Privacy Policy

1. Introduction

Agentic Tech LLC ("we," "us," or "our,"), the owner and operator of agentic-plugin.com (the "Website") and the Agent Builder WordPress plugin (the "Plugin"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you access or use our Website, Plugin, marketplace, subscriptions, or related services (collectively, the "Services").

We act as the data controller for personal data collected directly through the Website and account management. In certain cases (e.g., when processing data you submit via the Plugin or marketplace on your own sites), we may act as a data processor on your instructions. You remain the data controller for any personal data processed through AI agents you build or deploy on your WordPress sites.

This Policy complies with the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws. By using the Services, you consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide Directly

• Account registration: email address, username, password, profile details;
• Marketplace/seller submissions: business name, payout details (handled via Stripe);
• Support/contact: information in tickets, emails, or forms;
• Payment-related: billing address, name (Stripe processes full card details—we do not store them).

2.2 Automatically Collected Information

• Technical/usage data: IP address, browser type/version, device info, operating system, pages visited, time spent, referral sources;
• Plugin-specific: license key validations (including site URL, WordPress/Plugin versions—limited to verification, no site content transmitted);
• Anonymized analytics: feature usage, agent activations/installs, error logs (no personal content);
• Cookies & similar: essential cookies for functionality, security, preferences (no third-party advertising/tracking cookies without consent).

2.3 Data from Third-Party Integrations

When using AI features (e.g., OpenAI, Anthropic integrations), your prompts and inputs are sent from your WordPress server directly to those providers. Their privacy policies govern that data.

2.4 Conversation Data

To provide conversation history, activity logging, and debugging capabilities, the Plugin stores the following data in your WordPress database:

• User prompts (messages you send to AI agents);
• AI agent responses;
• Session identifiers linking messages within a conversation;
• Tools invoked by agents during conversations;
• Token usage and estimated cost per interaction;
• Timestamps and user identifiers.

This data remains on your WordPress server and is automatically purged after 30 days. It is not transmitted to us or any third party. Site owners deploying agents on the front-end are responsible for informing their visitors about this data processing (see our GDPR and Data Protection documentation).

3. Purposes and Legal Bases for Processing

We process personal data for the following purposes and legal bases (primarily under GDPR):

• Performance of contract: providing Services, account management, license validation, subscriptions (Art. 6(1)(b) GDPR);
• Legitimate interests: fraud prevention, security, service improvement, analytics (Art. 6(1)(f))—balanced against your rights;
• Legal obligations: tax/compliance records, responding to authority requests (Art. 6(1)(c));
• Consent (where required): optional marketing emails (you can withdraw anytime).

Under CCPA/CPRA, we collect categories such as identifiers, commercial information, internet/activity data, geolocation (inferred), and professional info—for providing/improving Services, not for sale or sharing in the CCPA sense.

4. Data Sharing and Recipients

We do not sell personal information. We share data only as necessary:

• Service providers/subprocessors: Stripe (payments), hosting (e.g., Google Cloud/AWS), email/support tools, analytics (anonymized);
• AI providers: OpenAI/Anthropic (only your submitted prompts, per your use);
• Legal/compliance: to comply with law, protect rights, or respond to subpoenas;
• Business transfers: in mergers/acquisitions (with notice where required).

Current subprocessors are listed here (or upon request). We bind them contractually to GDPR/CCPA standards.

4.1 Google Vertex AI Integration (Premium Features Only)

For premium Vector Store (RAG training and semantic retrieval) and Image Generation services, your uploaded content, prompts, documents, and generated outputs are processed using Google Vertex AI services — including embeddings, vector search, and generative models (e.g., Imagen 4 for image generation). This processing occurs on our managed backend infrastructure.

Google LLC acts as our subprocessor for these features. We have imposed GDPR-compliant obligations on Google via applicable mechanisms including EU-US Data Privacy Framework certification and Standard Contractual Clauses (SCCs). Google will not use your prompts, inputs, or generated outputs to train or fine-tune AI models without your explicit permission (per Vertex AI Service Specific Terms).

For generative AI features (e.g., Image Generation via Imagen 4):

• Prompts and outputs may be subject to Google's abuse monitoring and safety classifiers. Data is logged only for detected violations or safety enforcement purposes;
• Generated images include Google's SynthID digital watermark — an imperceptible, non-removable watermark embedded for traceability and responsible AI compliance. This is a mandatory feature of the Vertex AI Imagen service and cannot be disabled;
• Certain content may be blocked by safety filters in accordance with Google's Generative AI Prohibited Use Policy.

You remain the data controller for content processed via your WordPress site and agents. Relevant Google policies:

• Vertex AI Service Specific Terms
• Generative AI Prohibited Use Policy
• Google Cloud Acceptable Use Policy
• Google Privacy Policy

5. International Data Transfers

Data may be transferred to and processed in the United States or other countries. For EU/UK users, we rely on:

• EU-US Data Privacy Framework (DPF) certification where applicable;
• European Commission-approved Standard Contractual Clauses (SCCs);
• Other lawful mechanisms under GDPR Chapter V.

Contact us for copies of safeguards.

6. Data Retention

We retain data only as long as necessary:

• Active accounts: duration of account + reasonable period post-termination;
• Conversation logs and chat history: 30 days, then automatically deleted;
• Transaction/financial records: 7 years (legal/tax requirements);
• Usage logs/anonymized analytics: up to 2 years;
• Support tickets: 2 years after closure.

Data is securely deleted or anonymized thereafter.

7. Your Privacy Rights

Subject to verification and applicable law, you may:

• Access, correct, or delete your data (GDPR Art. 15-17; CCPA "right to know/delete");
• Request data portability (GDPR Art. 20);
• Object to/restrict processing (GDPR Art. 18, 21);
• Opt out of "sales/sharing" (CCPA/CPRA—though we do not sell/share);
• Withdraw consent (where applicable);
• Lodge a complaint with a supervisory authority (e.g., your EU data protection authority or California AG).

To exercise rights, email [email protected] with proof of identity. We respond within 1 month (GDPR) or 45 days (CCPA, extendable). No fee unless manifestly unfounded/excessive.

8. Security of Your Data

We implement appropriate technical and organizational measures (Art. 32 GDPR), including:

• Encryption in transit (TLS) and at rest where applicable;
• Access controls, regular audits, vulnerability scanning;
• Incident response protocols.

No method is 100% secure—we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

We use only essential cookies for core functionality (sessions, security, preferences). No non-essential analytics/advertising cookies without explicit consent. Manage preferences via our cookie banner (if implemented) or browser settings. For details, see our Cookie Policy (linked or forthcoming).

10. Children's Privacy

Our Services are not directed to children under 16 (or 13 in the US under COPPA). We do not knowingly collect data from children. If we learn of such collection, we will delete it promptly.

AI-generated content — including images produced via our Image Generation service — is subject to Google Vertex AI safety filters that automatically block prohibited material including child sexual abuse material, hate speech, and other harmful content. We do not knowingly process such content through any of our services.

11. Changes to This Privacy Policy

We may update this Policy. Material changes will be notified via email or Website notice (at least 30 days where required). Continued use constitutes acceptance.

12. Contact Us

For privacy questions, rights requests, or our Data Processing Addendum (for processor engagements), contact:

[email protected]
Agentic Tech LLC
773 Derrydown Way, Decatur, Atlanta, Georgia, 30030, United States