Privacy Policy

Agensor (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable Swedish data protection law.

1. What Data We Collect

We collect the minimum data needed to provide the Service:

• Account data — email address, name, and authentication credentials when you sign up.
• Billing data — payment method details (handled and stored by Stripe), subscription tier, invoice history.
• Usage data — API call counts, credit transactions, metering events, and timestamps associated with your account and your end-users' wallets.
• Technical data — IP addresses, request logs, browser type, and error traces used for security monitoring and debugging.
• Waitlist data — if you sign up for early access, we store your email address until the product launches.

We do not collect or store the content of your end-users' AI interactions. We only see billing and metering events (e.g. “user A spent 50 credits at 14:23”).

2. How We Use Your Data

• Service delivery — to create and manage your account, process API requests, and provide the dashboard.
• Billing — to process payments, issue invoices, and handle subscription changes via Stripe.
• Communications — to send transactional emails (e.g. payment receipts, credit alerts) and, with your consent, product updates.
• Security & fraud prevention — to monitor for unusual activity, enforce rate limits, and protect the platform.
• Improvements — aggregated, anonymised analytics to understand how the product is used and where to focus development.

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Third-Party Services

To operate the Service, we share data with the following trusted sub-processors. Each is contractually obligated to protect your data.

For transfers outside the EU (Resend, Vercel, Clerk, Stripe), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

4. Data Retention

We keep your account data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where we are required to retain it longer for legal or financial compliance (e.g. invoices must be retained for 7 years under Swedish accounting law).

Anonymised, aggregated usage statistics are kept indefinitely and cannot be linked back to you.

5. Your Rights (GDPR)

If you are in the EU or EEA, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) — ask us to delete your personal data, subject to our legal retention obligations.
• Right to data portability — receive your data in a structured, machine-readable format (JSON).
• Right to object — object to processing based on legitimate interests or for direct marketing purposes.
• Right to restrict processing — ask us to pause processing while a dispute is resolved.

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local supervisory authority.

6. Cookies

We use only essential, functional cookies — for authentication sessions and CSRF protection. We do not use advertising or third-party tracking cookies. No consent banner is required for strictly necessary cookies under GDPR.

7. Changes to This Policy

We may update this policy when the Service changes. We'll notify you by email at least 14 days before material changes take effect. The “Last updated” date at the top of this page always reflects the current version.

8. Contact

Data controller: Agensor (Sweden). For privacy questions or to exercise your rights, contact: [email protected].