Privacy Policy

AgoraDeck ("we", "us", "our") operates the AgoraDeck contact management and project planning service available at agoradeck.com.

For the purposes of UK GDPR and the Data Protection Act 2018, AgoraDeck is the data controller for personal data collected about users of our Service. Where you store personal data about third-party Contacts in the Service, we act as a data processor on your behalf - see Section 6 for more detail.

Contact us about data matters at: privacy@agoradeck.com

We use your personal data to:

• Create and manage your account and authenticate you
• Provide, operate, and improve the Service
• Send you transactional emails (e.g. password reset, account notifications)
• Respond to support requests and communications
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations
• Analyse aggregate, anonymised usage patterns to improve the product (no individual profiling)

We do not sell your personal data. We do not use your data for advertising or share it with third-party advertisers.

We do not sell, rent, or trade your personal data. We may share data with:

• Infrastructure and hosting providers - to store data and run the Service (servers, databases, file storage). These providers act as sub-processors and are bound by appropriate data processing agreements.
• Email service providers - to deliver transactional emails on our behalf.
• Law enforcement or regulators - where we are legally required to disclose data, or to protect the rights, property, or safety of AgoraDeck, our users, or the public.

Any third-party sub-processors are carefully vetted and operate under contracts that require them to protect your data in accordance with applicable law.

When you add freelance professionals to your AgoraDeck directory, you are entering personal data about those individuals (e.g. their name, email, day rate, portfolio images). In respect of this data:

• You are the data controller - you determine the purpose and means of processing
• AgoraDeck is the data processor - we process and store the data solely for the purpose of providing the Service to you

You are responsible for ensuring you have a lawful basis for storing each Contact's data and for responding to any rights requests those individuals may make. Your responsibilities regarding Contact data are further described in our Terms of Service.

We will not access, use, or share Contact data for any purpose other than providing the Service to you, unless required by law.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data - retained for the life of your account. When you delete your account, your profile data and Contact records are permanently deleted within 30 days, subject to legal retention obligations.
• Server logs - retained for up to 90 days for security and diagnostic purposes.
• Backups - encrypted backups may be retained for up to 60 days after account deletion before being fully purged from backup systems.

You can export all your data and delete your account at any time from your account settings.

Under UK GDPR you have the following rights in relation to your personal data:

• Access - request a copy of the personal data we hold about you
• Rectification - ask us to correct inaccurate or incomplete data
• Erasure - request deletion of your data where there is no legitimate reason for us to keep it
• Restriction - ask us to pause processing your data in certain circumstances
• Portability - receive your data in a structured, machine-readable format. Use the Export feature in your account settings or contact us.
• Objection - object to processing based on legitimate interests
• Withdraw consent - where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@agoradeck.com. We will respond within one calendar month. We may need to verify your identity before acting on a request.

AgoraDeck uses a small number of first-party cookies that are strictly necessary to run the Service (session management and CSRF protection) and one optional functional cookie that remembers your login between sessions if you choose "Remember me".

We do not use advertising, analytics, or third-party tracking cookies of any kind.

For a full list of cookies, what they do, how long they last, and how to manage or delete them, see our dedicated Cookie Policy →

The security of your personal data is important to us, but no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

If you discover a security vulnerability, please disclose it responsibly by emailing admin@agoradeck.com.

AgoraDeck is not intended for or directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data about a child, please contact us immediately at privacy@agoradeck.com and we will delete it promptly.

Your data is primarily stored and processed in the United Kingdom and/or the European Economic Area. Where we use infrastructure providers that process data outside the UK/EEA (for example, CDN or backup services), we ensure appropriate safeguards are in place such as UK adequacy decisions, standard contractual clauses, or equivalent mechanisms required by UK GDPR.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

Continued use of the Service after changes take effect constitutes acceptance of the updated Policy. We encourage you to review this page periodically.

For any privacy-related questions, requests, or concerns please contact us: