Privacy policy
Last updated: 24 April 2026
This Privacy Policy explains how Ladoma d.o.o. ('we') processes personal data when you use Agito. We are the controller of your personal data within the meaning of the EU General Data Protection Regulation (GDPR).
1. Data we collect
Account data: name, email, password hash, optional profile image. Content: whatever you create in the app — projects, tasks, documents, messages, files. Usage data: login timestamps, IP address, user agent, actions taken in the audit log. Technical data: cookies strictly necessary for login and language preference. We do not use analytics cookies.
2. Purpose and legal basis
We process your personal data to: (a) provide the Service (contract performance); (b) keep the Service secure (legitimate interest); (c) send transactional emails such as invites, password resets, and notifications (contract performance); (d) comply with legal obligations (legal obligation). You can opt out of weekly digest and individual notification types in Settings.
3. Data sharing
We do not sell your data. We share data only with necessary sub-processors: (a) Hetzner Online GmbH (EU hosting); (b) Cloudflare, Inc. (CDN, DNS, network tunnel); (c) Resend (transactional email delivery); (d) optionally: Anthropic PBC if you enable AI features. All sub-processors are bound by GDPR-compliant data processing agreements.
4. Data retention
We keep account data as long as your account is active. When you delete your account, we delete all personal data within 30 days, except where legally required to retain it (e.g., invoices). Backups are retained for 30 days then destroyed.
5. Your rights
Under GDPR you have the right to: access your data; correct it; delete it; export it; restrict or object to processing; withdraw consent where applicable. Export is available in-app; other rights can be exercised by emailing [email protected]. You may also lodge a complaint with the Croatian data protection authority (AZOP) or your local supervisory authority.
6. Cookies
We use strictly necessary cookies only. No analytics, no advertising, no tracking pixels. Details on the Cookie Policy page.
7. Security
Passwords are hashed with bcrypt. Two-factor secrets are encrypted with AES-256-GCM. All traffic is encrypted end-to-end. We maintain an audit log of workspace actions and a login history log per user.
8. Children
Agito is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.
9. International transfers
Data is stored in the EU (Hetzner, Nuremberg). Cloudflare and Resend may process metadata in other jurisdictions under Standard Contractual Clauses approved by the European Commission.
10. Changes
Material changes will be announced via email at least 30 days in advance. Minor updates will be reflected in the 'Last updated' date.
11. Contact
Data Protection contact: [email protected]. Postal address: Ladoma d.o.o., Kopernikova 10, 10000 Zagreb, Croatia.