Privacy Policy

Last updated: February 24, 2026

1. Introduction & Data Controller

The website amurg.ai and the Amurg Cloud service at hub.amurg.ai are operated by Ciprian Alexandru Grigore, IČO: 17947286, VAT: CZ686180093, with registered address at Jičínská 226/17, Prague 3 – Žižkov, 130 00 Prague 3, Czech Republic, operating under the brand name "Amurg" ("we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-hosted service, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Czech data protection law. If you self-host Amurg, your data stays entirely on your own infrastructure and this policy does not apply to that deployment.

Data Controller: Ciprian Alexandru Grigore (IČO: 17947286), operating as Amurg, is the data controller responsible for your personal data under GDPR Art. 4(7). For data protection inquiries, contact us at [email protected].

2. Information We Collect

Account Information

When you create an account through our authentication provider (Clerk), we collect your name, email address, and profile information from the SSO provider you choose (Google, GitHub, or email/password).

Usage Data

We collect information about how you interact with the service, including session metadata, timestamps, and the endpoints and runtimes you connect.

Chat & Agent Data

When you use Amurg Cloud, messages between you and your agents pass through our hub servers. This includes your prompts, agent responses, file transfers, and any other content exchanged during a session. This data is stored according to your plan's retention period (30 days for Single User, 365 days for Team).

Payment Information

Payments are processed by Stripe. We do not store your credit card number, expiration date, or CVC on our servers. Stripe handles all payment data in accordance with PCI DSS standards. We receive only a token, your billing email, and transaction metadata from Stripe.

Log Data

Our servers automatically collect standard log data including IP addresses, browser type, operating system, referring URLs, and access timestamps.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Amurg Cloud service
  • Authenticate your identity and manage your account
  • Process payments and manage subscriptions
  • Relay messages between your devices and your agent runtimes
  • Send service-related communications (account confirmations, billing notices, security alerts)
  • Monitor service health, debug issues, and improve performance
  • Comply with legal obligations

We do not use your chat or agent data to train machine learning models. We do not sell your personal information to third parties.

4. Data Retention

Chat messages and session data are retained according to your plan: 30 days for Single User, 365 days for Team. After the retention period, messages are permanently deleted. Account information is retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

5. Legal Bases for Processing (GDPR Art. 6)

We process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): Processing your account data, chat data, and payment data is necessary to provide the Service you subscribed to.
  • Legitimate interest (Art. 6(1)(f)): Processing log data and usage data for service health monitoring, security, fraud prevention, and improving the Service. Our legitimate interest does not override your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): Processing required to comply with tax, accounting, or other legal requirements under Czech and EU law.

We do not rely on consent as a legal basis for core processing. Where consent is required (e.g., for optional communications), we will ask for it separately and you may withdraw it at any time.

6. Data Sharing & International Transfers

We share your information only in the following circumstances:

  • Service Providers (Data Processors): We use Clerk (authentication), Stripe (payments), and infrastructure providers to operate the service. These providers act as data processors under GDPR Art. 28 and access only the data necessary to perform their functions under data processing agreements.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

Some of our service providers (Clerk, Stripe) are based in the United States. Transfers of personal data to the US are conducted under the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or other appropriate safeguards as required by GDPR Chapter V. You may request a copy of the relevant safeguards by contacting us.

7. Security

We implement reasonable technical and organizational measures to protect your data. All connections to Amurg Cloud use TLS encryption in transit. Data at rest is stored in managed PostgreSQL databases. Runtime-to-hub connections are authenticated with tokens and do not require inbound ports to be exposed on your machines. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restriction (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by GDPR Art. 12(3). We will not charge a fee for reasonable requests. We may ask you to verify your identity before processing your request.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. The relevant authority in the Czech Republic is:

Úřad pro ochranu osobních údajů (ÚOOÚ)
Office for Personal Data Protection
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
www.uoou.cz

If you reside in another EU/EEA member state, you may also contact your local data protection authority.

9. Cookies

Amurg Cloud uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. Our authentication provider (Clerk) may set cookies necessary for the login flow.

10. Children's Privacy

Amurg is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at [email protected].