Privacy Policy

Last updated: January 28, 2025

This Privacy Policy describes how STRATAGENT LTD ("ConnectAI," "we," "us," or "our") collects, uses, and shares personal information when you use our website (getconnect.ai) and AI customer support services.

By using our services, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring the security of your personal information in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

STRATAGENT LTD

Registration: HE 479191

VAT: CY60215826B

Address: Agiou Fotiou 3, Diana 39, Block 2, Apt. 2, 8036 Paphos, Cyprus

Email: [email protected]

2. Categories of Personal Data We Collect

Builder Data (Our Customers)

Information provided when creating AI agents, including:

  • Account details (name, email, company name)
  • Business information and configuration preferences
  • Payment information (processed by third-party payment providers)

End User Data (Your Customers)

Information collected from individuals who interact with AI agents deployed on customer websites:

  • Chat conversation content
  • Timestamps and session identifiers
  • Contact details voluntarily provided (name, email, phone number)
  • IP address (for security and fraud prevention)

Automatic Data

Information collected automatically when using our services:

  • Usage analytics and platform interaction data
  • Device and browser information
  • Log data for security monitoring

3. How We Use Your Data

We use personal data for the following purposes:

PurposeLegal Basis
Providing and operating our AI agent servicesContract performance
Responding to customer support inquiriesContract performance
Ensuring security and preventing fraudLegitimate interest
Improving our platform and servicesLegitimate interest
Communicating service updates and changesContract performance
Complying with legal obligationsLegal obligation

What We Do NOT Do With Your Data

We do NOT use conversation data to train AI models. Conversations processed through our platform are used solely to provide the service to you and your customers. Aggregated, anonymized data may be used to improve service quality, but individual conversations are never used for AI model training.

4. Data Storage and Location

All personal data is stored within the European Union:

ServiceLocationPurpose
HetznerGermanyInfrastructure and server hosting
SupabaseGermany (eu-central-1, Frankfurt)Database and application services

5. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

Data TypeRetention Period
Conversation contentRetained indefinitely (anonymized)
Personally identifiable information (PII) in conversationsAnonymized after 90 days
Account data (customers)Duration of account + 12 months
Database backups14 days (rolling)

After the retention period, PII is automatically anonymized or deleted. Conversation content is retained in anonymized form to improve service quality but cannot be linked to any individual.

6. Sub-Processors and Third Parties

We use the following third-party service providers to process data on our behalf:

Sub-ProcessorLocationPurposeData Processed
Hetzner Online GmbHGermany (EU)Cloud infrastructureAll data
Supabase Inc.Germany (EU)*Database servicesAll data
OpenAIUnited States**AI language model inferenceConversation content

*Supabase data is hosted in eu-central-1 (Frankfurt, Germany).

**See Section 7 regarding international data transfers.

We maintain Data Processing Agreements (DPAs) with all sub-processors to ensure GDPR compliance.

7. International Data Transfers

While our infrastructure is EU-based, conversation content is processed by OpenAI's language models, which are hosted in the United States.

This transfer is conducted in compliance with GDPR through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • OpenAI's commitment to data protection under their Data Processing Agreement

EU-Only Processing Option

For customers requiring all data to remain within the EU, we can configure your AI agent to use EU-hosted language models upon request. Please contact us at [email protected] to discuss this option.

8. Data Security

We implement comprehensive technical and organizational measures to protect your data:

Technical Measures

  • Encryption in Transit: All data transmission uses TLS/HTTPS encryption
  • Encryption at Rest: Database storage is encrypted using industry-standard AES-256 encryption
  • Access Controls: Role-based access controls limit data access to authorized personnel only
  • Audit Logging: All data access is logged via Supabase for security monitoring
  • Backup & Recovery: 14-day rolling database backups with secure storage

Organizational Measures

  • Staff access limited on need-to-know basis
  • Security awareness and data protection training
  • Incident response procedures in place

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

RightDescription
AccessRequest a copy of your personal data
RectificationRequest correction of inaccurate data
ErasureRequest deletion of your data ("right to be forgotten")
RestrictionRequest limitation of data processing
PortabilityReceive your data in a machine-readable format
ObjectionObject to processing based on legitimate interests
Withdraw ConsentWithdraw consent at any time (where processing is based on consent)

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]

We will respond to your request within 30 days as required by GDPR. We may request verification of your identity before processing your request.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection supervisory authority. In Cyprus, this is the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all breaches and remedial actions taken

11. Cookies and Tracking

Our website uses essential cookies required for basic functionality. We do not use tracking cookies or third-party advertising cookies.

For detailed information about our cookie usage, please see our Cookie Policy.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date at the top
  • Notifying customers via email for significant changes

We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

STRATAGENT LTD

Email: [email protected]

Address: Agiou Fotiou 3, Diana 39, Block 2, Apt. 2, 8036 Paphos, Cyprus

Registration: HE 479191 | VAT: CY60215826B

© 2025 STRATAGENT LTD. All rights reserved.