Star on GitHub Join the waitlist
EN FR
Legal

Privacy Policy

Effective: June 2026·Last updated: June 2026

1. Data Controller

Agentivity ("we", "us", "our") is the data controller responsible for the personal data collected through our website (agentivity.io) and hosted cloud services.

Contact for all data protection enquiries: hello@agentivity.io

This Privacy Policy applies to all personal data we collect in connection with the Agentivity website and cloud services. It does not apply to data processed within self-hosted deployments of the open-source software, which you operate as an independent data controller.

2. Data We Collect

2.1 Data you provide directly

  • Email address — when you submit the waitlist form or create an account.
  • Account information — name, organisation name (if provided during registration).
  • Communications — content of emails or messages you send to us.
  • Payment information — when you subscribe to a paid plan, payment processing is handled by a third-party provider (e.g. Stripe). We do not store your full payment card details.

2.2 Data collected automatically

  • Technical data — IP address, browser type and version, operating system, referring URL, and timestamps of access.
  • Usage data — pages visited, features used, actions taken within the Platform (for the hosted cloud service only). This data is collected in anonymised or pseudonymised form where possible.

2.3 Data processed through your agents

When you use Agentivity to build AI agents, you may process personal data of third parties (your customers, employees, contacts) through your agent workflows. You are the independent data controller for such data. We process it as your data processor, subject to any Data Processing Agreement in place.

Important: Data submitted to LLM providers (OpenAI, Anthropic, etc.) via your API keys is processed by those providers under their own privacy policies. Agentivity does not have access to or control over that processing.

3. Legal Bases for Processing (GDPR)

We process your personal data under the following legal bases as defined in Article 6 of the GDPR:

  • Consent (Art. 6(1)(a)): When you submit the waitlist form, you consent to us contacting you with updates about the Agentivity cloud launch and product news. You may withdraw consent at any time.
  • Contract performance (Art. 6(1)(b)): Processing necessary to provide you with the services you have requested, including account management and billing.
  • Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, such as improving the Platform, preventing fraud, and ensuring security, where those interests are not overridden by your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): Processing required to comply with applicable law, such as accounting and tax obligations.

4. How We Use Your Data

  • To send you access confirmation and updates when the Agentivity cloud service launches (waitlist subscribers).
  • To manage your account and provide you with the services you have subscribed to.
  • To process payments and issue invoices (paid subscribers).
  • To respond to your enquiries and provide customer support.
  • To improve the Platform by analysing anonymised usage patterns.
  • To detect, investigate, and prevent fraudulent activity, abuse, or security incidents.
  • To comply with applicable legal and regulatory obligations.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

5. Data Sharing and Third Parties

We share your personal data only in the following circumstances:

5.1 Service providers (processors)

  • Netlify — website hosting and form processing. Netlify processes form submission data on our behalf.
  • Payment processors — for paid subscriptions (specific provider to be announced). Payment processing is conducted under PCI DSS compliance.
  • Email service providers — for transactional and notification emails.
  • Cloud infrastructure providers — for hosting the cloud service.

All service providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection law.

5.2 Legal requirements

We may disclose your data if required to do so by law, court order, or at the request of a competent authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Agentivity, our users, or the public.

5.3 Business transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

We are based in Belgium and primarily process data within the European Economic Area (EEA). Some of our third-party service providers may process data outside the EEA (for example, in the United States).

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on an adequacy decision. You may request information about the specific safeguards applied to international transfers by contacting us at hello@agentivity.io.

7. Data Retention

  • Waitlist email addresses: Retained until you request deletion, or for 24 months from submission if no cloud service has launched, whichever comes first.
  • Account data: Retained for the duration of your account plus a reasonable period thereafter for legal compliance purposes (typically up to 3 years after account closure).
  • Transaction records: Retained for 7 years for accounting and tax compliance purposes.
  • Support communications: Retained for up to 3 years from the date of the last communication.
  • Usage logs: Retained in anonymised form for up to 13 months.

We will delete or anonymise your data promptly once it is no longer required for the purpose for which it was collected.

8. Security Measures

We implement technical and organisational security measures appropriate to the risk of processing your personal data. These include:

  • Encryption in transit (TLS) and at rest where applicable.
  • Access controls limiting data access to authorised personnel only.
  • Regular security reviews of our infrastructure and third-party providers.
  • Procedures for detecting, reporting, and investigating personal data breaches.

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using commercially reasonable means.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with our obligations under the GDPR.

9. Cookies and Tracking Technologies

The Agentivity website uses no third-party analytics or advertising cookies. We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any behavioural tracking or retargeting technology.

We may use strictly necessary cookies to maintain session state for logged-in users of the hosted cloud service. These cookies are essential for the service to function and do not require consent under the ePrivacy Directive.

If we introduce any non-essential cookies in the future, we will update this policy and obtain your consent in advance.

10. Your Rights Under the GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access (Art. 15): To request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): To request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): To request deletion of your data, subject to our legal obligations.
  • Right to restriction (Art. 18): To request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): To receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): To object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: To withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at hello@agentivity.io. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be) or the supervisory authority in your country of residence.

11. Children's Privacy

Agentivity is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor without appropriate consent, please contact us immediately at hello@agentivity.io and we will take steps to delete that data promptly.

12. Links to Third-Party Services

Our website and Platform may contain links to or integrations with third-party websites and services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you connect to your agents, as their data practices may differ significantly from ours.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date and, where required by law, by seeking fresh consent or providing direct notification.

We encourage you to review this policy periodically. Your continued use of the Platform after changes are published constitutes acceptance of the updated policy.

14. Contact

For any privacy-related questions, requests, or complaints:

Agentivity
Email: hello@agentivity.io
Response time: within 30 days (GDPR requests), within 5 business days (general enquiries)