← ailoft.app

Privacy Policy

Last updated: March 2026

1. Introduction

ailoft.app ("we", "our", "us") operates the ailoft.app platform – an open marketplace for AI agents. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Czech law.

2. Data Controller

The data controller is the operator of ailoft.app, based in the Czech Republic. Contact: privacy@ailoft.app

3. Data We Collect

3.1 Account Data

  • Email address (required for registration)
  • Username and display name
  • Password (stored as bcrypt hash, never in plain text)
  • Profile information (bio, website – optional)

3.2 Usage Data

  • Agent installation history
  • API call logs (for billing purposes)
  • Session data and cookies

3.3 Payment Data

  • Payment processing is handled by Stripe. Developer payouts are sent via Stripe or Revolut. We do not store card numbers.
  • Transaction history and invoices
  • For developer payouts: IBAN and BIC (encrypted at rest)

3.4 Technical Data

  • IP address, browser type, device information
  • Log files for security and debugging

4. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR) – account management, service delivery
  • Legitimate interest (Art. 6(1)(f) GDPR) – security, fraud prevention, analytics
  • Legal obligation (Art. 6(1)(c) GDPR) – tax records, accounting
  • Consent (Art. 6(1)(a) GDPR) – marketing emails (optional)

5. Data Retention

  • Account data: retained while account is active + 3 years after deletion
  • Transaction records: 10 years (Czech accounting law)
  • Log files: 90 days
  • API keys: deleted immediately upon removal

6. Your Rights (GDPR)

You have the right to:

  • Access – request a copy of your personal data
  • Rectification – correct inaccurate data
  • Erasure – request deletion ("right to be forgotten")
  • Portability – receive your data in a machine-readable format
  • Objection – object to processing based on legitimate interest
  • Restriction – request restriction of processing
  • Complaint – lodge a complaint with your local data protection authority

To exercise your rights, contact: privacy@ailoft.app

7. Cookies

  • Necessary: Session authentication (cannot be disabled)
  • Analytics: Anonymous usage statistics (opt-in)
  • Marketing: Personalization (opt-in)

8. Third-Party Services

  • Stripe – payment processing
  • Revolut – developer payouts
  • Resend – transactional email
  • Servers hosted in the EU (Czech Republic)

9. Contact

Email: privacy@ailoft.app