_

Privacy Policy

Last Updated: 22 May 2026

1Introduction

Welcome to thisisagency.ai ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This privacy policy explains how we collect, use, and protect your personal data when you visit our website or use our services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our agency is based in Scotland, and we operate under Scottish law.

⚠️ Beta Status: thisisagency.ai is currently in Beta. During this period, the platform is under active development and features may change. Data handling practices described in this policy apply equally during Beta, but please note that Beta software carries an inherent risk of service interruption or data loss. Please refer to our Terms of Service for full Beta terms.

2Controller Details

For the purposes of the UK GDPR, we are the data controller.

  • Entity Name:thisisagency.ai
  • Location:Scotland, United Kingdom
  • Contact Email:privacy@thisisagency.ai

3The Data We Collect

We collect, use, store, and transfer different kinds of personal data about you to provide our AI orchestration services:

Identity & ContactFirst name, last name, username, email address.
AI Interaction DataChat messages, case notes, voice queries, and uploaded documents ("Briefcase").
Email & Triage DataIf you connect Gmail or utilize our live AI Receptionist, our agents sync, store, and triage your emails. Thread metadata, sender/receiver details, categorization tags, and message histories are recorded.
AWS SES Dispatch LogsWe log details of outbound transactional and automation emails (status, dispatch timestamps, and system rate limits) to guarantee compliance and security.
Affiliate & Referral DataWe track referral associations, click counts, referee registration events, and signup/verification status to calculate credits.
Financial DataBank statements, expense records, debts, and invoices you upload to our Accountant agent (Stephen).
Domain & Analytics DataContent scraped from URLs you scan, plus Google Search Console and Google Analytics 4 data if connected.
Technical DataIP address, browser type, OS, and session information.

4How We Use Your Data & AI Memory

Beyond standard business operations, we use your data to power our autonomous agent systems. The lawful basis for each processing activity is noted below:

  • Topical Experience (AI Memory): Our agents are designed to "learn" from you. Chat interactions and completed tasks are processed, compressed into long-term memory "Superchunks," and persistently stored to personalize future interactions. (Lawful Basis: Legitimate Interests — service personalization.)
  • Automated Profiling: Our agent Elsa may automatically infer personal facts about you — such as your location, family members, interests, or current challenges — from your conversations. These inferred facts are stored in your Personal Entity Profile and used to personalize your experience. You can view, edit, and delete all inferred facts at any time via Settings → Personal Profile. No fully automated decisions with legal or similarly significant effects are made based on this profiling without human oversight. (Lawful Basis: Consent — you may withdraw at any time by deleting your profile facts.)
  • Email Triage & AI Receptionist: If you connect Gmail or utilize our live AI Receptionist, our agents (including Margaret) will read, summarise, categorise, triage, and optionally draft or send replies. Email content and logs are processed by our secure backend and third-party AI providers. (Lawful Basis: Consent — you actively connect your email or initialize receiving mailboxes.)
  • AWS SES Auditing & Compliance: Outbound transactional emails are logged to ensure system security, monitor email rate-limiting caps, and audit dispatch failures. (Lawful Basis: Legitimate Interests — platform security and abuse prevention.)
  • Affiliate Credit Calculations: Referral relationship data and verified signup statuses are processed to display analytics and credit balances in the Affiliate dashboard. (Lawful Basis: Performance of Contract.)
  • Financial Processing: If you use our Accountant agent (Stephen), your uploaded bank statements, expenses, debts, and invoices are analysed to provide budgeting, VAT calculations, and debt management insights. (Lawful Basis: Consent — you actively upload financial records.)
  • Autonomous Operations: The system acts on your behalf, scraping requested domains and processing that data for SEO and content insights. You must not direct the scraper to harvest third-party Personal Identifiable Information (PII) without authorization. (Lawful Basis: Performance of Contract.)
  • Account & Project Management: To maintain your project files and domain score history securely linked to your account. (Lawful Basis: Performance of Contract.)

5Data Sharing, Security & Isolation

Third-Party AI & LLM Providers

To provide our service, your prompts, chat messages, voice queries, emails, financial records, and uploaded documents are shared with external AI providers for processing. This includes Google (Gemini APIs), Anthropic (Claude), OpenAI (GPT-4o), and Twilio for real-time telephony. We route voice data through a secure backend proxy, but your inputs are processed by these third-party systems.

Payment & Integration Partners

Payment processing is handled by Stripe, Inc. We store your Stripe customer ID but never your raw payment card details; Stripe's own privacy policy applies to all payment transactions. If you connect Google services, we access Google Search Console and Google Analytics 4 data to power our SEO analysis agents. Our Accountant agent queries the UK Companies House API for public business lookup services.

Infrastructure & International Transfers

Our platform is hosted by Vercel, Inc. (USA), with database services provided by Neon, Inc. (USA), background processing on Railway (USA), and caching via Upstash (USA). All international data transfers are protected by Standard Contractual Clauses approved by the UK Government.

Multi-Tenancy Data Isolation

While you share the platform's infrastructure with other users, your data is strictly siloed. Every chat message, scanned domain, and piece of AI memory is logically tagged to your account, ensuring no other user can access your information.

Security & Data Retention

We employ strict security measures, including HMAC-SHA256 signed sessions with a 7-day expiry and automated prompt injection scanning. In the event of a security risk, administrators can instantly revoke all active sessions platform-wide.

Retention Periods: Chat logs, project files, email copies, financial records, and AI memory "Superchunks" are retained for the duration of your active account to maintain AI personalization. Upon account termination or a verified deletion request, all personal data and associated AI memory are permanently deleted within 30 days.

6Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

Request accessRequest correctionRequest erasureObject to processingRequest restrictionRequest transferWithdraw consentObject to profiling

If you wish to exercise any of the rights set out above, please contact us at privacy@thisisagency.ai. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

7Children's Privacy

Our platform and AI services are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take immediate steps to delete that information.

Cookies & Contact

We use the following cookies to operate the platform:

Session CookieHMAC-SHA256 signed authentication token (7-day expiry). Strictly necessary.
PreferencesStores your UI preferences such as dark mode and sidebar state. Functional.

You can set your browser to refuse all or some browser cookies. Disabling cookies may cause some parts of this website to become inaccessible or malfunction.

Contact Us: If you have any questions about this privacy policy, please contact us at privacy@thisisagency.ai.

PrivacyTerms
Agency (Thisisagency.ai) is in public beta. Agency is a simulation. Agency was conceived, bootstrapped, built and launched solo by Shaun Anderson AKA Hobo (@hobo_web). Agency is based in Scotland, UK. Full details TBA.
All team members are AI entities powered by Google Gemini technology (by default). When API are available, Agency is a multi-provider, multi-model, multi-modal, multi agent system.