- Legitimate interests — to secure the platform, prevent abuse, improve features and conduct limited B2B marketing, balanced against your rights.
- Consent — for non-essential cookies, optional analytics and marketing communications, where required.
- Legal obligation — to comply with tax, accounting and law-enforcement requirements.
6. Sharing and Disclosure
We share personal data only as described below. We do not sell personal data.
- Service providers (sub-processors):
- Lovable Cloud — application hosting, database, authentication, storage.
- Paddle — Merchant of Record, payments, tax and invoicing.
- AI model providers (e.g. OpenAI, Anthropic, Google, ElevenLabs and equivalents enabled for your account) — to generate AI Outputs from your Inputs. Providers process data under data-protection agreements that prohibit use of your data to train their models where supported.
- Telephony and messaging providers — to deliver Voice and Calling Agent calls and SMS notifications.
- Email and notifications — transactional email and product communication.
- Analytics and error monitoring — aggregated product analytics and crash reporting.
- Integrations you enable — when you connect a third-party CRM, calendar or other tool, data flows to that tool under its own terms.
- Professional advisers — auditors, lawyers and insurers under confidentiality obligations.
- Authorities — where required by law, regulation, court order or to protect rights, safety and property.
- Corporate transactions — in connection with a merger, acquisition or sale of assets, subject to confidentiality and continuity of this Policy.
A current list of sub-processors is available on request.
7. International Data Transfers
Agentify operates globally. Personal data may be transferred to and processed in countries outside your own, including the United States and the European Economic Area. Where required, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, or other appropriate safeguards. A copy of the relevant transfer mechanism is available at privacy@agentify.ai.
8. Data Retention
- Account data — for the lifetime of your account plus up to 90 days after deletion to handle disputes and complete deletion.
- Customer Data — for as long as you keep it in the Service. After workspace deletion, we delete or anonymise it within 30 days, except backups which roll off within 35 days.
- Conversation logs — retained according to your workspace settings (default 12 months) and then deleted.
- Billing records — retained for the period required by applicable tax and accounting law (typically 7 years).
- Security logs — retained for up to 12 months.
9. Cookies and Similar Technologies
We use:
- Strictly necessary cookies — authentication, security, load balancing. Required and cannot be disabled.
- Functional cookies — remember preferences such as theme and locale.
- Analytics cookies — measure usage in aggregate. Set only with consent where required.
You can manage cookies through your browser. Blocking essential cookies may break the Service.
10. Your Rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate data;
- Erase data ("right to be forgotten");
- Restrict or object to processing, including profiling and direct marketing;
- Data portability;
- Withdraw consent at any time without affecting prior processing;
- Lodge a complaint with your local data protection authority (in the EU/EEA) or the Information Commissioner's Office (UK).
California residents (CCPA/CPRA): you have the right to know, delete, correct and opt out of "sale" or "sharing" of personal information. We do not sell personal information. To exercise these rights, email privacy@agentify.ai; we may verify your identity before responding and will reply within the timeframe required by law (typically 30 days for GDPR, 45 days for CCPA).
If your data was provided to us by a business using Agentify to interact with you, please contact that business directly — they are the controller of that data.
11. Security
We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS 1.2+), encryption at rest, role-based access control, audit logging, least-privilege access for personnel, and regular vulnerability management. No method of transmission or storage is 100% secure; if you suspect an incident, contact security@agentify.ai.
12. Automated Decision-Making
Agentify itself does not make automated decisions producing legal or similarly significant effects about individuals. Customers using the Service must implement appropriate human oversight and disclosures if they configure such workflows.
13. Children
The Service is not directed to children under 16 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.
14. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified by email or in-app banner at least 14 days before they take effect. The "Last updated" date at the top of the page shows the current version.
15. Contact
For any privacy question, request or complaint, contact our privacy team at privacy@agentify.ai.