Privacy Policy
What data we process, why, and for how long — under Articles 13/14 GDPR.
Last updated: July 2, 2026 · Version: 1.0 · Courtesy translation of the German original, which governs in case of conflict.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is: Mika Franke, Essener Straße 3, 06846 Dessau-Roßlau, Germany, email: info@agent-argo.com.
No data protection officer has been appointed, as the statutory requirements for a mandatory appointment (Article 37 GDPR, Section 38 of the German Federal Data Protection Act, BDSG) are not met.
2. Overview: how Argo handles data
Argo is a desktop application ("CORE AGENT") that performs AI-assisted work and development tasks. Argo's core principle is local data storage:
- Your work content stays on your device. Source code, workspace content, project memory, execution logs ("run traces"), and local usage statistics are stored exclusively on your machine in an encrypted database (encryption at rest via SQLCipher; on Windows, the key is protected via the operating system's Data Protection API, DPAPI).
- Your API keys never leave your device. Argo follows the BYOK principle ("Bring Your Own Key"): you store your own access credentials for AI model providers. These credentials are kept in your operating system's credential store (e.g. Windows Credential Manager) and are never — not even in encrypted form — transmitted to our servers.
- Only license and account data is sent to our servers (see Section 5), plus — unless you disable it — anonymous, aggregated metrics (see Section 8). There is no central collection of your work content.
- Content is sent to AI model providers only when you cause this to happen (see Section 7). In the Offline/Regulated profile, Argo technically blocks all outbound network traffic (centrally enforced by the application's network protection layer).
3. Definitions and legal bases
The definitions of Article 4 GDPR apply. We process personal data on the basis of:
- Article 6(1)(b) GDPR — performance of a contract or pre-contractual measures (e.g. provision of the Software, account and license management),
- Article 6(1)(c) GDPR — compliance with legal obligations (e.g. commercial and tax retention requirements),
- Article 6(1)(f) GDPR — legitimate interests (e.g. security and abuse prevention, product improvement using anonymized data),
- Article 6(1)(a) GDPR — consent, where we obtain it in a specific case; you may withdraw any consent given at any time with effect for the future (Article 7(3) GDPR).
4. Visiting our website
When you visit our website, the web server automatically processes the following data in server log files: the IP address of the requesting device, date and time of access, the page/file accessed, the amount of data transferred, HTTP status code, referrer URL, browser type and version, and operating system.
This processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in delivering the website, ensuring stability and security, and defending against attacks. Log files are deleted or anonymized after no more than 7 days, unless a specific security incident requires longer retention.
Hosting: our website and license server are operated by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany, in a data center located in Germany. A data processing agreement pursuant to Article 28 GDPR is in place with this provider. No transfer to third countries takes place in this respect.
Cookies: our website does not use any cookies or tracking/analytics services that require consent.
5. User account, license, and subscription management
Using paid editions (and the Free edition with an account) requires a user account on our license server. In doing so, we process:
- Master data: username, internal user ID, email address, password (stored exclusively as a cryptographic hash),
- Contract and license data: booked edition/plan, term, expiry date, number of seats, pay-as-you-go credit, license fingerprint for device binding on team licenses,
- Usage metadata for quota billing: a counter of runs performed per billing period (only the count — not their content),
- Usage statistics: the number of runs started per calendar hour (only date, hour, and count — no content, no minute-level timestamps, no IP address), used for quota billing, abuse prevention, and aggregated product statistics; transmitted at most once per hour,
- Consent records: the time at which you agreed to the Terms of Service during registration, plus, for each attempt to purchase a paid edition, a log entry with user ID, selected plan, and the time you confirmed the Terms of Service and the notice on the expiry of the right of withdrawal for digital content (Section 356(5) BGB) — this serves as evidence that these statements were validly incorporated into the contract,
- Technical server logs: at the infrastructure level, the web server logs access including IP address; Section 4 applies accordingly (deletion after no more than 7 days).
No content: the license server never receives workspace content, prompts, results, or API keys.
Legal bases: Article 6(1)(b) GDPR (contract performance); for security logging, Article 6(1)(f) GDPR (legitimate interest in securing our systems and preventing license misuse); for consent records, Article 6(1)(c) GDPR (obligation to provide evidence to supervisory authorities and in case of dispute) in conjunction with Article 6(1)(b) GDPR (effective incorporation of the Terms of Service, Section 305(2) BGB).
Retention period: account data is stored for the duration of the contractual relationship and removed after account deletion, unless statutory retention obligations (Section 147 of the German Fiscal Code, AO; Section 257 of the German Commercial Code, HGB — up to 10 years for billing-relevant data) require otherwise. Account-linked usage statistics are anonymized after no more than 90 days: the values are aggregated into cross-account totals and the account-linked entries are deleted. Consent records are retained for the duration of the contractual relationship and beyond, until the statutory limitation periods for claims arising from the contract expire (generally three years from knowledge, Section 195 BGB), after which they are deleted.
6. Payment processing via Paddle (Merchant of Record)
Argo licenses and subscriptions are sold through our distribution partner Paddle.com Market Limited, Judd House, 18–29 Mora Street, London EC1V 8BT, United Kingdom (for customers in certain regions, a different Paddle group entity acts as seller; this is shown during checkout).
Paddle acts as Merchant of Record, meaning Paddle is your contracting party for the purchase and an independent data controller for payment processing. Paddle processes, among other things, your name, email address, billing address, payment data (credit card, PayPal, SEPA), tax information, and transaction data. We ourselves do not receive complete payment data from Paddle, only the information required for license assignment (in particular user ID, booked plan, transaction status, event IDs of payment events).
Insofar as Paddle processes data in the United Kingdom, an adequacy decision of the European Commission applies (Article 45 GDPR). Details on Paddle's data processing: https://www.paddle.com/legal/privacy.
Legal basis for sharing license-assignment data between us and Paddle: Article 6(1)(b) GDPR.
7. AI model calls (BYOK) — transmission to providers of your choice
Argo performs tasks by calling AI language models. In doing so:
- You choose the models and providers. You store your own API keys (BYOK) for providers such as Anthropic, OpenAI, or others, or you use exclusively local models on your device.
- What is transmitted: when a cloud model is called, the prompt and context content required for that call (e.g. excerpts of your source code or documents) is transmitted directly from your device to the respective provider. We do not receive this content and have no access to it.
- Transparency: the model catalog built into Argo shows, for each model, whether it runs locally or in the cloud and which data-protection class it is assigned to.
- Control: in the Offline/Regulated profile, only local models are permitted; outbound connections are technically blocked. Network destinations can additionally be restricted via an allowlist.
Allocation of data protection responsibility: for content that you send to model providers using your own API keys, you (or your organization) are responsible under data protection law; the data protection provisions and, where applicable, data processing agreements of the respective provider apply. Note that providers based outside the EU (e.g. in the United States) may process data in third countries; please review the safeguards offered by the provider (e.g. EU Standard Contractual Clauses, certification under the EU-U.S. Data Privacy Framework). Do not transmit third parties' personal data to model providers unless you have a legal basis for doing so.
8. Usage and savings metrics ("savings telemetry") — with your consent only
Argo can transmit weekly aggregated metrics on achieved savings to our server, in order to improve the product and produce aggregated overall statistics (e.g. for our website).
- Opt-in: transmission is disabled by default and occurs only if you explicitly enable it in the application's settings. You may disable it again at any time.
- Content: only aggregated numeric values per completed calendar week are transmitted (e.g. number of runs, estimated time/cost savings, model costs), along with edition/plan, app version, and update channel. No work content, prompts, file names, or free text is transmitted; the permitted fields are technically restricted by an allowlist, and a report is only generated once a minimum number of runs has been reached.
- Attribution: transmission occurs via your logged-in account and is attributed to that account server-side (to prevent duplicates and protect against abuse); it may additionally include a non-reversible, truncated license fingerprint. Only cross-account aggregated values are used publicly.
- Legal basis: your consent, Article 6(1)(a) GDPR. You may withdraw consent at any time with effect for the future by disabling the toggle in settings (Article 7(3) GDPR); previously transmitted reports are unaffected but will be deleted on request (contact: info@agent-argo.com).
9. Software updates
When checking for and downloading updates, Argo (or the bootstrapper) connects to our update server. For technical reasons, this processes your device's IP address, the time of the request, and version metadata (installed version, target version, operating system). Update manifests are cryptographically signed; verification happens locally.
Legal basis: Article 6(1)(b) GDPR (provision of the updates owed under the contract, Section 327f BGB) and Article 6(1)(f) GDPR (security of update delivery). The application itself does not store this connection data; it is recorded only in the access log of the upstream reverse proxy, subject to the same deletion period as in Section 4 (no more than 7 days).
10. Team features and LAN synchronization
For team licenses, shared content (e.g. shared memory, skills) can be synchronized between the devices of team members. This synchronization occurs exclusively within the local network ("local network only"); the content is not transmitted to our servers. Responsibility for content shared within a team lies with the organization using the team license.
11. Contact and support
If you contact us by email (e.g. support requests), we process the data you provide (name, email address, content of the request) to handle your inquiry. Support/diagnostic exports that you voluntarily send us are automatically sanitized by Argo before export (removal of secrets/credentials, truncation of file paths to file names).
Legal basis: Article 6(1)(b) GDPR (contract/pre-contractual measures), otherwise Article 6(1)(f) GDPR. Requests are deleted once they have been conclusively handled and no retention obligations apply.
12. Recipients and processors
We only share personal data to the extent described in this notice:
| Recipient | Purpose | Role | Location/processing site |
|---|---|---|---|
| Hetzner Online GmbH | Operation of website, license, and update server | Processor (Article 28 GDPR) | Germany |
| Paddle group | Payment processing as Merchant of Record | Independent controller | UK (adequacy decision) / shown at checkout |
| AI model providers of your choice | Executing model calls with your keys | Engaged by you; not our recipient | Depends on provider, possibly a third country |
Beyond this, we only share data where we are legally obliged to do so (Article 6(1)(c) GDPR) or where necessary to enforce our rights (Article 6(1)(f) GDPR).
13. Transfers to third countries
We only transfer personal data to countries outside the EU/EEA in connection with payment processing via Paddle (UK — European Commission adequacy decision). Transfers to AI model providers in third countries occur exclusively at your instigation, using your own access credentials (see Section 7).
14. Retention periods (summary)
Except as otherwise stated above, we store personal data only for as long as necessary for the stated purposes, and delete it thereafter unless statutory retention obligations (in particular under commercial and tax law, up to 10 years) require otherwise. Data stored locally on your device (database, run traces, memory) is subject solely to your control; Argo provides configurable retention rules (count/age) with cascading deletion, as well as export and backup functions.
15. Your rights as a data subject
You have the following rights against us regarding personal data concerning you:
- Access (Article 15 GDPR),
- Rectification (Article 16 GDPR),
- Erasure (Article 17 GDPR),
- Restriction of processing (Article 18 GDPR),
- Data portability (Article 20 GDPR),
- Withdrawal of consent given (Article 7(3) GDPR) with effect for the future.
Right to object (Article 21 GDPR): you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR. We will then no longer process the data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
To exercise your rights, an informal message to info@agent-argo.com is sufficient.
Right to lodge a complaint: you also have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR), in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement. The authority responsible for us is the State Commissioner for Data Protection of Saxony-Anhalt (https://datenschutz.sachsen-anhalt.de).
16. Obligation to provide data; automated decisions
Providing account and license data is necessary to conclude the contract; without it, we cannot provide paid editions. No automated decision-making, including profiling within the meaning of Article 22 GDPR, takes place.
17. Data security
We take technical and organizational measures under Article 32 GDPR, including:
- Transport encryption (TLS) for all connections to our servers, optionally supplemented by certificate pinning in the application (additional hardening against forged or misissued certificates, configurable, not active by default),
- local database encryption at rest (SQLCipher) with an OS-protected key (DPAPI),
- storage of API keys exclusively in the operating system's credential store,
- passwords stored only as salted hashes,
- cryptographically signed update manifests with local signature verification,
- storage of server secrets outside the source code repository,
- the principle of data minimization: no central collection of work content.
18. Changes to this Privacy Policy
We will amend this Privacy Policy whenever data processing or the legal situation changes. The current version is available within the application and at https://www.agent-argo.com/privacy_policy. The version and date stated above are decisive.