Agentyk.me Logo
GDPR Compliance

GDPR by Design, Not by Contract

Agentyk.me is built from the ground up for GDPR compliance — not bolted on as an afterthought.

Key Principles

Three foundational principles that make Agentyk.me GDPR-compliant by architecture.

Zero Conversation Storage
Stateless architecture means conversations exist only in your browser. Close the tab and they're gone. Nothing to breach, nothing to subpoena.
EU Data Residency
All persistent data lives in Firestore eur3 (multi-region EU). AI models run on Azure Sweden Central. Your data never leaves Europe.
Data Minimization
We only store what's needed for billing and compliance — account profile, consent records, and usage metrics. Nothing more.

Data Map

A complete overview of what data we store, where, the legal basis, and retention period.

Data CategoryStorage LocationLegal BasisRetention
Account profileFirestore EU (eur3)Art. 6(1)(b) ContractUntil account deletion
Consent recordsFirestore EU (eur3)Art. 6(1)(c) Legal obligationUntil account deletion
Usage metricsFirestore EU (eur3)Art. 6(1)(f) Legitimate interest12 months
Audit logsFirestore EU (eur3)Art. 6(1)(f) Legitimate interestTeam: 30 days / Enterprise: 1 year
Payment dataStripe (SCCs)Art. 6(1)(b) ContractPer Stripe retention policy
Chat conversationsBrowser memory onlyN/AAuto-deleted on tab close
Fraud preventionFirestore EU (eur3)Art. 6(1)(f) Legitimate interestAs necessary

Your Rights

Every GDPR data subject right is implemented and available today.

Access
Art. 15DSAR export endpoint
Rectification
Art. 16Account settings
Erasure
Art. 17Account deletion
Portability
Art. 20JSON/CSV export
Restriction
Art. 18Contact DPO
Object
Art. 21Contact DPO
Withdraw Consent
Recital 42Consent settings
Human Review
Art. 22Available on request

International Transfers

Safeguards in place for any data processing outside the EEA.

Transfer Safeguards

  • Standard Contractual Clauses (SCCs)

    SCCs in place with Microsoft Azure for any processing outside the EEA.

  • Transfer Impact Assessment (TIA)

    Completed TIA evaluating the level of data protection in third countries.

  • Supplementary Measures

    Encryption in transit (TLS 1.3) and at rest (AES-256), plus strict access controls.

Note: Firebase Auth and Stripe involve global infrastructure with appropriate safeguards (SCCs and supplementary measures) in place.

Data Controller

The legal entity responsible for your data and how to reach us.

Sylvanity B.V.

Treubstraat 21 U314
2288 EH Rijswijk
The Netherlands

KVK:96488646
BTW:NL867632860B01

Supervisory Authority

Autoriteit Persoonsgegevens
(Dutch Data Protection Authority)

Data Processing Agreement (DPA) available on request.

support@agentyk.me

Need More Information?

Review our full privacy policy, explore our security architecture, or request a DPA.

Request a DemoFull Privacy PolicySecurity Architecture

Need a DPA? Contact support@agentyk.me