Agentive Concepts logo

Privacy Policy – Agentive Concepts

Last Updated: August 5, 2025 | Version 2.0
Legal Review: Pending

Company Identity

Data Controller: Agentive Concepts
Owner: Stephan Koning
Business Address: Groningen, Netherlands
Contact: privacy@agentiveconcepts.com
Websiteagentiveconcepts.com

SUMMARY OF KEY POINTS

What personal information do we process? Only what you provide via contact forms, WhatsApp, or email. We use privacy-focused analytics that don’t identify you.
Do we process sensitive information? No.
How do we process your information? To respond to inquiries, deliver our AI automation services, and improve our offerings. Always with legal basis.
Do we share your information? Only with essential service providers under Data Processing Agreements. Never sold.
How long do we keep information? Contact data: 6 months without engagement. AI logs: 5 days. Active client data: duration of service.
What are your rights? Access, correction, deletion, portability, restriction, and objection. Email privacy@agentiveconcepts.com.

1. WHAT INFORMATION DO WE COLLECT?

In Short: We only collect information you actively provide – no tracking, no cookies for analytics.
Personal Information You Provide:

  • Contact details (name, email, phone via WhatsApp)
  • Company information
  • Project requirements
  • Communications content

Information Automatically Collected:

  • Basic analytics via Umami (anonymized, no personal data)
  • Server logs for security (IP addresses, retained 7 days)
  • No marketing cookies, tracking pixels, or device fingerprinting

Cookies: We only use essential cookies for:

  • Security (CSRF protection)
  • Basic functionality (if applicable) You can control cookies in your browser settings.

2. WHAT LEGAL BASES DO WE RELY ON?

In Short: We process data only with proper legal basis under GDPR.

Purpose Legal Basis Retention
Respond to inquiries Consent (Art. 6(1)(a)) or Pre-contract (Art. 6(1)(b)) 6 months
Deliver services Contract performance (Art. 6(1)(b)) Duration of service
Legal/tax compliance Legal obligation (Art. 6(1)(c)) As required by Dutch law
Improve services Legitimate interests (Art. 6(1)(f)) Anonymized only
Security/fraud prevention Legitimate interests (Art. 6(1)(f)) 7 days

3. WITH WHOM DO WE SHARE YOUR INFORMATION?

In Short: Only with essential processors under strict agreements.
Our Processors (all have signed DPAs):

  • OpenAI (AI processing) – USA, Standard Contractual Clauses
  • Meta/WhatsApp (messaging) – USA, Standard Contractual Clauses, Privacy Policy
  • Umami Cloud (analytics) – EU hosted, no personal data shared
  • Google Workspace (email/docs) – USA, Standard Contractual Clauses
  • Notion (CRM/projects) – USA, Standard Contractual Clauses

International Transfers: We’ve conducted transfer impact assessments and implement supplementary measures including encryption and access controls.

4. HOW WE KEEP YOUR INFORMATION SAFE

In Short: Industry-standard security, but no system is 100% secure.
We protect your data through:

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Access Control: Multi-factor authentication, least privilege principle
  • Monitoring: Security logs, regular audits
  • Incident Response: 72-hour breach notification procedure
  • Vendor Security: All processors must maintain SOC2 or ISO 27001

Important: No internet transmission or storage is 100% secure. While we implement strong safeguards, we cannot guarantee absolute security.

5. YOUR PRIVACY RIGHTS

In Short: Full GDPR rights with 30-day response guarantee.

Your Rights Include:

  • Access your personal data (Art. 15)
  • Rectify inaccuracies (Art. 16)
  • Erase your data (“right to be forgotten”) (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability in machine-readable format (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent anytime without affecting prior processing

How to Exercise Rights:

Complaints:

6. CHILDREN’S PRIVACY

We do not offer services to anyone under 16 years old. We do not knowingly collect personal data from children. If we discover we’ve inadvertently collected such data, we will delete it immediately. If you believe we have data from someone under 16, please contact us.

7. SPECIFIC GEOGRAPHIC NOTICES

For EU/UK Residents: Full GDPR/UK GDPR protections apply as described above.
For California Residents (CPRA):

  • We do NOT sell or share personal information
  • Categories collected: Identifiers, business information
  • You may request disclosure, deletion, or correction
  • No discrimination for exercising rights

For Other Locations: We extend GDPR-level protections to all users globally.

8. AI-SPECIFIC DISCLOSURES

Our AI Processing Commitments:

  • We implement measures to prevent sensitive data processing
  • Pseudonymization applied where feasible
  • AI logs auto-deleted after 5 days
  • No automated decision-making affecting you
  • Human oversight on all AI outputs
  • You can request high-level logs of AI processing

9. UPDATES TO THIS POLICY

We may update this policy to reflect changes in:

  • Our services or data practices
  • Legal requirements
  • Security measures

Notification of Material Changes:

  • 30-day notice on website
  • Email to active clients
  • Version history maintained

What Constitutes Material Change:

  • New data categories collected
  • New purposes for processing
  • Changes to retention periods
  • New third-party sharing

10. CONTACT & GOVERNANCE

Privacy Inquiries: privacy@agentiveconcepts.com
General Contact: contact@agentiveconcepts.com
Data Protection Officer: Not appointed (not required at our scale)
Response Commitment: Within 30 days
Alternative Contact Methods:

VERSION HISTORY

  • v2.0 (August 5, 2025): Major update for AI services
  • v1.0 (Date): Initial version

COOKIE DECLARATION

This website uses only essential cookies for security and functionality. No tracking or marketing cookies are used. Our analytics (Umami) don’t use cookies.