Last updated: February 20, 2026
Privacy is a fundamental right, not a feature. At AI Office, we design our product to collect only the data necessary to provide the service you expect, and nothing more. We believe you should always know what data we collect, why we collect it, and how long we keep it.
AI Office is built and operated by Kurcz Software GmbH, based in Stuttgart, Germany. As a German company, we are directly subject to the General Data Protection Regulation (GDPR) and hold ourselves to the highest standard of data protection.
We organize the data we collect into clear categories, each with a specific legal basis under Article 6(1) of the GDPR.
Legal basis: Contractual necessity
When you create an account, we store your name, email address, and profile image. This information is managed through our authentication provider, Clerk, and synced to our database so we can identify you across sessions and devices.
Legal basis: Contractual necessity
This includes messages you send and receive in conversations with AI agents, files you upload, tasks you create, and the outputs your agents produce. We store this content to provide the core service of AI Office — deploying and interacting with AI agents.
Legal basis: Contractual necessity
When your AI agents send or receive emails, SMS messages, or voice calls, we store the message content, sender/recipient addresses, and delivery status. This data is necessary to provide agent communication features and maintain an audit trail.
Legal basis: Contractual necessity
We store your subscription plan, usage records, and Stripe customer identifiers. Payment methods, card numbers, and billing addresses are handled entirely by Stripe and never touch our servers.
Legal basis: Legitimate interest
We collect a device identifier, operating system, browser type, and device form factor to support multi-device functionality and ensure the app works correctly on your device. On the desktop app, we also track which macOS permissions have been granted so agents can operate within your chosen scope.
Legal basis: Legitimate interest
During onboarding, we collect session data including navigation history, branch choices, and step timings to improve the setup experience. We also track aggregate usage metrics like token consumption, task completion rates, and agent run counts to understand product performance.
Legal basis: Contractual necessity
API keys for third-party AI providers are stored exclusively in your operating system's native keychain (macOS Keychain, Windows Credential Manager). Our database only stores masked references showing the first and last four characters. We never store plaintext API keys on our servers.
Legal basis: Consent
If you opt in to notifications, we store your push subscription tokens, phone number (for SMS notifications), voice call consent flag, and quiet hours preferences. You can withdraw consent and delete this data at any time from your notification settings.
We use your information for the following purposes:
Some things are non-negotiable. We will never:
We work with trusted third-party services to provide specific functionality. Here is exactly what each service sees.
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Clerk | Authentication | Email, name, profile image, login activity | clerk.com/legal/privacy |
| Stripe | Billing | Payment methods, invoices, subscription state | stripe.com/privacy |
| Twilio | SMS & voice | Phone numbers, message content, call metadata | twilio.com/legal/privacy |
| AgentMail | Agent email | Email addresses, message content, attachments | agentmail.to/privacy |
| ElevenLabs | Voice AI | Agent config, voice call audio, transcripts | elevenlabs.io/privacy-policy |
| Anthropic, OpenAI, Google, Mistral | LLM providers | Conversation context (messages, system prompts, tool calls) | Each provider's respective privacy policy |
| Brave Search | Web search tool | Search queries from agents | brave.com/privacy |
| PostHog (EU Cloud) | Product analytics | Product analytics events, session data (consent-required). Hosted in Frankfurt, Germany (EU). See “Analytics & Consent” below. | posthog.com/privacy |
| Vercel | Hosting & analytics | Page views, performance metrics, IP address | vercel.com/legal/privacy-policy |
We use PostHog (hosted in Frankfurt, Germany on AWS eu-central-1) to understand how users interact with AI Office across web and desktop. All analytics require your explicit consent.
Legal basis: Consent (Art. 6(1)(a) GDPR)
No analytics data is collected until you click “Accept” on our consent banner. When you grant analytics consent, we collect product usage events such as pageviews, feature interactions, and aggregate performance metrics. We honor the Do Not Track (DNT) browser setting. Your consent choice is stored locally and synced across devices for authenticated users.
You can manage your preferences granularly through our consent banner:
You can change or withdraw your consent at any time. When you revoke analytics consent, we immediately stop all tracking and reset your session. On the desktop app, the banner refers to “tracking preferences” rather than cookies, since the native app does not use browser cookies.
Your data is stored on Convex, our real-time database provider, which operates servers in the United States. As a German company transferring data to the US, we rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure your data receives adequate protection.
File attachments you upload are stored via Convex's built-in file storage system and served through signed, time-limited URLs.
Some data stays on your device and is never sent to our servers.
We use browser localStorage to store onboarding progress (expires after 24 hours), a stable device identifier, session identifiers, UI preferences like expert mode, flags indicating which API key providers have been configured, and your analytics consent preferences. No actual API keys or passwords are stored in localStorage.
When you use the AI Office desktop app, your API keys and OAuth tokens are stored in your operating system's native keychain — macOS Keychain or Windows Credential Manager. These credentials are encrypted at rest by your OS and never leave your device in plaintext. Our servers only store masked references (first and last four characters) for display purposes.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@aioffice.so. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI).
We keep your personal data for as long as your account is active and you need the service. When you delete your account, we delete your personal data within 30 days. Some anonymized, aggregated analytics data may be retained indefinitely because it cannot be traced back to you.
Communication logs and agent inbox data are retained for the duration of your account to maintain audit trails. You can request deletion of specific conversations or communication records at any time.
AI Office is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@aioffice.so and we will promptly delete it.
We may update this policy from time to time. For material changes, we will notify you by email before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.
Kurcz Software GmbH
Stuttgart, Germany
For privacy-related inquiries: privacy@aioffice.so
For general support: hello@aioffice.so
Your privacy matters to us — genuinely
We're fully GDPR compliant and then some. If you opt in, we'll use anonymous usage data to make AI Office better for everyone. We will never sell your data. Period. And you can change your mind anytime in settings. Read our privacy policy