Privacy Policy
Last updated: July 4, 2026
This Privacy Policy explains how Agentic Labs Solutions LLC ("Agentic Labs," "we," "us," or "our") handles personal information when you visit agenticlabs.io, contact us, or engage us to design and operate agentic systems. We build for enterprises in regulated industries, so privacy and data governance are core to how we work — not an afterthought.
1. Our data philosophy
A defining part of how we deliver: your production data stays in your environment. We orchestrate agents on top of your existing infrastructure and systems of record, so we do not need to copy your business data or your customers' data into our systems to do our work. Where we do process personal information, we limit it to what is necessary and describe it below.
We do not sell personal information, and we do not use client or end-user data to train foundation models or any general-purpose model of our own.
2. Information we collect
We collect the following categories of information:
- Contact and inquiry data — name, work email, company, role, and the contents of messages you send through our contact form, email subscription, or when you book a discovery call.
- Engagement data — information exchanged while scoping and delivering a project, including configuration details, documentation, and credentials you choose to share to grant us access to your systems.
- Website usage data — IP address, device and browser type, pages viewed, referring URLs, and similar analytics collected through cookies and comparable technologies (see our Cookie Policy).
- Communications — records of correspondence and support interactions.
We do not intentionally collect special categories of data (such as health or biometric data) through our website. In client engagements, any regulated data (e.g., PHI) is processed within your environment under the terms of our agreement and, where applicable, a Business Associate Agreement or Data Processing Addendum.
3. How we use information
- Respond to inquiries, schedule calls, and provide the services you request.
- Design, deliver, operate, and support agentic systems under our engagements.
- Send administrative messages and, where you have opted in, occasional briefings — which you can unsubscribe from at any time.
- Operate, secure, and improve our website and business operations.
- Comply with legal obligations and enforce our agreements.
4. Legal bases for processing
Where the GDPR or similar laws apply, we rely on the following legal bases: performance of a contract (delivering services you request); our legitimate interests (operating and securing our business and website); your consent (marketing communications and non-essential cookies); and compliance with legal obligations.
5. AI, agents, and model providers
Our engagements often involve large language models and agentic workflows. When we implement these on your behalf:
- Agents run within, or connected to, your environment and systems of record.
- We configure enterprise model endpoints so that your inputs and outputs are not used by model providers to train their models, consistent with those providers’ enterprise terms.
- Every agent action can be logged with full audit trails to support your governance and compliance requirements.
- You remain the controller of your data; we act as a processor only to the extent set out in your agreement and DPA.
7. International transfers
We are based in the United States and may process information in the U.S. and other countries. Where we transfer personal information from the EEA, UK, or Switzerland, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
8. Data retention
We keep personal information only for as long as necessary for the purposes described here — to deliver services, meet legal, tax, and accounting obligations, and resolve disputes — after which we delete or anonymize it. Engagement data handled within your environment is retained per your configured retention policies.
9. Your rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of sale/sharing (we do neither). EEA/UK residents have rights under the GDPR/UK GDPR.
To exercise any right, email contact@agenticlabs.io (Attn: Privacy). We will respond within the timeframe required by applicable law and will not discriminate against you for exercising your rights. You may also lodge a complaint with your local data protection authority.
10. Security
We maintain a documented information security program with administrative, technical, and organizational safeguards including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, least-privilege access, logging, and vendor risk management. We maintain SOC 2 Type II controls and support HIPAA-regulated workloads under a BAA. See our Trust & Security page for details. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify you of incidents as required by law.
11. Children's privacy
Our website and services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal information from children.
12. Changes to this Policy
We may update this Policy from time to time. We will post the revised version here and update the "Last updated" date. Material changes will be communicated as required by law.
13. Contact us
Questions about this Policy or our privacy practices? Email contact@agenticlabs.io (Attn: Privacy) or write to us at [Registered business address].