Privacy Policy

1. Data Collected

Account data: email, name. Agent config: content you provide during setup. Conversations: messages (30-day retention). Leads: name, email, phone, company — encrypted at rest (AES-256), 90-day retention. IP addresses: hashed with SHA-256, never stored in plain text. Analytics: anonymised, no PII.

2. Legal Basis

Account: contract performance (Art. 6(1)(b)). Conversations: legitimate interest (Art. 6(1)(f)). Leads: explicit consent (Art. 6(1)(a)). Analytics: legitimate interest.

3. Third Parties

Creem (payments/MoR), OpenRouter (LLM inference), Anthropic (LLM inference), Vercel (hosting), Resend (email), Neon (database). Calendar booking links redirect to third-party scheduling services. See subprocessors.

4. Your Rights

Access, rectify, erase, port, object, withdraw consent. Via admin panel or privacy@agenturo.app. 30-day response.

5. Security

Encryption at rest (AES-256 for leads), encryption in transit (TLS 1.3), hashed IPs, parameterised queries, CSP headers, rate limiting.

6. Cookies

Authentication session cookie (essential, HttpOnly). Theme preference cookie (functional). No tracking cookies. No advertising cookies.

7. Data Retention

Conversations: 30 days. Leads: 90 days (extendable to 1 year). Account data: subscription period + 90 days. Anonymised aggregates: indefinite.

Contact

privacy@agenturo.app | support@agenturo.app