Privacy Policy - AgentYard

We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your data.

1. Data Controller

Responsible for data processing on this website:
Steve Aust
Lausener Bogen 26
04207 Leipzig

Germany
Email: hello@agentyard.eu

1a. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Performance of contract (Art. 6(1)(b) GDPR) – registration, wallet creation, credit purchase, agent usage
Consent (Art. 6(1)(a) GDPR) – social login (Google, Apple, Facebook)
Legitimate interests (Art. 6(1)(f) GDPR) – server logs, fraud prevention, platform security
Legal obligation (Art. 6(1)(c) GDPR) – tax-related retention of invoice data

If you have given consent, you can withdraw it at any time with effect for the future.Contact us at hello@agentyard.eu. The lawfulness of the processing carried out before the withdrawal remains unaffected.

2. Authentication (Supabase Auth)

For authentication we use Supabase Auth (Supabase Inc., USA (database servers in Frankfurt, EU)). Supabase Auth enables authentication via:

Social Login (Google, Apple) – name, email and profile picture are transmitted from the respective provider
Email/Password – classic login with email address
Magic Link – passwordless login via email link
Passkey – biometric authentication (WebAuthn)

Supabase Auth stores a unique user ID (UUID) and optional profile information (email, name, avatar). For users from the legacy wallet-based login, a blockchain address may additionally be stored as a legacy identifier.

Supabase Privacy: supabase.com/privacy Transfers to third countries (USA) are based on Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

3. Database (Supabase)

We store user data in a database at Supabase Inc. (USA (database servers in Frankfurt, EU)). The following data is stored:

User ID (UUID) and email address
Name and profile picture (if provided via social login)
Profile picture URL
Credit balance
Usage history (agent calls, timestamps)
Created agents (for creators)

Supabase Privacy: supabase.com/privacy Transfers to third countries (USA) are based on Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

4. Payment Processing (Stripe)

Payments are processed through Stripe Inc. (USA). When making a purchase, the following data is transmitted to Stripe:

Payment information (credit card, SEPA, etc.)
Email address
Billing address (if required)
Purchase amount and product

We do not store credit card data. Stripe is PCI-DSS certified. Stripe Privacy: stripe.com/privacy Transfers to third countries (USA) are based on Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

5. AI Services (Requesty)

For executing AI Agents we use Requesty as an API gateway (EU Frankfurt, GDPR-compliant). Requesty routes requests to various AI providers:

OpenAI (GPT-4, GPT-4o)
Anthropic (Claude)
Google (Gemini)
Other providers

Important: The contents of your conversations with AI Agents are transmitted to these third-party providers. They may process the data according to their own privacy policies. We recommend not sharing sensitive personal data in agent conversations.

Requesty Privacy: requesty.ai/privacy

6. Hosting (Vercel)

This website is hosted by Vercel Inc. (USA). Vercel collects technical information such as IP address, browser type, and access time in server logs when you visit the website.

Vercel Privacy: vercel.com/legal/privacy-policy Transfers to third countries (USA) are based on Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

6a. Agent Instance Hosting (Fly.io)

Managed Agent Instances (MAI) are operated on servers by Fly.io Inc. (Chicago, USA) in the Frankfurt (EU) region. The following data is processed on Fly.io servers:

Configuration data of your agent instance
Conversation data and agent memory
Technical logs (IP address, timestamps, access data)

Processing is based on Art. 6(1)(b) GDPR (performance of a contract). Fly.io servers in Frankfurt are subject to EU data protection standards.

Fly.io Privacy: fly.io/legal/privacy-policy

7. Cookies & Local Storage

We use:

Technically necessary cookies – for website functionality
LocalStorage – to store session data

We do not use tracking or advertising cookies.

7a. Web Analytics (Vercel Analytics)

We use Vercel Analytics to analyze website usage. Vercel Analytics is cookieless — no cookies are set and no individual user profiles are created. Only aggregated, anonymized data is collected (page views, referrers, device types). Processing is based on Art. 6(1)(f) GDPR (legitimate interest in improving our service).

Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. vercel.com/legal/privacy-policy

7b. Error Monitoring (Sentry)

We use Sentry for error detection and resolution. In case of errors, technical information is transmitted: IP address (anonymized), browser type, operating system, error message and stack trace.No personal user data or chat content is transmitted. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in platform stability and security).

Provider: Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. sentry.io/privacy

7c. AI Services (LLM Providers)

When you use an agent, your input is forwarded to an AI provider (e.g. OpenAI, Anthropic, Google) to generate a response. Forwarding is done via Requesty.ai as router. Your inputs are not used for training AI models. Processing is based on Art. 6(1)(b) GDPR (contract performance).

8. Data Transfer to Third Countries

The above-mentioned services (Supabase, Stripe, Requesty, Vercel) are based in the USA or EU. Data transfer is based on:

EU-US Data Privacy Framework (for certified companies)
Standard Contractual Clauses (SCCs)

9. File Uploads

When you upload files (PDF, images, CSV, text files) for use with Agents, they are stored in protected storage (Supabase Storage) and automatically deleted after 24 hours. Files are used solely for processing by the selected Agent and are not shared with third parties. Processing is based on Art. 6(1)(b) GDPR (performance of a contract). Processing results (text output) are stored as part of usage history; original files are not retained.

10. Data Retention

We store your data as long as your account is active. After account deletion, personal data will be deleted within 30 days, unless legal retention requirements apply (e.g., for invoices: 10 years). Uploaded files are automatically deleted after 24 hours regardless of account status.

11. Your Rights

You have the right to:

Access – what data we store about you
Rectification – correction of inaccurate data
Erasure– deletion of your data ("right to be forgotten")
Restriction – restriction of processing
Data Portability – export of your data
Object – to certain processing
Complaint – to a supervisory authority, in particular the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate (www.datenschutz.rlp.de)

To exercise your rights, contact us at: hello@agentyard.eu

12. Changes

We reserve the right to update this privacy policy. Significant changes will be communicated to you via email, if we have your email address.

Last updated: February 2026

We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your data.

1. Data Controller

Responsible for data processing on this website:
Steve Aust
Lausener Bogen 26
04207 Leipzig

Germany
Email: hello@agentyard.eu

1a. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Performance of contract (Art. 6(1)(b) GDPR) – registration, wallet creation, credit purchase, agent usage
Consent (Art. 6(1)(a) GDPR) – social login (Google, Apple, Facebook)
Legitimate interests (Art. 6(1)(f) GDPR) – server logs, fraud prevention, platform security
Legal obligation (Art. 6(1)(c) GDPR) – tax-related retention of invoice data

2. Authentication (Supabase Auth)

For authentication we use Supabase Auth (Supabase Inc., USA (database servers in Frankfurt, EU)). Supabase Auth enables authentication via:

Social Login (Google, Apple) – name, email and profile picture are transmitted from the respective provider
Email/Password – classic login with email address
Magic Link – passwordless login via email link
Passkey – biometric authentication (WebAuthn)

Supabase Privacy: supabase.com/privacy Transfers to third countries (USA) are based on Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

3. Database (Supabase)

We store user data in a database at Supabase Inc. (USA (database servers in Frankfurt, EU)). The following data is stored:

User ID (UUID) and email address
Name and profile picture (if provided via social login)
Profile picture URL
Credit balance
Usage history (agent calls, timestamps)
Created agents (for creators)

Supabase Privacy: supabase.com/privacy Transfers to third countries (USA) are based on Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

4. Payment Processing (Stripe)

Payments are processed through Stripe Inc. (USA). When making a purchase, the following data is transmitted to Stripe:

Payment information (credit card, SEPA, etc.)
Email address
Billing address (if required)
Purchase amount and product

5. AI Services (Requesty)

For executing AI Agents we use Requesty as an API gateway (EU Frankfurt, GDPR-compliant). Requesty routes requests to various AI providers:

OpenAI (GPT-4, GPT-4o)
Anthropic (Claude)
Google (Gemini)
Other providers

Requesty Privacy: requesty.ai/privacy

6. Hosting (Vercel)

This website is hosted by Vercel Inc. (USA). Vercel collects technical information such as IP address, browser type, and access time in server logs when you visit the website.

Vercel Privacy: vercel.com/legal/privacy-policy Transfers to third countries (USA) are based on Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

6a. Agent Instance Hosting (Fly.io)

Managed Agent Instances (MAI) are operated on servers by Fly.io Inc. (Chicago, USA) in the Frankfurt (EU) region. The following data is processed on Fly.io servers:

Configuration data of your agent instance
Conversation data and agent memory
Technical logs (IP address, timestamps, access data)

Processing is based on Art. 6(1)(b) GDPR (performance of a contract). Fly.io servers in Frankfurt are subject to EU data protection standards.

Fly.io Privacy: fly.io/legal/privacy-policy

7. Cookies & Local Storage

We use:

Technically necessary cookies – for website functionality
LocalStorage – to store session data

We do not use tracking or advertising cookies.

7a. Web Analytics (Vercel Analytics)

Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. vercel.com/legal/privacy-policy

7b. Error Monitoring (Sentry)

Provider: Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. sentry.io/privacy

7c. AI Services (LLM Providers)

8. Data Transfer to Third Countries

The above-mentioned services (Supabase, Stripe, Requesty, Vercel) are based in the USA or EU. Data transfer is based on:

EU-US Data Privacy Framework (for certified companies)
Standard Contractual Clauses (SCCs)

9. File Uploads

10. Data Retention

11. Your Rights

You have the right to:

Access – what data we store about you
Rectification – correction of inaccurate data
Erasure– deletion of your data ("right to be forgotten")
Restriction – restriction of processing
Data Portability – export of your data
Object – to certain processing
Complaint – to a supervisory authority, in particular the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate (www.datenschutz.rlp.de)

To exercise your rights, contact us at: hello@agentyard.eu

12. Changes

We reserve the right to update this privacy policy. Significant changes will be communicated to you via email, if we have your email address.

Last updated: February 2026