Agent F OÜ · Version 4.2 · Effective: 16 March 2026
A quick note. This Privacy Policy is a transparency notice — it explains how we handle personal data as required by GDPR Articles 13 and 14. It is not a contract. Your contractual relationship with Agent F is governed by our Standard Terms of Service and your Order Form or Subscription Agreement.
Questions? Email us any time: team@agent-f.com
The following third-party services are blocked by default and only load after you explicitly opt in via our cookie banner:
Agent F OÜ (“Agent F”, “we”, “us”) complies with the requirements and principles set out in applicable legal acts when processing personal data. The transparency of personal data protection and data security are important to us, which is why we have established this Privacy Policy — to inform you of how, for what purposes, and for how long we process personal data, and how we ensure that your rights are respected.
| Company | Agent F OÜ |
| Registry code | 17226627 |
| VAT | EE102853993 |
| Address | Tornimäe tn 5, Kesklinna linnaosa, Tallinn 10145, Estonia |
| team@agent-f.com | |
| Website | hello.agent-f.com |
If you have any questions, concerns, or complaints related to personal data, please contact us at team@agent-f.com.
Depending on context, Agent F handles personal data in two capacities.
As a data controller — when we process data about you directly: for example, your name and email when you create an account, or your contact details when we reach out about our product. This Policy covers that processing.
As a data processor — when our business customers upload data into the Service that contains personal data. The customer is the controller; we follow their instructions under a Data Processing Agreement (“DPA”). That processing is governed by the DPA, not this Policy.
If you are an employee or contact whose data has been uploaded by one of our business customers, please contact them — they are the controller for that data.
3.1 A data subject is a natural person whose personal data is processed (e.g. a customer, a user of our website or Service).
3.2 Personal data means any information relating to an identified or identifiable natural person (e.g. a name, an email address, an IP address, a device identifier).
3.3 Processing means any operation performed with personal data (e.g. collection, storage, viewing, alteration, transmission, erasure).
3.4 A controller is the party that determines the purposes and means of processing personal data.
3.5 A processor is a party that processes personal data on behalf of a controller, under a written agreement.
3.6 A Data Processing Agreement (DPA) is a contract between a controller and a processor that governs how the processor may handle personal data.
We only process personal data when we have a valid reason to do so. The table below is a complete summary of what we collect, why, and on what basis.
| Data | Purpose | Basis |
|---|---|---|
| Account & contact info | Run your account, deliver the Service, provide support | Contract performance |
| Billing info | Issue invoices, manage subscriptions | Contract performance; legal obligation |
| Technical & log data | Keep the Service secure and working | Legitimate interests |
| Usage data | Improve the Service, diagnose problems | Legitimate interests |
| Error & diagnostic data | Fix bugs, maintain stability (PII scrubbed first) | Legitimate interests |
| B2B marketing data | Reach business contacts who may be interested in Agent F | Legitimate interests |
| Newsletter subscribers | Send product updates and news | Consent |
| Analytics cookies (GA4) | Understand how visitors use our website | Consent — blocked until opt-in |
| Marketing cookies (HubSpot) | Track visits, enable chat and forms | Consent — blocked until opt-in |
| Essential cookies | Keep the Service working | Legitimate interests |
On legitimate interests: We use this basis for security, product improvement, error monitoring, and B2B outreach. In each case we have assessed proportionality and considered whether your privacy rights override our interest. You may object to any of this processing at any time — see §9.6.
On consent: Where we rely on consent, we do not load any script, set any cookie, or collect any data until you have actively opted in. You can withdraw consent at any time — see §9.7.
We process personal data only to the extent necessary for the purposes established at the time of collection. Data is stored for a specified period and then securely deleted or anonymised.
When you sign up or use the Service, we process your name, email address, company name, job title, postal address, and phone number to create and manage your account, deliver the Service, provide support, and communicate with you about your subscription. We also process subscription plan, invoice history, and transaction records to issue invoices and manage billing. Payment card details go directly to our payment processor — we never store them.
We use Sentry to collect crash reports and error logs to identify and fix bugs and maintain the stability of the Service. We have configured Sentry to protect your privacy: all personal data (names, email addresses, user IDs, IP addresses) is scrubbed from error payloads before transmission. Event data is automatically deleted after 90 days. You may object to this processing at any time by emailing team@agent-f.com.
We use Google Analytics 4 to understand how visitors use our marketing website — which pages are visited, how long visitors stay, and which features attract interest. GA4 is configured with IP anonymisation enabled and data retention set to 14 months. GA4 does not load until you have given consent via our cookie banner.
We manage our relationships with customers and prospects in HubSpot. We reach out to business professionals who may have a genuine interest in Agent F via personalised email campaigns (Lemlist), LinkedIn, and other professional channels. We use Clay Technologies to enrich publicly available B2B contact data — names, job titles, company information, and professional email addresses. We only contact business professionals in a B2B context.
HubSpot’s front-end tracking script — which enables live chat and behavioural tracking on our website — only loads after you have given consent via our cookie banner. HubSpot’s back-end CRM functionality (contact management, deal tracking, support) operates without any tracking scripts.
We send newsletters only to people who have explicitly signed up via double opt-in. If you have agreed to receive emails from us, we also collect open and click statistics to improve the quality and relevance of our communications.
When you use AI-powered features in the Service, your inputs may be sent to our AI Model Providers (Anthropic, OpenAI, or Mistral AI) to generate a response. None of our AI providers may use your data to train their models — this is contractually mandated. AI outputs are generated by probabilistic models and can contain errors; always review them before acting on them.
We may also generate anonymised, aggregated statistics from usage patterns (e.g. average task completion times) to improve the Service. This data cannot be linked back to any individual.
We process IP addresses and access logs to ensure the security of our systems and to ensure that data is processed only by authorised personnel.
We process your name, email, and other contact data when you contact us with questions, requests, or complaints, in order to provide you with the most appropriate response.
A cookie is a small text file stored on your computer, smartphone, or other device when you visit our website. We use cookies and similar technologies to ensure the technical functioning of our website, improve user experience, and — where you have consented — to perform analytics and enable marketing features.
Cookie preferences can always be changed through our Cookie Settings link in the website footer or through your browser settings.
6.1.1 Temporary (session) cookies are used only during the current session and are automatically deleted when you close your browser or tab.
6.1.2 Limited-time cookies have a fixed expiry date and are automatically deleted when that date passes.
6.1.3 Persistent cookies do not have an expiry date and remain on your device until you delete them manually.
6.2.1 Essential cookies ensure the functioning and security of the Service and website. These cannot be declined. They include session and login cookies, CSRF protection tokens, and load-balancing cookies.
6.2.2 Functionality cookies allow the website to remember selections you have made in the past (e.g. language preferences) in order to provide a more personalised experience. You may object to these at any time.
6.2.3 Statistical / analytics cookies enable us to perform statistical analysis of how the website is used. We use Google Analytics 4 for this purpose. These are blocked until you opt in.
6.2.4 Marketing cookies enable us to track visits and interactions on our marketing website and to operate live chat and forms. We use the HubSpot tracking script for this purpose. These are blocked until you opt in.
All fonts are self-hosted on our servers. We do not use Google Fonts or any external font CDN. No cookie is set and no network request is made to any third party simply by loading our website.
If you do not want certain cookies to be used, you can change your preferences at any time via the Cookie Settings link in our footer, or by adjusting your browser’s settings. For a full list of all cookies in use, see our Cookie Policy.
We share personal data only where needed to deliver the Service. All third-party providers act as data processors under written data processing agreements. We do not sell personal data. We disclose data to third parties only where required by law or a court order.
| Provider | What they do | Location | Transfer safeguard |
|---|---|---|---|
| Amazon Web Services (AWS) | Hosts the Service | EU (primary) | SCCs; AWS DPA; EU-US DPF; ISO 27001 / SOC 2 |
| Anthropic (Claude) | AI model — Service features | USA | SCCs; Anthropic DPA; no training on user data |
| OpenAI | AI model — Service features | USA | SCCs; OpenAI DPA; no training on user data |
| Mistral AI | AI model — Service features | France (EU) | GDPR applies directly; Mistral DPA |
| HubSpot | CRM, email, sales pipeline, support | USA | SCCs; HubSpot DPA; EU-US DPF |
| Google (Analytics) | Website analytics | USA | SCCs; Google Ads DPA; EU-US DPF; consent-gated |
| Lemlist | Sales email outreach | France (EU) | GDPR applies directly; Lemlist DPA |
| Clay Technologies | B2B contact enrichment | USA | SCCs; Clay DPA |
| Sentry | Error monitoring and crash reporting | USA | SCCs; Sentry DPA; EU-US DPF |
For providers outside the EU/EEA where no adequacy decision applies, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where available by the EU-US Data Privacy Framework (DPF). You may request a copy of the relevant SCCs by emailing team@agent-f.com.
| Data | Retention | Reason |
|---|---|---|
| Account and billing records | 7 years after relationship ends | Estonian Accounting Act |
| Customer Data (uploaded to the Service) | Deleted within 90 days of subscription ending | Standard Terms §7.5 |
| Technical and log data | Up to 12 months | Security and stability |
| Error and diagnostic data (Sentry) | 90 days | Bug diagnosis; then auto-deleted |
| B2B marketing data | Until opt-out, or 3 years from last contact | Proportionate legitimate interests |
| Analytics data (GA4) | Up to 14 months | As configured in GA4 settings |
| Support correspondence | 2 years after relationship ends | Service quality |
When the retention period ends, data is securely deleted or irreversibly anonymised.
Agent F considers the protection of your rights to be of fundamental importance. We will respond to requests within 30 calendar days. For complex requests we may extend this by a further two months, in which case we will let you know and explain why.
To exercise any of the rights below, email team@agent-f.com. We may ask you to confirm your identity first.
You have the right to ask us what personal data we hold about you and to receive a copy. This lets you verify what we process and how.
If your personal data is out of date, incorrect, or incomplete, you have the right to ask us to correct or complete it.
You may ask us to delete your personal data when it is no longer needed, or where you have withdrawn consent and there is no other reason for us to keep it. We may need to retain certain data by law or for legal claims — we will tell you if this applies.
You may ask us to pause processing of your data — for example, while we verify the accuracy of data you have disputed.
You have the right to receive your personal data in a structured, machine-readable format and to transfer it to another provider, where technically feasible.
You have the right to object to processing based on legitimate interests. For direct marketing we stop immediately. For other processing we will stop unless we have compelling grounds that override your rights.
Where we process your data on the basis of consent, you may withdraw that consent at any time — via Cookie Settings in our footer, by clicking unsubscribe in any email, or by emailing team@agent-f.com. Withdrawal does not affect anything we lawfully collected before you withdrew.
You have the right to lodge a complaint with a supervisory authority. In Estonia:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
www.aki.ee · +372 627 4135 · info@aki.ee
If you are in another EU country, you may also contact the supervisory authority where you live or work. A full list is at edpb.europa.eu.
Newsletter. We only send newsletters to people who have explicitly signed up via double opt-in. You can unsubscribe at any time using the link in any email. Unsubscribing from marketing does not affect Service-related emails such as invoices and security alerts.
B2B outreach. We reach out to business professionals who may have a genuine interest in Agent F via personalised email (Lemlist), LinkedIn, phone (occasionally), and channels you have previously used to contact us.
Opting out. Click the unsubscribe link in any email, reply “unsubscribe” to any message, or email team@agent-f.com. We will stop immediately.
The Service is for businesses and professionals. We do not knowingly collect data from anyone under 16. If you believe we have received data from someone under 16, contact team@agent-f.com and we will delete it promptly.
Agent F protects personal data from unlawful access through effective technical and organisational measures:
If a personal data breach occurs that presents a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate without undue delay and take immediate steps to contain the breach. If the risk is high, we will also notify affected individuals — in all cases within 72 hours of becoming aware.
If you believe your account has been compromised, contact us immediately at team@agent-f.com.
We review this Policy regularly and update it when our practices change or the law requires it. For significant changes we will give at least 30 days’ notice by email (if you have an account) or via a banner on our website. Minor corrections take effect when published. The effective date at the top always shows the version currently in force.
Email: team@agent-f.com
Post: Agent F OÜ, Tornimäe tn 5, Kesklinna linnaosa, Tallinn 10145, Estonia
Agent F OÜ · Registry code 17226627 · VAT EE102853993 · team@agent-f.com · hello.agent-f.com