AgentExe AI Solutions Limited
Effective Date: 23 March 2026
AgentExe AI Solutions Limited (“AgentExe”, “we”, “us”, “our”), a company incorporated in Hong Kong, respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store, and safeguard information when you interact with our AI assistant services via WhatsApp, other messaging platforms, and connected third-party services including Google Workspace.
This policy is designed to comply with:
AgentExe AI Solutions Limited is the data controller responsible for your personal data.
We may collect and process the following categories of personal data:
Your phone number and display name as provided by the messaging platform.
Message content you send to our AI assistants, including text, images, audio, and documents.
Timestamps, message counts, feature usage patterns, and session information.
Subscription and billing information processed by our third-party payment processor (e.g., Stripe). We do not store your full payment card details on our servers.
If you connect third-party social media management tools (e.g., Buffer) via OAuth, we may access your social media account metadata, posting schedules, and analytics data as necessary to provide our social media management features. We do not store your social media account passwords.
Any feedback, suggestions, or service requests you voluntarily submit to us.
We use your information to provide the core functionality of our AI assistant services: responding to your messages and instructions, managing your calendar events, accessing or creating files in your Google Drive, scheduling social media posts via connected management tools, and fulfilling other requests you make. The lawful basis for this processing is the performance of our contract with you (UK GDPR Art. 6(1)(b)) and, under the PDPO, collection directly related to and necessary for our service provision (DPP1).
To generate responses and perform tasks on your behalf, your message content and, where necessary, minimum relevant data from connected services (such as calendar event details or file names) may be included in prompts sent to third-party AI language model providers for processing. This data is used solely to generate a response to your specific request and is not used by the AI provider for model training, development, or improvement. The lawful basis for this processing is the performance of our contract with you and your explicit consent when connecting third-party services via OAuth.
We use information to maintain service reliability, detect and prevent misuse, and ensure the security of our systems. The lawful basis is our legitimate interest in operating a safe and reliable service (UK GDPR Art. 6(1)(f)).
We may collect and use anonymised, aggregated usage data, user feedback, and service requests to improve our AI assistant services and for academic research purposes. Such data is stripped of all personally identifiable information and cannot be linked back to any individual user. This does not include any identifiable Google user data (see Section 5 for specific Google data restrictions). The lawful basis is our legitimate interest in service improvement (UK GDPR Art. 6(1)(f)) and, under the PDPO, the use of non-identifiable data (DPP3).
We may process your data where required to comply with applicable legal obligations.
We do not use your information, including any Google user data, for advertising, marketing to third parties, market research unrelated to our service, or any purpose unrelated to providing the application’s core functionality. We do not sell or rent your personal information to any third party.
AgentExe’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
AgentExe does not use Google Workspace data to develop, improve, or train generalised or non-personalised AI or machine learning models.
We do not sell or rent your personal information to third parties for monetary or other valuable consideration.
We may share data with the following categories of recipients, solely to provide or support our service:
Your data may be transferred to and processed in jurisdictions outside Hong Kong, including countries where our AI language model providers and cloud infrastructure providers operate.
We retain your data as follows:
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised.
We implement appropriate technical and organisational measures to protect your data, including:
In the event of a suspected security incident, we may review relevant customer data, including conversation logs, to investigate and resolve the issue. Such access is restricted to authorised personnel, logged with a documented reason, time-limited, and subject to review. We will notify affected customers where required by applicable law.
While we take all reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents in accordance with applicable law.
Regardless of your location, you have the right to:
Under the Personal Data (Privacy) Ordinance (Cap. 486), you have the right to request access to and correction of your personal data (Data Protection Principle 6). We will respond to access and correction requests within 40 days of receipt.
If you are located in the UK, you additionally have the right to:
We will respond to requests within 30 days.
If you are located in Canada, you have the right to access your personal data, challenge its accuracy, and withdraw consent (subject to legal or contractual restrictions). We collect personal data only for purposes that a reasonable person would consider appropriate in the circumstances. We will respond to access requests within 30 days.
If you are located in Singapore, you have the right to request access to and correction of your personal data. You may withdraw consent for the collection, use, or disclosure of your personal data, subject to legal or contractual restrictions. We will respond to access requests within 30 days.
To exercise any of your rights, please contact us at privacy@agentexe.ai.
Our services are intended for users aged 18 and above. We require a valid payment method (credit or debit card) to activate a subscription, which serves as a practical safeguard against use by minors. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has provided us with personal data, we will take steps to delete such data promptly and terminate the associated account. If you believe a minor has gained access to our service, please contact us at privacy@agentexe.ai.
Our website (agentexe.ai) may use essential cookies for site functionality. We do not use tracking cookies, advertising cookies, or analytics cookies that collect personal data. Our core service operates via messaging platforms and does not rely on web browser cookies.
Our service uses artificial intelligence to process your requests and generate responses. The AI assistant does not make decisions that produce legal effects or similarly significant effects on you. All AI-generated outputs are informational and advisory in nature. You retain full control over whether to act on any recommendation or output provided by the service.
We do not use automated profiling to make decisions about your access to the service, pricing, or service levels.
We may update this policy from time to time. Material changes will be posted on this page with an updated effective date. Where required by law or where changes materially affect your rights, we will notify you via the service or by email before the changes take effect.
For privacy-related enquiries, data access requests, or complaints:
If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority in your jurisdiction: