Agentyk.me Logo

Privacy Policy

Your privacy is our priority. We're committed to European data sovereignty and GDPR compliance.

Last updated: 23 February 2026
1. Information We Collect

Account Information

  • Email address (required for account creation)
  • Display name (if provided)
  • Profile picture (if provided via Google or other OAuth providers)
  • Authentication provider information (Google, SURFconext, etc.)

Usage Information

  • Chat messages and AI responses (see "Message Storage" below for details)
  • AI model preferences (which of the 4 available models you prefer to use)
  • Login timestamps and session information
  • Consent preferences (privacy policy and terms of service acceptance)
Message Storage Details

Your chat messages are handled as follows:

  • Server Memory: Messages are temporarily held in server RAM to maintain conversation context with the AI. This data is automatically deleted after 1 hour of inactivity
  • Browser Session Storage: Messages are also stored in your browser's session storage to display the conversation. This data persists across page refreshes within the same tab, but is cleared when you close the tab or after 1 hour
  • No Persistent Database Storage: We do not store your chat messages in any database. Only token usage counts are recorded for billing purposes
  • Session End: When you close your browser tab or your session times out (after 1 hour of inactivity), all messages are permanently deleted from both server memory and browser storage
  • No Recovery: Once messages are deleted, they cannot be recovered by you or us

Technical Information

  • IP address (for security and fraud prevention)
  • Browser type and version
  • Device information (for responsive design)

Third-Party Services

We use Google reCAPTCHA v3 to protect our service from spam and abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis. The information collected is subject to Google's Privacy Policy and Terms of Service.

We use IPInfo for geolocation services to comply with regional regulations. IPInfo processes IP addresses to determine approximate location. See IPInfo's Privacy Policy.

2. How We Use Your Information
  • Provide and improve our AI assistant service using Azure AI Foundry and open-source models
  • Process your chat messages through Azure's AI infrastructure to generate intelligent responses
  • Maintain conversation context during your chat sessions (stored temporarily in server memory and browser session storage)
  • Authenticate your account and ensure security
  • Communicate important service updates through the Service
  • Comply with legal obligations and prevent fraud
  • Analyze usage patterns to improve our service (anonymized data only)
3. Data Storage and Security

European Data Sovereignty

All your data is stored within European Union infrastructure. We use Firebase (Google Cloud) with European data centers to ensure your information never leaves European soil.

AI Processing Infrastructure

Our AI assistant service utilizes Azure AI Foundry to deploy multiple open-source AI models. You can choose from 4 different AI models: GPT OSS 120B, Mistral Large 3, DeepSeek V3.2 Speciale, and Llama 4 Maverick. Our Azure AI resources are located in Sweden Central (European Union) to maintain European data residency.

Important Note on Data Processing: While your data is always stored within European infrastructure, Azure may process your chat messages globally across Azure's network for optimal performance and AI model inference.

"Data might be processed globally, outside of the resource's Azure geography, but data storage remains in the AI resource's Azure geography."
International Data Transfer Safeguards

Under GDPR (and the Schrems II ruling), "processing" constitutes a data transfer. To ensure lawful processing of your data outside the EEA, we have implemented the following safeguards:

  • Standard Contractual Clauses (SCCs): We have SCCs in place with Microsoft Azure for any processing that may occur outside the EEA
  • Transfer Impact Assessment (TIA): We have conducted a TIA to evaluate the level of data protection in third countries where processing may occur
  • Supplementary Measures: Microsoft implements technical measures including encryption in transit and at rest, and access controls

For more information, see Microsoft's Privacy Statement and Azure AI Data Privacy documentation.

Security Measures

  • End-to-end encryption for data transmission
  • Encrypted storage of all personal information
  • Regular security audits and updates
  • Access controls and authentication protocols
  • Automatic session timeouts for inactive accounts
  • Azure enterprise-grade security for AI processing
4. Fraud Prevention & Device Tracking

Trial Abuse Prevention

To prevent abuse of our 7-day free trial and ensure fair access for all users, we implement fraud prevention measures using both payment method fingerprinting and device fingerprinting.

Payment Method Fingerprinting

When you provide a credit card for a free trial, Stripe (our payment processor) generates a unique fingerprint for your payment method. We use this to detect if the same card has been used for multiple trials across different accounts.

  • We store: Payment method fingerprint, card last 4 digits, card brand, expiry date
  • We do NOT store: Full card numbers or CVV codes (handled by Stripe)
  • Legal basis: Legitimate interest (GDPR Article 6(1)(f)) for fraud prevention

See Stripe's Privacy Policy.

Device Fingerprinting

We use FingerprintJS to generate a unique identifier for your browser/device. This helps us detect if multiple accounts are attempting trials from the same device.

  • Data collected: Browser type, operating system, timezone, language, screen resolution
  • We do NOT collect: IP addresses, precise location, browsing history
  • Storage: Device fingerprints are hashed (SHA-256) and stored securely
  • Legal basis: Legitimate interest (GDPR Article 6(1)(f)) for fraud prevention
  • Deletion: You may request deletion of your device fingerprint data by contacting support

See FingerprintJS's Privacy Policy.

How Fraud Detection Works

When you start a free trial, we check:

  • Has your email address been used for a trial before?
  • Has your payment method been used for a trial on a different account?
  • Has your device been used for a trial with a different email/card within 90 days?

If any of these checks fail, the trial may be blocked. You can contact support if you believe this was done in error.

Your Rights Regarding Fraud Prevention

  • You can contact us to review your fraud prevention status
  • You may request deletion of your fraud prevention data (subject to legal obligations)
  • Blocking decisions can be appealed by contacting support at info@sylvanity.eu

Right to Human Review (GDPR Article 22 & EU AI Act)

Under GDPR Article 22 and the EU AI Act, you have the right to human intervention for automated decisions that significantly affect you. If your account is blocked or your trial is denied due to our automated fraud prevention systems:

  • Human Review: You can request that a human reviews the automated decision
  • Explanation: You have the right to an explanation of how the decision was made
  • Contest: You can provide additional information to contest the decision
  • Contact: Email info@sylvanity.eu with subject "Human Review Request"

We aim to respond to human review requests within 5 business days.

5. Your Rights Under GDPR

As a European resident, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at info@sylvanity.eu:

  • Right to Access: Request a copy of your personal data by contacting support
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Delete your account and data via account settings or by contacting support
  • Right to Portability: Request your data in a portable format by contacting support
  • Right to Restrict Processing: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

We will respond to your request within 30 days as required by GDPR.

6. Data Retention
  • Account information: Retained while your account is active
  • Chat conversations: Temporarily held in server memory and browser session storage, automatically deleted after 1 hour of inactivity or when the browser tab is closed
  • Login timestamps: Retained for security and account management purposes
  • Billing information: Processed securely through Stripe
  • Fraud prevention data: Retained as necessary to prevent abuse
7. Contact Information

Data Controller

Sylvanity B.V.
Treubstraat 21 U314
2288 EH Rijswijk
The Netherlands

KVK: 96488646
BTW: NL867632860B01

Email: info@sylvanity.eu

Data Protection Officer

For privacy-related inquiries, please contact our Data Protection Officer at:
Email: info@sylvanity.eu

Supervisory Authority

If you have concerns about our data processing, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the Service (such as a banner or notification when you log in). Your continued use of Agentyk.me after such modifications constitutes your acknowledgment of the modified Privacy Policy.

Committed to European data sovereignty and sustainable AI practices
Terms of ServiceAboutHome