Skip to content
On this page

Legal

Privacy Policy

Effective date
Effective July 4, 2026
Last updated
Last updated July 4, 2026

This Privacy Policy explains how Agnotiq (Agnotiq, “we”, “us”) collects, uses, shares, and protects personal information in connection with Agnotiq MarginTide Price Checker and our related websites and services (the Service). It works together with our Terms of Service.

We are based in Toronto, Ontario, Canada and serve business customers in Canada and the United States. We designed the Service to keep each customer’s data isolated and to process personal information only as needed to run the Service.

Two roles: controller and processor.

For account, billing, website, and usage information, Agnotiqacts as the controller (in Canada, the organization accountable for the data). For the Customer Data you put into the Service to run pricing checks, we act as a processor / service provider on your behalf and handle it under our Terms of Service (and any data processing terms that apply to your plan).

01Overview & scope

This Policy applies to personal information we handle through our website, sign-up and sign-in flows, dashboards, communications, and support — and to the Customer Data processed through the Service. It does not apply to third-party websites or services we link to or integrate with, which have their own privacy practices (§14).

02The information we collect

Information you provide.

  • Account & contact data — your business email address (used for passwordless sign-in), name, workspace and Organization details, and role.
  • Billing data — subscription tier, billing contact, and payment records. Card details are collected and stored by our payment processor (Stripe), not by us.
  • Support & communications — messages, requests, and feedback you send us.
  • Customer Data — the data you submit to operate the Service, such as product catalogs, competitor URLs, cost and margin inputs, CSV imports, pricing policies, and configuration.

Information collected automatically.

When you use the Service we collect device and connection data (such as IP address, browser type, and approximate region), authentication and security event logs, and usage data (such as pages viewed, features used, and run activity), including through cookies and similar technologies (§5).

Information from third parties.

We may receive information from our service providers — for example, billing and fraud signals from Stripe, email deliverability data, and, if you connect Slack, the workspace and channel information needed to deliver alerts.

When you connect Slack, we also store the access credential — an OAuth bot token that Slack issues to us — so we can post the alerts you configure to your chosen channel. We keep this credential encrypted at rest, use it only to deliver your alerts, and delete it when you disconnect Slack.

03How we use information

We use personal information to:

  • provide, operate, maintain, and secure the Service, including running scheduled and on-demand pricing checks and generating Output, Recommendations, and alerts;
  • authenticate you (via magic-link sign-in), manage workspaces and access, and prevent abuse, fraud, and security incidents;
  • check the domain of your sign-up email against general reference lists of consumer and free email providers and of known disposable or throwaway email domains — to tell business accounts from personal ones, prevent abuse, and administer free-tier eligibility (those reference lists are general information about email domains, not information about you);
  • process payments, manage subscriptions, and provide support;
  • communicate with you about the Service, including transactional messages and (where permitted) product updates you can opt out of;
  • analyze and improve the Service using aggregated or de-identified data; and
  • comply with legal obligations and enforce our Terms.

05Cookies & similar technologies

We use strictly necessary cookies and similar technologies to keep you signed in, remember preferences (such as your light/dark theme), and secure the Service, and we use a limited amount of analytics to understand usage. You can control cookies through your browser settings; disabling strictly necessary cookies may prevent sign-in or break core functionality.

06AI & agentic processing of your data

The Service uses a pipeline of AI agents to do its work: a composing agent plans the research, per-retailer research agents perform web searches to estimate competitor prices, and a quality-grading agent evaluates the results. To run a check, relevant Customer Data (for example, the products and competitor URLs you configured) and web search results are processed by these agents.

  • AI provider. By default, agent inference is performed using Anthropic’s API. We use Anthropic under commercial terms that do not use your inputs or outputs to train models.
  • BYO-key isolation. If you supply your own Anthropic API key, inference for your workspace runs under your own Anthropic account and your agreement with Anthropic; in that case Anthropic’s handling of that content is governed by your agreement, not ours (see Terms §10).
  • Web research. To estimate competitor prices, the agents query third-party search and public web pages. Search queries derived from your configuration are sent to the search provider, and the agents read publicly available page content.
  • Advisory only. AI-generated Output may be inaccurate or incomplete and is for your review; how it may and may not be relied upon is described in the Terms (§4).

07How we share information & our sub-processors

We do not sell personal information, and we do not “share” it for cross-context behavioral advertising. We disclose personal information only as described here: to the sub-processors that help us run the Service, to professional advisors, in connection with legal requirements or a corporate transaction, or with your direction.

Sub-processors we use to operate the Service.

  • Supabase — managed Postgres database, authentication, and realtime; hosts account data and Customer Data, isolated per workspace using row-level security.
  • Anthropic — AI model inference for the agent pipeline (unless you use a BYO Key; see §6).
  • Stripe — payment processing and subscription billing; collects and stores your payment details.
  • Slack — delivery of alerts to your Slack workspace, if you choose to connect it (via OAuth).
  • Resend — delivery of transactional and notification emails (including magic-link sign-in).
  • Vercel — application hosting and content delivery.

We require our sub-processors to protect personal information and to use it only to provide their services to us.

Legal and corporate disclosures.

We may disclose information when we reasonably believe it is required by law or legal process, to protect rights, safety, and the security of the Service, or in connection with a merger, acquisition, financing, or sale of assets (subject to this Policy).

08Data retention

We retain personal information for as long as reasonably necessary to provide the Service, to comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context (for example, account data for the life of your account, and billing records for the period required by tax and accounting law). When information is no longer needed, we delete or de-identify it. Customer Data is handled per your Terms; export anything you need before terminating.

09How we protect information

We use technical and organizational measures designed to protect personal information, including:

  • Tenant isolation — workspace-scoped row-level security enforced at the database, with additional access checks in the application layer;
  • Encryption — data encrypted in transit and at rest by our infrastructure providers;
  • Passwordless authentication — magic-link sign-in; we do not store account passwords, so there is no password database to breach; and
  • Least privilege & logging — restricted access to systems and security event logging.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Because your email inbox is the root credential for sign-in, keeping it secure is an important part of protecting your account.

10International data transfers

We and our sub-processors store and process information in Canada, the United States, and other countries where our infrastructure operates. As a result, your information may be transferred to, and processed in, a country other than your own and may be subject to the laws of those countries, including lawful access by courts, law enforcement, and government authorities. Where required, we use appropriate safeguards for international transfers.

11Your privacy rights & choices

Subject to applicable law, you may have the right to access, correct, update, or delete your personal information, to obtain a copy of it, to withdraw consent, and to opt out of marketing communications. You will not be discriminated against for exercising these rights.

To exercise a right, email privacy@agnotiq.com. We will respond within five (5) business days (or as required by law) and may need to verify your identity. If we process Customer Data on behalf of a customer, we will refer individual requests to that customer (the controller). You may unsubscribe from marketing email using the link in the message; transactional messages (such as sign-in links and billing notices) continue regardless.

12Regional disclosures (Canada / U.S.)

Canada (PIPEDA).

We are accountable for personal information under our control and have designated a contact for privacy matters (reachable at privacy@agnotiq.com). You may request access to, and correction of, your personal information, and may challenge our compliance. As noted in §10, your information may be processed outside Canada and subject to foreign lawful access.

United States (California — CCPA/CPRA, and similar laws).

In the prior 12 months we have collected the following categories of personal information: identifiers (such as email and IP address); commercial information (such as subscription and billing records); internet/network activity (such as usage and log data); geolocation inferred from IP address; and, if you connect Slack, the integration credential described in §2 (the OAuth bot token Slack issues to us). We collect these for the business purposes described in §3, from the sources described in §2, and disclose them to the sub-processors and recipients described in §7.

We do not sell personal information and do not share it for cross-context behavioral advertising, and we do not use or disclose sensitive personal information for purposes that require an opt-out. California residents may exercise rights to know, delete, correct, and to non-discrimination as described in §11. Residents of other U.S. states with comprehensive privacy laws have analogous rights, which we honor where applicable.

13Children’s privacy

The Service is a business tool intended for adults and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact privacy@agnotiq.com and we will take appropriate steps to delete it.

15Changes to this Policy

We may update this Policy from time to time. If we make a material change, we will provide notice by a reasonable means (for example, in-product notice, email, or posting an updated version with a new effective date). The “Last updated” date above reflects the most recent revision; continued use of the Service after a change takes effect means you accept the updated Policy.

16How to contact us

For privacy questions, requests, or security disclosures, contact Agnotiq at privacy@agnotiq.com, or write to us at Toronto, Ontario, Canada. We aim to respond within five (5) business days. For contract questions, see our Terms of Service or email legal@agnotiq.com.