Welcome to Agento

Privacy Policy

Agento is committed to protecting personal information in accordance with applicable privacy law and our privacy principles.

1. The data we process and why

Agento processes two categories of data with materially different roles.

Account & contact data (we are the controller)

Information you give us when you create an account, request a demo, or correspond with us. This includes name, work email, company, role, and, if applicable, billing details. We use it to provide the Services, bill correctly, and communicate with you.

Customer Data (we are the processor)

Data your organisation pushes into the Services so Agento can do its job: workflow definitions, skill configurations, connector credentials, prompts and outputs of AI executions, evidence artifacts, audit trail entries, and any personal information you choose to process through Agento workflows. We process Customer Data only on your documented instructions, as set out in our Data Processing Addendum (DPA).

Telemetry

OpenTelemetry traces, metrics, and logs from your tenant, used to operate the platform, debug failures, and meet our durability and reliability commitments. Telemetry is segregated from Customer Data and retained on a shorter cycle.

2. Legal bases

Where GDPR or UK GDPR applies, we rely on contract, legitimate interests, legal obligation, and, where required, consent.

3. How we share data

  • Sub-processors that help us operate the Services (cloud infrastructure, observability, email delivery, payment processing). The current list is published at /security and updated when it changes.
  • Authorities when required by law, subject to our policy of pushing back on overbroad requests and notifying customers where legally permitted.
  • Successors in the event of a corporate transaction, with your data continuing to be protected on equivalent terms.
  • We never use Customer Data to train foundation models. Models invoked through the Agento Model Router process inputs only as instructed by your workflow.

4. International transfers

Agento may process data outside the country in which you are located. Where required, we use Standard Contractual Clauses for transfers from the EU, the UK International Data Transfer Addendum for transfers from the UK, and equivalent recognised mechanisms for other regions.

5. Retention

  • Account data: for the life of your account, plus the period required by tax, audit, and contract law.
  • Customer Data: per your retention configuration. The platform supports retention windows from 7 days to indefinite, including WORM-compliant evidence storage for regulated industries.
  • Telemetry: a short rolling window for operational use, with longer retention only for security incident investigation.
  • You can export or delete Customer Data via the Agento control plane at any time during your subscription. After termination, we delete Customer Data per the timelines in the DPA.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. If you are a customer's end user, please contact your employer first. We are typically the processor, not the controller, for that data.

To exercise rights as the controller of your own account data, email privacy@agento.com.au. We will respond within the timeframe required by applicable law.

7. Security

We protect data in transit with TLS 1.2 or higher and at rest with AES-256. Encryption keys are managed via AWS KMS with envelope encryption. Access to production systems is least-privilege, audited, and gated by SSO, MFA, and break-glass approval. See the Security page for the full architecture.

8. Children

The Services are not directed to anyone under 16. We do not knowingly collect personal information from children.

9. Changes

We will update this Policy as the Services evolve. Material changes will be announced via email to account administrators and posted on this page with a revised last updated date.

10. Contact

Privacy enquiries: privacy@agento.com.au

Data Protection Officer (DPO): a DPO is not currently appointed. Privacy enquiries are handled by the team at privacy@agento.com.au.

Postal address: available on request via privacy@agento.com.au.

Australian regulator: Office of the Australian Information Commissioner (OAIC), oaic.gov.au

EU / UK representative: not currently appointed. We will publish details if and when we are required to designate one.

Contact usBack to policiesReview securityEmail privacy