Privacy Policy

AGNT ("we," "us," or "our") is operated by ICM Motion GmbH. This policy explains, in plain language, what personal data the AGNT platform collects, how it is stored, who can read it, and what rights you have. We aim to describe the real behaviour of the system, not a sanitised version.

AGNT is a personal AI agent you reach through Telegram, WhatsApp, and our web app. By using the Service you consent to the processing described below. If you do not agree, do not use the Service.

We collect only what is required to run the agent and the features you use. Each category below lists the concrete database column or storage location.

We describe here exactly what is encrypted at rest today and what is not. We prefer transparency over marketing claims.

• Encrypted (Fernet, symmetric): users.name, users.email, and conversation_snapshots.messages_json.
• HMAC + Fernet (separate key): messaging channel identifiers on user_channels. The HMAC key is distinct from the main Fernet key and from the JWT secret.
• Hashed (one-way): email_hash, venue owner phone hashes, and IP hashes on response cards.
• Plaintext at rest today: message bodies on interactions, food diary entries, transport addresses, user memory facts, CRM contacts stored by venue administrators, and B2B onboarding session contact fields. These are on our roadmap for encryption-at-rest; we do not want to claim a protection we have not shipped.
• In transit: all traffic between your device, AGNT, and our providers uses TLS 1.2 or higher.

Encryption keys are held in environment secrets, separated per purpose (Fernet data key, HMAC phone key, JWT signing key). A rotation slot is built in so keys can be rolled without downtime.

• Operate the agent: answer your messages, deliver replies through your chosen channel, and personalise venue, transport, and nutrition recommendations.
• Run the features you invoke: venue booking, food diary, dupe search, courier booking.
• Process payments and manage subscriptions through Stripe.
• Send transactional messages such as booking reminders and receipts.
• Monitor for abuse, fraud, and service health — this is a separate legitimate-interest basis from the contract basis above.
• Meet legal obligations such as tax record-keeping and responding to lawful requests from authorities.

• Consent (Art. 6(1)(a) GDPR): messaging you, processing photos you submit, storing location you share, push notifications.
• Contract performance (Art. 6(1)(b)): operating your account, running bookings you requested, handling your subscription.
• Legitimate interest (Art. 6(1)(f)): security logging, rate limiting, fraud detection.
• Legal obligation (Art. 6(1)(c)): tax and commercial record retention as required by German and Indonesian law.

• Account data: kept while your account is active. On deletion we anonymise immediately and hard-purge within 30 days (see section 6).
• Redis session context: 24-hour TTL; expires automatically.
• Message history in the database: retention is indefinite today. A scheduled purge is in development. If you want your message history removed before that ships, you can request deletion at any time (see section 6).
• Vision cache (dupe / calorie results): 30-day Redis TTL; raw images are not stored.
• Booking history: retained while your account is active so you can see past reservations and rate them.
• Transaction records: retained for at least seven years as required by German commercial and tax law.

You can trigger account deletion yourself by calling DELETE /api/users/me through the app, or by emailing us (see section 11). When you do:

• Your name and email are immediately anonymised to placeholder values.
• Your subscription is marked inactive and your Redis soul state is cleared.
• Your record is flagged for hard deletion. A daily background job permanently removes flagged accounts once they are at least 30 days past their deletion request.
• Certain records may be retained longer where we are required by law (tax, accounting) or where they are strictly necessary to defend against a legal claim. These are kept minimised and segregated.

Under GDPR and comparable SEA data protection regimes (Indonesia UU PDP, Singapore PDPA, Thailand PDPA, the Philippines DPA), you also have the right to request access, rectification, restriction, objection, data portability, and to withdraw consent. Email privacy@agntdot.com and we will respond within 30 days. You have the right to complain to your local supervisory authority.

• You: via /api/me and related endpoints, authenticated with your JWT.
• AGNT operators: a small internal group using an internal admin token. All admin reads are audited server-side. The token is not shared with third parties.
• Subprocessors (see section 8): only the minimum data they need to perform their function.

We share data with the following processors strictly to operate the Service. We do not sell your personal data.

We take the security of your data seriously and employ industry-standard technical and organizational measures:

• Encryption at rest: Personal identifiers (name, email) are encrypted using Fernet symmetric encryption before storage.
• Phone number hashing: Phone numbers are stored as HMAC-SHA256 hashes. We cannot recover your phone number from the stored value.
• Chat encryption: Chat sessions are stored in encrypted Redis instances with automatic expiration.
• Photo processing: Food and product photos are processed in memory and not retained after analysis is complete.
• Payment isolation: All payment data is handled by Stripe in PCI-DSS compliant infrastructure. Card details never touch our servers.
• Access controls: Internal access to personal data is restricted to authorized personnel on a need-to-know basis.
• Infrastructure: Our backend services run on encrypted cloud infrastructure with TLS 1.2+ for all data in transit.

While we implement robust safeguards, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users and relevant authorities in the event of a data breach, in accordance with applicable law.

• Account data: Retained for as long as your account is active. Upon account deletion, personal data is purged within 30 days, except where retention is required by law.
• Chat sessions: Automatically expire from Redis. Typical session lifetime is 24 hours of inactivity.
• Photos: Deleted immediately after processing. Not stored in any database or file system.
• Booking history: Retained for the lifetime of your account to provide history, ratings, and recommendations.
• Transaction records: Retained for a minimum of 7 years as required by German tax and commercial law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise any of these rights, email us at privacy@agntdot.com. We will respond within 30 days (or sooner where required by law). We may ask you to verify your identity before processing your request.

Our application servers and primary database run on Railway in an EU region (eu-west). Users in Bali and across Southeast Asia therefore have their data transferred to the EU for processing. Transfers outside the user's home jurisdiction are covered by the European Commission's Standard Contractual Clauses where applicable, or by equivalent contractual safeguards with our subprocessors.

LLM inference calls (Anthropic, Moonshot) and marketplace-lookup calls (Shopee, Tokopedia, Lazada, Nutritionix) are routed to the provider's nearest region. Anthropic and Moonshot do not train on data sent through their paid API.

We use a minimal set of strictly necessary cookies and browser storage. We do not use advertising, retargeting, or cross-site tracking. See the privacy@agntdot.com for the exact list.

For privacy questions, deletion requests, or any GDPR / UU PDP right, contact us:

We do not currently have a designated Data Protection Officer. All DPO-level requests are handled by the privacy mailbox above and escalated internally. You may also lodge a complaint with the supervisory authority in your country of residence.

The Service is not intended for and not offered to children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact privacy@agntdot.com and we will delete it.

We may update this policy. Material changes will be announced in the Service or by email before they take effect. The "Last updated" date above always reflects the most recent revision.