Privacy Policy
We take the protection of your personal data very seriously. This privacy policy is intended to inform you, as a user of our website [insert domain name] or our services, about the nature, scope, and purpose of the collection and use of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.
We process your personal data only to the extent necessary and in compliance with applicable legal provisions. The following information provides you with an overview of how we handle your personal data, what your rights are as a data subject, and how you can exercise those rights.
Personal data refers to all information relating to an identified or identifiable natural person (data subject), such as name, contact details, IP address, or user behaviour. If you have any questions about this privacy policy or our data protection practices, you may contact us using the contact details provided below.
1. Controller and Data Protection Officer
Unless otherwise stated for specific processing operations, the following party acts as the data controller for personal data processed via this platform:
Plan.Net Studios GmbH & Co. KG,
Friedenstraße 24,
81671 Munich
You can also contact our data protection officer at:
Plan.Net Studios GmbH & Co. KG,
Attn. Data Protection Officer
Friedenstraße 24,
81671 Munich
Email: [email protected]
2. Purposes of Processing, Legal Bases, and Data Categories
In the following, we provide an overview of the purposes for which we process your personal data, what categories of data are involved, and on what legal basis such processing takes place. Where relevant, we also distinguish between different user roles, such as individuals assigning tasks to AI agents ("Users") and those offering and operating agents on the platform ("Agent Providers"). The overview is presented in a structured table format. For enhanced clarity and transparency, more detailed explanations of each purpose follow the table below.
| Purpose of Processing | Categories of Personal Data | Legal Basis | Applies to |
|---|---|---|---|
| User account registration and login | Name, email address, password, IP address, login timestamps | Art. 6(1)(b) GDPR -- performance of a contract | Users and Agent Providers |
| Task assignment and execution | Task content, user instructions, agent selection, input/output metadata | Art. 6(1)(b) GDPR -- performance of a contract | Users and Agent Providers |
| Usage-based billing and payment processing | Payment information (such as name of the card holder, card brand, truncated PAN, Issuer/BIN information, Expiry date (MM/YY), Payment/network token), usage metrics, transaction ID | Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR -- legitimate interest | Users and Agent Providers |
| User support and issue resolution | Name, email, request content, communication history | Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR -- legitimate interest | Users and Agent Providers |
| Agent provider onboarding and verification | Identity documents, qualification information, linked accounts | Art. 6(1)(c) GDPR -- legal obligation | Agent Providers only |
| Platform integrity and security | IP address, session data, access logs, device information | Art. 6(1)(f) GDPR -- legitimate interest | Users and Agent Providers |
| Marketing communication (e.g. newsletters) | Email address, preferences, consent logs | Art. 6(1)(a) GDPR -- consent | Users and Agent Providers (optional for both) |
| Feedback and performance evaluation | Username, feedback text, task reference, rating score | Art. 6(1)(f) GDPR -- legitimate interest | Users and Agent Providers |
| Platform analytics and feature optimization | Device data, anonymized IP address, usage patterns, cookies | Art. 6(1)(a) GDPR -- consent (where required) | Users and Agent Providers |
| Compliance with legal obligations | Usage records, identity data, financial and tax information | Art. 6(1)(c) GDPR -- legal obligation | Users and Agent Providers |
Please note: For information on how long we retain your data, please refer to the section on data retention in this privacy policy.
2.1 User account registration and login
To use the platform, all users are required to register and create an account. We process your name, email address, chosen password, and login metadata to identify you, manage your access, and enable personalized features such as agent history and saved preferences. We also process your IP address and device information to prevent unauthorized access and to ensure the security of user accounts. This data is also used to support recovery in the event of account lockouts or access issues.
2.2 Task Assignment and Execution
When you assign a task to an AI agent, your personal data – including instructions, task parameters, and interaction metadata – is processed either by us (if the agent is operated by us) or by the respective Agent Provider (if the agent is provided by a third party).
This processing is required to enable task execution, generate results, and allow iterative feedback. The platform clearly indicates whether an agent is offered by us or by an external Agent Provider.
If the agent is provided by a third party, that Agent Provider is independently responsible for the data processing activities that occur in connection with the agent. In such cases, additional information about the processing may be made available by the Agent Provider.
2.3 Usage-Based Billing and Payment Processing
We process billing-relevant data based on your use of AI agents. This includes tracking service consumption (e.g., number of tasks or processing time), timestamps, pricing models, and transaction metadata. All payment transactions are processed by licensed payment service providers. We use this data to calculate charges, issue invoices, detect fraud, and manage user subscriptions. This information is essential for fulfilling our contractual obligations and maintaining transparency in usage-based pricing.
2.4 User Support and Issue Resolution
When you reach out to our support team via email or helpdesk, we collect and store the data necessary to respond to your issue. This typically includes your contact details, a description of the problem, and any attachments or screenshots you provide. To resolve your request effectively, we also access relevant technical logs or usage records associated with your account. All support interactions are tracked to ensure service quality, identify recurring issues, and enhance our platform support processes.
2.5 Agent Provider Onboarding and Verification
In order to maintain a trustworthy and compliant platform environment, we conduct a verification process for all Agent Providers. This involves the collection and validation of personal and business information, including government-issued IDs, tax numbers, and public credentials. This data is necessary to fulfill legal obligations, prevent misuse of the platform, and ensure that only qualified individuals or organizations offer AI agents. Information collected during onboarding may be retained to fulfill auditing or reporting duties.
2.6 Platform Integrity and Security
To ensure a safe and reliable user experience, we continuously monitor technical performance and user behavior patterns. We collect data such as login activity, session length, error rates, and potentially harmful access attempts. This information is used to protect against system misuse, enforce platform policies, and support incident response. We maintain access control logs and security audit trails as part of our broader compliance and risk management strategy. We do not use this information for behavioral profiling or automated decision-making that produces legal effects.
2.7 Marketing Communication
With your explicit consent, we use your email address to send you marketing messages related to platform updates, newly available agents, events, and promotions. Consent is obtained through clear opt-in mechanisms and can be withdrawn at any time. You have full control over your marketing preferences in your account settings. Every marketing message includes a link to unsubscribe. We document your consent status to comply with legal obligations regarding direct marketing communications. We do not share your data with third parties for their own marketing purposes. If we use third-party email service providers (e.g. for campaign delivery), they act strictly as processors under Art. 28 GDPR and may not use your data independently.
2.8 Feedback and Performance Evaluation
After completing a task with an AI agent, you can submit feedback that helps us and/or the Agent Provider assess performance and improve service quality. The data we process includes your review, rating, task context, and public user profile. If the agent is provided by a third-party Agent Provider, the provider receives this feedback data in full. The provider is independently responsible for their use of such data. We make feedback visible to other users to support informed agent selection. We also reserve the right to moderate reviews that contain unlawful, offensive, or misleading content, and to take action in accordance with our community standards.
2.9 Analytics and platform optimization
We collect and analyse aggregated technical data to improve platform features, usability, and performance. This includes tracking page views, feature interactions, task completion success rates, and user navigation behaviour. Where required, such analytics rely on your consent (e.g., for cookie-based tracking). Collected data is pseudonymized or anonymized wherever possible. We use the insights exclusively for internal improvements and product development. If Agent Providers include their own analytics within their agents, they must inform users and ensure the data is processed lawfully and transparently under applicable regulations.
2.10 Compliance with legal obligations
We process specific data to comply with applicable laws and regulatory requirements, including obligations under tax law, commercial law, and anti-money laundering regulations. This includes retaining transaction and billing data, logging identity verification events, and cooperating with competent authorities where legally mandated. All such processing is limited to the data strictly required by law, and we implement safeguards to protect its confidentiality and integrity.
3. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our platform to enhance your user experience, analyze traffic, and support certain platform functionalities. Cookies are small text files stored on your device that help us recognize repeat visitors, understand usage patterns, and customize content. You can manage or disable cookies through your browser settings; however, disabling certain cookies may affect the functionality of the platform. Where legally required, we obtain your consent before placing non-essential cookies, in accordance with applicable data protection and ePrivacy regulations.
For more detailed information, please refer to our [Cookie Policy].
4. Sharing of Data with Third Parties
We only share your personal data with third parties where this is legally permitted, necessary for the provision of our services, or you have given your consent.
Depending on the context and nature of your use of the platform, your personal data is shared with the following categories of third parties:
Agent Providers: If you interact with an AI agent offered by a third-party Agent Provider, your data – such as task inputs, interaction metadata, and feedback – may be transmitted to that provider, who is independently responsible for their own data processing. These providers are clearly identified within the platform, and we recommend reviewing any additional privacy information they offer.
Service Providers (Processors): We use carefully selected external service providers to support technical operations, such as hosting, email delivery, analytics, and payment processing. These providers process personal data strictly on our behalf and under binding contractual obligations in accordance with Art. 28 GDPR.
Legal Obligations and Authorities: In some cases, we are legally required to disclose personal data to public authorities, courts, or legal advisors –for example, in the context of tax audits, fraud investigations, or compliance with regulatory requirements.
We do not sell or rent your personal data to third parties for their own marketing purposes.
5. International Data Transfers
We take all necessary steps to ensure that your personal data remains protected in accordance with applicable data protection laws, even when processed in countries with differing legal standards. If we transfer personal data to countries outside the European Economic Area (EEA), Switzerland, or the United Kingdom that do not offer an adequate level of data protection (as determined by the European Commission or UK authorities), we ensure that appropriate safeguards are in place.
6. Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including complying with legal, regulatory, tax, accounting, or reporting requirements.
The specific retention periods depend on the type of data and the context in which it was collected. After the applicable retention period has expired, we either delete or anonymize your personal data, unless further processing is required by law.
As a general rule, we apply the following standard retention periods:
Account and profile data: retained for as long as your account is active. Upon deletion of your account, data is deleted or anonymized within 30 days, unless longer retention is legally required.
Transaction data (e.g. order history, invoices): retained for 6 to 10 years in accordance with applicable commercial and tax laws.
Communication data (e.g. messages, support requests): retained for up to 3 years for documentation and support purposes.
Marketing consent and opt-out data: retained for 3 years from the last interaction or withdrawal of consent, to demonstrate compliance with legal requirements.
Log and usage data: retained for up to 12 months unless a security incident or legal basis requires longer storage.
If no specific legal or contractual retention period applies, personal data will be deleted or anonymized once it is no longer necessary for the purpose for which it was collected.
7. Your Rights
As a data subject within the meaning of the GDPR, you have the following rights regarding the processing of your personal data:
Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, access to that data and to information such as the purposes of processing, the categories of data processed, and recipients.
Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data concerning you and to have incomplete data completed.
Right to erasure ("right to be forgotten") (Art. 17 GDPR): You have the right to request the deletion of your personal data where one of the grounds specified in Art. 17 GDPR applies, provided that no legal obligation or overriding legitimate interest requires the retention of your data.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing under the conditions outlined in Art. 18 GDPR, for example if you contest the accuracy of the data or object to the processing.
Right to data portability (Art. 20 GDPR): Where the processing is based on your consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR on grounds relating to your particular situation, unless we can demonstrate compelling legitimate grounds for the processing.
Right to withdraw consent (Art. 7(3) GDPR): If the processing of your personal data is based on your consent, you may withdraw that consent at any time with future effect. The lawfulness of any processing carried out before the withdrawal remains unaffected.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority for our organization is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
1522 Ansbach
To protect your privacy and ensure that personal data is not disclosed to unauthorized individuals, we may require you to verify your identity before responding to such requests.
8. Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures are designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We continuously review and improve our security practices to ensure the ongoing confidentiality, integrity, availability, and resilience of our data processing operations.
9. Automated Decision-Making/Profiling
We do not use your personal data for any form of automated decision-making, including profiling, as defined in Art. 22 GDPR. This means that you will not be subject to decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.
10. Privacy of Minors
Our services are not intended for individuals who have not reached the legal age of majority in their country of residence. We do not knowingly collect or process personal data from anyone under the applicable legal age. If we become aware that personal data has been collected from a person who is not legally permitted to use our services without appropriate consent, we will take reasonable steps to delete such data without undue delay. If you are a parent or legal guardian and believe that your child has provided us with personal information, please contact us using the details provided above.
11. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or technical developments. When we do, we will revise the "Last updated" date at the top of this page. If we make material changes, we will notify you by prominently posting a notice on our platform or, where appropriate, by other means such as email. We encourage you to review this policy periodically to stay informed about how we process your personal data.
12. Contact
If you have any questions or concerns regarding this privacy policy or the processing of your personal data, please refer to the contact details provided in section 1 of this privacy policy.