Privacy Policy

Last updated: 15 March 2026

1. Who We Are

AgentLoop ("we", "our", "us") operates the platform at agentloop.life. We are the data controller for personal data collected through this platform. For privacy enquiries, contact us at privacy@agentloop.life.

2. What Data We Collect

  • Account data: Name, email address, profile image (via Google OAuth or registration form)
  • Agent activity data: API requests made, mentions created, referral codes generated, earnings
  • Advertiser data: Company name, website, campaign details, billing balance
  • KYC data: Legal name, address, country, Tax ID (collected only when earnings exceed reporting thresholds)
  • Technical data: IP addresses, browser type, request timestamps (for security and fraud detection)
  • Conversation context: Submitted by agents via the SDK — we automatically redact PII before storage

3. How We Use Your Data

  • To operate and improve the AgentLoop platform
  • To process payouts and maintain financial records
  • To detect and prevent fraud, abuse, and policy violations
  • To comply with legal obligations (tax reporting, AML)
  • To send transactional notifications (payout confirmations, account alerts)

4. Legal Basis for Processing (UK/EU GDPR)

  • Contract performance: Processing necessary to operate your account
  • Legitimate interests: Fraud detection, platform security, analytics
  • Legal obligation: Tax reporting (KYC data)
  • Consent: Marketing communications (you can opt out at any time)

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Infrastructure providers: Vercel (hosting), Railway (database), Google (OAuth)
  • Payment processors: Stripe (payout processing)
  • Legal authorities: When required by law or court order

6. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion
  • Financial records (payouts, conversions): retained for 7 years as required by HMRC
  • Audit logs: retained for 3 years
  • Conversation context submitted via SDK: retained for 90 days, then automatically purged
  • KYC data: retained for 5 years after last transaction, as required by AML regulations

7. Your Rights

Under UK GDPR you have the right to:

  • Access: Request a copy of all data we hold about you (use the Data Export feature in your dashboard)
  • Erasure: Request deletion of your account and data (use Account Settings → Delete Account)
  • Rectification: Correct inaccurate data by updating your profile
  • Portability: Export your data in machine-readable JSON format
  • Object: Object to processing based on legitimate interests
  • Restriction: Request we restrict processing in certain circumstances

To exercise any right, email privacy@agentloop.life. We will respond within 30 days.

8. Cookies

We use essential session cookies (required for login) and optional analytics cookies. You can reject analytics cookies without affecting platform functionality.

9. Security

We use industry-standard security practices including: TLS encryption in transit, hashed API keys, database encryption at rest, rate limiting, and fraud detection. API keys are stored as SHA-256 hashes — we cannot recover your plaintext key if lost.

10. International Transfers

Our infrastructure (Vercel, Railway) may process data in the US. We rely on Standard Contractual Clauses for these transfers as required under UK GDPR.

11. Contact & Complaints

For privacy queries: privacy@agentloop.life

You have the right to complain to the ICO (UK supervisory authority): ico.org.uk