AgencyPitch (“AgencyPitch,” “we,” “our”) is a global B2B SaaS product operated by GrahAI Systems (registered in India). This Privacy Policy explains what personal data we collect from you, how we use it, who we share it with, and the controls you have. It applies to agencypitch.io, the AgencyPitch web application, and any related APIs.
We comply with the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), India’s Digital Personal Data Protection Act 2023 (DPDP), and equivalent laws elsewhere we operate.
1. Who is responsible for your data
For data submitted through your AgencyPitch account, GrahAI Systems acts as a data controller (for account, billing, and usage telemetry) and a data processor (for proposal content, client lists, and other agency data you upload).
Operating entity: GrahAI Systems
Country of registration: India
Data Protection contact: privacy@agencypitch.io
2. What we collect
Information you give us
- Account info: name, email, profile photo, password hash (or Google OAuth identifier).
- Agency profile: agency name, logo, brand colors, website, services offered.
- Proposal content: client names, proposal text, pricing, case studies, and any documents you upload.
- Billing data: handled by Razorpay. We store the customer ID, plan, and invoice metadata — never card numbers or CVVs.
- Communications: support tickets, contact-form messages, feedback.
Information we collect automatically
- Usage telemetry: page views, feature events, errors. We use PostHog and Sentry for this.
- Device + technical data: IP address (hashed for proposal viewers — see below), user-agent, browser, OS, timezone.
- Cookies + local storage: see our Cookie Policy.
Information from third parties
- Google Sign-In: if you sign in with Google, we receive your name, email, and profile photo.
- Client website fetches: when you generate a proposal with a client URL, we make a one-time request to that URL to extract a summary. We do not log or persist the fetched content.
3. How we use your data
- Provide the service — auth, proposal generation, editor, sharing, PDF export.
- AI generation — your proposal inputs are sent to our AI subprocessors (Anthropic, Google) to generate output. Your content is never used to train AI models.
- Billing + tax — process payments, send invoices, comply with tax law.
- Transactional email — proposal-view notifications, billing receipts, security alerts.
- Product improvement — aggregated usage data only. We do not look at individual proposals.
- Security + abuse prevention — detect fraud, rate-limit abuse.
- Legal compliance — respond to lawful requests from authorities.
We do not sell your personal data, and we do not share it for cross-context behavioral advertising.
4. Public proposal pages
When you generate a public share link for a proposal at agencypitch.io/p/[id], anyone with the link can view it. We log view events (timestamp, hashed IP, user-agent, time spent, sections viewed) so you can see engagement analytics. Visitor IPs are SHA-256 hashed before storage.
5. Where your data is stored
Your data is stored on Google Firebase infrastructure (us-central1 region) and processed by subprocessors listed at agencypitch.io/subprocessors. Where you are located in the EU/UK, transfers to the US/India happen under Standard Contractual Clauses (SCCs) and supplementary measures.
6. How long we keep it
| Data | Retention |
|---|---|
| Account + agency profile | Lifetime of your account, plus 30 days after deletion |
| Proposals + client data | Lifetime of your account, plus 30 days after deletion |
| Billing records | 7 years (legal/tax requirement in India + most jurisdictions) |
| Audit-tool submissions | 90 days, unless email saved |
| Server logs | 30 days |
| Aggregated analytics | Indefinite (no PII) |
7. Your rights
You have the right to:
- Access a copy of your personal data
- Correct inaccurate data (Settings → Agency)
- Delete your account and all associated data
- Export your data in a portable format (JSON)
- Object to processing or restrict it
- Lodge a complaint with your local data protection authority
- EU/UK: contact your supervisory authority. California: right to know, delete, correct, and opt-out of sale (we don’t sell). India: rights under DPDP Act 2023.
To exercise these rights, email privacy@agencypitch.io. We respond within 30 days.
8. Security
Encryption in transit (TLS 1.3) and at rest (AES-256). Firestore security rules enforce per-agency data isolation. Admin SDK access is server-only. See Security for details.
9. Children
AgencyPitch is a B2B product. We don’t knowingly collect data from anyone under 16. If you believe a child has signed up, contact us and we’ll delete the account.
10. Changes to this policy
We’ll post material changes here and notify active users by email at least 30 days before they take effect.
11. Contact
General privacy: privacy@agencypitch.io
Data Protection Officer: dpo@agencypitch.io
Postal: GrahAI Systems, India (full registered address available on request)
This Privacy Policy provides plain-language summaries. For enterprise customers we offer a separate Data Processing Addendum (DPA) — request via dpa@agencypitch.io.