Privacy Policy

Last updated: April 23, 2026 · GDPR · EU AI Act · CCPA compliant

Per la versione in italiano contattare: info@agntx.tech
This Privacy Policy explains how AGNTX ("AGNTX", "we", "us", "our") collects, uses, and protects personal data when you use our AI voice-assistant platform at agntx.tech. It applies to all users worldwide, with specific sections for EU/EEA residents (GDPR) and California residents (CCPA/CPRA).

1. Data Controller

The data controller responsible for your personal data is:

AGNTX

Email: privacy@agntx.tech

General enquiries: info@agntx.tech

If you have questions about how we handle your data or wish to exercise your rights, please contact us at privacy@agntx.tech.

2. Data We Collect

2.1 Account Data

When you create an account we collect: full name (optional), email address, encrypted password, invite code used, and registration timestamp.

2.2 Voice & Conversation Data

When you use the voice interface, your spoken audio is sent to OpenAI's Whisper API for transcription. The transcribed text is then processed by OpenAI's language models to generate responses. We do not permanently store raw audio recordings. Conversation text (messages) is stored in our database to provide conversation history and memory features.

2.3 Usage & Billing Data

We collect command counts, subscription status, bundle purchase history, and payment references (Mollie payment IDs). We do not store full payment card details — those are handled exclusively by Mollie B.V.

2.4 Integration Data

If you connect third-party services (Google Calendar, Gmail, Slack, Notion, GitHub), we store OAuth access tokens and refresh tokens necessary to execute actions on your behalf. We access only the scopes you explicitly authorise.

2.5 Technical & Log Data

We may collect IP address, browser type, device information, and usage logs for security, fraud prevention, and service improvement purposes.

2.6 Cookies & Local Storage

We use strictly necessary cookies for session management (NextAuth session cookie) and browser local storage for UI preferences (voice settings, cookie consent flag). We do not use advertising or tracking cookies. See Section 10 for details.

3. How We Use Your Data & Legal Basis (GDPR Art. 6)

Purpose	Legal Basis
Providing the AGNTX service (account, voice assistant, integrations)	Art. 6(1)(b) — Performance of contract
Processing payments for bundles	Art. 6(1)(b) — Performance of contract
Security, fraud prevention, abuse detection	Art. 6(1)(f) — Legitimate interests
Improving and debugging the service	Art. 6(1)(f) — Legitimate interests
Sending transactional emails (billing confirmations, password resets)	Art. 6(1)(b) — Performance of contract
Sending marketing communications (if opted in)	Art. 6(1)(a) — Consent
Compliance with legal obligations	Art. 6(1)(c) — Legal obligation

4. AI Processing & EU AI Act Disclosure

⚠ You are interacting with an AI system. In compliance with EU AI Act Article 50 (Regulation 2024/1689), we inform you that AGNTX is an artificial intelligence system. Responses are generated by AI models and may not always be accurate. Always verify critical information with qualified professionals.

AGNTX is classified as a General Purpose AI (GPAI) consumer application. It is not a high-risk AI system under Annex III of the EU AI Act.
Voice transcription and language model inference is performed by OpenAI (gpt-4o-mini-transcribe, gpt-5-nano, tts-1). OpenAI acts as a data processor under a Data Processing Agreement.
AI-generated responses must not be relied upon for medical, legal, financial, or safety-critical decisions.
Automated decisions are not made about you based solely on AI processing. A human can always review and override AI-generated actions.

5. Third-Party Data Processors

OpenAI, Inc.

USA

AI inference (language models, speech-to-text, text-to-speech) · Privacy policy ↗

Mollie B.V.

Netherlands (EU)

Payment processing for bundles · Privacy policy ↗

Google LLC

USA

OAuth authentication, Calendar/Gmail/Tasks integration (if connected) · Privacy policy ↗

Vercel Inc.

USA

Hosting and edge infrastructure · Privacy policy ↗

Neon Tech Inc.

USA

PostgreSQL database hosting · Privacy policy ↗

Transfers to processors in the USA are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914) or equivalent safeguards.

6. Data Retention

Account dataUntil you delete your account, then within 30 days
Conversation historyUntil deleted by you or account deletion
Voice audioNot retained — processed in real time and discarded
Payment records7 years (legal/tax obligation)
Usage logs90 days rolling window
OAuth tokensUntil integration is disconnected or token expires
BackupsUp to 30 days after deletion

7. Your Rights (GDPR — EU/EEA Users)

If you are in the EU/EEA, you have the following rights under GDPR:

Right of access (Art. 15): Request a copy of the data we hold about you.
Right to rectification (Art. 16): Request correction of inaccurate data.
Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”).
Right to restriction (Art. 18): Request that we limit processing of your data.
Right to data portability (Art. 20): Receive your data in a machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent (Art. 7): Withdraw consent at any time for consent-based processing (e.g. marketing).
Right not to be subject to automated decisions (Art. 22): Not be subject to solely automated decisions with significant effects.
Right to lodge a complaint: Lodge a complaint with your national supervisory authority. In Italy: Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).

To exercise any of these rights, email privacy@agntx.tech. We will respond within 30 days.

8. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA:

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, or sell.
Right to Delete: Request deletion of personal information we collected from you.
Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioural advertising.
Right to Correct: Request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: We only use sensitive data for the purposes stated in this policy.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights.

Submit California rights requests to: privacy@agntx.tech

9. Children's Privacy

AGNTX is not directed to children under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us at privacy@agntx.tech and we will delete it promptly.

10. Cookies & Tracking Technologies

We use the following cookies and local storage items:

Name	Type	Purpose	Duration
next-auth.session-token	Essential	Authentication session	30 days
agntx-cookie-consent	Essential	Records your cookie consent choice	1 year
agntx-voice-config	Functional	Saves voice/speed preferences locally	Persistent (localStorage)

We do not use analytics, advertising, or third-party tracking cookies. You can withdraw your cookie consent at any time by clearing your browser storage.

11. Data Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, bcrypt password hashing, OAuth 2.0 token security, access controls, and regular security reviews. However, no internet transmission is 100% secure and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last updated" date at the top and, where required by law, notify you by email or in-app notice. Continued use of AGNTX after the update constitutes acceptance of the revised policy.

13. Contact Us

For privacy-related enquiries, data subject requests, or to contact our Data Protection contact point:

Email: privacy@agntx.tech

Response time: within 30 days as required by GDPR.

← Home Terms & Conditions info@agntx.tech