Privacy Policy

Effective date: January 1, 2025 · Last updated: January 1, 2025

AgentFlow Technologies Inc. ("Company," "we," "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and what rights you have regarding your information.

1. Data We Collect

  • Personal data: name, email address, phone number, company name — collected during account registration.
  • Usage data: IP address, browser type, pages viewed, time on site, referral source — collected automatically.
  • Agent data: request logs, agent configurations, task execution results — necessary to provide the service.
  • Payment data: processed through our secure provider Stripe Inc. We do not store credit card details on our servers.

2. How We Use Your Data

  • Providing and maintaining the AgentFlow service
  • Improving platform quality and user experience
  • Sending service notifications and product updates
  • Preventing fraud and ensuring platform security
  • Complying with applicable legal obligations

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases: (a) performance of a contract — to provide the service you signed up for; (b) legitimate interest — to improve our platform, prevent fraud, and ensure security; (c) consent — for optional marketing communications, which you can withdraw at any time; (d) legal obligation — when required by applicable law.

4. Data Storage & Security

Data is stored on AWS servers (region eu-central-1, Frankfurt, Germany) and Google Cloud Platform (region europe-west3, Frankfurt). We implement industry-standard security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • SOC 2 Type II compliant infrastructure
  • Regular penetration testing and security audits
  • Role-based access control with multi-factor authentication

Data retention period: no longer than 36 months from last account activity. Upon account deletion, personal data is purged within 30 days, with backups cleared within 90 days.

5. Third-Party Data Sharing

We do not sell, rent, or trade your personal data. Data may be shared with the following categories of processors:

  • Infrastructure providers (AWS, Google Cloud) — for hosting and data storage
  • Payment processors (Stripe Inc.) — for payment processing
  • Analytics services (Plausible Analytics) — privacy-first, cookieless analytics for UX improvement
  • Email services (Postmark) — for transactional email delivery
  • Law enforcement — only when required by valid court order or legal process

6. International Data Transfers

If your data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions where applicable.

7. Your Rights

Under GDPR, CCPA, and other applicable privacy regulations, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Data portability — receive your data in a structured, machine-readable format
  • Restrict processing — limit how we use your data
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior lawful processing

To exercise any of these rights, contact us at privacy@agentflow.ai. We will respond within 30 days.

8. Cookies

We use only strictly necessary functional cookies required for service operation (authentication, session management). Our analytics provider (Plausible Analytics) does not use cookies and does not collect personal data. We do not use advertising or tracking cookies of any kind.

9. Children's Privacy

AgentFlow is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email notification and a prominent notice on our website at least 30 days before they take effect. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Information

AgentFlow Technologies Inc.
Data Protection Officer
548 Market St, Suite 35410
San Francisco, CA 94104, USA
Email: privacy@agentflow.ai
Phone: +1 (415) 555-0182
European Representative
AgentFlow Europe GmbH
Friedrichstraße 123
10117 Berlin, Germany
Email: eu-privacy@agentflow.ai

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.