Privacy Policy

Last updated: 31 March 2026

AgentBlocks ("we", "us", "our") is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share your information when you use the AgentBlocks platform and website (the "Service"). It applies to all visitors, users, and subscribers.

We are the data controller for the personal data described in this policy. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

AgentBlocks is operated by AgentBlocks Ltd, a company registered in England and Wales (company no. 17167991) with its registered office at 82a James Carter Road, Mildenhall, Bury St. Edmunds, IP28 7DE, United Kingdom. If you have any questions about how we handle your data, you can reach us at privacy@agentblocks.ai.

2. Data we collect

We collect the following categories of personal data:

Account information — your first name, last name, email address, and hashed password (or Google OAuth identifier if you sign up with Google).

Billing information — processed by Stripe on our behalf. We do not store your full card number. Stripe may collect your card details, billing address, and transaction history. See Stripe's privacy policy.

Connected service data — when you connect third-party services (Gmail, Google Drive, Slack, GitHub), we receive and temporarily process scoped access tokens and the data your AI agents interact with through those services. This may include email content, file metadata, repository data, and messages.

Usage data — pages visited, features used, timestamps, IP address, browser type, device type, and referring URL.

Audit logs — records of actions taken by your AI agents through the AgentBlocks platform, including approvals, rejections, and rule evaluations.

3. How we use your data

We use your personal data to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process payments and manage subscriptions
  • Facilitate connections between your AI agents and third-party services you authorise
  • Enforce safety rules, approval workflows, and guardrails you configure
  • Generate audit trails of agent actions
  • Send transactional emails (verification codes, receipts, trial reminders)
  • Respond to support requests
  • Detect, prevent, and address fraud or security issues
  • Analyse usage patterns to improve the platform (using aggregated, anonymised data where possible)

We do not use your connected service data (e.g. email content, files) to train machine learning models or for any purpose other than providing the Service to you.

4. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases for processing your personal data:

  • Contract — processing your account, billing, and connected service data is necessary to provide the Service under our terms.
  • Legitimate interests — we process usage data and audit logs to improve the platform, ensure security, and prevent fraud. We have conducted a balancing test and concluded that these interests do not override your rights.
  • Consent — we rely on your consent for non-essential cookies and optional marketing communications. You can withdraw consent at any time.
  • Legal obligation — we may process data to comply with legal requirements, such as tax regulations or law enforcement requests.

5. Third parties and data sharing

We share your data only with the following categories of third parties, and only to the extent necessary:

  • Stripe — payment processing. Stripe acts as an independent controller for payment data.
  • Google — OAuth authentication, Gmail, and Google Drive integrations (only when you connect these services).
  • Slack — messaging integration (only when you connect Slack).
  • GitHub — repository integration (only when you connect GitHub).
  • Infrastructure providers — hosting, database, and CDN services that process data on our behalf under data processing agreements.
  • Analytics providers — anonymised usage data to help us understand how the Service is used.

We do not sell your personal data to any third party. We do not share your data with advertisers.

6. International data transfers

Some of our third-party service providers are based outside the United Kingdom. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses
  • Transfers to countries with an adequacy decision from the UK Secretary of State

You can request details of the safeguards in place by contacting us.

7. Data retention

We retain your personal data as follows:

  • Account data — for as long as your account is active, plus 30 days after deletion to allow for account recovery.
  • Billing data — as required by tax and accounting regulations (typically 6 years under UK law).
  • Connected service data — processed in real time and not stored beyond what is necessary to complete the agent action. Scoped access tokens are short-lived and automatically expire.
  • Audit logs — retained for 90 days, unless you configure a longer retention period.
  • Usage data — retained in anonymised, aggregated form. Raw usage data is deleted after 12 months.

8. Security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS) and at rest
  • Scoped, short-lived credentials for third-party service access
  • Role-based access controls for internal systems
  • Regular security reviews and monitoring
  • Approval workflows that ensure no agent action is taken without your authorisation (where configured)

No system is completely secure. If you become aware of a security vulnerability, please contact us immediately at security@agentblocks.ai.

9. Cookies

We use the following types of cookies:

  • Strictly necessary cookies — required for authentication and core functionality. These do not require consent.
  • Analytics cookies — help us understand how visitors use the site. These are only set with your consent.

We do not use advertising or tracking cookies. You can manage your cookie preferences at any time through your browser settings. Disabling strictly necessary cookies may affect the functionality of the Service.

10. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data where there is no compelling reason for continued processing.
  • Restriction — request that we limit how we use your data in certain circumstances.
  • Portability — request your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at privacy@agentblocks.ai. We will respond within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

11. Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by placing a prominent notice on the Service. We encourage you to review this page periodically. The "last updated" date at the top reflects the most recent revision.

13. Contact us

If you have any questions about this privacy policy or how we handle your data, contact us at: