Privacy Policy

This page explains what personal data the Agentyk products collect, why we collect it, where it lives, who else sees it, and how to exercise your rights under the EU General Data Protection Regulation (GDPR). It is written to be read, not scanned past.

1. Who we are

Agentyk is operated by Sylvanity B.V., a private company registered in the Netherlands (KvK: TBA), headquartered in Delft. We are the data controller for the personal data described below. Contact: hello@sylvanity.eu. For privacy-specific questions you can also write to privacy@sylvanity.eu.

2. What we collect, why, and on what legal basis

We try to collect the minimum necessary for each part of the service to work. The categories below are everything — if it isn't listed here, we don't collect it.

• Account data— the email address and password hash you provide at signup, plus the organisation name. Used to authenticate you and to email you about your account. Lawful basis: performance of the contract (Art. 6(1)(b) GDPR).
• Authentication artefacts— refresh tokens, magic links, optional TOTP secret if you enable two-factor, failed-login counters, and lockout timestamps. Used to keep your session alive and to defend against brute-force attacks. Lawful basis: legitimate interest in securing the service (Art. 6(1)(f)).
• Billing data— subscription plan, renewal dates, payment status, and Mollie payment IDs. We do not store your card number or IBAN; those go directly to Mollie. Lawful basis: performance of the contract and compliance with tax/accounting law (Art. 6(1)(b) and 6(1)(c)).
• Audit log— security-relevant events (logins, password changes, license issuance, role changes) with timestamp, user id, IP address, and user-agent. Used for incident investigation and account-takeover detection. Lawful basis: legitimate interest in service security.
• Device and license records— for users of AgentykChat, AgentykMobile, and AgentykCode: an opaque device id and the license JWTs we have minted for that device. Used to enforce per-tenant device quotas and to revoke a license if a device is lost. Lawful basis: performance of the contract.
• Usage events— per-request metadata (timestamp, model id, token counts, latency) for the cloud-hosted models. Used for billing, capacity planning, and incident debugging. We do notstore the prompt or the response — see section 4. Lawful basis: performance of the contract.
• Support correspondence— if you email us, we keep that email and our reply for as long as the matter is open and for a reasonable period thereafter. Lawful basis: legitimate interest in providing support.

We do not use any of this data to train models, sell to third parties, profile users for advertising, or deliver behavioural ads. The marketing site does not run ad trackers or analytics scripts.

3. Sub-processors — who else sees the data

Running the service requires us to share specific categories of data with the providers below. All are bound by data- processing agreements and all process data inside the EU. This list is exhaustive; we will update it before adding any new sub-processor.

• Hetzner Online GmbH(Helsinki, FI — EU). Hosts our application servers, PostgreSQL database, and reverse proxy. Sees everything in section 2 at rest.
• Verda Cloud(rebrand of DataCrunch.io, headquartered in Helsinki, FI — EU). Hosts the GPU containers that run the AgentykCloud chat models. Sees chat prompts and responses in transit only, long enough to compute the response. No persistence.
• Mollie B.V. (Amsterdam, NL). Payment processor. Sees your name, email, billing address, and card or IBAN details. Holds the relationship with the card schemes; we never see the card data ourselves.
• Brevo (Sendinblue SAS) (Paris, FR). Transactional email delivery (signup verification, password reset, license notifications). Sees the recipient email address and the email body.
• Mojeek Ltd. (Crowborough, UK). Web search backend for the optional AgentykCloud web-search tool. Sees the search query and your IP address only when you have explicitly enabled web search for that conversation (the toggle is off by default and clearly labelled as a third-party service in the UI). Mojeek is an independent search index, not a data broker; the UK is currently recognised as adequate by the European Commission.

We do not use Google Analytics, Meta Pixel, Hotjar, Segment, Amplitude, or any other US-based analytics or advertising tracker.

4. AgentykCloud chat — the stateless special case

The chat surface at cloud.agentyk.xyz is built so that conversation content never lands in our database. Concretely:

• Your messages flow through our cloud only long enough to reach the model and stream the response back. Nothing is written to disk on our side.
• Conversation history lives in your browser's localStorage. Clearing your browser data clears your history. Logging out does not by itself wipe it; use your browser's site-data controls if you want it gone.
• Each prompt is run through an open-source safety classifier (IBM Granite Guardian) co-located with the chat model on the same Verda container. The classifier sees the message in memory but does not persist it. See the Acceptable Use Policy for what gets refused.
• We dolog per-request metadata (model id, token counts, latency, your account id, timestamp) for billing and operations — but not the prompt or response text itself.
• If you enable the optional web-search tool for a conversation, your search query is sent to Mojeek (see section 3) for that turn. The toggle is per-chat and off by default.

The on-device clients (AgentykChat, AgentykMobile, AgentykCode in local mode) run inference on your own machine. Conversations there don't leave the device at all.

5. Cookies and local storage

The marketing site (agentyk.xyz) sets no cookies and runs no analytics. The dashboard and chat sites use your browser's localStorage to hold authentication tokens (so you stay signed in) and, for AgentykCloud, your conversation history. These are strictly necessary for the service to function and do not require a consent banner under the ePrivacy Directive.

6. How long we keep your data

• Account data:for the lifetime of the account. When you delete your account, we erase it within 30 days — except records we are legally required to keep (see below).
• Refresh tokens and magic links: until they expire (typically days to a few weeks) or until you sign out / use them.
• Audit log: 12 months, then automatically purged.
• Billing records (invoices, payment IDs): 7 years, as required by Dutch tax law (Art. 52 Algemene wet inzake rijksbelastingen).
• Support correspondence: 24 months from last contact.
• AgentykCloud conversations:not applicable — we don't store them in the first place. Your browser keeps them until you clear it.

7. Your rights under GDPR

For the data we hold about you, you have the right to:

• Access— request a copy of the personal data we hold (Art. 15).
• Rectification— correct anything inaccurate (Art. 16). For most fields you can do this yourself in the dashboard.
• Erasure— the “right to be forgotten” (Art. 17). The dashboard has a self-service Delete account control. Records we are legally required to keep (mostly billing) are retained under Art. 17(3)(b).
• Portability— receive your data in a machine-readable format (Art. 20). Email us; we ship JSON.
• Restriction and objection— tell us to stop processing for a particular purpose (Art. 18, 21).
• Withdraw consent— for any processing that is based on consent. Most of what we do is based on contract or legitimate interest; consent isn't the legal basis we lean on.

To exercise any of these, write to privacy@sylvanity.eu. We respond within 30 days. If we don't resolve your concern, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) or your local supervisory authority.

8. International transfers

All processing takes place in the European Union, with the single exception of Mojeek (United Kingdom — covered by the European Commission's 2021 adequacy decision). We do not transfer personal data to the United States, and our infrastructure is not subject to the US CLOUD Act. This is a deliberate design choice, not an implementation detail.

9. Security

Passwords are hashed with Argon2id and a server-side pepper before storage; even an attacker with the database cannot mount an offline crack without also stealing the pepper. All transport is TLS. Refresh tokens rotate. Per-account brute-force lockouts apply. The license system uses asymmetric signatures (EdDSA) so devices can verify entitlements offline without contacting us.

No system is perfectly secure. If you believe you have found a vulnerability, please write to security@sylvanity.eu — we welcome responsible disclosure.

10. Children

Agentyk is not directed at children under 16 and we do not knowingly collect personal data from anyone under that age. If you believe a child has signed up, write to us and we will delete the account.

11. Changes to this policy

If we make a material change — new sub-processor, new category of data, change of legal basis, change of retention period — we will email registered users at least 30 days before the change takes effect, with the option to delete the account before it does. Minor edits (typo fixes, clarifications) will simply be reflected by an updated “Last updated” date at the top.