Privacy Policy
Effective Date: December 29, 2025
Previous Updated: January 1, 2024
Version: 1.0
version2.0 December 2025
Privacy Policy
Version: 2.0
1. Introduction
Agencio APAC Pte Ltd ("Company," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use Agencio Cloud and BerthaMagic ("Service"), including our integrations with TikTok, Meta (Facebook/Instagram), Google, and other third-party platforms.
This Privacy Policy applies to:
- All users of Agencio Cloud
- Data collected through our website, mobile applications, and APIs
- Data obtained from third-party platforms you connect to our Service
- Data processed through AI service providers
By using our Service, you consent to the data practices described in this Privacy Policy.
2. Information We Collect
We collect information in several ways to provide, improve, and protect our Service.
2.1 Information You Provide Directly
Account Information:
- Name and contact information (email address, phone number)
- Company name and business information
- Job title and role
- Account credentials (username, encrypted password)
- Payment and billing information (credit card details, billing address)
- Communication preferences and marketing opt-ins
- Profile photo and bio (optional)
User-Generated Content:
- Marketing campaigns and content you create
- Brand assets (logos, images, videos, brand guidelines)
- Campaign briefs and strategy documents
- AI prompts and generation parameters
- Customer personas and audience definitions
- Comments, feedback, and support messages
Payment Information:
- Credit card details (processed securely by third-party payment processors)
- Billing address and tax information
- Transaction history and invoices
2.2 Information Collected Automatically
Technical Information:
- IP address and device identifiers
- Browser type, version, and language settings
- Operating system and device type
- Screen resolution and viewport size
- Referring URLs and clickstream data
- Date and time of access
- Pages viewed and links clicked
- Error logs and debugging information
Usage Data:
- Features used and frequency of use
- Time spent on platform and session duration
- Content creation and editing patterns
- API calls and integration usage
- Campaign performance metrics
- Search queries and filters applied
Cookies and Tracking Technologies:
- Session cookies for authentication
- Persistent cookies for preferences
- Analytics cookies for usage patterns
- Marketing cookies (with consent where required)
- Local storage and cache data
2.3 Information from Third-Party Platforms
When you connect third-party accounts to our Service, we collect data as authorized by you through OAuth scopes and platform permissions.
2.3.1 TikTok Data
When you connect your TikTok account, we may access and collect:
Profile Information (scope: user.info.basic):
- TikTok username and display name
- Profile photo (avatar URL)
- TikTok user ID (open_id)
- Account verification status
- Profile bio and description (if scope user.info.profile is granted)
- Profile links (if scope user.info.profile is granted)
Video Information (scope: video.list):
- Public videos you've posted on TikTok
- Video metadata (title, description, hashtags)
- Video statistics (views, likes, shares, comments counts)
- Video URLs and embed codes
- Creation and publication dates
- Video cover images
Engagement Statistics (scope: user.info.stats):
- Total video count
- Follower count
- Following count
- Total likes received
Content Posting Capability (scopes: video.publish, video.upload):
- Ability to post content to your TikTok account on your behalf
- Draft creation and management capability
How TikTok Data Is Used:
- Display your TikTok content in our dashboard
- Enable posting content from our platform to TikTok
- Generate analytics and performance insights
- Provide recommendations for content optimization
- Verify your TikTok account connection status
TikTok Data Retention:
- Profile information: Cached for up to 24 hours or until you disconnect
- Video metadata: Retained while your account is connected
- Posted content: Not stored permanently (only transaction logs)
- Analytics data: Aggregated and retained for up to 12 months
- All TikTok data deleted within 30 days of account disconnection
TikTok-Specific Rights:
You can:
- Revoke our access to your TikTok account at any time through TikTok settings or our platform
- Request deletion of your TikTok data through our platform
- View what TikTok data we've collected through your account dashboard
- Control which TikTok scopes you authorize
TikTok's Privacy Policy:
Your TikTok account and data are also subject to [TikTok's Privacy Policy](https://www.tiktok.com/legal/page/global/partner-privacy-policy/en). We only access TikTok data as you authorize and as permitted by TikTok's policies.
2.3.2 Meta Platform Data (Facebook & Instagram)
When you connect Meta platforms, we may collect:
Profile Information:
- Facebook/Instagram username and user ID
- Profile photo and display name
- Account type (personal, business, creator)
- Page and account information
Page Management Data:
- Facebook Pages you manage
- Instagram Business Account information
- Page insights and analytics
- Post performance metrics
Advertising Data:
- Ad account information
- Campaign performance metrics
- Audience insights
- Ad creative assets
Content Data:
- Posts, images, and videos you authorize
- Engagement metrics (likes, comments, shares)
- Story performance data
Data Usage:
- Campaign management and scheduling
- Performance analytics and reporting
- Audience insights and targeting
- Ad creative optimization
Retention: Meta data is retained per your authorization and deleted within 30 days of disconnection.
2.3.3 Google Platform Data
When you connect Google services, we may collect:
Google Ads Data:
- Campaign information and performance metrics
- Ad group and keyword data
- Conversion tracking data
- Budget and bidding information
Google Analytics Data:
- Website traffic and user behavior
- Audience demographics and interests
- Goal completions and conversions
- E-commerce transaction data (if applicable)
YouTube Data:
- Channel information and statistics
- Video performance metrics
- Subscriber counts and engagement
- Content uploaded to your channel
Data Usage:
- Campaign optimization and reporting
- Audience analysis and segmentation
- Performance benchmarking
- Attribution modeling
Retention: Google data is retained per your authorization and deleted within 30 days of disconnection.
2.3.4 Other Connected Platforms
We may collect similar data from other platforms you connect, including:
- LinkedIn (profile, company pages, ad campaigns)
- Twitter/X (profile, tweets, engagement metrics)
- Pinterest (profile, pins, board analytics)
- Other social media and advertising platforms
2.4 AI Service Provider Data
When you use AI features, your content is processed through:
OpenAI (ChatGPT API):
- Text prompts and generated content
- Conversation context and history
- Usage patterns and preferences
Anthropic (Claude API):
- Analysis requests and AI-generated insights
- Content optimization suggestions
RunwayML:
- Video generation prompts and parameters
- Generated video content
- Editing instructions
Stability AI:
- Image generation prompts
- Generated images and variations
- Style preferences
AI Data Usage:
- Provide requested AI generation services
- Improve AI response quality (opt-out available)
- Generate usage analytics (anonymized)
AI Data Retention:
- Active generation data: Retained during session
- Generated content: Stored per your subscription plan
- Training data: Only if you opt-in (anonymized and aggregated)
Opt-Out: You can opt out of AI training data usage in your account settings. This does not affect our ability to provide AI services to you.
2.5 Information from Other Sources
Business Partners:
- Lead information from authorized partners
- Referral data from affiliate programs
Public Sources:
- Publicly available business information
- Company website and social media data (for business verification)
Analytics Partners:
- Aggregated usage patterns and benchmarks
- Industry trend data
3. How We Use Your Information
We use collected information for the following purposes:
3.1 Service Delivery and Management
Core Platform Operations:
- Provide, maintain, and improve the Service
- Process your transactions and manage subscriptions
- Authenticate users and maintain account security
- Enable connections to third-party platforms
- Generate content using AI services
- Store and organize your campaigns and assets
Feature Delivery:
- Post content to TikTok, Meta, Google, and other connected platforms
- Retrieve analytics and performance data
- Generate AI-powered content and recommendations
- Provide campaign management and scheduling
- Enable team collaboration features
Technical Support:
- Respond to support requests and troubleshoot issues
- Provide technical assistance with integrations
- Resolve billing inquiries
- Monitor system performance and reliability
3.2 Service Improvement and Development
Product Development:
- Analyze usage patterns to identify needed features
- Develop new AI models and capabilities
- Improve content generation quality
- Optimize platform performance
- Test new features in beta programs
AI Model Training (with opt-out):
- Improve content generation quality
- Train custom models for better personalization
- Develop industry-specific AI capabilities
- Note: This is opt-in/opt-out in settings
Quality Assurance:
- Identify and fix bugs
- Monitor system performance
- Conduct security audits
- Evaluate feature effectiveness
3.3 Analytics and Insights
Platform Analytics:
- Monitor platform usage and adoption
- Track feature engagement
- Measure campaign performance
- Generate usage reports for customers
Business Intelligence:
- Understand customer needs and preferences
- Identify trends and opportunities
- Benchmark performance metrics
- Generate aggregated industry insights (anonymized)
3.4 Communication
Transactional Communications:
- Account creation and verification emails
- Password resets and security alerts
- Billing notifications and receipts
- Service updates and maintenance notices
- Responses to your inquiries
Marketing Communications (with consent):
- Product updates and new feature announcements
- Educational content and best practices
- Promotional offers and discounts
- Newsletters and industry insights
- Webinar and event invitations
Note: You can opt out of marketing communications at any time while still receiving essential transactional messages.
3.5 Legal and Security
Compliance:
- Comply with legal obligations and regulations
- Respond to lawful requests from authorities
- Enforce our Terms of Service and policies
- Protect our legal rights and interests
Security and Fraud Prevention:
- Detect and prevent fraudulent activities
- Monitor for security threats and vulnerabilities
- Investigate suspicious behavior
- Prevent spam and abuse
- Protect platform integrity
3.6 Third-Party Platform Integration
Platform Management:
- Authenticate connections to TikTok, Meta, Google, etc.
- Refresh access tokens as needed
- Post content to connected platforms on your behalf
- Retrieve analytics and performance data
- Maintain integration status
Compliance Monitoring:
- Ensure content complies with platform policies
- Monitor for terms of service violations
- Report policy violations as required by platforms
- Maintain good standing with partner platforms
4. Information Sharing and Disclosure
We do not sell or rent your personal information. We share your information only in the following circumstances:
4.1 With Your Consent
Third-Party Platform Posting:
- When you authorize posting to TikTok, Meta, Google, or other platforms
- Content you explicitly choose to publish through our Service
- Data required for platform features you activate
Team Collaboration:
- With team members you invite to your workspace
- Based on permission levels you configure
- Through sharing features you enable
4.2 Service Providers and Partners
We share data with trusted third parties who perform services on our behalf:
Infrastructure Providers:
- Amazon Web Services (AWS): Cloud hosting and infrastructure
- Data centers: Singapore, US regions
- Services: Compute, storage, database, networking
- Security: Encryption at rest and in transit
AI Service Providers:
- OpenAI: Content generation and natural language processing
- Anthropic: Advanced AI assistance and analysis
- RunwayML: Video generation and editing
- Stability AI: Image generation and manipulation
Platform Integrations:
- TikTok: Content posting, analytics retrieval, user authentication
- Meta: Campaign management, advertising, analytics
- Google: Ads management, analytics, YouTube integration
- Other Platforms: LinkedIn, Twitter/X, Pinterest, etc.
Payment Processors:
- Stripe (or other processors): Payment processing and billing
- Limited data shared: Name, email, amount, payment method
- PCI DSS compliant handling
Analytics and Monitoring:
- Google Analytics: Website usage and performance
- Mixpanel (or similar): Product analytics and user behavior
- Sentry (or similar): Error tracking and debugging
- Data shared: Anonymized usage patterns, technical metrics
Communication Services:
- Email Service Providers: Transactional and marketing emails
- SMS Providers: Two-factor authentication messages
- Customer Support Tools: Help desk and ticketing systems
Data Processing Agreements: All service providers are bound by data processing agreements ensuring data protection and compliance with privacy regulations.
4.3 Legal Requirements and Protection
We may disclose information when required by law or to protect our rights:
Legal Obligations:
- Compliance with court orders, subpoenas, or legal processes
- Response to lawful requests from government authorities
- Compliance with regulatory requirements
Protection of Rights:
- Enforce our Terms of Service and policies
- Protect our intellectual property and legal rights
- Investigate fraud, security incidents, or policy violations
- Defend against legal claims
Safety and Security:
- Protect the safety of users or the public
- Prevent harm or illegal activities
- Emergency situations requiring disclosure
4.4 Business Transfers
Mergers and Acquisitions:
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy:
- Your information may be transferred to the successor entity
- You will be notified via email and/or prominent notice on our Service
- The successor entity will be bound by this Privacy Policy
- You will have the opportunity to delete your account before transfer
4.5 Aggregated and Anonymized Data
Industry Insights:
We may share aggregated, anonymized data that cannot identify you:
- Industry benchmarks and trends
- Platform usage statistics
- Best practices and insights
- Research and analysis
This data is stripped of all personally identifiable information before sharing.
4.6 With Your Account Team
Enterprise and Team Plans:
- Account administrators can view team member activity
- Usage reports may be visible to account owners
- Content created is visible per workspace permissions
- Billing information is visible to account administrators
5. Data Security
We implement comprehensive security measures to protect your information:
5.1 Technical Safeguards
Encryption:
- In Transit: All data transmitted using TLS 1.2+ encryption
- At Rest: Database and file storage encrypted using AES-256
- End-to-End: Sensitive credentials encrypted before storage
Access Controls:
- Role-based access control (RBAC) for internal systems
- Multi-factor authentication (MFA) available for all users
- Principle of least privilege for system access
- Regular access reviews and audits
Infrastructure Security:
- AWS security best practices and compliance
- Firewall and intrusion detection systems
- DDoS protection and mitigation
- Regular security patches and updates
- Isolated development and production environments
Application Security:
- Input validation and sanitization
- SQL injection and XSS prevention
- CSRF token protection
- Rate limiting and abuse prevention
- Secure session management
5.2 Organizational Safeguards
Policies and Procedures:
- Comprehensive information security policies
- Incident response and disaster recovery plans
- Data classification and handling procedures
- Vendor risk management program
Employee Training:
- Security awareness training for all employees
- Privacy and data protection training
- Secure coding practices for developers
- Regular security refresher courses
Access Management:
- Background checks for employees with data access
- Confidentiality agreements for all personnel
- Regular access certification reviews
- Immediate revocation of access upon termination
5.3 Security Monitoring
Continuous Monitoring:
- 24/7 security monitoring and alerting
- Automated threat detection
- Log aggregation and analysis
- Vulnerability scanning and penetration testing
Incident Response:
- Documented incident response procedures
- Security incident investigation and remediation
- Notification protocols for affected users
- Post-incident analysis and improvement
5.4 Compliance and Auditing
Regular Audits:
- Internal security audits and assessments
- Third-party security assessments (annual)
- Compliance audits for GDPR, CCPA, PDPA
- AWS infrastructure security reviews
Certifications:
- ISO 27001 compliance (target certification)
- SOC 2 Type II compliance (in progress)
- GDPR and CCPA compliance
- PCI DSS compliance for payment processing
5.5 User Security
You can enhance your security by:
- Using strong, unique passwords
- Enabling multi-factor authentication (MFA)
- Keeping account credentials confidential
- Regularly reviewing account activity
- Promptly reporting suspicious activities
- Keeping contact information current
- Using secure networks for platform access
5.6 Data Breach Response
In the event of a data breach, we will:
- Investigate and contain the breach immediately
- Notify affected users within 72 hours (as required by law)
- Report to relevant data protection authorities
- Provide details on the breach and steps taken
- Offer identity protection services if warranted
- Implement additional security measures to prevent recurrence
Note: Despite our security measures, no system is 100% secure. You use the Service at your own risk. We cannot guarantee absolute security of data.
6. Data Retention
We retain your information only as long as necessary for legitimate business purposes and legal compliance.
6.1 Active Account Data
While Your Account is Active:
- Account information: Retained for the duration of your account
- User-generated content: Retained per subscription plan storage limits
- Campaign data: Retained while account is active (subject to plan limits)
- Analytics data: Retained for up to 24 months
- Billing records: Retained for up to 7 years (legal requirement)
6.2 Third-Party Platform Data
Platform-Specific Retention:
- TikTok data:
- Profile information: Cached up to 24 hours, deleted upon disconnection
- Video metadata: Retained while connected, deleted within 30 days of disconnection
- Posted content logs: Retained for 12 months (compliance)
- Meta data:
- Campaign data: Retained while connected, deleted within 30 days of disconnection
- Analytics: Aggregated data retained for 12 months
- Google data:
- Ads/Analytics data: Retained per Google's policies, deleted within 30 days of disconnection
- Other platforms: Similar retention periods apply
Platform Token Management:
- Access tokens: Retained only while connection is active
- Refresh tokens: Securely stored, deleted upon disconnection
- Expired tokens: Automatically purged every 30 days
6.3 AI-Generated Content
Generated Content Retention:
- Active content: Stored per subscription plan (typically 30-365 days)
- Draft content: Auto-deleted after 90 days of inactivity
- Archived content: Retained until manually deleted or account closure
- AI training data (if opted-in): Anonymized and retained indefinitely
6.4 Backup Data
Backup Retention:
- System backups: Retained for 30 days for disaster recovery
- Archived backups: Retained for up to 12 months
- Deleted data in backups: Not actively accessible, purged during backup rotation
6.5 Account Deletion
Upon Account Deletion or Termination:
- Immediate: Access revoked, account deactivated
- Within 30 days: User data deleted from active systems
- Within 90 days: Data removed from backups and caches
- Exceptions: Legal holds, compliance requirements, dispute resolution
Retained After Deletion:
- Anonymized analytics data (no personal identifiers)
- Billing records (7 years - tax/legal requirement)
- Legal compliance data (as required by law)
- Security incident logs (for forensic purposes)
6.6 Data Minimization
We actively minimize data retention by:
- Regularly reviewing and purging unnecessary data
- Automatically deleting expired content
- Anonymizing data where possible
- Implementing data lifecycle policies
- Providing user controls for data deletion
7. Your Rights and Choices
You have significant control over your personal information and how we use it.
7.1 Access and Correction Rights
Access Your Data:
- View account information in your profile settings
- Download your data using our data export tool
- Request a copy of all data we hold about you
- Access detailed logs of data processing activities
Correct Your Data:
- Update account information directly in settings
- Correct inaccurate information
- Request corrections we'll make promptly
- Update marketing preferences
How to Exercise: Use in-app settings or email privacy@agencio.cloud
7.2 Data Portability
Export Your Data:
- Download all your content and campaigns
- Export in machine-readable formats (JSON, CSV, ZIP)
- Transfer data to other services
- Includes: Content, campaigns, analytics, settings
Export Process:
1. Go to Account Settings > Data Export
2. Select data categories to export
3. Receive download link within 48 hours
4. Download expires after 7 days
7.3 Deletion Rights
Delete Your Data:
- Delete specific content or campaigns
- Remove connected platform integrations
- Request deletion of specific data categories
- Delete your entire account and all associated data
Account Deletion Process:
1. Go to Account Settings > Delete Account
2. Confirm deletion (irreversible)
3. Data deleted within 30 days
4. Confirmation email sent upon completion
Data Retained After Deletion:
- Legal compliance data (as required)
- Billing records (7 years)
- Anonymized analytics (no personal identifiers)
7.4 Marketing and Communication Preferences
Opt-Out Options:
Marketing Emails:
- Click "unsubscribe" in any marketing email
- Update preferences in Account Settings
- Email: unsubscribe@agencio.cloud
- Opt-out effective within 48 hours
Transactional Emails:
- Cannot opt out of essential service emails (password resets, billing, security alerts)
- Can customize notification preferences in settings
SMS Messages:
- Reply STOP to any SMS message
- Manage preferences in Account Settings
- Required for 2FA (cannot opt out if enabled)
7.5 Third-Party Platform Controls
TikTok Data Controls:
- Disconnect TikTok integration at any time
- Revoke scopes/permissions in TikTok settings or our platform
- Request deletion of TikTok data via privacy@agencio.cloud
- Manage TikTok posting permissions
Meta, Google, and Other Platforms:
- Similar controls for all connected platforms
- Revoke access through platform settings or our platform
- Request deletion of platform-specific data
7.6 AI Training Data Opt-Out
Control AI Training:
- Opt-Out: Settings > Privacy > AI Training (toggle off)
- Effect: Your content won't be used to train AI models
- No Impact: Still have full access to AI features
- Granular Control: Choose which AI providers can use your data
7.7 Cookie and Tracking Controls
Manage Tracking:
- Essential Cookies: Required for service functionality (cannot disable)
- Analytics Cookies: Disable in Settings > Privacy > Analytics
- Marketing Cookies: Disable in Settings > Privacy > Marketing
- Browser Controls: Use browser settings to block third-party cookies
- Do Not Track: We respect DNT signals where technically feasible
7.8 Objection to Processing
Object to Data Processing:
- Object to direct marketing (instant opt-out)
- Object to automated decision-making
- Object to profiling for marketing purposes
- Request human review of automated decisions
How to Object: Email privacy@agencio.cloud with specific objections
7.9 Restriction of Processing
Request Processing Restrictions:
- While disputing accuracy of data
- During investigation of unlawful processing
- When you need data we would otherwise delete
- For legal claims defense
7.10 Complaint Rights
File a Complaint:
With Agencio:
- Email: privacy@agencio.cloud
- Data Protection Officer: dpo@agencio.cloud
- We will investigate and respond within 30 days
With Supervisory Authority:
- Singapore: Personal Data Protection Commission (PDPC)
- EU: Your local Data Protection Authority
- California: California Attorney General's Office
- Other Jurisdictions: Your local privacy regulator
You have the right to file complaints without affecting other rights.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to provide, improve, and protect our Service.
8.1 Types of Cookies We Use
Essential Cookies (Cannot be disabled):
- Session Cookies: Maintain your login state
- Authentication Tokens: Secure access to your account
- CSRF Tokens: Protect against cross-site attacks
- Load Balancing: Distribute traffic for performance
- Purpose: Essential for service operation
- Retention: Session duration or as needed for functionality
Analytics Cookies (Can opt out):
- Google Analytics: Track usage patterns and page views
- Mixpanel: Monitor feature engagement
- Heap Analytics: Understand user behavior
- Purpose: Improve service and user experience
- Retention: Up to 24 months
- Data: Anonymized where possible
Marketing Cookies (Can opt out):
- LinkedIn Insight Tag: Measure ad campaign effectiveness
- Facebook Pixel: Track conversions from ads
- Google Ads: Retargeting and conversion tracking
- Purpose: Optimize marketing and measure ROI
- Retention: Per third-party policies (typically 90 days)
- Data: Pseudonymized identifiers
Preference Cookies:
- UI Settings: Remember your display preferences
- Language: Store language selection
- Theme: Dark/light mode preferences
- Purpose: Personalize your experience
- Retention: Up to 12 months
8.2 Other Tracking Technologies
Local Storage:
- Draft content auto-save
- UI state management
- Offline functionality
- Cleared when you log out or clear browser data
Pixel Tags and Web Beacons:
- Email open tracking (can opt out)
- Content performance measurement
- Used in marketing emails and platform
Device Fingerprinting:
- Fraud detection and prevention
- Security threat identification
- Does not track across websites
8.3 Third-Party Cookies
Third Parties That May Set Cookies:
- TikTok: For TikTok Pixel and content embeds
- Meta: For Facebook/Instagram integrations
- Google: For Google services integrations
- Stripe: For payment processing
- CDN Providers: For content delivery
Note: Third-party cookies are subject to those parties' privacy policies.
8.4 Managing Your Cookie Preferences
In-App Controls:
1. Go to Settings > Privacy > Cookies
2. Toggle categories on/off (except essential)
3. Save preferences
Browser Controls:
- Chrome: Settings > Privacy and Security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy > Cookies
- Edge: Settings > Cookies and site permissions
Browser Extensions:
- Privacy Badger
- uBlock Origin
- Ghostery
- Browser built-in tracking protection
Effect of Disabling Cookies:
- Essential cookies: Service may not function properly
- Analytics cookies: No impact on functionality
- Marketing cookies: No impact on functionality, but less relevant ads
8.5 Do Not Track (DNT)
We respect DNT signals where technically feasible:
- DNT enabled: Marketing and analytics cookies disabled by default
- Must still accept essential cookies for service to function
- Some third-party services may not respect DNT
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own.
9.1 Data Transfer Locations
Primary Data Centers:
- Singapore: Primary data center for APAC users
- United States: AWS data centers (US-East, US-West)
- Europe: AWS data centers (for EU users, when available)
Service Provider Locations:
- OpenAI: United States
- Anthropic: United States
- RunwayML: United States
- Stability AI: United Kingdom
- AWS: Global infrastructure
9.2 Transfer Safeguards
Legal Mechanisms:
For EU/EEA Users:
- Standard Contractual Clauses (SCCs): EU Commission approved clauses
- Adequacy Decisions: Transfers to countries with adequate protection
- Binding Corporate Rules: Internal data transfer governance
For Other Jurisdictions:
- Compliance with local data transfer regulations
- Cross-border data transfer agreements
- Data protection impact assessments (DPIAs)
Technical Safeguards:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES-256)
- Access controls and authentication
- Regular security audits
9.3 Third-Party Transfers
When We Transfer to Third Parties:
- Only to service providers with adequate safeguards
- Bound by data processing agreements
- Subject to security and privacy audits
- Contractually obligated to protect your data
9.4 Your Rights Regarding Transfers
You have the right to:
- Know where your data is processed
- Object to specific data transfers
- Request a copy of transfer safeguards
- File complaints with supervisory authorities
To exercise rights: Email privacy@agencio.cloud
10. Children's Privacy
10.1 Age Restrictions
Our Service is not intended for children:
- Minimum age: 18 years or age of majority in your jurisdiction
- We do not knowingly collect data from children
- We do not target marketing to children
- Use of Service by minors is prohibited
10.2 Parental Notice
If You Believe a Child Has Provided Information:
- Email: privacy@agencio.cloud
- Subject: "Child Privacy Concern"
- We will investigate and delete data if confirmed
- Response within 48 hours
10.3 School/Educational Use
Not Approved for Educational Settings:
- Service is B2B, not designed for K-12 use
- No FERPA or COPPA compliance
- Educational institutions must verify user age
- Student use is prohibited without proper consent and supervision
11. Regional Privacy Rights
Different regions provide specific privacy rights. We comply with all applicable privacy laws.
11.1 European Economic Area (EEA) - GDPR Rights
Legal Basis for Processing:
- Contract: To provide services you've requested
- Legitimate Interest: Service improvement, security, marketing
- Consent: Where explicitly obtained (e.g., marketing)
- Legal Obligation: Compliance with laws
Your GDPR Rights:
1. Right to Access - Request copies of your data
2. Right to Rectification - Correct inaccurate data
3. Right to Erasure ("Right to be Forgotten") - Delete your data
4. Right to Restrict Processing - Limit how we use your data
5. Right to Data Portability - Transfer data to another service
6. Right to Object - Object to processing for direct marketing
7. Right to Withdraw Consent - Withdraw consent at any time
8. Right to Human Review - Challenge automated decisions
9. Right to Lodge Complaint - File complaint with supervisory authority
Data Protection Authority:
- Your local DPA in your EU member state
- List: https://edpb.europa.eu/about-edpb/board/members_en
Data Protection Officer:
- Email: dpo@agencio.cloud
Response Time: Within 30 days of request
11.2 California - CCPA/CPRA Rights
California Residents Have the Right to:
1. Right to Know:
- What personal information we collect
- Sources of personal information
- Purposes for collection and sharing
- Categories of third parties we share with
- Specific pieces of personal information collected
2. Right to Delete:
- Request deletion of personal information
- Exceptions: Legal obligations, fraud prevention, internal use
3. Right to Opt-Out:
- Opt out of sale of personal information (We don't sell)
- Opt out of sharing for cross-context behavioral advertising
- Opt out of automated decision-making
4. Right to Correct:
- Correct inaccurate personal information
5. Right to Limit:
- Limit use of sensitive personal information
6. Right to Non-Discrimination:
- Not be discriminated against for exercising CCPA rights
- No denial of service, different pricing, or quality
Verification Process:
- We verify your identity before responding to requests
- May require email confirmation or account login
- Additional verification for sensitive requests
Authorized Agent:
- May designate authorized agent to make requests
- Must provide written authorization
- We may require verification of authorization
Response Time: Within 45 days (may extend 45 days with notice)
Contact for CCPA Requests:
- Email: privacy@agencio.cloud
- Subject: "California Privacy Rights Request"
11.3 Singapore - PDPA Rights
Singapore Personal Data Protection Act Compliance:
Your Rights Under PDPA:
1. Request access to personal data
2. Correct inaccurate or incomplete data
3. Withdraw consent for collection, use, or disclosure
4. Request information on use and disclosure
Consent:
- Express consent obtained for data collection
- Purposes clearly stated
- Consent may be withdrawn (subject to legal/contractual restrictions)
Data Protection Officer:
- Email: dpo@agencio.cloud
- Oversees PDPA compliance
Response Time: Within 30 days
PDPC Contact:
- Personal Data Protection Commission
11.4 Other Jurisdictions
Australia (Privacy Act):
- Access and correction rights
- Complaint rights to OAIC (Office of the Australian Information Commissioner)
Canada (PIPEDA):
- Access to personal information
- Challenge compliance
- Privacy Commissioner of Canada complaints
Brazil (LGPD):
- Similar rights to GDPR
- ANPD (National Data Protection Authority) oversight
Other Regions:
- We comply with applicable local privacy laws
- Contact privacy@agencio.cloud for region-specific inquiries
12. Updates to This Privacy Policy
12.1 Changes to Policy
We may update this Privacy Policy to reflect:
- Changes in legal or regulatory requirements
- Changes to our data practices or technologies
- New features or services
- Feedback and best practices
- Third-party platform requirement changes
12.2 Notice of Material Changes
For Material Changes:
- Email notification to your registered email address
- Prominent notice on our website and platform
- In-app notification upon next login
- At least 30 days' notice before changes take effect
Material changes include:
- New data collection practices
- Significant changes to data sharing
- Reduction of user rights
- Changes to retention periods
- New processing purposes
12.3 Notice of Non-Material Changes
For Non-Material Changes:
- Updated "Last Updated" date at top of policy
- No direct notification required
- Changes effective immediately upon posting
Non-material changes include:
- Clarifications of existing practices
- Updated contact information
- Minor formatting or readability improvements
- Correction of typos or errors
12.4 Review and Acceptance
Your Continued Use After Changes:
- Review the Privacy Policy periodically
- Continued use after changes constitutes acceptance
- If you disagree, you must stop using the Service
- May delete your account before changes take effect
Historical Versions:
- Previous versions available upon request
- Email: privacy@agencio.cloud
13. Contact Us
We are committed to addressing your privacy questions and concerns.
13.1 General Privacy Inquiries
Email: privacy@agencio.cloud
Response Time: Within 48-72 hours for general inquiries
For:
- Privacy questions
- Data access requests
- Correction requests
- General concerns
13.2 Data Protection Officer
Email: dpo@agencio.cloud
For:
- GDPR-related inquiries
- PDPA compliance questions
- Data processing concerns
- Supervisory authority liaison
13.3 Privacy Rights Requests
Email: privacy@agencio.cloud
Subject Line: Include "Privacy Rights Request - [Type]"
Types:
- Data Access Request
- Data Deletion Request
- Data Portability Request
- Objection to Processing
- Consent Withdrawal
Required Information:
- Your full name
- Account email address
- Specific request details
- Verification information (will be requested)
Response Time:
- Initial response within 48 hours
- Complete response within 30 days (may extend to 45 days for complex requests)
13.4 Security Incidents
Security Concerns: security@agencio.cloud
For:
- Suspected data breach
- Security vulnerabilities
- Unauthorized access
- Suspicious activities
Response: Immediate investigation and response
13.5 TikTok-Specific Privacy Inquiries
Email: privacy@agencio.cloud
Subject: "TikTok Privacy Inquiry"
For:
- TikTok data usage questions
- TikTok scope and permission questions
- TikTok data deletion requests
- TikTok integration concerns
13.6 Legal and Compliance
Email: legal@agencio.cloud
For:
- Legal inquiries
- Subpoenas and legal requests
- Compliance documentation requests
- Terms of Service questions
13.7 Mailing Address
Agencio APAC Pte Ltd
Sunrise Gardens
Singapore
For:
- Written correspondence
- Legal documents
- Formal notices
13.8 Customer Support
Support Portal: Available in your account dashboard
Email: info@agencio.sg
For:
- Technical support
- Account issues
- Billing questions
- Feature requests
14. Third-Party Links and Services
14.1 External Links
Our Service may contain links to third-party websites, applications, or services not operated by us.
We Are Not Responsible For:
- Third-party privacy practices
- Content on external sites
- Data collection by linked services
- Security of third-party platforms
Your Responsibility:
- Review privacy policies of external sites before providing data
- Understand risks of using third-party services
- Be cautious with personal information on external platforms
14.2 Connected Platforms
TikTok, Meta, Google, etc.:
- Your use of connected platforms is subject to their privacy policies
- We access only authorized data per granted scopes
- Platforms may collect data independently of our Service
- Review each platform's privacy policy
Platform Privacy Policies:
- TikTok: https://www.tiktok.com/legal/page/global/privacy-policy/en
- Meta: https://www.facebook.com/privacy/policy
- Google: https://policies.google.com/privacy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Twitter/X: https://twitter.com/en/privacy
14.3 AI Service Providers
OpenAI, Anthropic, RunwayML, Stability AI:
- Subject to their own privacy policies
- We send only necessary content for processing
- Review AI provider privacy policies for their practices
15. Data Subject Requests Process
15.1 Request Submission
How to Submit Requests:
1. Email privacy@agencio.cloud with subject "Data Subject Request"
2. Provide: Name, email, account details, specific request
3. We will verify your identity
4. We will process your request
Verification:
- Email confirmation to registered email
- May require additional information for security
- Verification within 48 hours
15.2 Request Processing
Timeline:
- Acknowledgment: Within 48 hours
- Completion: Within 30 days (may extend to 45 days for complex requests)
- Extension Notice: If extension needed, we'll notify you with reason
What We Provide:
- Confirmation of action taken
- Explanation if request denied (with appeal process)
- Information in accessible format (PDF, JSON, CSV)
15.3 Request Types and Handling
Access Request:
- Comprehensive report of all data we hold
- Format: Downloadable ZIP file with JSON/CSV data
- Includes: Account data, content, activity logs, integrations
Deletion Request:
- Confirmation of deletion scope
- Timeline for complete deletion (up to 90 days)
- Exceptions: Legal holds, compliance requirements
- Confirmation email upon completion
Correction Request:
- Verification of corrections
- Update confirmation
- May require supporting documentation
Portability Request:
- Machine-readable format (JSON, CSV)
- Download link valid for 7 days
- Includes all portable data
Objection Request:
- Review of objection basis
- Action taken or explanation if denied
- Alternative options if applicable
16. Glossary of Terms
Personal Information: Information that identifies, relates to, or could reasonably be linked to you.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Data Controller: Entity that determines purposes and means of processing personal data (Agencio APAC Pte Ltd).
Data Processor: Entity that processes personal data on behalf of the controller (e.g., AWS, AI providers).
Consent: Freely given, specific, informed indication of your wishes regarding data processing.
Pseudonymization: Processing that makes personal data unable to be attributed to you without additional information.
Anonymization: Irreversible processing that makes re-identification impossible.
Data Subject: Individual to whom personal data relates (you).
Supervisory Authority: Independent public authority regulating data protection (e.g., EU DPA, Singapore PDPC).
OAuth: Industry-standard authorization protocol for secure API access.
API Scopes: Permissions defining what data third-party apps can access.
Encryption: Process of encoding data to prevent unauthorized access.
By using Agencio Cloud, you acknowledge that you have read, understood, and agree to this Privacy Policy.
For questions or concerns about this Privacy Policy, please contact us at privacy@agencio.cloud
Last Updated: January 15, 2025
Effective Date: January 15, 2025
Version: 2.0