Our Policies

Agiloop Terms of Service

Last updated: November 25, 2025

Table of Contents

1. Introduction
   
2. Eligibility
   
3. Account Registration
   
4. Subscription Plans and Payments
   
5. User-Generated Content
   
6. Use of AI and Machine Learning
   
7. Acceptable Use
   
8. Intellectual Property
   
9. Third-Party Services
   
10. Privacy
    
11. Disclaimers
    
12. Limitation of Liability
    
13. Indemnification
    
14. Suspension and Termination
    
15. Governing Law & Dispute Resolution
    
16. Changes to the Service or Terms
    
17. Miscellaneous
    
18. Contact Information
    

1. Introduction

These Terms of Service (“Terms”) govern your access to and use of the Agiloop platform, services, websites, and related offerings (collectively, the “Service”) operated by Agiloop Inc., a Delaware corporation (“Agiloop,” “we,” “our,” or “us”).

By accessing or using the Service, you agree to be bound by these Terms. If you do not agree, you may not use the Service.

2. Eligibility

You must:

• Be at least 18 years old (or the age of legal majority in your jurisdiction),
  
• Have the legal authority to accept these Terms, and
  
• Not be barred from using the Service under applicable law.

You may use the Service on behalf of an organization only if you have authority to bind that organization to these Terms.

3. Account Registration

To use the Service, you must create an account and provide accurate, current information. You are responsible for:

• Maintaining the confidentiality of your login credentials,
  
• All activities under your account, and
  
• Promptly updating your information as needed.

We may suspend accounts that are inaccurate, inactive, or suspected of misuse.

4. Subscription Plans and Payments

Agiloop offers several subscription tiers:

• Preview (Free)
  
• Basic – $25/user/month
  
• Pro – $49/user/month
  
• Enterprise – $99/user/month
  
• Optional Project Add-Ons – $10 per project/month

Annual billing discounts may apply.

Billing and Payment

• Payments are processed exclusively through Stripe.
  
• Paid subscriptions renew automatically unless cancelled.
  
• You authorize Agiloop and Stripe to charge your payment method for all fees associated with your plan.
  
• All fees are non-refundable unless required by law.

Free Tier

The Preview tier limits users to:

• One project,
  
• No export functionality, and
  
• Limited visibility into generated specifications.

5. User-Generated Content

Users may submit content through the Agiloop Interview process, including product descriptions, ideas, and other materials (“User Content”).

Ownership

You retain ownership of your User Content. These Terms do not transfer ownership to Agiloop.

License You Grant to Us

By submitting User Content, you grant Agiloop a worldwide, non-exclusive, royalty-free, sublicensable license to:

• Use, process, analyze, and transform User Content to provide the Service,
  
• Generate functional requirements, technical specifications, estimates, and similar outputs.

We do not claim ownership of your underlying ideas.

Representations

You represent that you have all necessary rights to provide User Content and that it does not violate any laws or third-party rights.

6. Use of AI and Machine Learning

Agiloop uses LLM-based AI systems to analyze submitted information, assist in interviews, and generate specification breakdowns.

• AI outputs may contain inaccuracies.
  
• Users should review all outputs before relying on them.
  
• Agiloop does not guarantee the accuracy, completeness, or suitability of AI-generated materials.
  
• User inputs are processed to deliver the Service but are not used to train foundational models.

7. Acceptable Use

You may not use the Service to:

• Violate any law or regulation;
  
• Reverse engineer, decompile, or circumvent security or access controls;
  
• Interfere with the operation of the Service;
  
• Upload malicious code or attempt unauthorized access;
  
• Misrepresent your identity or affiliation;
  
• Build a competing product or model using Agiloop data or resources;
  
• Use the Service for harmful, fraudulent, or abusive purposes.

We may investigate and take action—including suspension or termination—if these Terms are violated.

8. Intellectual Property

The Service, including all software, content, designs, trademarks, and proprietary technology, is owned by Agiloop and protected by U.S. and international laws.

Except for your User Content and the rights expressly granted here, you receive no license or ownership interest in the Service.

You may not copy, modify, create derivative works of, or distribute any part of the Service without our written permission.

9. Third-Party Services

Agiloop integrates with or relies on third-party services such as Stripe.
Your use of these services may be governed by additional terms, which you must accept separately.

Agiloop is not responsible for third-party services and makes no warranties about their performance or availability.

10. Privacy

Agiloop collects and processes only basic account information (such as name, email, and password) necessary to provide the Service. Payment data is handled directly by Stripe.

For more details, please review our Privacy Policy.

11. Disclaimers

The Service is provided on an “as is” and “as available” basis without warranties of any kind, express or implied.

Agiloop specifically disclaims any warranties of:

• Merchantability,
  
• Fitness for a particular purpose,
  
• Accuracy (including AI-generated output),
  
• Non-infringement, and
  
• Availability or reliability.

We do not provide any service-level agreement (SLA) or uptime guarantee.

12. Limitation of Liability

To the maximum extent permitted by law:

• Agiloop will not be liable for any indirect, incidental, special, consequential, or punitive damages, nor for loss of profits, data, or goodwill.
  
• Agiloop’s total liability for all claims arising out of or related to the Service will not exceed the amount you paid to Agiloop in the 12 months preceding the claim, or $100 if you are using the free tier.

These limitations apply regardless of legal theory and even if Agiloop has been advised of the possibility of damages.

13. Indemnification

You agree to indemnify and hold harmless Agiloop, its officers, employees, contractors, and affiliates from any claims or losses arising from:

• Your use of the Service,
  
• Your User Content,
  
• Your violation of these Terms, or
  
• Your violation of any applicable law or third-party rights.

14. Suspension and Termination

We may suspend or terminate your access to the Service if:

• You violate these Terms,
  
• Required by law,
  
• Needed to protect the integrity or security of the Service, or
  
• You fail to pay fees due.

Upon termination, your right to use the Service immediately ends. Certain sections of these Terms will survive termination.

15. Governing Law & Dispute Resolution

These Terms are governed by the laws of the State of Delaware, without regard to conflict-of-law principles.

Any dispute arising from these Terms or your use of the Service will be resolved in the state or federal courts located in Delaware, and you consent to their jurisdiction.

16. Changes to the Service or Terms

We may modify the Service or these Terms at any time.
If changes are material, we will provide notice (e.g., via email or in-product banner).

Continued use of the Service after changes become effective constitutes acceptance of the revised Terms.

17. Miscellaneous

• These Terms constitute the entire agreement between you and Agiloop.
  
• If any provision is invalid, the remainder will remain in effect.
  
• You may not assign your rights under these Terms without our prior written consent.
  
• Failure to enforce any provision is not a waiver.

18. Contact Information

Agiloop Inc.
Email: legal@agiloop.ai
Website: https://agiloop.ai

‍

Agiloop Privacy Policy

Last updated: November 25, 2025

Table of Contents

1. Introduction
   
2. Information We Collect
   
3. How We Use Information
   
4. How We Share Information
   
5. User-Generated Content and AI Processing
   
6. Cookies and Tracking Technologies
   
7. Payment Processing
   
8. International Transfers
   
9. Data Security
   
10. Data Retention
    
11. Your Rights
    
12. Children’s Privacy
    
13. Third-Party Links and Services
    
14. Changes to This Privacy Policy
    
15. Contact Information

1. Introduction

This Privacy Policy explains how Agiloop Inc., a Delaware corporation (“Agiloop,” “we,” “our,” or “us”) collects, uses, and protects personal information when you use our websites, services, and platform (the “Service”).

By using the Service, you agree to the practices described in this Policy.

2. Information We Collect

We collect only the information necessary to operate the Agiloop platform.

2.1 Information You Provide

• Account information: name, email address, password.
  
• User-Generated Content submitted during the Agiloop Interview process (e.g., product descriptions, ideas, specifications).
  
• Subscription information (product tier, billing choices).

2.2 Automatically Collected Technical Data

When you access the Service, we may automatically collect:

• IP address
  
• Browser type and version
  
• Operating system
  
• Date/time of access
  
• Usage and interaction logs
  
• Device-level technical data
  
• Basic analytics event data

We do not collect precise geolocation, health information, biometric identifiers, or other sensitive personal data.

2.3 No Additional Personal Data Storage

We do not store additional user personal data beyond what is listed above.

3. How We Use Information

We use personal information only for legitimate business purposes, including:

• Operating, maintaining, and improving the Service
  
• Enabling account registration and authentication
  
• Delivering features of the Agiloop Interview and AI-driven specification process
  
• Processing payments and managing subscriptions
  
• Communicating with users (service messages, onboarding, account notices)
  
• Ensuring platform security and detecting abuse
  
• Complying with legal obligations

We do not sell personal information.

4. How We Share Information

We may share information with:

4.1 Service Providers

Trusted vendors that support our operations, such as:

• Stripe (payment processing)
  
• Hosting and infrastructure providers
  
• Customer support tools
  
• Basic analytics services

These providers may access personal data only to perform their services for us.

4.2 Legal and Compliance Requirements

We may disclose information if required by:

• Law or regulatory request
  
• Court order
  
• To protect the rights, safety, or property of Agiloop, our users, or the public

4.3 Business Transfers

If Agiloop undergoes a merger, acquisition, financing, or asset sale, personal data may be transferred as part of that transaction.

We do not share personal information for advertising or cross-context behavioral tracking.

5. User-Generated Content and AI Processing

Users may submit product descriptions, ideas, and other materials (“User Content”).

• User Content is processed by Agiloop’s AI systems to generate functional requirements, technical breakdowns, and related outputs.
  
• User Content is not used to train core or foundational large language models.
  
• Agiloop retains User Content only to provide and improve the Service.
  
• You retain ownership of your User Content.

6. Cookies and Tracking Technologies

The Service may use essential and basic analytics cookies or similar technologies to:

• Maintain secure sessions
  
• Save user preferences
  
• Understand general usage patterns
  

We do not use marketing or advertising pixels.

You can control cookies through your browser settings, though disabling essential cookies may affect functionality.

7. Payment Processing

Agiloop uses Stripe to process all payments.

• Stripe may collect and store payment card data and other billing details.
  
• Agiloop does not store full payment card numbers.

For details, please review Stripe’s privacy policy.

8. International Transfers

Agiloop is based in the United States and may process data in the U.S. or other jurisdictions.

If you access the Service from outside the U.S., you consent to the transfer and processing of your data in the United States under applicable data-protection laws.

9. Data Security

We implement technical and organizational measures to protect personal information, including:

• Encryption in transit
  
• Access controls
  
• Secure credential storage
  
• Monitoring for unauthorized access
  

No system is entirely secure, and we cannot guarantee absolute security.

10. Data Retention

We retain personal data only as long as necessary to:

• Provide the Service
  
• Meet legal obligations
  
• Resolve disputes
  
• Enforce agreements
  

User Content may be retained for operational purposes unless you request deletion.

11. Your Rights

Depending on your location, you may have rights such as:

• Accessing your information
  
• Updating or correcting inaccurate data
  
• Requesting deletion of your account or User Content
  
• Restricting or objecting to certain processing
  
• Porting your information to another service
  

To exercise rights, contact us at legal@agiloop.ai.

We may verify your identity before responding.

12. Children’s Privacy

The Service is not directed to children under 16, and we do not knowingly collect their personal information.
If we discover such information was collected, we will delete it promptly.

13. Third-Party Links & Services

The Service may contain links to third-party websites or services.
Agiloop is not responsible for the privacy practices or content of those third parties.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
If changes are material, we will notify users (e.g., email or in-product notice).

Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

15. Contact Information

If you have questions about this Privacy Policy or your personal data, you may contact us at:

Agiloop Inc.
Email: legal@agiloop.ai
Website: https://agiloop.ai

‍

Agiloop Acceptable Use Policy (AUP)

Last updated: November 25, 2025

This Acceptable Use Policy (“AUP”) describes the rules and restrictions governing the use of the Agiloop platform, websites, and related services (“Service”) provided by Agiloop Inc., a Delaware corporation (“Agiloop,” “we,” “our,” or “us”).

By using the Service, you agree to comply with this AUP.
Violations may result in suspension or termination of your account, removal of content, or other actions deemed appropriate by Agiloop.

1. Purpose

The purpose of this AUP is to ensure that all users use the Service safely, responsibly, and lawfully, and that Agiloop can maintain a secure, reliable environment for all customers.

This AUP applies to all users, accounts, organizations, and any person accessing the Service.

2. Prohibited Activities

Users may not use the Service (or allow others to use it) in any way that:

2.1 Violates Laws or Regulations

You may not use the Service to:

• Break any applicable local, state, national, or international law
  
• Promote illegal activities
  
• Violate export control, sanctions, or anti-corruption laws
  
• Infringe upon intellectual property rights or proprietary rights of others
  

2.2 Interferes With or Harms the Service

You may not:

• Attempt to bypass or disable authentication, security, or access controls
  
• Probe, scan, or test network vulnerabilities
  
• Introduce malware, viruses, bots, or harmful code
  
• Interfere with or disrupt servers, networks, or infrastructure
  
• Take actions that impose an unreasonable load on our systems
  
• Attempt unauthorized access to accounts, servers, or systems
  

2.3 Misuses the Platform or AI Systems

You may not use the Service to:

• Generate harmful, misleading, defamatory, or fraudulent content
  
• Attempt to build, train, or improve competing AI models or datasets
  
• Reverse engineer or derive source code from the Service
  
• Scrape, harvest, or extract large datasets from the Service
  
• Misrepresent output as human-generated when legally required to disclose AI involvement
  
• Circumvent usage limits, quotas, or pricing plans
  

2.4 Engage in Abusive or Harmful Behavior

You may not:

• Harass, threaten, or abuse others
  
• Upload or transmit content that is obscene, hateful, discriminatory, or otherwise harmful
  
• Collect or attempt to collect personal data of others without consent
  
• Engage in deceptive or misleading conduct
  
• Impersonate another person or entity

3. Restrictions on User Content

You are responsible for all content you submit through the Agiloop Interview process or any part of the Service (“User Content”).

You may not upload, submit, or share:

• Content that you do not own or have permission to use
  
• Confidential information of others without authorization
  
• Sensitive personal data (e.g., health, biometric, minors’ data)
  
• Malicious, unlawful, or harmful files or information
  

Agiloop may remove or restrict access to any User Content that violates this AUP or the Terms of Service.

4. Security Responsibilities

You must:

• Maintain the confidentiality of your login credentials
  
• Notify Agiloop immediately of any unauthorized access or suspected security breach
  
• Use reasonable measures (e.g., secure passwords) to protect your account
  

You may not share your account credentials or allow unauthorized persons to access your account.

5. Fair Use & Resource Limits

To ensure stable service for all users, Agiloop may enforce:

• Rate limits
  
• AI usage limits
  
• Project count limits
  
• Storage or data transfer caps
  
• Other technical restrictions tied to your subscription tier
  

Users may not attempt to bypass or manipulate these limits.

6. Reporting Violations

If you believe someone is violating this AUP, please notify us at:

legal@agiloop.ai

Agiloop reserves the right to investigate any violation and take appropriate action.

7. Enforcement

Violations of this AUP may result in:

• Warning notices
  
• Content removal
  
• Temporary suspension
  
• Permanent account termination
  
• Legal action where applicable
  

Agiloop reserves the right to determine whether conduct violates this AUP.

8. Changes to This Acceptable Use Policy

We may modify this AUP at any time. If changes are material, we will provide notice (e.g., email or in-product notification).

Your continued use of the Service after changes take effect constitutes acceptance of the updated AUP.

9. Contact Information

For questions about this AUP, contact:

Agiloop Inc.
Email: legal@agiloop.ai
Website: https://agiloop.ai

‍

Agiloop Refund Policy

Last updated: November 25, 2025

Thank you for using Agiloop. This Refund Policy explains our rules regarding payments and refunds for subscriptions and add-ons.

By subscribing to or using the Agiloop platform, you agree to this Refund Policy.

1. General Policy — No Refunds

All fees paid to Agiloop are non-refundable.
This includes, without limitation:

• Monthly subscription fees
  
• Annual subscription fees
  
• Project Add-Ons
  
• Partial months of service
  
• Unused time or unused features
  
• Fees paid prior to downgrades or cancellations
  
• Charges incurred due to user error or misuse
  
• Auto-renewal charges if the account was not cancelled beforehand
  

We do not issue refunds for any reason except where required by applicable law.

2. Cancellations

You may cancel your subscription at any time.
However:

• Cancellation stops future billing cycles.
  
• It does not provide a refund for any previously paid period.
  
• Your access continues until the end of the current paid term.

To avoid being charged for the next cycle, you must cancel before your renewal date.

3. Free Tier and Trials

Our free Preview tier allows users to evaluate the platform before upgrading.
Because the free tier provides full opportunity to test the Service, all paid upgrades remain non-refundable.

4. Billing Errors

If you believe a billing error has occurred (e.g., duplicate charge), contact us at support@agiloop.ai within 30 days of the charge.

We will investigate the issue; however, this does not guarantee that a refund will be issued.

5. Payment Disputes

Filing a credit card dispute or chargeback does not entitle you to a refund.
Agiloop reserves the right to:

• Suspend accounts involved in chargebacks, and
  
• Recover any fees or costs associated with dispute processing.

6. Changes to Pricing

Agiloop may update pricing from time to time.
Price changes will be communicated in advance, and continued use of the Service constitutes acceptance of the updated pricing.

7. Legal Requirements

If applicable law in your jurisdiction requires specific refund rights (e.g., mandatory consumer protections), those rights supersede this policy only to the extent required by law.

8. Contact Information

For any questions about this Refund Policy:

Agiloop Inc.
Email: support@agiloop.ai
Website: https://agiloop.ai

‍

Agiloop Security & Compliance Overview

Last updated: November 25, 2025

At Agiloop, security and privacy are foundational to everything we build.
Our platform handles sensitive product ideas, specifications, and business requirements, and we are committed to protecting that data with industry-leading security practices.

This Security & Compliance Overview describes Agiloop’s approach to safeguarding customer data across infrastructure, application architecture, AI processing, and organizational controls.

1. Our Security Philosophy

Agiloop is built with the principle of security by design:

• Minimize the personal data we collect
  
• Protect customer IP and proprietary ideas
  
• Use third-party services only when necessary and with strong safeguards
  
• Apply least-privilege and zero-trust access principles
  
• Continuously improve through monitoring, testing, and structured processes
  

We understand that customers trust Agiloop with sensitive business information, and we take that responsibility seriously.

2. Infrastructure Security

2.1 Hosting Environment

Agiloop is hosted on modern, fully managed cloud infrastructure with:

• Network isolation
  
• Encrypted storage
  
• Secure container orchestration
  
• Server hardening and restricted administrative access
  

Our hosting provider complies with industry standards such as SOC 2, ISO 27001, and more.

2.2 Encryption

All data is encrypted:

• In transit: TLS 1.2+
  
• At rest: Industry-standard AES-256 or cloud-provider-equivalent encryption
  

We do not allow unencrypted communication with our platform.

2.3 Network & Access Controls

• Role-based access control (RBAC)
  
• Internal systems inaccessible from the public internet
  
• No direct database exposure
  
• Principle of least privilege for all engineering and operational access
  

Production access is restricted to a minimal set of authorized personnel.

3. Application Security

3.1 Authentication

Agiloop uses secure password practices:

• Hashed and salted passwords (never stored in plaintext)
  
• Mandatory TLS encryption for login
  
• Session management with secure cookies
  

Single Sign-On (SSO) options may be provided for enterprise customers.

3.2 Secure Development Practices

Our engineering processes include:

• Code review for all changes
  
• Static security scanning and dependency monitoring
  
• Separation of development and production environments
  
• Version-controlled infrastructure and configuration
  
• Continuous monitoring and alerting
  

3.3 Rate Limiting & Abuse Prevention

We apply rate limits and automated protections to:

• Prevent scraping
  
• Limit brute-force attempts
  
• Prevent misuse of AI models
  
• Maintain fair compute usage across tiers

4. Data Protection & Privacy

4.1 Minimal Data Collection

Agiloop collects only essential account and usage information:

• Name
  
• Email
  
• Password (hashed)
  
• Basic usage telemetry
  
• User content provided through the Agiloop Interview process
  

We do not collect or store sensitive personal data.

4.2 Data Ownership

Customers retain full ownership of all User-Generated Content.
Agiloop processes User Content only to provide product functionality.

4.3 AI Data Handling

Agiloop uses LLMs to help generate specifications, functional breakdowns, and product insights.

We guarantee:

• Your data is not used to train third-party foundational AI models
  
• Your prompts, inputs, and outputs are not sold or repurposed
  
• User data is processed only to provide the service
  

AI processing boundaries are documented in our Terms, Privacy Policy, and DPA.

5. Subprocessors

Agiloop uses a small number of carefully vetted subprocessors to deliver the Service, including:

• Stripe – payment processing
  
• Cloud hosting providers
  
• Email delivery and notification tools
  
• Logging and error monitoring platforms
  

All subprocessors are contractually required to follow strong security and privacy practices consistent with this Overview and our Data Processing Addendum.

A current list of subprocessors is available upon request.

6. Security Monitoring & Incident Response

6.1 Monitoring

Agiloop implements continuous monitoring for:

• Unauthorized access attempts
  
• Application errors
  
• System anomalies
  
• Performance degradation
  
• Suspicious activity
  

Security events generate alerts reviewed by authorized personnel.

6.2 Incident Response

If a security incident affecting customer data occurs, Agiloop will:

1. Respond immediately to contain the event
   
2. Investigate the scope and cause
   
3. Notify affected customers without undue delay
   
4. Cooperate fully with remediation requirements
   

Incident response procedures are regularly updated and tested.

7. Data Retention & Deletion

Customers may request deletion of:

• Account data
  
• User-generated content
  
• Project information
  

Upon request or account termination:

• Data is securely deleted
  
• Backup copies are purged on a rolling schedule
  
• Some logs may be retained for security or legal compliance purposes

Retention schedules align with operational needs and legal requirements.

8. Compliance

Agiloop aligns with major global privacy frameworks, including:

• GDPR (as a Processor; DPA available)
  
• CCPA/CPRA (we do not “sell” or “share” personal data)
  
• International transfer mechanisms (SCCs, UK Addendum as needed)

8.1 SOC 2

Agiloop is actively implementing internal controls aligned to SOC 2 principles:

• Security
  
• Availability
  
• Confidentiality
  

A formal SOC 2 audit is planned as the platform matures.
This document reflects our current security-aligned posture.

9. Customer Responsibilities

Customers must:

• Use secure passwords
  
• Control access to their accounts
  
• Limit internal personnel with access to sensitive information
  
• Avoid submitting sensitive personal data (health, biometric, children’s data, etc.)
  
• Configure projects and permissions responsibly
  

Security is a shared responsibility between Agiloop and our customers.

10. Contact Us

For any security or compliance questions, contact:

Agiloop Inc.
Email: security@agiloop.ai
Website: https://agiloop.ai

We take security inquiries seriously and respond promptly.

‍

Agiloop Data Processing Addendum (DPA)

Last updated: November 25, 2025

This Data Processing Addendum (“DPA”) forms part of the Terms of Service or other written agreement (“Agreement”) between Agiloop Inc., a Delaware corporation (“Agiloop,” “Processor,” or “we”) and the customer entity or individual agreeing to the Agreement (“Customer” or “Controller”).

This DPA regulates Agiloop’s processing of Personal Data on behalf of Customer when providing the Agiloop software-as-a-service platform and related services (“Service”).

This DPA is effective as of the date the Customer accepted the Agreement.

1. Definitions

For purposes of this DPA:

• “Personal Data” means any information relating to an identified or identifiable natural person that is processed by Agiloop on behalf of Customer.
  
• “Processing,” “Controller,” “Processor,” “Data Subject,” and “Supervisory Authority” have the meanings given in the EU GDPR and UK GDPR.
  
• “GDPR” means the EU General Data Protection Regulation (EU 2016/679) and the UK GDPR.
  
• “Subprocessor” means any third party engaged by Agiloop to process Personal Data.
  
• “Standard Contractual Clauses (SCCs)” refers to the European Commission’s 2021 SCCs for international transfers.
  
• “Data Protection Laws” means the GDPR, UK GDPR, CCPA (as applicable), and any other global privacy laws relevant to the Customer.

2. Roles of the Parties

• Customer is the Controller of Personal Data.
  
• Agiloop is the Processor, processing Personal Data solely to provide the Service in accordance with Customer’s documented instructions.

Agiloop does not determine the purposes or means of processing the Personal Data supplied by Customer.

3. Customer Instructions

Agiloop will process Personal Data only:

1. To provide and maintain the Service;
   
2. According to Customer’s written instructions;
   
3. As required to comply with applicable laws.

If Agiloop reasonably believes an instruction violates Data Protection Laws, Agiloop will notify Customer.

4. Nature and Purpose of Processing

Agiloop processes Personal Data to:

• Create and manage Customer accounts
  
• Authenticate users
  
• Deliver SaaS functionality
  
• Process User-Generated Content during the Agiloop Interview and specification process
  
• Provide customer support
  
• Maintain platform security
  
• Process payments through Stripe
  

Agiloop does not use Customer Personal Data to train foundational AI models.

5. Categories of Data Subjects

Customer may submit Personal Data relating to:

• Customer’s employees
  
• Customer’s contractors
  
• Customer’s end users
  
• Other individuals whose data Customer uploads or inputs into the Service

6. Categories of Personal Data Processed

The Personal Data processed may include:

• Name
  
• Email address
  
• Password (hashed)
  
• Usage data (logs, timestamps, interactions)
  
• IP address and basic technical metadata
  
• User-generated content submitted into the Agiloop Interview process
  

Sensitive or special-category Personal Data should not be submitted, and Agiloop does not knowingly process such data.

7. Subprocessors

Agiloop uses Subprocessors to provide certain aspects of the Service, such as:

• Stripe — payment processing
  
• Cloud hosting and storage providers
  
• Email or messaging infrastructure
  
• Analytics and logging providers
  

Agiloop will:

1. Maintain a list of current Subprocessors;
   
2. Notify Customer of material changes;
   
3. Ensure each Subprocessor is bound by obligations no less protective than those in this DPA.

Customer may object to a new Subprocessor for legitimate privacy reasons. If no resolution is reached, Customer may terminate the affected portion of the Service.

8. International Data Transfers

When transferring Personal Data outside the European Economic Area, Switzerland, or the United Kingdom, Agiloop will ensure appropriate safeguards are in place.

These may include:

• Standard Contractual Clauses (SCCs)
  
• UK Addendum or International Data Transfer Agreement (IDTA)
  
• Legally approved transfer mechanisms under Data Protection Laws
  

Customer authorizes Agiloop to rely on these mechanisms for international transfers.

9. Security Measures

Agiloop will implement appropriate technical and organizational measures, including:

• Encryption in transit
  
• Secure credential storage
  
• Access controls and role-based permissions
  
• Logging and monitoring
  
• Regular vulnerability management
  
• Protection against unauthorized access, disclosure, alteration, or destruction
  

A description of Agiloop’s current security practices is available upon request.

10. Data Breach Notification

If Agiloop becomes aware of a Personal Data Breach affecting Customer data, Agiloop will:

1. Notify Customer without undue delay;
   
2. Provide known details as they become available;
   
3. Cooperate in investigating and mitigating the breach;
   
4. Assist Customer with any legally required notifications.

11. Data Subject Requests

To the extent legally required:

• Agiloop will assist Customer in responding to requests from Data Subjects (access, correction, deletion, portability, etc.).
  
• Agiloop will not respond to Data Subjects directly unless instructed by Customer or required by law.

12. Customer Responsibilities

Customer is responsible for:

• Ensuring the legality of Personal Data processing;
  
• Providing Personal Data only as permitted by law;
  
• Not submitting sensitive/special-category data;
  
• Implementing its own security measures (e.g., secure accounts, access controls);
  
• Responding to Data Subject requests where Customer is the Controller.

13. Deletion or Return of Data

Upon termination of the Agreement or upon Customer request:

• Agiloop will delete or return Personal Data unless retention is required by law.
  
• Backups may persist temporarily in secure archival systems before being purged.

14. Audits and Compliance

Customer may request:

• Agiloop’s most recent security documentation or compliance reports;
  
• Confirmation of adherence to this DPA.

Formal audits may be conducted only:

• Upon written request;
  
• No more than once annually;
  
• With reasonable notice and scope;
  
• Without disrupting Agiloop operations.

Audits may be performed by a mutually agreed independent auditor. Customer is responsible for related costs.

15. Liability

Each party’s liability under this DPA is subject to the limitations of liability set forth in the Agreement.

16. Conflict

If there is a conflict between this DPA and the Agreement, this DPA controls with respect to data protection and privacy obligations.

17. Changes to This DPA

Agiloop may update this DPA to reflect legal, regulatory, or operational changes.
If changes are material, Agiloop will provide notice to Customer.

18. Signatures

This DPA is considered accepted and binding when the Customer agrees to the Agreement or continues to use the Service.

19. Contact Information

For all data protection inquiries:

Agiloop Inc.
Email: legal@agiloop.ai
Website: https://agiloop.ai

‍