Privacy Policy

Last updated: 2026-05-09

This document is a working version. Final wording should be reviewed by qualified EU privacy counsel before high-volume use. For specific data processing arrangements (DPA), contact info@inovateai.com.

1. Who we are

Agenticas OÜ ("Agenticas", "we", "us") is the data controller for personal data processed via this website and a data processor for personal data we handle on behalf of clients during AI Digital Worker deployments.

  • Legal entity: Agenticas OÜ
  • Registered address: Tallinn, Estonia
  • VAT: EE102954119
  • Contact: info@inovateai.com

2. What we collect (website visitors)

  • Booking & contact forms: name, email, phone, company, website, country, company size, the description of work you'd like to automate, and any UTM parameters present in your URL.
  • Analytics: aggregated usage data via Google Analytics 4 (page views, anonymized IP, device/browser info). No advertising profiles built.
  • Server logs: standard request metadata (IP, user agent, timestamp) retained for 30 days for security and debugging.

3. Lawful basis for processing

  • Contact / booking submissions: Article 6(1)(b) GDPR — processing necessary for steps prior to entering a contract.
  • Analytics & security logging: Article 6(1)(f) GDPR — legitimate interest, balanced against your rights.
  • Client data we process during deployments: Article 28 GDPR — processed under written instruction from the client (data controller), per the executed DPA.

4. How long we keep data

  • Booking & contact submissions: 24 months from last contact, then deleted.
  • Server logs: 30 days.
  • Analytics: per Google Analytics retention (currently 14 months, anonymized).
  • Client deployment data: per the DPA in your contract — typically deleted within 30 days of contract termination.

5. Where data is processed

Primary processing infrastructure is located in the European Union. We use the following sub-processors:

  • Resend (transactional email) — EU/US, processed under SCCs.
  • Google Analytics 4 — EU/US, anonymized IP enabled.
  • Anthropic (AI model provider for client deployments only) — US, processed under SCCs and Anthropic's enterprise data terms.

A current sub-processor list is available on request.

6. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you
  • Request correction or erasure
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (where consent is the basis)
  • Lodge a complaint with the Estonian Data Protection Inspectorate (AKI) or your local supervisory authority

To exercise any of these rights, email info@inovateai.com. We respond within 30 days.

7. Cookies

We use essential cookies (session, security) and Google Analytics with anonymized IP. We do not use advertising or tracking cookies. A cookie banner will be added before collecting any non-essential cookies.

8. Security

Encryption in transit (TLS 1.2+) and at rest. Least-privilege access. Audit logs for all access to client data. Security incidents involving personal data are reported to affected parties and the appropriate supervisory authority within 72 hours, per Article 33 GDPR.

9. Changes

We may update this policy. Material changes are notified by email to clients and posted here with an updated revision date.