Privacy Policy

The data controller responsible for the processing of personal data described in this Policy is [Company Legal Entity], with registered office at [Registered Address] ("ai-agents.bar", "we", "us", "our").

For any privacy-related enquiry you can contact our Data Protection Officer at dpo@ai-agents.bar.

This Policy applies to personal data we process as a controller, namely:

• Visitors to ai-agents.bar and related marketing sites.
• Prospects who request a demo, trial or sales contact.
• Account holders, workspace administrators and end-users of our platform.

When our customers configure AI agents to process personal data of their own end-users, employees, customers or third parties via integrations (Customer Data), we act as a processor on behalf of those customers. The processing of Customer Data is governed by our Data Processing Addendum (DPA), available at /dpa.html.

We collect the following categories of personal data:

Account data. Name, work email, organisation, role, password hash, profile picture, time zone, language preferences, billing contact, VAT/tax identifiers.

Authentication data. Multi-factor authentication factors, single sign-on identifiers, OAuth tokens for connected applications.

Usage data. Pages viewed, features used, click-stream, session duration, browser, operating system, device identifiers, approximate location derived from IP address.

Agent execution logs. Inputs received by an agent, intermediate reasoning steps, tool/API calls performed, outputs produced, evaluation scores, human approvals, error traces, run timestamps. These logs may contain personal data if your prompts or connected integrations contain personal data.

Integration data. Data ingested by agents from connected applications such as Slack, HubSpot, Salesforce, Google Workspace, Microsoft 365, Notion, Jira, Linear, Intercom, Zendesk, Stripe, Shopify, Zapier, GitHub, Postgres, Snowflake, Airtable, Twilio, SendGrid, AWS, WhatsApp, Gmail, MongoDB and webhooks. The categories of data depend on the scopes you grant.

Support & communications. Messages, tickets, attachments and call recordings exchanged with our support, sales or success teams.

Billing data. Plan, invoices, payment status. Card details are processed directly by our payment provider; we do not store full card numbers.

Cookies & similar technologies. See our Cookie Policy.

We process personal data for the following purposes:

• Providing, maintaining and improving the platform and its features.
• Creating and managing user accounts and workspaces.
• Operating, monitoring and optimising AI agent execution, including prompt evaluation, safety filtering and quality assurance.
• Providing customer support and responding to enquiries.
• Billing, invoicing, fraud prevention and tax compliance.
• Sending service communications, security notices and product updates.
• Sending marketing communications, where permitted, with the option to unsubscribe at any time.
• Detecting, preventing and responding to security incidents, abuse, jailbreak attempts and violations of our Terms of Service.
• Complying with legal obligations and responding to lawful requests from authorities.

Where the GDPR applies, we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)) — to provide the platform you have subscribed to.
• Legitimate interests (Art. 6(1)(f)) — to secure the platform, prevent fraud and abuse, improve our services, and conduct limited direct marketing toward business contacts. We balance our interests against your rights and freedoms.
• Consent (Art. 6(1)(a)) — for non-essential cookies, marketing communications to consumers, and any optional features that require explicit opt-in. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, security and other applicable laws.

We share personal data with carefully selected service providers acting as processors on our behalf, including:

• Cloud infrastructure and hosting providers.
• Foundation model providers used to power agent reasoning.
• Payment, billing and tax processors.
• Email, support and product analytics tools.
• Identity, authentication and security monitoring providers.

An up-to-date list of sub-processors is available on request at privacy@ai-agents.bar and is referenced in our DPA. We may also disclose personal data when required by law, court order, or to protect the rights, property or safety of ai-agents.bar, our customers or others.

We operate globally. Personal data may be transferred to, and processed in, countries outside the European Economic Area, the United Kingdom and Switzerland. When we transfer personal data internationally, we rely on appropriate safeguards, including:

• European Commission adequacy decisions, where available.
• Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by transfer impact assessments and additional technical and organisational measures.
• UK International Data Transfer Addendum and the Swiss equivalent, where applicable.

Customers can request a copy of the safeguards in place by contacting privacy@ai-agents.bar.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting or reporting requirements.

• Account data: for the duration of the account and up to 12 months after termination, then deleted or anonymised.
• Agent execution logs: by default 90 days; configurable per workspace, subject to plan limits.
• Billing records: up to 10 years where required by tax law.
• Security audit logs: up to 24 months.
• Marketing data: until you unsubscribe or after 24 months of inactivity.

We implement industry-standard technical and organisational measures to protect personal data, including encryption in transit (TLS 1.3) and at rest (AES-256), strict role-based access control, single sign-on and multi-factor authentication, sandboxed agent execution, runtime guardrails, blast-radius controls, comprehensive audit trails, regular penetration testing and vulnerability management. See our Security page for details.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete personal data.
• Erase personal data ("right to be forgotten").
• Restrict or object to certain processing, including profiling and direct marketing.
• Receive a portable copy of personal data you provided to us in a structured, machine-readable format.
• Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
• Lodge a complaint with your local supervisory authority. EU users may contact their national Data Protection Authority; UK users may contact the Information Commissioner's Office (ICO).

To exercise these rights, email privacy@ai-agents.bar. If you are an end-user of a customer that uses our platform to process your personal data, please contact that customer first; we will support them in responding to your request.

We use cookies and similar technologies to operate our website, remember your preferences, measure performance and, with your consent, support marketing. For details on the cookies in use, their purpose and how to manage them, see our Cookie Policy.

The platform is not directed to individuals under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact privacy@ai-agents.bar and we will promptly delete such data.

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we do, we will update the "Last updated" date above and, for material changes, notify account holders by email or in-product notice at least 30 days in advance.

For questions, requests or complaints about this Policy or our data practices, please contact:

• Email: privacy@ai-agents.bar
• Data Protection Officer: dpo@ai-agents.bar
• Postal: [Company Legal Entity], [Registered Address]