Privacy Policy

1. Introduction

Agentscape AG ("we", "us," "our") is committed to protecting your privacy and complying with applicable data protection regulations, including the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use SmartAudit, our AI-powered compliance automation platform.

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.

2. Data Controller & Contact Details

3. What Personal Data We Collect

a. Information You Provide Directly

• Account & Contact Data: Name, email address, organization name, job title, billing address
• Payment Information: Processed by third-party payment processors (Stripe, PayPal); we do not store sensitive payment card details
• User Content: Source code, configuration files, and other data you upload for compliance analysis
• Communications: Messages you send to our support team, feedback, and survey responses

b. Information We Collect Automatically

• Usage Data: Features used, session duration, pages visited, compliance reports generated
• Technical Data: IP address, browser type and version, operating system, device information
• Log Data: Access times, referring URLs, error logs for diagnostic and security purposes
• Cookies: Session cookies, preference cookies, and analytics cookies (with your consent)

c. Information from Third Parties

• Integration Data: Data from connected development tools and repositories
• Analytics Data: Usage statistics from third-party analytics providers

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• Provide, maintain, and improve SmartAudit services and features
• Authenticate users and manage user accounts
• Process payments and manage billing
• Generate compliance analysis reports and recommendations
• Provide customer support and respond to inquiries
• Send important account-related communications and service updates
• Monitor system performance, security, and prevent fraud
• Comply with legal obligations and regulatory requirements
• Improve our AI algorithms and service quality (with anonymized data)

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For cookies, marketing communications, and optional features
• Contract Performance: To fulfill our service agreement and provide SmartAudit services
• Legal Obligation: To comply with GDPR, tax laws, and other legal requirements
• Legitimate Interest: For service improvement, security, fraud prevention, and business operations

6. Data Sharing and International Transfers

Who We Share Data With

We may share your personal data with:

• Service Providers: Cloud hosting, payment processing, analytics, and customer support tools
• AI Providers: For compliance analysis processing (with strict confidentiality agreements)
• Professional Advisors: Lawyers, accountants, and auditors when necessary
• Business Transfers: In case of mergers, acquisitions, or asset sales
• Legal Authorities: When required by law or to protect rights and safety

International Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules or certification schemes

We never sell your personal data to third parties for marketing purposes.

7. Data Retention

We retain your personal data only as long as necessary for:

• Providing SmartAudit services and maintaining your account
• Complying with legal obligations and resolving disputes
• Enforcing our agreements and protecting our rights

Specific retention periods:

• Account Data: Until account deletion plus 30 days
• Usage Logs: 12 months maximum
• Payment Records: 7 years for tax compliance
• User Content: Until you delete it or close your account

8. Data Security

We implement comprehensive security measures to protect your personal data:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based access
• Network Security: Firewalls, intrusion detection, and monitoring
• Regular Audits: Security assessments and penetration testing
• Compliance: SOC 2 Type II and ISO 27001 frameworks
• Staff Training: Regular security awareness and GDPR training

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: For consent-based processing
• Right to Lodge a Complaint: With your local data protection authority

To exercise these rights, contact us at info@agentscape.de. We will respond within 30 days of receiving your request.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Authentication and security (no consent required)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand usage patterns and improve our service
• Marketing Cookies: Deliver relevant advertisements (with consent)

You can manage cookie preferences in your browser settings or through our cookie consent banner. Note that disabling certain cookies may affect service functionality.

11. Children's Privacy

SmartAudit is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can delete such information.

12. Third-Party Services

SmartAudit integrates with third-party services that have their own privacy policies:

• Payment processors (Stripe, PayPal)
• Cloud infrastructure providers
• Analytics services
• Customer support tools

We encourage you to review their privacy policies before using these services through SmartAudit.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website with a new "Last Updated" date
• Notify you via email for material changes
• Obtain your consent where required by law

Continued use of SmartAudit after changes become effective constitutes acceptance of the updated policy.

14. Contact Information

For questions about this Privacy Policy, to exercise your rights, or to file a data protection request: