GDPR Data Protection Policy

Last updated: March 1, 2026

Agentic Tech LLC ("we," "us," or "our") is committed to protecting the personal data of individuals in accordance with applicable data protection laws. This GDPR Data Protection Policy (the "Policy") addresses our compliance with the European Union's General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") where it applies to our processing of personal data of individuals located in the European Union or European Economic Area ("EU/EEA").

Although we are established in the United States, this GDPR policy may apply extraterritorially if we process personal data of individuals in the EU/EEA in connection with offering goods or services (irrespective of payment) or monitoring their behavior in the EU/EEA (GDPR Article 3(2)). This Policy supplements our general Privacy Policy and outlines our approach to GDPR compliance.

1. Scope and Applicability

This Policy applies to the processing of personal data of data subjects located in the EU/EEA when such processing relates to:

  • Offering our Website (agentic-plugin.com), programs, or services to individuals in the EU/EEA;
  • Monitoring the behavior of individuals in the EU/EEA (e.g., through Website analytics);
  • Any other activities that fall within the territorial scope of the GDPR.

If you are located outside the EU/EEA, this Policy does not apply to your personal data unless otherwise specified. We process personal data primarily under U.S. laws, including state privacy regulations where applicable.

2. Data Controller

Agentic Tech LLC acts as the data controller for personal data processed under this Policy. Our contact details are:

Agentic Tech LLC
773 Derrydown Way
Decatur, Atlanta, Georgia 30030
United States
Email: [email protected]

3. Personal Data We Process

We may process the following categories of personal data from EU/EEA individuals:

  • Contact information (name, email address, postal address);
  • Account and license data (username, license keys, site URLs, subscription details);
  • Payment-related data (processed via Stripe—we do not store full card details);
  • Marketplace/developer data (agent submissions, API keys, earnings);
  • Technical data (IP address, browser type, device information, usage data via cookies or analytics);
  • Conversation data (user prompts, AI agent responses, session identifiers, tool invocations, token usage) — stored in your WordPress database for up to 30 days;
  • Any other data voluntarily provided through forms, emails, or interactions.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes, relying on the specified GDPR legal bases (Article 6):

  • Performance of a contract or steps prior to a contract — Processing registration, license, or payment data to provide services or fulfill commitments (Art. 6(1)(b));
  • Legitimate interests — Improving our Website, analyzing usage (with safeguards), communicating about our products, and preventing fraud (balanced against your rights) (Art. 6(1)(f));
  • Consent — For non-essential cookies, marketing communications, or specific processing where consent is obtained (withdrawable at any time) (Art. 6(1)(a));
  • Legal obligation — Complying with tax reporting or other applicable requirements (Art. 6(1)(c)).

5. Data Sharing and Transfers

We share personal data only as necessary with:

  • Service providers (e.g., Stripe for payment processing, Google Cloud for hosting, analytics providers) bound by data protection obligations;
  • AI providers (e.g., OpenAI, Anthropic) only when you submit prompts through the Plugin—their privacy policies govern that data;
  • Relevant authorities for legal compliance.

Personal data may be transferred to the United States or other countries outside the EU/EEA. We implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other mechanisms permitted under GDPR Chapter V, to ensure an adequate level of protection. A list of our subprocessors is available at our subprocessors page.

6. Data Subject Rights

Under the GDPR (Articles 15–22), EU/EEA data subjects have the right to:

  • Access their personal data (Art. 15);
  • Rectify inaccurate data (Art. 16);
  • Erase data — right to be forgotten (Art. 17);
  • Restrict processing (Art. 18);
  • Data portability (Art. 20);
  • Object to processing, including for legitimate interests or direct marketing (Art. 21);
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with a supervisory authority (e.g., in your EU/EEA member state).

To exercise these rights, contact us at [email protected] with proof of identity. We will respond within one month (extendable under GDPR Article 12(3)).

7. Data Security and Retention

We implement technical and organizational measures (Art. 32 GDPR) to protect personal data against unauthorized access, loss, or misuse, including:

  • Encryption in transit (TLS) and at rest where applicable;
  • Access controls, regular audits, vulnerability scanning;
  • Incident response protocols.

Personal data is retained only as long as necessary for the purposes outlined, or as required by law, after which it is securely deleted or anonymized. Specifically, conversation logs (user prompts, AI responses, session metadata) are automatically purged after 30 days. See our Privacy Policy Section 6 for all retention periods.

8. International Data Transfers

As noted, transfers outside the EU/EEA use appropriate safeguards compliant with GDPR requirements. For EU/UK users, we rely on:

  • EU-US Data Privacy Framework (DPF) certification where applicable;
  • European Commission-approved Standard Contractual Clauses (SCCs);
  • Other lawful mechanisms under GDPR Chapter V.

Contact us for copies of safeguards.

9. Changes to This Policy

We may update this Policy to reflect changes in our practices or legal obligations. The revised Policy will be posted on our Website with the updated effective date. Material changes will be notified via email or Website notice where required. Continued interaction with our services constitutes acceptance of changes.

10. Contact and Complaints

For questions, rights requests, or concerns regarding this Policy or our GDPR compliance, please contact us:

Email: [email protected]
Agentic Tech LLC
773 Derrydown Way, Decatur, Atlanta, Georgia, 30030, United States

If unsatisfied with our response, you may contact your local EU/EEA supervisory authority.