Privacy Policy

Effective Date: May 8, 2025

Last Revised: May 8, 2025

This Privacy Policy ("Policy") governs the collection, processing, storage, use, and disclosure of personal data by Agentic Agency, a business entity domiciled in the United States, in connection with its website, platform, and AI automation services (the "Services"). This Policy is drafted in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), UK GDPR, California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), and other applicable federal and state privacy laws of the United States.

1. Controller Information

For the purposes of data protection law, Agentic Agency acts as the "Data Controller" with respect to the personal data collected through its Services.

Controller Name: Agentic Agency
Registered Address: [Insert full address]
Email Contact: [Insert privacy contact email]
Website: https://www.agenticagency.io

2. Scope and Application

This Policy applies to all individuals ("Data Subjects") whose personal data is collected or processed by Agentic Agency, including visitors to our website, prospective and current clients, and users of our AI Agent services. This includes data processing activities that may occur within or beyond the United States, including in the European Economic Area (EEA), United Kingdom, and other jurisdictions with applicable privacy regulations.

3. Categories of Personal Data Collected

Agentic Agency may collect the following categories of personal data:

  • Identifiers and Contact Data: Name, email address, phone number, company affiliation
  • Account and Transactional Data: Billing information, payment identifiers (via PCI-DSS-compliant processors)
  • Technical and Usage Data: IP address, browser type, OS, device identifiers, user session metadata, website navigation behavior
  • Communication and Engagement Data: Audio recordings, chat logs, SMS content, appointment data
  • Third-Party Integration Data: Data accessed from CRMs, calendars, and messaging platforms upon user authorization
  • Cookie and Tracking Data: Unique cookies, session IDs, advertising identifiers, location metadata (via browser consent)

4. Legal Bases for Processing (GDPR)

We process personal data only when there is a lawful basis under Article 6 of the GDPR, including:

  • Consent (Art. 6(1)(a)): for optional services such as marketing, non-essential cookies
  • Contractual Necessity (Art. 6(1)(b)): for onboarding, support, and providing Services
  • Legal Obligation (Art. 6(1)(c)): for compliance with applicable legal requirements
  • Legitimate Interests (Art. 6(1)(f)): for internal analytics, fraud prevention, client engagement (subject to balance test)

A full matrix mapping data categories to lawful basis is maintained and available upon request.

5. Purposes of Data Processing

Agentic Agency processes personal data for the following specific and legitimate purposes:

  • To provide and improve Services, including AI Agent automation features
  • To process transactions and manage user accounts
  • To facilitate customer service, onboarding, and technical support
  • To personalize user experience and perform analytics
  • To comply with contractual, legal, and regulatory obligations
  • To prevent fraud, enforce terms of service, and ensure network security

6. Recipients and Data Sharing

Agentic Agency does not sell personal data. We may share data with:

  • Data Processors (under written DPA): Cloud hosting, telephony/SMS APIs, AI model vendors, payment processors
  • Third-Party Vendors: With explicit user consent (e.g., CRM sync tools, integrations)
  • Authorities: When legally required under subpoenas, warrants, or applicable law
  • Corporate Transfers: In case of merger, acquisition, or sale of assets, subject to confidentiality agreements

If personal data is shared for purposes defined as "selling" or "sharing" under the CPRA, you will be provided the ability to opt out via a "Do Not Sell or Share My Personal Information" mechanism.

7. International Data Transfers

Where personal data is transferred outside the EEA, UK, or other jurisdictions with data export restrictions:

  • Agentic Agency uses Standard Contractual Clauses (SCCs) approved by the European Commission
  • A Transfer Impact Assessment (TIA) is conducted where applicable
  • We may also participate in the EU-U.S. Data Privacy Framework, if certified

A full list of countries to which data may be transferred, and the safeguards in place, can be provided upon request.

8. Data Retention

Personal data is retained for no longer than necessary for the purposes outlined in this Policy, unless a longer retention period is required by law.

General retention guidelines:

  • User accounts: 7 years after last activity
  • Financial records: 7 years for compliance
  • Chat logs and AI interactions: 12–24 months
  • Cookies and analytics data: 12 months (unless re-consented)

Upon expiration of the applicable retention period, data will be securely deleted or anonymized.

9. Data Subject Rights

a. For EEA/UK Residents (GDPR)

You have the right to:

  • Access personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase data ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))
  • Not be subject to automated decision-making without meaningful human oversight (Art. 22)
  • Lodge a complaint with a supervisory authority (e.g., ICO, CNIL, DPC)

b. For California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal information is collected and how it is used/shared
  • Access and request a copy of your data
  • Delete personal information (with exceptions)
  • Opt out of the sale or sharing of personal data
  • Correct inaccurate data
  • Limit the use and disclosure of sensitive personal information
  • Non-discrimination for exercising your rights

You may exercise your rights by contacting us at [insert email] or submitting a verified request through our Data Rights Portal (if applicable).

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies in compliance with:

  • ePrivacy Directive (for EU visitors)
  • GDPR (consent for analytics/advertising)
  • CPRA (sale/sharing disclosure)

We obtain explicit user consent before setting non-essential cookies and provide equal prominence to accept/reject buttons via our cookie consent banner.

A detailed Cookie Policy is available here.

11. Children's Privacy

The Services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If we become aware of data collected from a child without verified parental consent, we will take immediate steps to delete such data.

12. Security Measures

Agentic Agency maintains appropriate technical and organizational measures (TOMs) to ensure data integrity and security, including:

  • Transport Layer Security (TLS) encryption
  • AES-256 encryption at rest
  • Role-based access controls
  • Secure development lifecycle protocols (SDLC)
  • Incident detection, response plans, and third-party penetration testing

13. Policy Updates

This Privacy Policy may be amended periodically. Material changes will be notified by:

  • Email to registered users
  • Prominent notice on our website
  • Updates to the "Effective Date" at the top of this Policy

14. Contact

If you have any questions regarding this Privacy Policy or would like to exercise your rights:

Agentic Agency – Data Privacy Team
Email: [[email protected]]
Website: https://www.agenticagency.io

If you are based in the EEA or UK and require a Data Protection Representative under Article 27 GDPR, or if you wish to contact a Data Protection Officer (if appointed), please contact us at the above address for referral.