Privacy Policy
Effective: April 2026
Scope: Agentblit website, product, and support (“Services”).
Our practices are GDPR-aligned and security-first.
1. Who We Are and Our Role
Agentblit is a B2B SaaS platform that runs AI agents and processes related data on behalf of our customers. In that context:
- Customers are data controllers — they decide what data to send and why.
- Agentblit acts as a data processor — we process data per their instructions.
This policy also covers personal data we collect as a controller (e.g., website visitors, sign-ups, support contacts).
2. Data We Collect and Why
| Data category | Purpose | Legal basis (where applicable) |
|---|---|---|
| Account / sign-up (email, name, company) | Provision of the service, account management | Contract |
| Usage and product events | Improving the product, support, analytics | Legitimate interest / consent where required |
| Support communications | Handling requests and incidents | Contract / legitimate interest |
| Website analytics (e.g., IP, device) | Security, analytics, improving the site | Legitimate interest / consent |
| Cookies and similar tech | Session, preferences, analytics | Consent / legitimate interest |
We do not sell personal data.
3. Data We Process on Behalf of Customers
When you use Agentblit as a customer, you may send us:
- Agent run data (inputs, outputs, tool calls, timestamps)
- Identifiers (user IDs, session IDs, etc.)
- Metadata (e.g., model name, environment)
- IP addresses (where included in events or for security)
We process this data only as instructed in our Data Processing Agreement and Terms of Service. We do not use it for our own marketing or for selling to third parties.
4. Sharing and Sub-processors
We use sub-processors (e.g., cloud infrastructure, storage, email, analytics) to run the service. We maintain a sub-processors list and notify customers of material changes in line with our DPA.
We may disclose data where required by law or to protect rights and safety.
5. International Transfers
We may transfer data to countries outside the EEA. Where we do, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms as set out in our DPA.
6. Retention
For controller data (e.g., your account and support history), we retain data as long as the account is active and for a limited period after deletion, unless we must retain longer for legal or safety reasons. Processor data retention is governed by the DPA.
7. Your Rights (Controller Data)
Where we act as controller (e.g., your account and marketing data), you may have the right to:
- Access, rectify, erase, or restrict processing
- Data portability
- Object to processing
- Withdraw consent where processing is consent-based
- Lodge a complaint with a supervisory authority
To exercise these rights, contact contact@agentblit.com. We will respond within the timeframe required by applicable law (e.g., one month under GDPR).
For processor data (data you send through the product), requests should be handled via your own processes; we will assist as set out in the DPA.
8. Security
We follow security-first practices to protect your data in transit and at rest. We are working toward SOC 2–ready controls and will communicate material security updates through our security overview documentation.
9. Changes
We may update this policy. Material changes will be communicated via the email on file or a prominent notice in the product. The “Effective” date at the top reflects the last substantive update.