Ignite

Privacy Policy

Last Updated: December 7, 2025

At Ignite, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent builder platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.

1. Data Controller Information

Company Name: Ignite

Website: www.ignite.ar

Contact: Please contact the developer through www.ignite.ar

Location: Argentina

2. Information We Collect

Personal Information

We collect information that you provide directly to us when you:

  • Create an account: Name, email address, password (encrypted)
  • Use Google OAuth: Email, name, profile picture from your Google account
  • Subscribe to a plan: Billing information (processed by Stripe)
  • Contact us: Any information you provide in your communications

Usage Data

  • AI agents you create (names, descriptions, system prompts, configurations)
  • Conversations and messages sent through your agents
  • Files you upload (PDFs, DOCX, text files for knowledge bases)
  • API keys you provide (OpenRouter, OpenAI - encrypted before storage)
  • AI models you select for your agents

Technical Information

  • Authentication cookies (HTTP-only, secure)
  • Email verification status
  • Login timestamps and session data
  • IP address (for security purposes)

Payment Information

  • Stripe Customer ID (links your account to Stripe)
  • Subscription tier (Starter or Pro)
  • Subscription status and renewal dates
  • Note: Payment card details are processed and stored exclusively by Stripe. We never see or store your full card number.

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract Performance (GDPR Article 6(1)(b))

Processing necessary to provide our service, manage your account, process payments, and deliver AI agent functionality.

Legitimate Interest (GDPR Article 6(1)(f))

Fraud prevention, security monitoring, service improvement, and platform optimization.

Consent (GDPR Article 6(1)(a))

Marketing communications (if you opt in), analytics cookies, and optional features.

Legal Obligation (GDPR Article 6(1)(c))

Compliance with tax laws, anti-money laundering regulations, and court orders.

4. How We Use Your Data

  • Service Delivery: Create and manage your AI agents, process conversations, store knowledge bases
  • Payment Processing: Manage subscriptions, process payments via Stripe
  • Authentication: Verify your identity, maintain secure sessions
  • Email Communications: Send verification emails, transactional notifications (via Resend)
  • AI Processing: Route your conversations to OpenRouter/OpenAI using your encrypted API keys
  • Security: Detect fraud, prevent abuse, protect against security threats
  • Compliance: Meet legal and regulatory requirements
  • Service Improvement: Analyze usage patterns to improve platform features

5. Third-Party Data Processors

We share your data with the following trusted third parties to operate our service:

Stripe (Payment Processing)

US-based payment processor for subscription billing.

Data Shared: Email, name, Stripe Customer ID, payment information

Purpose: Process payments, manage subscriptions

Privacy Policy: stripe.com/privacy

OpenRouter (AI Model Routing)

AI model API routing service for conversation processing.

Data Shared: Conversation messages, uploaded files, system prompts

Purpose: Process AI requests using your API key

Privacy Policy: openrouter.ai/privacy

Resend (Email Delivery)

Transactional email service for verification and notifications.

Data Shared: Email address, name

Purpose: Send verification emails, transactional notifications

Privacy Policy: resend.com/privacy

Supabase (Database Hosting)

PostgreSQL database hosting for all platform data.

Data Shared: All user data, agents, conversations, files

Purpose: Store and manage platform data

Privacy Policy: supabase.com/privacy

Vercel (Application Hosting)

Platform hosting and content delivery network.

Data Shared: Application data, user requests

Purpose: Host and deliver the Ignite platform

Privacy Policy: vercel.com/privacy

Google (OAuth Authentication)

Optional sign-in via Google account.

Data Shared: Email, name, profile picture (from Google)

Purpose: Provide convenient Google sign-in

Privacy Policy: policies.google.com/privacy

6. International Data Transfers

Ignite is based in Argentina. Your data may be transferred to and processed in countries outside Argentina, including the United States, where our third-party service providers operate.

When we transfer personal data outside Argentina or the European Economic Area (EEA), we ensure adequate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contracts ensuring GDPR-level protection
  • Adequacy Decisions: Transfers to countries deemed adequate by EU Commission
  • Service Provider Commitments: Stripe, Supabase, Vercel provide GDPR-compliant data protection

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

Account Data: Until you request account deletion

Conversation History: Indefinitely, unless you delete an agent or conversation

Verification Tokens: 24 hours (then automatically deleted)

Payment Records: 7 years (tax and accounting requirements)

Session Cookies: 7 days or until logout

Backup Data: 90 days (rolling backups)

Note: When you delete your account, we permanently remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes).

8. Your Privacy Rights

GDPR Rights (EU Users)

If you are located in the European Union, you have the following rights under GDPR:

✓ Right to Access (Article 15)

Request a copy of all personal data we hold about you.

✓ Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data.

✓ Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data (with certain exceptions).

✓ Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format (JSON) and transfer it to another service.

✓ Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

✓ Right to Restrict Processing (Article 18)

Limit how we use your data while we verify your concerns.

✓ Right to Withdraw Consent (Article 7)

Withdraw consent at any time where processing is based on consent.

✓ Right to Lodge a Complaint

File a complaint with your national Data Protection Authority if you believe we've violated GDPR.

Argentina PDPA Rights (Law 25,326)

If you are located in Argentina, you have the following rights:

  • Right to Access: Request information about your personal data held by Ignite
  • Right to Rectification: Update or correct inaccurate personal data
  • Right to Deletion: Request deletion of your personal data
  • Right to Object: Object to certain processing activities
  • Right to File a Complaint: Lodge a complaint with the National Directorate for Personal Data Protection (DNPDP) at www.argentina.gob.ar/aaip

How to Exercise Your Rights

To exercise any of these rights, please contact the developer:

Contact: Please reach out through www.ignite.ar

We will respond to your request within 30 days (GDPR) or 10 business days (Argentina PDPA).

9. Security Measures

We implement industry-standard security measures to protect your personal data:

🔒 Encryption at Rest

AES-256-GCM encryption for API keys and sensitive data

🔐 Encryption in Transit

TLS 1.2+ for all data transmitted between your browser and our servers

🛡️ Password Security

Bcrypt hashing with 12 salt rounds (never stored in plaintext)

🍪 Secure Cookies

HTTP-only, secure, SameSite cookies to prevent XSS/CSRF attacks

✉️ Email Verification

Required before accessing platform features

🔄 Regular Updates

Continuous security patches and dependency updates

Note: While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but we continually work to protect your data.

10. Cookies We Use

Ignite uses cookies to maintain your authenticated session. For detailed information, see our Cookie Policy.

Essential Cookies (Always Active)

auth-token

  • Purpose: Maintains your login session
  • Type: HTTP-only, Secure, SameSite=Lax
  • Duration: 7 days or until logout
  • Why Essential: Required for authentication and platform access

We do not currently use analytics or marketing cookies. If we introduce them in the future, we will update this policy and request your consent.

11. Children's Privacy

Ignite is not intended for use by children under the age of 18. We do not knowingly collect personal data from children under 18.

If you are a parent or guardian and believe your child has provided us with personal data, please contact the developer through www.ignite.ar. We will delete such information from our systems within 30 days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email (to the email address on your account)
  • Provide a prominent notice on the platform

Your continued use of Ignite after changes become effective constitutes acceptance of the revised Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Contact Ignite

Website: www.ignite.ar

Location: Argentina

Please contact the developer through the website. We aim to respond to all inquiries within 30 days (GDPR) or 10 business days (Argentina PDPA).

14. Data Protection Authorities

EU Users

If you are located in the EU and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA). Find your DPA: EDPB Member List

Argentina Users

National Directorate for Personal Data Protection (DNPDP)
Agencia de Acceso a la Información Pública (AAIP)

Website: www.argentina.gob.ar/aaip

By using Ignite, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with this policy, please discontinue use of the platform immediately.