Privacy Policy

Last Updated: January 3, 2026

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

Account Information:

• Email address
• Password (stored encrypted)
• External User ID (generated for your account)
• Payment information (processed and stored by Stripe, not by us)

Workflow Approval Data:

• Approval requests sent from your n8n workflows
• Your approval or rejection decisions
• Context data you choose to include in approval requests (e.g., email drafts, invoice amounts)
• Timestamps of approval actions

1.2 Information Collected Automatically

Usage Data:

• Token consumption and workflow execution counts
• Features you use and how frequently
• Time spent in the app
• Error logs and crash reports

Device and Technical Information:

• IP address
• Device type and operating system
• Mobile device identifiers
• Browser type and version (for web access)
• App version
• Network connection type

Mobile App Permissions:

• Push notifications (required for approval alerts)
• Network access (required for API communication)

2. HOW WE USE YOUR INFORMATION

2.1 Service Delivery

• Authenticate your account and verify your identity
• Process workflow approval requests
• Send push notifications for pending approvals
• Execute approvals/rejections in your n8n workflows
• Provide technical support and respond to inquiries

2.2 Service Improvement

• Analyze usage patterns to improve features
• Debug errors and fix bugs
• Develop new features based on user feedback
• Conduct Alpha testing and quality assurance

3. DATA RETENTION

3.1 Account Data

We retain your account information for as long as your account is active and for a reasonable period after account deletion to comply with legal obligations, resolve disputes, and enforce our agreements.

3.2 Workflow Approval Data

• Approval requests: Deleted after approval/rejection is processed (typically within 24 hours)
• Approval metadata: Retained for up to 90 days for debugging and analytics
• Execution logs: Retained for up to 30 days (when feature is launched)

3.3 Account Deletion

When you delete your account:

• Your email and account credentials are permanently deleted within 30 days
• Workflow approval data is permanently deleted
• Aggregated, anonymized usage data may be retained for analytics
• Payment records are retained as required by law (7 years)

To delete your account, contact us at [email protected].

4. HOW WE SHARE YOUR INFORMATION

We share your information only in the following circumstances:

4.1 Service Providers

Stripe (Payment Processing):

• Payment method details, transaction amounts, billing address
• Subject to Stripe's Privacy Policy: https://stripe.com/privacy

OpenAI (AI Processing):

• When you use AI-powered approval features, approval context may be sent to OpenAI's API
• Subject to OpenAI's Privacy Policy: https://openai.com/privacy

Cloud Infrastructure Providers:

• We use cloud hosting services to store and process data
• Data is encrypted in transit and at rest

5. DATA SECURITY

5.1 Security Measures

Encryption:

• All data transmitted between your device and our servers is encrypted using TLS 1.3
• Sensitive data at rest (e.g., passwords) is encrypted using AES-256
• Payment data is handled by Stripe (PCI-DSS Level 1 compliant)

Access Controls:

• Role-based access controls limit employee access to data
• Regular security audits and penetration testing

6. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to:

• Access the personal information we hold about you
• Receive a copy of your data in a structured, machine-readable format

How to exercise: Email [email protected] with your request.

6.2 Correction and Update

You have the right to correct inaccurate personal information or update outdated information.

How to exercise: Update your information in account settings or contact us.

6.3 Deletion

You have the right to request deletion of your personal information and close your account permanently.

How to exercise: Email [email protected] to request account deletion.

6.4 Opt-Out of Marketing

You can opt out of marketing emails by:

• Clicking the "unsubscribe" link in any marketing email
• Adjusting your notification preferences in account settings
• Contacting us at [email protected]

7. CHILDREN'S PRIVACY

Agentiff.AI is not intended for users under the age of 18. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will delete such information promptly.

8. INTERNATIONAL DATA TRANSFERS

8.1 EU/UK Users (GDPR Compliance)

If you are in the European Union or United Kingdom:

• We process your data based on legal grounds (consent, contract performance, legitimate interests)
• We use Standard Contractual Clauses (SCCs) for international data transfers
• You have additional rights under GDPR (see Section 6)

8.2 California Users (CCPA Compliance)

If you are a California resident:

• You have the right to know what personal information we collect, use, and share
• You have the right to request deletion of your personal information
• You have the right to opt out of the "sale" of your personal information (we do not sell data)
• You have the right to non-discrimination for exercising your rights

To exercise CCPA rights: Email [email protected] with "CCPA Request" in the subject line.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last Updated" date at the top of this page
• We will notify you via email or in-app notification
• Your continued use of the Service after changes constitutes acceptance

10. CONTACT US

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: [email protected]
• Website: https://agentiff.ai

Response Time: We will respond to privacy requests within 30 days.

Terms of Service • Home