Privacy Policy
Last updated: January 2026
1. Introduction
This Privacy Policy explains how Tecsteps GmbH ("we", "us", "our") collects, uses, and protects your personal data when you use Agendo. We comply with the EU General Data Protection Regulation (GDPR) and German data protection laws.
Data Controller:
Tecsteps GmbH
Breitscheidstr. 42
16321 Bernau bei Berlin, Germany
Email: fabian.wesner@tecsteps.com
2. Data We Collect
Account Information
- Email address and name (if provided)
- Password (stored securely using bcrypt hashing)
- Account preferences and settings
Payment Information
- Transaction records and credit purchase history via Lemon Squeezy
- We do NOT store credit card numbers or bank details
Usage Data
- Task creation and execution history
- Feature usage patterns and performance metrics
- IP addresses and approximate location
- Device type and browser information
Workspace Content
- Task descriptions and prompts
- Uploaded files and AI-generated outputs
- Task execution logs
3. How We Use Your Data
- Providing the Service (account management, task execution, file storage)
- Processing payments and managing credits
- Improving the Service through usage analysis
- Communicating service updates and security notices
- Legal compliance and fraud prevention
4. Legal Basis (GDPR)
| Purpose | Legal Basis |
|---|---|
| Service provision | Contract performance (Art. 6(1)(b)) |
| Service improvements | Legitimate interest (Art. 6(1)(f)) |
| Marketing | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
5. Third-Party Services
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| OpenRouter | AI processing | Task prompts | USA (SCCs) |
| Lemon Squeezy | Payment processing | Email, transactions | USA (SCCs) |
| Fly.io | Infrastructure | Workspace compute | EU preferred |
We do not sell personal information to third parties.
We have entered into Data Processing Agreements (DPAs) with our sub-processors where required by GDPR.
6. International Data Transfers
When data is transferred outside the EU/EEA, we ensure protection through Standard Contractual Clauses (SCCs) approved by the EU Commission.
7. Data Security
- Encryption in transit (TLS) and at rest
- Secure password hashing (bcrypt)
- Workspace isolation (sandboxed directories)
- Two-factor authentication available
- Regular security updates
Data Breach Notification: In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until deletion + 30 days |
| Workspace content | Until account deletion |
| Execution logs | 90 days |
| Payment records | 10 years (legal requirement) |
9. Your Rights (GDPR)
EU/EEA users have rights to:
- Access your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restriction of processing
- Data portability
- Object to processing
- Withdraw consent at any time
- Lodge complaints with supervisory authorities
To exercise your rights: Email fabian.wesner@tecsteps.com (response within 30 days)
Supervisory Authority: You may lodge complaints with your local data protection authority. For Germany: Die Landesbeauftragte fuer Datenschutz und fuer das Recht auf Akteneinsicht Brandenburg (LDA Brandenburg).
10. Cookies
Essential cookies: Authentication, security, theme preferences (required)
No analytics or advertising cookies
11. Children
Agendo is not intended for users under 18 years old.
12. Changes
Updates notified via email. "Last updated" date indicates revision.
13. Contact
Tecsteps GmbH
Breitscheidstr. 42
16321 Bernau bei Berlin, Germany
Email: fabian.wesner@tecsteps.com