Last updated: March 2, 2026
Privacy Policy
1. Data Controller
- Name: Argentica
- DPO Contact: [email protected]
- General contact: [email protected]
- Website: https://argentica.ai
2. Data We Collect
2.1 Data provided by the user
- Registration data: name, email address, password (hashed).
- Profile data (Imprint): assistant name, communication style, technical level, response preferences.
- Chat content: messages sent to the AI assistant.
- Files: documents uploaded to storage or the knowledge base.
- Consent data: granular privacy preferences.
2.2 Automatically collected data
- Usage data: pages visited, features used, frequency of use.
- Technical data: IP address, browser type, operating system, language.
- Billing data: consumption records, transactions, payment method (managed by Stripe).
2.3 Derived data
- Embeddings: vector representations of documents for semantic search (anonymized, not reversible to original text).
- Usage costs: consumption metrics for AI models and integrations.
3. Legal Basis for Processing (Art. 6 GDPR)
| Purpose | Legal basis |
|---|---|
| Service provision | Performance of contract (Art. 6.1.b) |
| Processing by AI models | Explicit consent (Art. 6.1.a) |
| Billing and payments | Legal obligation (Art. 6.1.c) |
| Service improvement | Legitimate interest (Art. 6.1.f) |
| Commercial communications | Consent (Art. 6.1.a) |
| Security and fraud prevention | Legitimate interest (Art. 6.1.f) |
4. Processing by AI Providers (LLM)
4.1 Providers and International Transfers
User queries may be processed by the following language model providers:
| Provider | Headquarters | Transfer safeguards |
|---|---|---|
| OpenAI, L.L.C. | USA | Data Processing Addendum, Standard Contractual Clauses (SCC) |
| Anthropic, PBC | USA | Data Processing Addendum, SCC |
| xAI Corp. | USA | API Terms of Service |
| Google LLC | USA | Data Processing Addendum, SCC, EU-US DPF certification |
| Open-source models (Kimi, GLM, others) | European Union | Self-hosted on EU infrastructure, no third-party data transfer |
4.2 What data is sent
- The content of the user's message and the context necessary to generate the response.
- Results from MCP tools requested by the model during execution.
- Not sent: passwords, payment data, or personal user identifiers (messages are sent in anonymized form).
4.3 User control
Users can manage the processing of their data by external LLMs through the consent panel (Profile > Privacy):
- External LLM consent: Enable/disable sending data to AI models.
- Chat history: Enable/disable conversation persistence.
- Memory: Enable/disable the knowledge base and stored user preferences.
- Imprint: Enable/disable assistant personalization.
5. Data Recipients
5.1 Service providers (Data processors)
| Service | Provider | Purpose |
|---|---|---|
| Infrastructure | EU-based provider | Server hosting |
| Payments | Stripe, Inc. (USA) | Payment processing |
| CDN / DNS | Cloudflare, Inc. (USA) | Content delivery and security |
| AI Models | See section 4.1 | Natural language processing |
5.2 Resellers
When a user accesses via a reseller:
- The reseller has access to basic user data (name, email, account status).
- The reseller does not have access to conversation content or user files.
- The reseller acts as data controller for their clients; Argentica acts as data processor.
6. International Transfers
Data may be transferred outside the European Economic Area (EEA) to providers located in the USA and other countries. These transfers are carried out with the following safeguards:
- Standard Contractual Clauses (SCC) approved by the European Commission.
- EU-US Data Privacy Framework (where the provider is certified).
- Transfer Impact Assessments (TIA) carried out for each provider.
7. User Rights (GDPR)
Users may exercise the following rights:
- Access: Obtain confirmation of whether their data is being processed and access it.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of their data ("right to be forgotten").
- Objection: Object to processing based on legitimate interest.
- Restriction: Request restriction of processing.
- Portability: Receive their data in a structured, machine-readable format.
- Withdrawal of consent: Withdraw consent at any time without retroactive effect.
7.1 How to exercise your rights
- From the application: Profile > Privacy (for consent) or Profile > Data (for export/deletion).
- By email: Send your request to [email protected] indicating the right you wish to exercise.
- Response time: 30 business days from receipt of the request.
7.2 Data export (GDPR)
Users can request a complete export of their data from the application. The export includes:
- Profile and consent data
- Conversation history
- Stored files
- Usage and billing metrics
8. Security Measures
Argentica implements the following technical and organizational measures:
- Encryption in transit: TLS 1.2/1.3 for all communications.
- Encryption at rest: Files encrypted in storage.
- Data isolation: Dedicated storage per company (optional).
- Access control: Session authentication, CSRF protection, rate limiting.
- Infrastructure: Servers located in the European Union.
- Backups: Daily encrypted backups.
- Audit: Logging of access and critical operations.
- File validation: Type detection and content sanitization.
9. Data Retention
| Data type | Retention period |
|---|---|
| Account data | While the account is active + 365 days |
| Chat history | While the account is active (deletable by user) |
| Files | While the account is active (deletable by user) |
| Billing data | 5 years (legal obligation) |
| Access logs | 90 days |
| Backups | 30 days |
After account cancellation, data is permanently deleted after the retention period, unless legal retention obligations apply.
10. Cookies
The argentica.ai website uses only technical cookies necessary for the operation of the service:
- Session: User authentication management.
- CSRF: Protection against cross-site request forgery attacks.
- Theme: Light/dark theme preference (localStorage, not a cookie).
No third-party cookies are used for advertising or tracking purposes.
11. Minors
Argentica is not intended for minors under 16 years of age. We do not knowingly collect data from children under 16. If you become aware that a minor has provided personal data, please contact us to arrange its deletion.
12. Changes
We reserve the right to update this Privacy Policy. Substantial changes will be notified to users by email or through an in-app notice with a minimum of 30 days' prior notice.
13. Supervisory Authority
If you believe that the processing of your data violates regulations, you may file a complaint with the Spanish Data Protection Agency (AEPD):
- Website: https://www.aepd.es
- Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
14. Contact
For any queries about this Privacy Policy:
- General email: [email protected]
- Privacy / DPO: [email protected]