Privacy Policy
How we handle your data.
LifeAgents is operated by Banja Media (CVR 44233940), a company registered in Denmark. We take your data seriously. This policy explains what we collect, why, where it lives, and the rights you have to control it.
If you have questions or want to exercise any of the rights below, write to frederik@banjamedia.com.
What data we collect
Account information
When you sign in, we receive your email address and basic profile information from your identity provider (Google). We store this so you can log back in and so the system knows who you are.
Profile and agent configuration
During onboarding you tell us things about your life, work, and preferences. This includes your role, communication style, working hours, and agent-specific settings. You enter this voluntarily. You can edit or delete it anytime from your profile page.
Connected service data
If you choose to connect a third-party service (currently Gmail and Google Calendar, with Outlook, WhatsApp and Apple Health coming later), we receive an OAuth access token that lets the LifeAgents agents read and act on data from that service on your behalf. Examples:
- Email subjects, senders, and bodies (for triage and drafting replies)
- Calendar events (for scheduling and briefings)
- Activity data from connected health and messaging services, if you connect them
You can disconnect any integration at any time from Settings → Integrations. Doing so revokes our access immediately.
Usage logs
We log basic usage data: when you log in, which agents you run, how long requests take, and how many tokens an AI call used. This helps us debug, bill correctly, and improve the product. We do not log the contents of your emails, calendars or other connected data outside the active processing window.
Why we process your data
- To run the service you signed up for: triaging your inbox, drafting replies, summarizing your day
- To improve the product for you over time: agents learn from your patterns to get more accurate
- To bill you correctly when you move from early access to paid plans
- To communicate service updates, billing notices, and security-relevant changes
Where your data lives
We use Supabase (EU region) as our database and authentication provider. Files you upload (such as profile pictures) are stored in Supabase Storage in the same region.
OAuth tokens are encrypted at rest using AES-128 (Fernet) before being written to the database. They are decrypted only inside a single backend process when needed to call a third-party API.
Who else sees your data
We use a small number of third parties to run LifeAgents. Each only sees what is strictly necessary:
- Anthropic — when an agent processes your text (an email body, a calendar event, a question you asked), that text is sent to Anthropic's Claude API for the duration of that one call. Anthropic does not train its models on your data per their API terms. We do not have a contract that allows them to retain your data beyond the response window.
- Google (or Microsoft, when Outlook ships) — only as the source of the data you explicitly connected. We do not share data back to them.
- Supabase — as our infrastructure provider. Your data sits in their EU data centers.
- Cloudflare — as our CDN and DNS provider, processing requests in transit.
We do not sell your data. We do not share it with advertisers. We do not use it to train any model.
How long we keep it
- Account data stays as long as your account is active.
- Agent configuration stays as long as your account is active. You can delete it from your profile page anytime.
- OAuth tokens stay until you disconnect the integration or close your account.
- Usage logs are retained for 12 months for debugging and billing reconciliation, then deleted.
- Account closure — you can close your account anytime. All your data is deleted within 30 days, except billing records we are legally required to keep (Danish bookkeeping law: 5 years).
Your rights under GDPR
Since you are processing data in or from the EU, you have the following rights:
- Access — request a copy of all data we hold about you
- Rectification — correct anything that is wrong
- Erasure — request deletion of your data
- Portability — get your data in a machine-readable format
- Objection — object to specific processing
- Restriction — limit how we use your data while a dispute is resolved
- Withdraw consent — for anything you previously opted into
To exercise any of these, write to frederik@banjamedia.com. We respond within 30 days.
If you believe we are mishandling your data, you have the right to complain to the Danish Data Protection Agency (Datatilsynet).
Cookies and analytics
The marketing site (lifeagents.io) uses no cookies and no tracking analytics. The app (app.lifeagents.io) sets a session cookie that keeps you logged in. That's it.
Changes to this policy
If we change this policy materially, we will notify active users by email before the changes take effect. Minor wording updates are made without notification but always dated at the top of this page.
Data controller
Banja Media
CVR 44233940
Havtornvej 15, 2. th, 2640 Hedehusene
Denmark
frederik@banjamedia.com