Privacy Policy

1. Introduction

Welcome to aGentdpr ("we," "us," or "our"). This Privacy Policy outlines how we collect, use, process, share, and protect your information, including personal data, when you access and use the aGentdpr website and its GDPR assessment services (collectively, the "Services"). Our Services are designed for business use and provide insights and preliminary assessments regarding GDPR preparedness based on the information you provide; they do not constitute legal advice or guarantee GDPR compliance.

2. Information We Collect

We collect information to provide and improve our Services. The types of information depend on your interaction with us:

2.1. Information You Provide Directly

• Contact and Account Information: When you use our Services, particularly when submitting your email for an audit preview or report, we collect your email address. If you create an account in the future or contact us, we may collect your name, company name, and other contact details.
• GDPR Assessment Data (Your Answers): The core of our Service involves you answering a questionnaire about your organization's data processing activities, policies, and procedures related to GDPR. This information ("Assessment Data") is provided by you and is crucial for generating your personalized audit preview and report.
• Payment Information: To access full reports, you will be required to make a payment. This is processed by our third-party payment processor (e.g., Stripe). We do not directly store your full credit card details. We receive transaction confirmations and related information necessary for order fulfillment.
• Communications: If you contact us for support or inquiries, we will collect the information contained in your communications.

2.2. Information Collected Automatically

• Usage Data: We may collect information about how you access and use the Services, such as your IP address, browser type, operating system, pages viewed, features used, and the dates/times of your visits. This helps us understand service usage and improve user experience.
• Cookies and Similar Technologies: We use cookies (small text files stored on your device) and similar technologies (e.g., web beacons, pixels) for purposes such as enabling core site functionality, analyzing site traffic and usage patterns, and personalizing content. [You will need to be specific here: e.g., "We use essential cookies for site operation and session management. With your consent, we may also use analytics cookies (e.g., Google Analytics) to understand how our Services are used, and marketing cookies to tailor promotional content." You should also provide information on how users can manage cookie preferences, e.g., through a cookie consent banner or browser settings.].

2.3. Information for Specific Features (e.g., AI-Powered Review - Enterprise Plan)

• If you use features involving AI-powered review of your website or application (as may be offered in specific plans), we will process the URL you provide and the publicly accessible content of that website/application to perform the analysis. This data is used solely for generating the relevant sections of your audit report.

3. How We Use Your Information

We use your information for the following purposes:

• To Provide and Deliver the Services: Primarily to process your Assessment Data to generate your GDPR audit preview and full report, and to manage your access.
• To Process Transactions: To facilitate payments for our Services.
• To Communicate with You: To send you your audit preview, payment links, full reports, respond to your inquiries, send service-related announcements, and (with your consent) marketing communications.
• To Improve Our Services: To analyze usage trends, gather feedback, and enhance the functionality, content, and user experience of our Services.
• For Security and Fraud Prevention: To protect the security and integrity of our Services, prevent fraudulent transactions, and enforce our terms.
• To Comply with Legal Obligations: To meet applicable legal requirements, respond to lawful requests, and protect our rights and interests.

4. Legal Basis for Processing (for EEA/UK Users)

If you are in the European Economic Area (EEA) or the UK, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only:

• Where we need the personal information to perform a contract with you (e.g., to deliver the audit report you have requested and paid for).
• Where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., for improving our Services, fraud prevention).
• Where we have your consent to do so (e.g., for sending marketing communications or using non-essential cookies).
• Where we need to comply with a legal obligation.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: With third-party vendors and service providers who perform services on our behalf, such as payment processing (e.g., Stripe), email delivery (e.g., Resend), cloud hosting, and analytics. These providers are authorized to use your personal information only as necessary to provide these services to us and are obligated to protect your information.
• Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users of the Service or the public, or protect against legal liability.
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
• With Your Consent: We may disclose your personal information for any other purpose with your consent.

6. Data Retention

We retain personal information for as long as necessary for the purposes set out in this Privacy Policy, or as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Specifically for Assessment Data: We temporarily store your audit answers to generate your audit preview and, upon payment, your full report. These answers are associated with a unique token. If a payment is not completed and the payment link expires (e.g., after 72 hours), or after your full report is generated and delivered, we will delete or anonymize your specific audit answers from our active systems within a reasonable timeframe [Define this timeframe, e.g., 30-90 days, or state it's deleted upon user request after report delivery if feasible]. Aggregated, anonymized data may be retained for service improvement.

7. Data Security

We implement reasonable technical and organizational measures to protect the security of your personal information. However, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

8. Your Data Protection Rights (e.g., GDPR, CCPA)

Depending on your location and applicable laws, you may have certain rights regarding your personal information, including:

• The right to access, correct, update, or request deletion of your personal information.
• The right to object to processing of your personal information or ask us to restrict processing.
• The right to request portability of your personal information.
• The right to withdraw consent at any time, if we have collected and processed your personal information with your consent.
• The right to complain to a data protection authority about our collection and use of your personal information.

To exercise these rights, please contact us at [Your Privacy Email Address, e.g., privacy@agentdpr.com]. We will respond to your request in accordance with applicable data protection laws.

9. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. Specifically, our servers may be located in [Specify Location, e.g., the United States], and our third-party service providers may operate around the world. We take appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy, such as by implementing Standard Contractual Clauses (SCCs) for transfers of personal information between our group companies and with our third-party service providers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice (such as a banner or email notification). We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

11. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Rectification: You can request that we correct or update inaccurate or incomplete information.
• Erasure: You can request that we delete your personal information, subject to certain legal exceptions.
• Restriction: You can request that we restrict the processing of your personal information in certain circumstances.
• Objection: You can object to our processing of your personal information where we rely on legitimate interests or direct marketing.
• Portability: You can request to receive your personal information in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.
• Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information infringes applicable law.

To exercise any of these rights, please contact us using the details provided below. We may need to verify your identity before fulfilling your request. We will respond to your request in accordance with applicable data protection laws.

Contact & Questions

For any questions or requests regarding this Privacy Policy or your data, please use our contact form.