Privacy Policy

Overview

This Privacy Policy explains how MAD Software Development Services ("we", "us", or "our") collects, uses, discloses, and protects personal data when you use the Agero website, applications, APIs, widgets, and related services. Agero is a product of MAD Software Development Services, a DTI-registered business operating in Pasig City, Philippines.

Last updated: March 12, 2026

Privacy commitments

We want the default position to be clear:

• We do not sell personal data.
• We do not use Customer Content to train our own general-purpose AI models.
• We do not permit third-party model providers to use Customer Content for training where we can contract for API or business processing terms that prohibit that use.
• We limit internal access to Customer Content to what is reasonably necessary for support, security, abuse prevention, and legal compliance.

Who this policy covers and data roles

This Policy applies to website visitors, account owners, administrators, team members, billing contacts, end users whose data is processed through customer use of the Service, and people who contact us for support or sales.

For account, website, billing, and business relationship data, Agero is typically the controller. For end-user conversation data, uploaded knowledge sources, and other Customer Content submitted by a business customer, Agero generally acts as a processor or service provider on that customer’s instructions.

If you are an end user interacting with an AI assistant deployed by one of our customers, that customer is usually the primary controller of your conversation data.

Data we collect

Depending on how the Service is used, we may collect and process the following categories of personal data:

• Account and business data such as name, company name, email address, password hash, role, workspace membership, billing metadata, and support history.
• Service usage data such as login timestamps, API usage, rate-limit events, feature configuration metadata, device type, browser, IP address, request metadata, and error or audit information.
• Customer Content such as conversation transcripts, uploaded files and media, URLs, sitemap imports, crawled content, extracted knowledge base data, end-user identifiers, and optional metadata.
• Cookies and similar technologies for essential site functions such as authentication, security, session handling, and preference storage.

How we use data

We use personal data only for the purposes described below, consistent with the legal bases set out in the next section:

• Provide, secure, operate, and improve the Service.
• Authenticate users and manage workspaces, tenants, agents, and permissions.
• Process AI conversations, retrieval, voice, and integrations requested by customers.
• Store and serve uploaded content and conversation history.
• Provide customer support and respond to inquiries.
• Prevent fraud, abuse, security incidents, and misuse.
• Monitor performance, debug issues, and maintain reliability.
• Comply with law, enforce our agreements, and protect rights and safety.
• Invoice, collect payment, and manage subscriptions.

Legal bases for processing

We are subject to the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines and comply with its requirements as a personal information controller and/or processor.

Where other applicable laws apply (such as the GDPR for users in the European Economic Area), we rely on one or more of the following legal bases: performance of a contract, legitimate interests, compliance with legal obligations, and consent where required.

How we share data

We may share personal data with the following categories of recipients only to the extent necessary to provide the Service:

• Infrastructure and cloud hosting providers.
• Language model, voice, and AI processing providers.
• Storage, database, and queue providers.
• Customer communication channel providers such as Meta platforms.
• Payment providers or merchant-of-record providers such as Paddle.
• Analytics, logging, error monitoring, and support vendors.
• Professional advisers, auditors, insurers, or law enforcement where required by law.

Subprocessors and international transfers

Current subprocessor examples may include OpenAI, ElevenLabs, Unstructured, Meta, S3-compatible storage providers, database and Redis infrastructure, and Paddle. Providers may change over time.

Your data may be transferred to and processed in countries other than the one where it was collected, including countries that may not provide the same level of data protection as your home jurisdiction. Where required, we use appropriate safeguards such as contractual protections for cross-border transfers.

Retention, deletion, and security

We keep data only as long as reasonably necessary for the purposes described in this Policy. Our standard retention periods are:

• Account and subscription records: for the life of the account and thereafter as needed for tax, accounting, contractual, and legal compliance.
• Security and audit logs: typically up to 180 days unless longer retention is required for investigation or compliance.
• Customer Content: until deleted by the customer, removed under customer instructions, or removed through account closure and offboarding.
• Backups: retained on a limited rolling basis, typically up to 90 days.
• Support records: typically up to 24 months after the last support interaction unless a longer period is required for a dispute or legal obligation.
• When an account is closed, we aim to remove Customer Content from active systems within 30 days, subject to backup cycles, fraud prevention, unresolved billing issues, and legal obligations.
• We use reasonable technical and organisational safeguards including password hashing, role-based access controls, encrypted transport where supported, provider-based infrastructure security controls, and logging and monitoring for abuse and operational issues.

Your privacy rights

Depending on your location and applicable law, you may have rights to access, correct, delete, object to or restrict certain processing, receive a portable copy of your data, withdraw consent where processing is based on consent, and lodge a complaint with a supervisory authority.

If we process data on behalf of one of our business customers, we may direct your request to that customer because they are the primary controller of that data.

To exercise any of these rights, contact us at support@agero.tech.

Supervisory authorities and complaints

If you are located in the Philippines and believe your data privacy rights have been violated, you may lodge a complaint with the National Privacy Commission (NPC) at www.privacy.gov.ph.

If you are located in the European Economic Area, you may lodge a complaint with the supervisory authority in your country of residence.

We encourage you to contact us first at support@agero.tech so we can attempt to resolve your concern directly before escalating to a supervisory authority.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data without appropriate consent, contact us and we will investigate and take appropriate action.

Automated decision-making

The Service may generate AI outputs, summaries, classifications, recommendations, and routing decisions. These outputs are probabilistic and may not always be accurate. We do not use automated processing to make decisions that produce significant legal or similarly serious effects on individuals without human involvement, and we recommend human review wherever the outcome matters.

Updates to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the Last updated date at the top of this page and provide additional notice where required by applicable law, such as by email or in-product notification.

Privacy contact

MAD Software Development Services

Unit 2404 Discovery Suites, ADB Ave., Ortigas Center, San Antonio, Pasig City, Philippines

support@agero.tech