GDPR & CCPA
Last updated: March 1, 2026
DeployAgents is fully GDPR and CCPA compliant. We are committed to protecting your privacy rights and processing your personal data lawfully, fairly, and transparently.
Your Rights Under GDPR
Right of Access
You can request a complete copy of all personal data we hold about you at any time. We will provide it within 30 days in a machine-readable format.
Right to Rectification
If any personal data we hold is inaccurate or incomplete, you have the right to have it corrected. Update most data yourself in your dashboard under Settings.
Right to Erasure
You may request permanent deletion of your account and all associated personal data. We will complete the deletion within 30 days and confirm when done.
Right to Data Portability
You can export all your instance data — conversations, memory, configurations — in JSON format from your dashboard at any time.
Right to Restrict Processing
You may request that we temporarily stop processing your personal data while a dispute is resolved, without deleting it.
Right to Object
You may object to processing of your personal data based on our legitimate interests. We will stop unless we can demonstrate compelling grounds.
Right to Withdraw Consent
Where processing is based on your consent (e.g. marketing emails), you may withdraw consent at any time without affecting prior lawful processing.
Lawful Basis for Processing
We process your personal data under the following lawful bases: (a) Contract — processing necessary to provide the service you subscribed to; (b) Legitimate Interests — anonymized analytics to improve the platform, security monitoring; (c) Consent — marketing communications (opt-in only); (d) Legal Obligation — retaining billing records as required by applicable law.
International Data Transfers
If you are located in the European Economic Area (EEA), your data may be transferred to servers outside the EEA (e.g. US or APAC regions). All such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives equivalent protection.
Data Processor Agreements
We have Data Processing Agreements (DPAs) in place with all sub-processors that handle personal data on our behalf, including Stripe (payments), Cloudflare (network security), and our infrastructure hosting providers. A list of current sub-processors is available upon request.
Data Retention
Personal data is retained for the duration of your active account plus a 30-day grace period after account deletion to allow for reactivation. Billing records are retained for 7 years as required by law. All other data is permanently purged within 60 days of account deletion.
CCPA (California Residents)
Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information is collected and how it is used, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights. To exercise CCPA rights, contact [email protected].
Data Protection Officer
We have designated a Data Protection contact for all GDPR-related inquiries. For any questions regarding your rights or our data practices, contact [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
Exercise Your Rights
Email [email protected] to access, correct, export, or delete your data. We respond within 30 days.