Last updated: 6 February 2026 - Version 1.0
1. Who are we?
AI Agent ("we", "us", "our") is a service of AI Agent, established in the Netherlands. We provide a managed AI assistant platform via aiagent.nl and the accompanying app.
Contact: hello@aiagent.nl
2. What data do we collect?
2.1 Account data
When creating an account, we collect:
- Email address
- Name
- Company name (optional)
- Password (stored encrypted, never in readable form)
2.2 Chat messages
Messages you send to your AI assistant are processed to generate a response. This includes text messages you type and responses generated by the AI model.
2.3 Usage data
- Number of messages per day
- Number of tokens consumed per day
- Time of use (on a daily basis)
2.4 Technical data
When using the app, the following data is automatically collected:
- Device type and operating system version
- App version
- IP address (for security purposes)
3. What do we use your data for?
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and managing accounts | Performance of contract (Art. 6.1.b) |
| Providing the AI assistant service | Performance of contract (Art. 6.1.b) |
| Tracking usage for billing | Performance of contract (Art. 6.1.b) |
| Processing payments | Performance of contract (Art. 6.1.b) |
| Improving the service and resolving errors | Legitimate interest (Art. 6.1.f) |
| Preventing security incidents | Legitimate interest (Art. 6.1.f) |
4. Where do we store your data?
All data is stored within the European Union:
- Database and authentication: Supabase, data centre in Frankfurt, Germany (EU region eu-central-1)
- AI instances: Hetzner Cloud, data centres in Germany
Your data does not leave the EU for storage purposes.
5. Do we share data with third parties?
We do not share your data with third parties for marketing or other commercial purposes. The following parties process data on our behalf:
| Party | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication and serverless functions | Frankfurt, Germany |
| Hetzner Cloud | Hosting of AI instances | Germany |
| Mollie | Payment processing (iDEAL, credit card, SEPA) | The Netherlands |
| Anthropic | Processing of chat messages to generate responses | US (processing only, not stored) |
About AI processing: Your chat messages are sent to AI model providers to generate responses. These providers process the messages in real-time and do not store them for their own use or training. We select providers that have GDPR-compliant data processing agreements.
6. Cookies and session data
We only use functional cookies that are necessary for the operation of the service:
- Authentication session: To keep you logged in
- No tracking cookies: We do not place any analytics, marketing or advertising cookies
The mobile app does not use cookies but stores your login session locally on your device via secure storage.
7. How long do we retain your data?
| Data type | Retention period |
|---|---|
| Account data | As long as your account is active, plus 30 days after deletion |
| Chat messages | As long as your account is active |
| Usage data | 12 months |
| Payment data | 7 years (statutory retention obligation) |
| Technical logs | 90 days |
8. Your rights under the GDPR
You have the following rights:
- Access: You may request which data we hold about you
- Rectification: You may have incorrect data corrected
- Erasure: You may have your account and all associated data deleted
- Restriction: You may request that the processing of your data be restricted
- Portability: You may request your data in a standard format
- Objection: You may object to processing based on legitimate interest
Send an email to hello@aiagent.nl with your request. We will respond within 30 days.
You can delete your account via the settings page in the app or on the website. Upon deletion, all your data will be permanently erased, with the exception of payment data that we are legally required to retain.
9. Security
We take the following measures to protect your data:
- Encrypted connections (TLS/HTTPS) for all data communication
- Encrypted password storage (bcrypt)
- Row Level Security at database level (users can only view their own data)
- Containerised AI instances with gVisor sandboxing
- Firewall configuration and intrusion detection on servers
- Regular security audits
10. Children
Our service is not directed at children under the age of 16. We do not knowingly collect data from children. If you discover that a child under 16 has registered, please contact us so that we can delete the account.
11. Changes to this privacy policy
We may update this privacy policy from time to time. In the event of material changes, we will inform you by email or via a notification in the app. The most recent version is always available on this page.
12. Complaints
If you have a complaint about the processing of your personal data, you may contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
- Website: autoriteitpersoonsgegevens.nl
- Telephone: 088 - 1805 250