Privacy Policy

Version 1.0 · In force since 2026-05-23

At Agentiko we build products powered by artificial intelligence. We treat our users' and clients' data with the same seriousness as our own systems. This policy explains what data we collect, why, who we share it with, and how you can exercise your rights under GDPR and the Spanish Data Protection Act (LOPDGDD).

1. Who is the data controller

Commercial brand: Agentiko
Data controller: Gavrilo Marković Janković, self-employed professional operating under the Agentiko brand (hereinafter "Agentiko" or "we").
Spanish Tax ID (NIF): 49383610B
Registered address: Carrer Can Batista 31, 08739 Subirats (Barcelona), Spain
Privacy contact: [email protected]

We are not required to appoint a Data Protection Officer (DPO). If you have any questions or want to exercise your rights, write directly to the email above.

2. What data we process and on what legal basis

ProcessingDataLegal basisRetention
Contact form / information request Name, email, phone (optional), message Consent (Art. 6.1.a GDPR) 24 months from last contact. After that, we anonymise or delete.
Free AI diagnostic / quote Contact data + company information you provide Pre-contractual measures (Art. 6.1.b GDPR) Duration of the relationship + 5 years (commercial obligations)
Performance of contracted services Billing data, project contact, operational data shared for the service Contract performance (Art. 6.1.b GDPR) Duration of the relationship + 6 years (tax and commercial obligations)
Conversational AI agents operated by Agentiko (chats, demos, events) Name (if you provide it), messages, technical session identifier Consent + legitimate interest (Art. 6.1.a and 6.1.f) 6 months after the event or service ends, unless explicit consent is given to retain longer
Web analytics (Cloudflare Web Analytics) Aggregated data without cookies: page views, country, browser. No persistent identifiers. Legitimate interest (Art. 6.1.f GDPR) Aggregated indefinitely, without personal data
Behavioural analytics (Google Analytics 4 and Microsoft Clarity) Only with your consent. Cookies (e.g. _ga, _clck) and interactions to understand site usage. IP anonymised in GA4. Consent (Art. 6.1.a GDPR) Up to 14 months (GA4); withdrawable via the “Cookies” link in the footer
Marketing communications (only if you have subscribed) Email, name, preferences Consent (Art. 6.1.a) Until you withdraw consent

3. Who we share your data with

To deliver our services we rely on technology providers that act as data processors or sub-processors (Article 28 GDPR). All have signed Data Processing Agreements (DPAs) or publicly accessible terms.

We maintain the full, up-to-date list on a dedicated page, with purpose, geographic location and applicable safeguards for each provider:

→ See list of technology providers

3.1. Important: conversational AI

When you interact with an AI agent operated by Agentiko (for example, at an event or demo), your messages are processed by third-party models (Anthropic, Google) to generate the response. They are not used to train the models — we have specific DPAs with training opt-out. Conversations are stored in our systems for the purposes described in the table in section 2.

4. International transfers

Some data may be processed outside the EEA (mainly in the USA) by the providers listed. All transfers are covered by:

5. Your rights

You have the right to:

To exercise any of these rights, send an email to [email protected] stating which right you wish to exercise. We will respond within 30 days.

If you believe the processing has not been carried out correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency: Agencia Española de Protección de Datos (AEPD).

6. Automated decisions and AI agents

The AI agents we operate never make automated decisions with legal or significant effects on people without human supervision. In most cases the agents make recommendations, generate content or assist in conversations — the final decision is always human.

If a specific service involves decisions with significant impact, we will let you know explicitly in advance and you will have the right to request human intervention.

7. Cookies and tracking

This site does not use tracking or advertising cookies. We use Cloudflare Web Analytics, which collects aggregated statistics without cookies or persistent identifiers. We do not profile visitors or resell data to third parties.

8. Security

We apply reasonable technical and organisational measures: HTTPS encryption, multi-factor authentication on critical services, least-privilege access, backups, and AI incident logging. If a security breach with risk to your rights nonetheless occurred, we will notify you within 72 hours and report it to the AEPD where applicable.

9. Retention and deletion

We retain data for the periods indicated in the table in section 2. Once the period ends, we delete or anonymise the data so it can no longer be associated with an identifiable person.

10. Changes to this policy

We may update this policy when our services, providers or legal requirements change. If the change is material, we will notify affected users by email or prominent notice on the website. The date of the latest update always appears in the header.