Privacy Policy

We value your privacy.

1. Introduction

AgilePoint, Inc. (“AgilePoint,” “we,” “our,” or “us”) values your privacy and is committed to protecting the personal information you entrust to us. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you use our website (agilepoint.com), our software platform and services (collectively, the “Services”), or otherwise interact with us.

AgilePoint is an ISO 27001-certified and SOC 2-compliant organization. Our privacy practices are maintained as part of our Information Security Management System (ISMS) and are subject to periodic internal and external audit.

This policy applies to all individuals whose personal information we process, including website visitors, prospective customers, current customers, customer end users, partners, and vendors.

2. Data Processing Roles

AgilePoint operates in different capacities depending on the context of data processing:

  • Controller: When AgilePoint collects personal information directly from website visitors, prospective customers, or for its own business purposes (e.g., marketing, sales inquiries, recruitment), AgilePoint acts as the data controller.
  • Processor: When AgilePoint processes personal information on behalf of its enterprise customers through the AgilePoint platform, AgilePoint acts as a data processor. In this capacity, the customer is the data controller and determines the purposes and means of processing. AgilePoint processes such data solely in accordance with the customer’s documented instructions and applicable Data Processing Agreement (DPA).

For on-premises deployments, the customer maintains full operational control of the hosting infrastructure, production environment, and all data stored therein. AgilePoint’s processing activities are limited to product development, support, maintenance, and professional services.

3. Information We Collect

3.1 Information You Provide Directly

  • Name, title, and company affiliation
  • Contact information (email address, telephone number, mailing address)
  • Account credentials and authentication data
  • Information submitted through contact forms, demo requests, or support inquiries
  • Contractual and billing information
  • Information provided in connection with customer surveys, events, or marketing activities

3.2 Information Collected Automatically

  • Browser type, operating system, and device information
  • IP address and approximate geolocation
  • Pages visited, files requested, referring URLs, and session duration
  • Cookie identifiers and similar tracking technologies (see Section 9)

3.3 Customer Data

Enterprise customers may input, upload, or transmit data into the AgilePoint platform in the course of using the Services (“Customer Data”). AgilePoint processes Customer Data solely as a processor on behalf of the customer, as governed by the applicable service agreement and DPA.

4. How We Use Information

We use the information we collect for the following purposes:

  • To provide, operate, maintain, and improve the Services
  • To respond to inquiries, support requests, and demo requests
  • To process transactions and manage customer accounts
  • To send administrative communications (service updates, security alerts, policy changes)
  • To send marketing communications, where consent has been obtained or as otherwise permitted by law
  • To conduct analytics and improve our website, products, and services
  • To comply with legal obligations, enforce our agreements, and protect our rights
  • To detect, prevent, and respond to security incidents and fraudulent activity

5. Legal Bases for Processing (EEA/UK)

Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases:

  • Contract performance: Processing necessary to provide the Services or fulfill our contractual obligations.
  • Legitimate interests: Processing necessary for our legitimate business interests (e.g., product improvement, security, fraud prevention), where not overridden by your rights and interests.
  • Consent: Where you have provided explicit consent (e.g., marketing communications). You may withdraw consent at any time.
  • Legal obligation: Processing necessary to comply with applicable laws, regulations, or legal processes.

6. Data Sharing and Disclosure

AgilePoint does not sell personal information. We may share personal information with the following categories of recipients:

  • Service providers and sub-processors: Third-party vendors who assist in delivering our Services (e.g., cloud hosting providers, analytics services, customer support tools). These parties are contractually bound to process data only as instructed and in accordance with appropriate security and confidentiality obligations.
  • Business partners: Channel partners and resellers, where necessary to fulfill service engagements.
  • Legal and regulatory: Law enforcement, regulatory authorities, or other third parties where required by law, regulation, legal process, or governmental request, or where necessary to protect our rights, safety, or property.
  • Corporate transactions: In connection with a merger, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections.

A current list of sub-processors used in the delivery of the AgilePoint platform is available upon request by contacting ap-privacy@agilepoint.com.

7. International Data Transfers

AgilePoint is headquartered in the United States. Personal information may be transferred to, stored in, and processed in the United States or other jurisdictions where AgilePoint or its service providers operate.

For transfers of personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not received an adequacy decision, AgilePoint relies on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The EU-U.S. Data Privacy Framework (DPF), to the extent applicable
  • Supplementary measures as required based on transfer impact assessments

Customers requiring documentation of transfer mechanisms may contact ap-privacy@agilepoint.com.

8. Data Retention

AgilePoint retains personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Website and marketing data: Retained for the duration of the business relationship plus a reasonable wind-down period, unless deletion is requested earlier.
  • Customer Data: Retained for the term of the applicable service agreement. Upon termination or expiration of the agreement, Customer Data is deleted or returned in accordance with the contract and DPA, typically within 30 days following the customer’s written request.
  • Backup and archival copies: May be retained for a limited period in accordance with our backup retention schedule and are purged in the ordinary course of backup rotation.

Specific retention periods may vary based on the nature of the data and applicable legal requirements.

9. Cookies and Tracking Technologies

AgilePoint uses cookies and similar technologies on our website to improve functionality, analyze usage, and support marketing activities.

  • Essential cookies: Required for core website functionality (e.g., session management, login). These cannot be disabled.
  • Analytics cookies: Used to understand website usage patterns and improve our content and services. These may include third-party analytics tools.
  • Marketing cookies: Used to deliver relevant advertising and measure campaign effectiveness.

You may manage your cookie preferences through your browser settings. Disabling certain cookies may affect website functionality. Where required by applicable law, we obtain consent before placing non-essential cookies.

10. Data Security

AgilePoint implements administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for privileged access
  • Continuous monitoring, intrusion detection, and security event logging
  • Secure software development lifecycle (SDLC) practices
  • Regular penetration testing and vulnerability assessments
  • Incident response and business continuity plans
  • Employee security awareness training

AgilePoint’s security program is validated through ISO 27001 certification and SOC 2 Type II compliance audits conducted by independent third-party assessors.

11. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal information.
  • Erasure: Request deletion of your personal information, subject to legal and contractual retention obligations.
  • Restriction: Request that we restrict processing of your personal information under certain circumstances.
  • Portability: Request your personal information in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdrawal of consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Non-discrimination: Exercise your rights without receiving discriminatory treatment.

To exercise any of these rights, please contact us at ap-privacy@agilepoint.com. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA/CPRA).

Where AgilePoint processes personal information as a processor on behalf of a customer, data subject requests should be directed to the customer (the controller). AgilePoint will assist the customer in responding to such requests as required by the applicable DPA.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information, including the right to know, delete, correct, and opt out of the sale or sharing of personal information.

AgilePoint does not sell personal information and does not share personal information for cross-context behavioral advertising. California residents may exercise their rights by contacting ap-privacy@agilepoint.com.

13. Children’s Privacy

The Services are not directed to individuals under the age of 16. AgilePoint does not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information promptly.

14. Third-Party Links

Our website may contain links to third-party websites and services. AgilePoint is not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any third-party site you visit.

15. Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, AgilePoint will:

  • Notify affected customers without undue delay and no later than 72 hours after becoming aware of a confirmed breach, where AgilePoint acts as a processor
  • Provide sufficient information to enable the customer (as controller) to fulfill its own notification obligations
  • Cooperate with the customer in investigating and remediating the breach
  • Where AgilePoint acts as a controller, notify the relevant supervisory authority and affected individuals in accordance with applicable law

Breach notification obligations are further detailed in the applicable DPA or service agreement.

16. Changes to This Policy

AgilePoint may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. We will post the updated policy on our website with a revised effective date. For material changes, we will provide notice through appropriate channels (e.g., email notification, website banner).

We encourage you to review this policy periodically.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AgilePoint, Inc.

Attn: Privacy Team

1916 Old Middlefield Way, Suite B

Mountain View, CA 94043

Email: ap-privacy@agilepoint.com

EU/UK individuals may also contact AgilePoint regarding GDPR-related inquiries at the email address above.

⏵ THE BOTTOM LINE

Helping Enterprise Leaders Automate their Process

Powerful features of the AgilePoint platform that help your enterprise eliminate technical debt and future-proof ROI.

Schedule a demo
Join our newsletter
We’ll send you a nice letter. No spam.
We care about your data. Check out our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe Newsletter
In 2003, AgilePoint bet the world would need an execution architecture that could change in real time, driven by intelligence. That composable architecture made us a BPM pioneer (2007), a low-code leader (2016), and now the missing dynamic process layer for agentic AI (2025). We were early. Now we're on time to prove it: build your processes right, and your enterprise AI succeeds 5–10X faster and more effectively.
Platform
Why AgilepointWhy AgilePointCore CapabilitiesIntegrationApp StoreSecurity and GovernanceLogin to Cloud- EMEALogin to Cloud- NA
Resources
EventsVideo LibraryPodcastResource CenterProduct BlogBlogFind a PartnerPartner in the SpotlightLegacy Training
Company
Our StoryContactPricingTrust CenterLicensing TermsCareersHelp DeskCommunity Forum
Legal
Terms and ConditionsPrivacy PolicyAcceptable Use PolicyPlatform PolicyPrivacy ShieldGDPRMobile App PolicyMobile App EULA
ⓒ 2026 AgilePoint Inc.- All rights Reserved