โ† Back to Agentidoo

Privacy Policy

Last updated: April 2026 ยท Agentidoo by Last Loop GmbH

Your Data Is Your Data.

๐Ÿ”’ EU Jurisdiction Protection

Austrian data protection laws, GDPR compliant, no US CLOUD Act exposure.

๐Ÿ—‘๏ธ Delete Anytime

Complete data deletion with cryptographic proof. No backup retention.

๐Ÿšซ Never Sold

Your business intelligence stays yours. No data monetization, ever.

โฑ๏ธ Configurable Retention

You control how long we keep chat sessions. Default 90 days, your choice.

These aren't just marketing promises โ€” they're legally binding commitments protected by Austrian federal law and GDPR.

1. What We Collect

Agentidoo collects only the minimum data necessary to provide our AI assistant service:

  • Chat Messages: Conversations between you and our AI agent
  • Odoo Connection Metadata: Your Odoo instance URL and database name (passwords are never stored โ€” they're encrypted and passed through)
  • Usage Analytics: Performance metrics to improve AI response quality
  • Account Information: Email address, company name, billing information for paid plans

What We DON'T Collect

We never store your Odoo passwords, API keys, or raw database contents. All authentication is handled securely through encrypted channels with no retention.

2. How We Use Your Data

Your data is used exclusively to provide and improve Agentidoo services:

  • AI Processing: Chat messages are processed by our AI models to generate responses
  • Context Memory: Past conversations are used to maintain context and improve future interactions
  • Service Operations: Essential system operations, billing, and customer support
  • Success Metrics: Analyzing token-to-success rates to improve AI effectiveness

No profiling, no advertising, no data monetization. We make money from software subscriptions, not your data.

3. Data Storage & Security

Location & Infrastructure

All data is stored within the European Union on Hetzner infrastructure (Germany/Finland). This ensures your data remains under EU jurisdiction and protection.

Security Measures

  • Encryption: TLS 1.3 in transit, AES-256 encryption at rest
  • Access Control: Role-based access, multi-factor authentication for staff
  • Monitoring: 24/7 security monitoring and incident response
  • Auditing: Regular security audits and penetration testing

4. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request complete deletion of your data
  • Right to Data Portability: Export your data in machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to processing for specific purposes

Exercise Your Rights

Contact our Data Protection Officer at legal@agentidoo.com to exercise any of these rights. We respond to all requests within 30 days.

5. Data Retention

You control how long we keep your chat sessions:

  • Default Retention: 90 days for chat history and conversation context
  • Configurable: Set your preferred retention period (30 days to 2 years)
  • Immediate Deletion: Delete specific conversations or all data instantly
  • Account Closure: All data permanently deleted within 30 days of account closure

No backup retention: When you delete data, it's gone forever. We don't keep "anonymized" copies or hidden backups.

6. Third Parties & Sub-processors

LLM Providers

Chat messages are processed by AI model providers (OpenAI, Anthropic) to generate responses. These providers process data on our behalf but do not retain your conversations.

Other Sub-processors

  • Hetzner: EU-based cloud infrastructure (Germany/Finland)
  • Stripe: Payment processing (PCI DSS compliant)
  • Plausible Analytics: Privacy-focused website analytics (no tracking)

All sub-processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance and data protection.

7. Cookies & Tracking

We use minimal cookies, only for essential functionality:

  • Session Cookies: Keep you logged in during your session
  • Security Cookies: Prevent CSRF attacks and unauthorized access

No tracking cookies, no advertising cookies, no third-party analytics. We use Plausible Analytics, which doesn't track users or store personal data.

8. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or applicable law. When we do:

  • We'll email all users about material changes 30 days in advance
  • The updated policy will be posted on our website with a new "Last updated" date
  • Continued use of Agentidoo constitutes acceptance of the updated policy

9. Legal Basis

Under GDPR, our legal basis for processing your personal data:

  • Contract Performance: Processing necessary to provide Agentidoo services
  • Legitimate Interest: Improving service quality and security monitoring
  • Consent: Marketing communications (opt-in only)

10. Contact & Data Protection Officer

For questions about this privacy policy or to exercise your data rights, contact:

Legal Entity:
Last Loop GmbH
Darwingasse 20/29
1020 Vienna, Austria
VAT: ATU83156237

You also have the right to lodge a complaint with the Austrian Data Protection Authority if you believe we have violated your privacy rights.

Questions About Your Privacy?

Our Data Protection Officer is here to help with any questions about your data, privacy rights, or this policy.

legal@agentidoo.com