Skip to main content

Privacy Policy

This Privacy Policy explains how Agentic Product Factory ("we", "us", "our") collects, uses, shares, and safeguards personal data in connection with our AI-powered development platform. It is designed to meet requirements in the United States (including CCPA/CPRA) and the European Union/Germany (GDPR). Please read it carefully.

1. Controller and contact

Agentic Product Factory is operated by our applicable group entity. For EU/EEA and German users, the primary establishment is in the EU; for US users, the primary establishment is in the United States. You can reach us at privacy@agenticflow.cloud for any privacy questions or to exercise rights.

2. Data we collect

  • Account and identity data: email, name, authentication identifiers, and security events handled via Clerk.
  • Workspace and organization data: organization names, roles, permissions, and collaboration settings.
  • Customer Content: code, documents, prompts, requirements, and knowledge graph data you upload or generate when using the Service (stored in managed PostgreSQL and processed in Google Cloud EU regions).
  • Usage and event data: product interaction events, performance metrics, and diagnostics collected via PostHog (EU hosting) and our application logs.
  • Device and network data: IP address, browser/OS information, timestamps, and security logs to maintain service integrity.
  • Support communications: content of support requests and related metadata.

3. Purposes and legal bases

We process personal data for the following purposes and legal bases:

  • Provide and operate the Service (contract necessity).
  • Authenticate users and secure accounts (contract necessity; legitimate interest in security).
  • Maintain and improve performance, reliability, and safety (legitimate interests in service quality and security).
  • Provide support and communicate about the Service (contract necessity).
  • Analyze product usage for improvement (legitimate interests; where required, consent for cookies/analytics).
  • Comply with legal obligations, including audit and recordkeeping (legal obligation).
  • Marketing communications where permitted (consent where required; opt-out available at any time).

4. Sharing and subprocessors

We do not sell personal data. We share it only as needed to operate the Service:

  • Managed PostgreSQL provider for database services.
  • Google Cloud (EU regions) for application hosting and compute.
  • Clerk for authentication, user management, and security events.
  • PostHog (EU hosting) for product analytics and event tracking.
  • Professional advisors, auditors, and legal authorities where required by law or to protect rights and safety.

Subprocessors are bound by data protection and confidentiality terms. We will provide notice of material changes where legally required.

5. International transfers

Data may be processed in the United States and the EU. For EU/EEA/German users, transfers outside the EU/EEA rely on appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and supplementary measures. PostHog and Google Cloud are hosted in EU regions; the managed database provider operates in cloud regions with appropriate controls. controls. We monitor subprocessor locations and update safeguards as needed.

6. Retention

We retain personal data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. We apply retention periods to logs and analytics consistent with these purposes. You may request deletion of Customer Content and account data; some records may be retained as required by law or for security.

7. Security

  • Encryption in transit, access controls, and least-privilege permissions.
  • Segregated multi-tenant data model with monitoring and logging.
  • Regular backups for critical data stores, subject to retention windows.
  • Vendor due diligence for subprocessors (managed PostgreSQL, Google Cloud EU, Clerk, PostHog EU).

Please notify us promptly of any suspected account compromise or security incident.

8. Your rights (GDPR / German law)

If you are in the EU/EEA (including Germany), you have the right to access, rectify, erase, restrict or object to processing, and data portability, as well as the right to withdraw consent at any time (without affecting processing prior to withdrawal). You also have the right to lodge a complaint with your local data protection authority. We respond to rights requests without undue delay.

9. Your rights (US including CCPA/CPRA)

If you are a California resident, you have rights to know/access certain information, delete data, correct inaccuracies, opt out of "sale" or "sharing" for cross-context behavioral advertising, and limit use of sensitive personal information, subject to exceptions. We do not sell personal data. We do not use or disclose sensitive personal information for purposes that require a right to limit. We will not discriminate against you for exercising your rights.

10. Cookies and analytics

We use cookies and similar technologies to provide core functionality (authentication via Clerk) and to measure product usage (PostHog). Where required, we obtain consent for non-essential cookies. You can manage cookies through your browser settings; disabling some cookies may affect functionality.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect data from them.

12. Changes

We may update this Privacy Policy to reflect changes to the Service, legal requirements, or our processing. Material changes will be communicated (e.g., via in-product notice or email). Continued use after an update indicates your acceptance.

13. Contact

For questions or requests, contact privacy@agenticflow.cloud. We respond in accordance with applicable law and will guide you through identity verification where needed.