Trust
Privacy policy
Effective: 27 April 2026. Last updated: 3 May 2026.
This is the master privacy policy for AgentM — covering the public website at agentm.co.uk and our studio engagements. Each product has its own privacy policy linked from that product's page with product-specific data handling. Where a product policy says something stricter than this master policy, the product policy applies for product use.
Who we are
AgentM is operated by AgentM Sp. z o.o. (in formation), a Polish limited liability company. Registered office and company numbers will be published here once formation is complete. Until then, the data controller is the founder operating in a self-employed capacity in Poland; questions to privacy@agentm.co.uk.
What data we collect on this website
- Anonymous analytics — page views, referral source, country, device type. Via PostHog (EU instance) and/or GA4. Used to improve the site.
- Form submissions — when you contact us, we receive what you typed and your email address. Stored only as long as needed to respond, then archived for our records.
- Server logs — IP, user agent, requested URL, timestamp. Retained 30 days for security purposes.
We do not use third-party advertising cookies on this site.
What data we collect for studio clients
Whatever you share with us — briefs, account credentials, marketing copy, code repositories. Held under contract with confidentiality clauses; deleted after engagement ends per our standard MSA terms.
How we use AI on your data
See the AI disclosure page for the operating reality. Short version: AI providers process data under their commercial API terms; we do not share client data with consumer chat interfaces; sensitive engagements use zero-retention endpoints where supported.
Subprocessors
We use the following subprocessors:
| Subprocessor | Purpose | Region |
|---|---|---|
| Vercel | Site hosting | Global edge |
| Supabase | Backend services for some products | EU (Frankfurt) |
| Cloudflare | DNS, CDN, DDoS protection | Global |
| PostHog | Product analytics | EU |
| GA4 | Website analytics | Global |
| Sentry | Error tracking | EU (Germany) |
| Anthropic | AI processing (Claude) | US |
| AI processing (Gemini) | Global | |
| OpenAI | AI processing (GPT, when used) | US |
| Resend or Postmark | Transactional email | EU / US |
| Google Workspace | Mailbox | Global |
Your rights
Under UK GDPR, EU GDPR, and CCPA you have the right to access, correct, delete, or object to the processing of your personal data. To exercise any of these, email privacy@agentm.co.uk. We respond within 30 days.
Children
This website and our studio services are not directed to children. If you believe a child has shared personal data with us, email us and we will delete it.
International transfers
We rely on Standard Contractual Clauses for transfers from the EU/UK to the US (where Anthropic, OpenAI, and Google operate). We do not transfer to jurisdictions without an adequacy decision or appropriate safeguard.
Changes
If we change this policy materially, we'll publish the change on this page with the updated effective date and notify any active studio clients by email.