Privacy Policy

Last updated: 1 March 2026

1. Data Controller

The data controller responsible for the processing of your personal data is AgenticPost, reachable at [email protected]. Our principal place of business is in Austria.

2. Data We Collect

We collect and process the following categories of personal data in connection with the provision of our services:

  • Account data: your email address, chosen subscription tier (free or pro), and account creation date.
  • Payment data: if you subscribe to a paid tier, payment information (such as card details, billing address, and transaction identifiers) is collected and processed by our payment processor, Stripe, Inc. We do not store full payment card numbers on our servers.
  • Usage data: technical information such as email open and click events, IP addresses, browser type, and operating system, collected to improve our service and ensure deliverability.

3. Legal Basis for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Performance of a contract (Art. 6(1)(b) GDPR): processing is necessary for the performance of the subscription agreement between you and AgenticPost, including the delivery of newsletter content and the management of your account and payments.
  • Legitimate interest (Art. 6(1)(f) GDPR): we process usage data to maintain service security, prevent abuse, and improve the quality and relevance of our content. Our legitimate interest does not override your fundamental rights and freedoms.

4. Third-Party Processors

We engage the following third-party service providers (sub-processors) to assist in delivering our services. Each processor is bound by a data processing agreement in compliance with Art. 28 GDPR:

  • Stripe, Inc. — payment processing. Stripe processes payment data in accordance with its own privacy policy and is certified under the EU–US Data Privacy Framework.
  • Mailgun Technologies, Inc. — email delivery. Mailgun processes email addresses and email engagement data (open and click events) for the purpose of delivering our newsletters.
  • Anthropic, PBC — content generation. We use Anthropic's AI models to curate and generate newsletter content. No subscriber personal data is transmitted to Anthropic; only publicly available source material is processed.

5. Data Retention

We retain your personal data as follows:

  • Email address and account data: retained for the duration of your subscription. Upon unsubscription or account deletion, your email address and associated account data are deleted within 30 days, unless longer retention is required by applicable law.
  • Payment and billing data: retained for the period required by applicable Austrian and EU tax, commercial, and accounting legislation (currently seven years under the Austrian Bundesabgabenordnung).
  • Usage data: retained in aggregated or anonymised form for a maximum of 12 months, after which it is deleted.

6. Cookies and Tracking

Our website does not use advertising or analytics cookies. We may use essential cookies strictly necessary for the functioning of the website (e.g., session management). These do not require consent under Art. 5(3) of the ePrivacy Directive.

7. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR, which you may exercise at any time by contacting us at [email protected]:

  • Right of access (Art. 15): you have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to receive a copy of that data.
  • Right to rectification (Art. 16): you have the right to request the correction of inaccurate personal data.
  • Right to erasure (Art. 17): you have the right to request the deletion of your personal data, subject to applicable legal retention obligations.
  • Right to data portability (Art. 20): you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to object (Art. 21): you have the right to object to the processing of your personal data based on legitimate interest.
  • Right to lodge a complaint: you have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, Austria, or with any other competent supervisory authority.

8. International Data Transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the European Economic Area, we ensure that appropriate safeguards are in place, including the EU–US Data Privacy Framework, Standard Contractual Clauses (SCCs), or other mechanisms approved under Art. 46 GDPR.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email or a prominent notice on our website. The “Last updated” date at the top of this page indicates when the policy was last revised.

10. Contact

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at: [email protected].