Privacy Policy

1. Introduction

AI Agentics ("AI Agentics," "we," "us," or "our") operates the agentic-AI platform available at aiagentics.io and related developer tools, SDKs, and APIs (together, the "Services"). This privacy policy explains how we handle personal data and customer content in connection with the Services. It applies to visitors of our website, registered account holders, and end users whose data is processed when our customers build and operate AI agents.

We act in two distinct roles. When we decide how and why your personal data is processed — for example, account administration or marketing — we are a data controller. When our customers use the platform to process data through their own AI agents and workflows, we act as a data processor and handle that content under their instructions and our Data Processing Addendum. Your use of the Services is also governed by our Terms of Service.

2. Information we collect

We collect information in three broad categories: data you provide, data we collect automatically, and data we receive from third parties.

Information you provide

• Account & profile data — your name, work email, organization name, role, and password (stored only as a salted hash) when you register.
• Billing data — billing address and plan details. Card numbers are processed directly by our PCI-DSS compliant payment processor; we never store full card numbers on our servers.
• Support & communications — messages, tickets, and feedback you send to us, including any attachments.
• Customer content — prompts, agent configurations, tool definitions, documents you index into a vector store for retrieval-augmented generation (RAG), and the inputs and outputs that flow through your agents.

Information we collect automatically

• Usage & telemetry — feature usage, agent run counts, token consumption, latency, and error traces used for billing, debugging, and observability.
• Device & log data — IP address, browser type, operating system, referring pages, and timestamps recorded in standard server logs.
• Cookies & similar technologies — see the Cookies section and our Cookie Policy.

Information from third parties

If you sign in through a single sign-on provider, connect an integration, or are referred by a partner, we may receive limited profile or authentication data from those sources, as permitted by their policies and your settings.

3. How we use information

We use personal data to operate, secure, and improve the Services. Specifically, we process data to:

• provide, maintain, and authenticate access to the Services;
• run, monitor, and meter your AI agents, including token accounting and rate limiting;
• process payments, prevent fraud, and enforce usage limits and our acceptable-use policy;
• provide customer support and respond to your requests; diagnose and fix technical issues;
• send service notices and, where permitted, product updates you can unsubscribe from at any time; and
• comply with legal obligations and protect the rights, safety, and property of AI Agentics, our customers, and the public.

Where the GDPR applies, our legal bases for processing are the performance of a contract (delivering the Services), our legitimate interests (securing and improving the platform), your consent (for optional cookies and marketing), and legal obligation (for tax and compliance records).

4. AI, agent data & model training

Because AI Agentics is an agentic-AI platform, the way we treat the content your agents process matters. We hold ourselves to a clear, customer-first standard.

• We do not use your customer content to train models that are shared with other customers without your explicit, opt-in consent. Your prompts, documents, tool outputs, and agent results remain your data and are not pooled into shared or foundation models by default.
• Processing for delivery only. We process customer content solely to provide the Services you requested — for example, routing a prompt to your chosen model provider, executing tool calls, or retrieving vectors from your store.
• Third-party model providers. When you select an external LLM provider, your prompts are transmitted to that provider under its terms. We work with providers that offer zero-retention or no-training options where available, and we surface those choices in your workspace settings.
• Abuse and safety review. We may inspect limited metadata or content where required to investigate security incidents, prevent abuse, or comply with law — never to build competing or shared models.

5. Sharing & subprocessors

We do not sell personal information and we do not share it for cross-context behavioral advertising. We disclose data only in the limited circumstances below:

• Subprocessors — vetted vendors who provide cloud hosting, payment processing, email delivery, error monitoring, and analytics on our behalf, under contracts that require appropriate security and confidentiality.
• At your direction — integrations and model providers you connect to your agents, which receive data according to your configuration.
• Legal & safety — to comply with valid legal process, enforce our agreements, or protect against fraud, abuse, or harm.
• Business transfers — in connection with a merger, acquisition, or asset sale, subject to this policy or a successor with equivalent protections.

The categories of subprocessors below illustrate the functions we rely on. A current, named subprocessor list is available on request and is incorporated into our DPA.

6. Data retention

We retain personal data for as long as needed to provide the Services and for legitimate business or legal purposes. Account data is kept while your account is active. After you delete your account, we remove or anonymize associated personal data within 90 days, except where a longer period is required by law (for example, tax records) or to resolve disputes and enforce agreements. Customer content is retained according to the retention window your workspace administrator configures; backups are purged on a rolling schedule. Aggregated, de-identified statistics that cannot reasonably identify an individual may be kept indefinitely.

7. International transfers

We operate globally, so your data may be processed in countries other than your own, including the United States. Where we transfer personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary technical and organizational measures. You may request a copy of the relevant transfer mechanism by contacting us.

8. Your rights (GDPR & CCPA)

Depending on where you live, you may have some or all of the following rights over your personal data:

• Access & portability — obtain a copy of the personal data we hold about you in a portable format.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data, subject to legal exceptions.
• Restriction & objection — limit or object to certain processing, including processing based on legitimate interests.
• Withdraw consent — where processing relies on consent, withdraw it at any time without affecting prior processing.
• Non-discrimination & opt-out (CCPA/CPRA) — California residents may request disclosure of the categories of data collected, request deletion, and opt out of any sale or sharing. We do not sell personal information, and exercising these rights will not result in discriminatory treatment.

To exercise a right, email our privacy team from the address associated with your account. We will verify your identity and respond within the timeframe required by applicable law (generally 30 to 45 days). You also have the right to lodge a complaint with your local data protection authority.

9. Security

We maintain a defense-in-depth security program and undergo independent SOC 2 Type II audits. Safeguards include encryption of data in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, least-privilege access, network isolation, continuous logging, and regular penetration testing. No method of transmission or storage is completely secure, but we work to protect your data and to notify affected parties and regulators of qualifying breaches as required by law. Read more on our security page.

10. Children's privacy

The Services are intended for businesses and developers and are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Cookies

We use strictly necessary cookies to operate the website and, with your consent where required, optional cookies for analytics and preferences. You can manage your choices through our consent banner and browser settings. For full details on the cookies we use and how to control them, see our Cookie Policy.

12. Changes to this policy

We may update this privacy policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice such as an in-product message or email. Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy.

13. Contact us

If you have questions about this policy or how we handle your data, please reach out. We are committed to resolving privacy concerns transparently and promptly.