Privacy Policy

1. Who We Are

The Agentic Who (“we”, “us”, “our”) operates the AI helper platform at theagenticwho.com. We are the data controller responsible for your personal data.

For privacy-related inquiries, contact us at hello@theagenticwho.ai.

2. Information We Collect

Information you provide directly:

• Account information — name, email address, business name, password
• Payment information — processed securely by Stripe. We do not store your full credit card details.
• Business data — information you share with our AI helpers during conversations (business details, documents, preferences, instructions)
• Communication data — emails, support requests, and feedback you send to us
• Booking information — appointment dates, times, and meeting preferences

Information collected automatically:

• Usage data — pages visited, features used, session duration
• Device data — browser type, operating system, screen resolution
• Log data — IP address, access times, referring URLs
• Cookies — essential cookies for authentication and session management (see Section 8)

3. How We Use Your Information

We use your information for the following purposes:

• Providing the Service — delivering AI helper functionality, processing your requests, managing your account
• Payment processing — handling subscriptions, billing, and refunds via Stripe
• Communication — sending account notifications, booking confirmations, service updates, and responding to your enquiries
• Improvement — analysing usage patterns to improve our helpers and platform (aggregated and anonymised where possible)
• Security — detecting and preventing fraud, abuse, and unauthorised access
• Legal compliance — meeting our legal obligations under applicable laws

We do not use your business data to train AI models. Your conversations with our helpers are not used to improve the underlying Anthropic/Claude models. Anthropic's data handling policies apply to data processed through their platform.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis for processing, we rely on the following:

• Contract performance — processing necessary to provide the Service you have subscribed to
• Legitimate interests — improving our Service, preventing fraud, and communicating with you about your account
• Consent — where required by law, such as for marketing communications or non-essential cookies
• Legal obligation — where processing is required to comply with applicable laws

5. Data Sharing & Third-Party Processors

We do not sell your personal information.

We share data with the following categories of service providers, each bound by data processing agreements:

• Anthropic — AI model provider. Your conversations with our helpers are processed through Anthropic's Claude platform. Subject to Anthropic's privacy policy.
• Stripe — Payment processing. Receives payment information necessary to process your transactions. Subject to Stripe's privacy policy.
• Google — Calendar and meeting services. Receives booking information for scheduling appointments.
• Email service provider — Sends transactional emails (welcome emails, receipts, booking confirmations).
• Hosting provider (Fly.io) — Infrastructure hosting for the platform.

We may also disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

6. International Data Transfers

Your data may be processed in countries outside your own, including Australia, the United States, and Canada. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by relevant authorities
• Data processing agreements with all sub-processors
• Compliance with applicable transfer mechanisms under GDPR, PIPEDA, and other relevant frameworks

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls limiting who can view your data
• Regular security reviews of our infrastructure
• Secure payment processing via Stripe (PCI DSS compliant)

8. Cookies

We use cookies and similar technologies for the following purposes:

• Essential cookies — Required for authentication, session management, and security. These cannot be disabled.
• Analytics cookies — Help us understand how the platform is used. These are only set with your consent where required by law.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data — retained while your account is active, deleted within 90 days of account closure
• Payment records — retained for 7 years to comply with tax and accounting obligations
• Conversation data — processed in real-time through Anthropic; we do not retain full conversation logs beyond what is necessary for helper context
• Support communications — retained for 2 years after resolution

You may request earlier deletion of your data by contacting us (see Section 10).

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data (subject to legal retention requirements)
• Portability — request your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdrawal of consent — withdraw consent at any time where processing is based on consent
• Restriction — request restriction of processing in certain circumstances

For Australian users: Your rights are protected under the Australian Privacy Act 1988 and Australian Privacy Principles (APPs). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

For Canadian users: Your rights are protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation. You may lodge a complaint with the Office of the Privacy Commissioner of Canada.

For EEA/EU users (including Spain): Your rights are protected under the General Data Protection Regulation (GDPR). You may lodge a complaint with your local Data Protection Authority. For Spain, this is the Agencia Española de Protección de Datos (AEPD).

For Venezuelan users: Your rights are protected under applicable Venezuelan data protection legislation. We will process any data rights requests in accordance with local requirements.

To exercise any of these rights, contact us at hello@theagenticwho.ai. We will respond within 30 days (or sooner where required by applicable law).

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

12. Marketing Communications

We may send you marketing communications about our Service with your consent or where otherwise permitted by law. You can opt out of marketing communications at any time by:

• Clicking the “unsubscribe” link in any marketing email
• Contacting us at hello@theagenticwho.ai

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. The “Last updated” date at the top of this page indicates when the policy was last revised.

14. Contact

For privacy-related inquiries, data access requests, or complaints, contact us at hello@theagenticwho.ai.