This policy explains what personal data Living Agora collects, why, how we protect it, and the rights you have under the EU General Data Protection Regulation (GDPR) and similar laws. It applies to our website and the Living Agora platform.
Living Agora is the data controller for personal data processed through the Service. For privacy enquiries or to exercise your rights, contact privacy@livingagora.com.
| Category | Examples | Why |
|---|---|---|
| Account | email, password hash, display name | create and secure your account |
| Profile | company, sector, size, investment type, budget range, priority SDGs, risk tolerance, target regions, notes | tailor analyses and reports to your context |
| Subscriptions | chosen plan, report & agent configurations, delivery email | operate the features you set up |
| Usage / security | IP address, login attempts, rate-limit counters, timestamps | protect against abuse and keep the Service reliable |
| Billing | name, company, plan, billing email (card data handled by our processor) | process payments and invoicing |
| Content | chat prompts, directives, follow-up tasks you enter | generate the briefs and reports you request |
Payment cards. We do not receive or store full card numbers. Card details are entered with our PCI-compliant payment processor (Stripe). In the preview build, card fields are not transmitted or stored at all.
To generate analyses and reports, the prompts and context you submit are sent to our AI inference provider and may use web-search results from a search provider. We share personal data only with service providers that help us run the Service, under data-processing agreements:
We do not sell your personal data, and we do not use it to train third-party AI models.
Some providers may process data outside the EEA. Where that happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.
We keep account, profile, and subscription data for as long as your account is active and as needed to provide the Service. Generated reports are retained so you can revisit them; security logs are kept for a limited period. We delete or anonymise personal data when it is no longer needed, subject to legal retention requirements. You can request deletion at any time.
Under the GDPR you may request access to, correction, deletion, restriction, or portability of your personal data, and object to certain processing. You may also withdraw consent and lodge a complaint with your local supervisory authority. To exercise any right, email privacy@livingagora.com; we respond within the legally required timeframe.
We use a small number of strictly necessary cookies — chiefly a secure, http-only session cookie to keep you signed in. We do not use advertising cookies. Some interface preferences (e.g. theme) are stored locally in your browser and never leave your device.
We protect data with measures including password hashing (bcrypt), signed session tokens with refresh rotation and reuse detection, account lockout and rate limiting, parameterised database queries, transport encryption (HTTPS), and origin-based CSRF protection. No system is perfectly secure, but we work to safeguard your data and will notify you of a breach where the law requires.
The Service is for business use and not directed to anyone under 18. We do not knowingly collect data from children.
We may update this policy as the Service evolves; material changes will be notified by email or in-product. Questions or requests: privacy@livingagora.com.