Privacy Policy

1. Data Controller

Agiliton Ltd.
Throumperon 29, Coral Bay Village, Peyia
8575 Paphos, Cyprus
Email: service@agiliton.eu

2. Data We Collect

We process the following categories of personal data:

• Account data (name, email, domain)
• Payment data (processed via Revolut — we do not store credit card numbers)
• Usage data (login times, API calls)
• Communication metadata (timestamps, room memberships, online status)

3. End-to-End Encryption

4. Metadata

For service operation, we necessarily process the following metadata:

• Connection timestamps and online status
• Room memberships (who is in which room)
• Message timestamps (when a message was sent)
• Device information (for E2EE key management)

This metadata is technically required for message delivery and is processed on the basis of Art. 6(1)(b) GDPR (contract performance).

5. Hosting and Data Location

All data is exclusively processed and stored on servers in Germany (Hetzner Online GmbH, Nuremberg/Falkenstein). No data is transferred to third countries.

6. Payment Processing

Payment processing is handled by Revolut Payments UAB (Lithuania, EU). Revolut processes payment data as an independent data processor.

7. Your Rights

You have the right to:

• Access your stored data (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure of your data (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)
• Lodge a complaint with a supervisory authority (Cyprus Data Protection Commissioner)

8. Data Retention

We retain data only as long as necessary for the business relationship and legal obligations. Upon contract termination, all customer data is deleted within 30 days.

9. Cookies

We exclusively use technically necessary cookies (session cookie for the customer portal). No tracking cookies or analytics tools are employed.