Privacy Policy
Introduction
This Privacy Policy explains how Nomadic Vines Inc., a company incorporated in the State of Wyoming, United States of America, trading as Adgentix ("Adgentix", "we", "us", or "our"), collects, uses, stores, and protects personal data when you visit our website at adgentix.ai (the "Website") or use our services (the "Services").
We are committed to protecting your privacy and handling your personal data with transparency, care, and full compliance with applicable data protection laws, including the General Data Protection Regulation ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the Personal Information Protection and Electronic Documents Act ("PIPEDA"), and other applicable privacy laws.
Please read this Privacy Policy carefully. By using the Website or Services, you acknowledge that you have read and understood this policy.
This Privacy Policy was last updated on May 1, 2026. If we make material changes, we will notify you by email at least 30 days before the changes take effect. Your continued use of the Website or Services after that period constitutes acceptance of the updated policy.
1. Data Controller
1.1 The data controller responsible for your personal data is:
Nomadic Vines Inc. (trading as Adgentix)
State of Incorporation: Wyoming, United States of America
Trading name: Adgentix
Website: adgentix.ai
Privacy contact: privacy@adgentix.ai
1.2 All references to "Adgentix" in this Privacy Policy refer to Nomadic Vines Inc. operating under the Adgentix trading name.
1.3 We do not have a Data Protection Officer (DPO) as we do not meet the thresholds requiring mandatory DPO appointment under GDPR. Privacy enquiries should be directed to privacy@adgentix.ai.
2. EU and UK Representative
2.1 As Adgentix is established outside the European Union and United Kingdom but processes personal data of individuals located in those jurisdictions, we are required under Article 27 of the GDPR and equivalent UK GDPR provisions to appoint a representative within the EU and UK respectively.
2.2 EU Representative. Our designated EU representative for GDPR purposes is:
Carla Silva
Orbitus Agencia
Rua da Banda Marcial de Gueifães, 330 r/c dto., 4470-024, Maia, Portugal
Email: contabilidade@byorbitus.pt
2.3 UK Representative. We are currently in the process of appointing a UK representative. Until such time as a UK representative is formally appointed, enquiries from UK residents may be directed to privacy@adgentix.ai and will be responded to in accordance with UK GDPR timelines.
3. Data We Collect and How We Collect It
3.1 Website Visitors — Automatically Collected Data
When you visit the Website, we automatically collect certain technical data through cookies and similar tracking technologies, subject to your consent preferences:
- IP address (anonymised for EU/UK visitors where applicable)
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referring URL (the page you visited before arriving at adgentix.ai)
- Date and time of visit
- Device type (desktop, mobile, tablet)
This data is collected via Google Analytics 4, Microsoft Clarity, and advertising pixels (Meta, Google Ads, LinkedIn, Microsoft Ads) subject to your cookie consent. See clause 7 for details on our cookie use.
3.2 Data You Provide Directly
We collect personal data that you voluntarily provide when you:
- Complete the sign-up form on the Website (name, business email, company name, website URL, monthly ad spend, advertising objectives, selected plan)
- Submit a below-minimum-spend enquiry form (name, email, current monthly ad spend, message)
- Send an email to any Adgentix email address
- Interact with the AI chat assistant on the Website (conversation content, and email address if provided)
3.3 Client Data — Subscription and Service Delivery
For paying clients, we collect and process additional data necessary to deliver the Services:
- Full name and job title of primary contact
- Business name, registered address, and website
- Billing email address
- Payment card details (processed and stored by Stripe — Adgentix does not store card numbers)
- Ad platform account IDs and access credentials (via platform partner/manager access mechanisms)
- Advertising campaign data, performance data, and audience data from connected platforms
- Client brand guidelines, creative assets, and campaign briefs
- Meeting transcripts and recordings (via Granola — subject to prior notification and consent)
3.4 Data From Third Parties
We may receive data about you from third-party sources in limited circumstances:
- Advertising platforms (Google, Meta, LinkedIn, Microsoft, TikTok) may share aggregated or anonymised audience data as part of delivering the Services for client accounts
- Payment processors may confirm payment status to trigger service workflows
4. How We Use Your Data — Purposes and Legal Basis
The table below sets out each processing activity, its purpose, and the GDPR legal basis we rely on. For non-EU/UK users, we apply the same standards as a matter of principle.
| Processing Activity | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Processing subscription payment and delivering the Services | Fulfilling the contract for paid services | Contract (Art. 6(1)(b)) |
| Sending subscription confirmation, service emails, and reports | Fulfilling the contract and communicating about the Services | Contract (Art. 6(1)(b)) |
| Onboarding communications and questionnaire processing | Fulfilling the contract — required to begin service delivery | Contract (Art. 6(1)(b)) |
| Website analytics via Google Analytics 4 | Understanding how visitors use the Website to improve it | Consent (Art. 6(1)(a)) |
| Session recording and heatmaps via Microsoft Clarity | Identifying usability issues and improving the Website | Consent (Art. 6(1)(a)) |
| Advertising pixels (Meta, Google Ads, LinkedIn, Microsoft Ads) | Measuring ad campaign effectiveness and retargeting Website visitors | Consent (Art. 6(1)(a)) |
| Following up on a sign-up enquiry | Responding to an enquiry you initiated about our commercial services | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing emails to subscribers and enquirers | Communicating service updates, relevant content, and promotions | Consent (Art. 6(1)(a)) / Legitimate interests for existing clients |
| AI chat assistant interactions | Responding to pre-sale enquiries and routing unanswered questions | Legitimate interests (Art. 6(1)(f)) |
| Meeting recordings via Granola | Accurate note-taking and service quality for client calls | Consent (Art. 6(1)(a)) — verbal consent obtained before each recording |
| Keeping financial and accounting records | Compliance with tax and accounting legal obligations | Legal obligation (Art. 6(1)(c)) |
| Anonymised performance data for internal benchmarking | Improving Adgentix's AI systems and service quality | Legitimate interests (Art. 6(1)(f)) — fully anonymised, no individual identified |
| Fraud prevention and security monitoring | Protecting Adgentix and its clients from fraudulent activity | Legitimate interests (Art. 6(1)(f)) |
Legitimate interests note: Where we rely on legitimate interests as our legal basis, we have conducted a balancing test and determined that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests — see clause 11 for how to exercise this right.
5. Data Retention
5.1 Website visitor and non-client data. Data collected from Website visitors who do not become paying clients — including form submissions, enquiry data, and chat interactions — is retained until you request its deletion. You may request deletion at any time by emailing privacy@adgentix.ai.
5.2 Active client data. Personal data and business data collected during an active client engagement is retained for the duration of the engagement and for 36 months following the termination or expiry of the Client Services Agreement. This retention period covers the applicable legal dispute window under Wyoming law and satisfies accounting and tax record-keeping obligations.
5.3 Financial and accounting records. Transaction records, invoice data, and payment history are retained for a minimum of 7 years in accordance with US federal and Wyoming state tax requirements, regardless of the general retention periods above.
5.4 Meeting recordings. Recordings and transcripts produced via Granola are retained for a maximum of 12 months from the date of the recording and deleted thereafter, unless required to be retained for a longer period by applicable law or ongoing legal proceedings.
5.5 Cookie and analytics data. The retention period for data collected via cookies and tracking technologies is set by each respective platform (Google Analytics 4: 14 months default; Microsoft Clarity: 30 days for session recordings; advertising platform pixels: as governed by each platform's data retention policies). You may reset or delete this data at any time by clearing your browser cookies or adjusting your consent preferences.
5.6 Backup data. Copies of data held in system backups may persist for up to 90 days beyond the applicable retention period, after which they are permanently deleted as part of routine backup rotation.
6. Data Sharing and Disclosure
6.1 We do not sell your personal data to third parties. This applies to all categories of personal data collected by Adgentix and satisfies the opt-out requirements of the California Consumer Privacy Act (CCPA/CPRA) and equivalent legislation.
6.2 Service providers and data processors. We share personal data with third-party service providers who process data on our behalf to deliver the Website and Services. All processors are bound by data processing agreements requiring them to process data only on our instructions and in accordance with applicable data protection law. See clause 9 for the full processor list.
6.3 Ad platform data sharing for client services. As part of delivering the Services, we access and process data within client advertising platform accounts (Google Ads, Meta Ads, LinkedIn Ads, Microsoft Ads, TikTok Ads). This data is accessed solely for the purpose of delivering the agreed services and is governed by each platform's terms and the Client Services Agreement.
6.4 Legal requirements. We may disclose personal data where required by applicable law, court order, regulatory authority, or to protect the legal rights of Adgentix or third parties.
6.5 Business transfers. In the event of a merger, acquisition, or sale of substantially all of Adgentix's assets, personal data may be transferred to the acquiring entity. We will notify affected individuals by email in advance of any such transfer, in accordance with the Terms of Service.
7. Cookies and Tracking Technologies
7.1 We use cookies and similar tracking technologies on the Website to operate essential functions, analyse visitor behaviour, and support advertising measurement. We categorise cookies as follows:
| Category | Purpose | Examples | Consent Required? |
|---|---|---|---|
| Essential | Necessary for the Website to function. Cannot be disabled. | Session cookies, Consent preferences, Stripe checkout | No — always active |
| Analytics | Understanding how visitors use the Website. | Google Analytics 4, Microsoft Clarity | Yes — active only after consent |
| Advertising | Measuring ad campaign effectiveness, conversion tracking, and retargeting. | Meta Pixel, Google Ads conversion tag, LinkedIn Insight Tag, Microsoft Ads UET | Yes — active only after consent |
| Functionality | Remembering your preferences to improve your experience. | Cookie consent preferences | No — required for consent management |
7.2 A cookie consent banner is displayed to all visitors on first visit, providing a clear choice to accept or reject non-essential cookies. Non-essential cookies are not placed until explicit consent is given. You may change your cookie preferences at any time via the cookie settings on the Website.
7.3 Google Consent Mode v2. The Website implements Google Consent Mode v2 via our cookie consent solution. When analytics or advertising consent is declined, Google Analytics and Google Ads receive restricted consent signals and use cookieless data collection and conversion modelling. This means Google may still collect anonymised, non-personally identifiable signals even when cookies are rejected, in accordance with Google's Consent Mode policies.
7.4 For more information about the specific cookies used on the Website and their retention periods, see the cookie declaration accessible via the cookie settings on the Website.
8. International Data Transfers
8.1 Adgentix is based in the United States (Lisbon, Portugal operations; Wyoming, USA entity). When you access our Website from the European Union, United Kingdom, Australia, or Canada, your personal data may be transferred to and processed on servers located in the United States.
8.2 The United States does not have the same level of data protection as the EU or UK under GDPR standards. To protect your data during international transfers, we rely on the following safeguards:
- EU-US Data Privacy Framework (DPF). Where our US-based processors are certified under the EU-US Data Privacy Framework, transfers are made in reliance on this framework, which has been recognised by the European Commission as providing adequate protection.
- Standard Contractual Clauses (SCCs). Where processors are not DPF-certified or where transfers require additional protection, we rely on the European Commission's Standard Contractual Clauses (Module 2: Controller to Processor) as the legal mechanism for international transfers.
- UK International Data Transfer Agreements (IDTAs). For transfers to processors from the UK, we rely on the UK Information Commissioner's Office International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs where applicable.
8.3 Specific transfer mechanisms for key processors:
| Processor | Transfer Mechanism | Reference |
|---|---|---|
| Google (GA4, Ads, Workspace) | DPF + SCCs | policies.google.com/privacy/frameworks |
| Meta (Meta Pixel, CAPI) | SCCs | facebook.com/legal/EU_data_transfer_addendum |
| Microsoft (Clarity, Ads, LinkedIn) | DPF + SCCs | microsoft.com/en-us/trust-center/privacy |
| Stripe | DPF + SCCs | stripe.com/en-gb/legal/privacy-center |
| Brevo | SCCs (EU-based servers available) | brevo.com/legal/privacypolicy |
| Make.com | SCCs | make.com/en/privacy-notice |
| Anthropic (Claude API) | SCCs | anthropic.com/privacy |
| Granola | SCCs | [Confirm Granola DPA URL] |
| Kie.ai | SCCs | [Confirm Kie.ai DPA URL] |
9. Data Processors — Full List
The following third-party service providers process personal data on behalf of Adgentix. All are engaged under data processing agreements or equivalent contractual terms.
| Processor | Location | Purpose | Data Processed |
|---|---|---|---|
| Google Analytics 4 | USA | Website analytics | Visitor behaviour, page views, session data |
| Microsoft Clarity | USA | Session recording and heatmaps | Visitor interactions, clicks, scroll depth |
| Meta Pixel | USA | Advertising measurement and retargeting | Website visit data, conversion events |
| Google Ads | USA | Advertising conversion tracking | Conversion events, ad interaction data |
| LinkedIn Insight Tag | USA | Advertising measurement and retargeting | Website visit data, professional profile data |
| Microsoft Ads UET | USA | Advertising conversion tracking | Conversion events, website visit data |
| Stripe | USA | Payment processing and subscription billing | Payment card data, billing details, transaction history |
| Kinsta | USA/Global CDN | Website hosting | All website traffic and server logs |
| Anthropic (Claude API) | USA | AI chat assistant on Website | Visitor chat messages, email if provided |
| Brevo | EU/USA | Email marketing and CRM | Email addresses, names, email engagement data |
| Make.com | USA/EU | Workflow automation | Form data, Stripe webhook data, email triggers |
| Google Workspace / Gmail | USA | Business email and communication | Email correspondence with clients and prospects |
| Granola | USA | Meeting recording and transcription | Audio recordings and transcripts of client calls |
| Xero | New Zealand/USA | Accounting and financial records | Client billing data, transaction records |
| Kie.ai | USA | AI creative content generation | Client brand guidelines and creative briefs |
We periodically review and update our processor list. If we add a new processor that materially affects how your data is used, we will update this Privacy Policy and notify you in accordance with clause 15.
10. Your Rights — General
Subject to applicable law, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@adgentix.ai. We will respond within 30 days of receiving your request. For complex requests, we may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it.
10.1 Right to access. You have the right to request a copy of the personal data we hold about you and information about how we use it.
10.2 Right to rectification. You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
10.3 Right to erasure. You have the right to request deletion of your personal data where we no longer have a lawful basis for processing it, or where you withdraw consent. Note that we may be required to retain certain data to comply with legal obligations (see clause 5.3).
10.4 Right to restriction. You have the right to request that we restrict processing of your personal data in certain circumstances — for example, while a rectification request is being assessed.
10.5 Right to data portability. Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
10.6 Right to object. You have the right to object to processing based on legitimate interests (see clause 4). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
10.7 Right to withdraw consent. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. Cookie consent can be withdrawn via the cookie settings on the Website. Email marketing consent can be withdrawn via the unsubscribe link in any marketing email.
10.8 Right to complain. You have the right to lodge a complaint with a data protection supervisory authority. In the EU, this is the supervisory authority in the member state where you reside, work, or where the alleged infringement occurred. In the UK, this is the Information Commissioner's Office (ico.org.uk). In the USA, complaints may be directed to the Federal Trade Commission (ftc.gov).
11. California Residents — CCPA/CPRA Rights
If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
11.1 Right to know. You have the right to request disclosure of: (a) the categories of personal information collected about you; (b) the specific pieces of personal information collected; (c) the categories of sources from which it was collected; (d) the business purpose for collecting it; and (e) the categories of third parties with whom it is shared.
11.2 Right to delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as information required to complete a transaction or comply with a legal obligation).
11.3 Right to correct. You have the right to request correction of inaccurate personal information.
11.4 Right to opt out of sale or sharing. We do not sell personal information to third parties. We do not share personal information for cross-context behavioural advertising purposes beyond what is disclosed in our cookie and tracking technology disclosures above.
11.5 Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined under the CPRA beyond what is necessary to provide the Services.
11.6 Non-discrimination. We will not discriminate against you for exercising your CCPA/CPRA rights. You will not receive a different level of service or pricing as a result of making a privacy request.
11.7 How to submit a request. California residents may submit privacy requests by emailing privacy@adgentix.ai. We will respond within 45 days. We may extend this period by a further 45 days for complex requests with prior notice.
12. Canadian Residents — PIPEDA Rights
If you are a resident of Canada, your personal information is collected and processed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
12.1 Under PIPEDA, you have the right to: (a) access the personal information we hold about you; (b) challenge the accuracy and completeness of your personal information and have it amended where appropriate; (c) withdraw consent to the collection, use, or disclosure of your personal information, subject to legal and contractual restrictions and reasonable notice.
12.2 Personal information is collected only for the purposes identified in this Privacy Policy and with your knowledge and consent, except where otherwise permitted or required by law.
12.3 We retain personal information only as long as necessary for the identified purposes or as required by law, in accordance with the retention periods in clause 5.
12.4 To exercise your rights under PIPEDA or to submit a privacy complaint, contact us at privacy@adgentix.ai. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca).
13. Data Security
13.1 We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
- Encrypted data transmission via HTTPS/TLS across the Website
- Access controls limiting data access to authorised personnel only
- Use of established, security-certified third-party processors (see clause 9)
- Regular review of access permissions and security practices
- Stripe's PCI DSS-compliant infrastructure for all payment data
13.2 Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.
13.3 Data breach notification. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and in accordance with applicable legal requirements (GDPR: within 72 hours to supervisory authority; CCPA: without unreasonable delay to affected individuals).
14. Links to Third-Party Websites
14.1 The Website may contain links to third-party websites. This Privacy Policy applies only to adgentix.ai. We are not responsible for the privacy practices of any third-party website and encourage you to review the privacy policies of any website you visit.
15. Changes to This Privacy Policy
15.1 We may update this Privacy Policy from time to time. Material changes — those that meaningfully affect your rights or how your data is used — will be communicated to existing subscribers and clients by email at least 30 days before they take effect. A notice will also be published on the Website simultaneously.
15.2 Non-material changes — such as corrections, clarifications, or updates to processor contact details — will be reflected by updating the "Last Updated" date on this document without advance notice.
15.3 The current version of this Privacy Policy is identified by the "Last Updated" date at the top of this document. We recommend reviewing this policy periodically.
16. Governing Law
16.1 This Privacy Policy is governed by the laws of the State of Wyoming, United States of America. Nothing in this clause limits the rights you have under GDPR, UK GDPR, CCPA/CPRA, PIPEDA, or other applicable data protection legislation in your jurisdiction.
16.2 For EU and UK residents, this Privacy Policy is also subject to the requirements of the GDPR and UK GDPR respectively, which take precedence in the event of any conflict with Wyoming state law in matters of data protection.
17. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:
Privacy enquiries: privacy@adgentix.ai
General enquiries: kevin@adgentix.ai
Website: adgentix.ai
EU Representative: Carla Silva, Orbitus Agencia — contabilidade@byorbitus.pt
We aim to respond to all privacy enquiries within 30 days of receipt.