The Agentic Org

Privacy Policy

Version 1.0 · Effective 2026-04-21 · English

1. Who we are

The Agentic Org is a product of Xtal 2000 S.a.s. di Marco Di Giura & C. ("we", "us"), registered in Italy. References to "MDG WMS", "MDG UFCP", "MDG FSP" below denote the individual products that form the Agentic Org platform.

2. Data we process

We act as a data processor on behalf of your organization (the data controller). We process:

Account data: name, work email, tenant membership, role, hashed password, two-factor secret, login timestamps.
Operational data: any records your users enter (schedules, tickets, plants, technicians, documents, chat transcripts with agents, voice transcriptions, agent decision logs).
Technical data: browser user-agent, IP address on authentication events, token usage counters, audit trail for agentic actions.

We do not deliberately collect special categories (health, biometrics, religious beliefs). If your operational data contains such categories, you remain controller and are responsible for lawful basis.

3. Lawful basis

Contract performance (Art. 6(1)(b) GDPR) for providing the service.
Legitimate interest (Art. 6(1)(f)) for security, abuse prevention, platform integrity.
Legal obligation (Art. 6(1)(c)) for billing records and mandatory retention.

4. Sub-processors

We use a minimal set of sub-processors listed in our DPA. Current set (as of the version date above):

Hetzner Cloud (infrastructure, EU region) — application hosting, PostgreSQL, backups.
Cloudflare (CDN, Pages) — static asset delivery and DDoS protection for public PWAs.
LLM providers (Anthropic, OpenAI, Google) — agent reasoning on text sent to chat endpoints. No training on your data (enterprise tiers). See section 7 for details.

5. Data residency

Primary data storage is in EU data centres (Hetzner Nuremberg/Helsinki or Falkenstein). LLM API calls may be routed to US regions when you select US-based providers; this is disclosed at provider selection time and can be disabled per-tenant from Governance settings.

6. Retention

Account data: retained while the account is active and for 12 months after tenant termination, then anonymized.
Operational data: retained under your tenant's retention policy (configurable in Governance). Default: indefinite until explicit delete.
Audit logs (agentic decisions, login events): retained 24 months, then archived.
Backups: encrypted, rolling 30-day retention.

7. Agent reasoning and AI providers

Content sent to agent chat endpoints (user messages, recalled context, operational data used for reasoning) is forwarded to the LLM provider you selected in Governance settings. We send only the minimum necessary context for the current reasoning step. We instruct providers to operate under their enterprise terms (no training on customer data). Selection of provider is entirely under your control.

When you enable Dynamic agentic behaviour, additional tool-call outputs (simulations, queries) may be included in the reasoning trace. All reasoning traces are stored in your tenant, accessible via Agent Decisions.

8. Your rights

This policy is written under the EU General Data Protection Regulation (GDPR) framework, as we are an Italian data processor and Italy is our primary market. Users located outside the EEA retain equivalent rights under their local data-protection law (for example UK-GDPR, California's CCPA/CPRA, Brazil's LGPD, Switzerland's revFADP). We honour those local rights where applicable; contact us at the address below for your regional specifics.

Under GDPR Articles 15–22 (and their equivalents) you can:

Request a copy of your personal data (right of access).
Request correction of inaccurate data.
Request deletion, subject to contractual and legal retention.
Request export in a portable format.
Object to processing and request restriction.
EU/EEA users: lodge a complaint with the Italian Data Protection Authority (Garante). Non-EU users: lodge a complaint with your local supervisory authority.

9. Security

We apply technical and organizational measures appropriate to the risk:

TLS in transit. The most sensitive stored material — integration / AI-provider credentials and notification secrets — is encrypted at the application layer with AES-256-GCM under a server-held key.
Customer Company isolation at database and routing level.
Two-factor authentication on the supported login flows and hardened session cookies.
Server-side validation for uploaded operational files before parsing.
Audit trail for agentic actions and selected admin operations.
Least-privilege access for operators; no standing access to customer data.

Operational, fiscal, audit, order, mission, stock, visit, offer, and shipment history follow the configured retention policy and legal-lock rules.

10. Cookies

We use a minimal set of strictly necessary cookies. No consent is required under the Italian Garante Privacy Guidelines (10 June 2021, art. 122 D.Lgs. 196/2003) because these cookies serve an essential security and session-management function and do not perform profiling, analytics, or tracking.

mdg_session — session authentication. HttpOnly, Secure, SameSite=Strict. Expires at logout or after 8 hours of inactivity.
XSRF-TOKEN — CSRF protection on authenticated mutations. Secure, SameSite=Strict, same lifetime as the session.

Why HttpOnly cookies and not browser localStorage? The HttpOnly flag is a security feature, not merely a session-management detail. A cookie marked HttpOnly is invisible to JavaScript running in the page, so even if a cross-site-scripting (XSS) bug were ever to slip through our input sanitisation, an attacker’s injected script could not read your session token and exfiltrate it. This explicitly mitigates CWE-312 (“Cleartext Storage of Sensitive Information”) and follows the OWASP recommendation for SaaS session-token storage. Storing the same token in localStorage would leave it readable by any in-page script — a single XSS bug would be enough to compromise the session.

We do not use analytics cookies, third-party trackers, or profiling cookies. Cookies stay first-party and never leave *.dressai.info. You can clear them at any time via your browser settings; this will log you out of the application and require a fresh sign-in.

11. Changes

When this policy materially changes we bump the version and prompt you at next sign-in to review and accept the updated text. Your acceptance is recorded with timestamp, user identifier, and version.

12. Contact

Data Protection point of contact: [email protected].