Privacy Policy
Last updated: April 13, 2026
1. Who we are
AgileVision Sp. z o.o. ("NoGaps", "we", "us", "our") is a company registered in Poland with its registered office in Krakow, Poland. NoGaps is the knowledge base product operated by AgileVision.
We are the Controller of personal data described in this Privacy Policy, within the meaning of the General Data Protection Regulation (EU) 2016/679 ("GDPR"). For questions about this Privacy Policy or your personal data, contact us at: hello@agilevision.io.
2. Scope
This Privacy Policy explains how we collect, use, and protect personal data when you:
- Visit our website at nogaps.io
- Sign in and use the NoGaps knowledge base platform
- Communicate with us (email, contact forms, sales conversations)
- Receive product or operational communications from us
This Privacy Policy does not cover the processing of data that flows through the NoGaps platform on behalf of our customers (spaces, pages, comments, and team members logged into a customer's workspace). That processing is governed by our Data Processing Agreement.
3. What we collect and why
3.1 Website visitors
We use Plausible Analytics to understand how visitors use our website. Plausible does not use cookies, does not collect personal data, and does not track individual visitors across sessions or sites. All analytics data is aggregated and anonymous. We do not use any other tracking technologies, advertising pixels, or third-party cookies on our website.
Legal basis: Legitimate interest (understanding website usage to improve our service).
3.2 Account holders and platform users
When you sign in to NoGaps or are added to a workspace by your team, we collect:
- Name
- Email address (from your Google account)
- Google account profile picture
- Workspace name and your role per workspace
- Authentication data and session cookies
Purpose: To provide access to the platform, manage your account, authenticate your identity, and communicate with you about the Service.
Legal basis: Performance of a contract (your service agreement with us).
3.3 Sales and operational contacts
When you contact us through email, sales enquiries, or direct communication, we may collect:
- Name
- Email address
- Company name and role
- Communication history and notes
Purpose: To respond to your enquiry and manage the relationship.
Legal basis: Legitimate interest (responding to enquiries, managing business relationships).
3.4 Billing and payment
We collect billing information necessary to process payments:
- Company name and billing address
- VAT number
- Payment method details (processed by Stripe — we do not store full card numbers)
- Invoice history
Purpose: To invoice you, process payments, and comply with tax and accounting obligations.
Legal basis: Performance of a contract and legal obligation (tax/accounting requirements).
3.5 Communications
When you email us or we email you, we process the contents of those communications, including any personal data you include.
Purpose: To provide support, discuss your account, and manage our business relationship.
Legal basis: Performance of a contract and legitimate interest.
4. Who we share your data with
| Recipient | Purpose | Location |
|---|---|---|
| Amazon Web Services, Inc. | Application hosting | EU region — eu-north-1, Stockholm (US entity) |
| Google LLC | Authentication (Google Sign-in / OAuth) | EU region (US entity) |
| Turso (ChiselStrike, Inc.) | Database hosting (libSQL) | EU region (US entity) |
| Stripe, Inc. | Payment processing | EU region (US entity) |
| Cloudflare, Inc. | CDN and DDoS protection for website | Global edge network (US entity) |
| HubSpot, Inc. | CRM and marketing communications | EU region (US entity) |
| Plausible Insights OÜ | Website analytics (no personal data) | Estonia (EU) |
For US-incorporated providers that process data in EU regions, we ensure appropriate safeguards are in place (Standard Contractual Clauses and/or EU-US Data Privacy Framework certification). We do not sell your personal data. We do not share your personal data with advertisers.
5. International transfers
Your personal data is processed within the European Economic Area. Where we use service providers incorporated outside the EEA (see Section 4), we ensure they process data in EU-hosted regions and that appropriate transfer safeguards are in place in accordance with Chapter V of the GDPR.
6. How long we keep your data
| Data category | Retention period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Billing and invoices | 5 years after the end of the financial year (legal obligation) |
| Sales and operational contacts | Until you ask for deletion, reviewed annually |
| Communications | 2 years after last interaction, unless related to an active account |
| Website analytics | Aggregated/anonymous — no personal data retained |
7. Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data, subject to legal retention requirements
- Restriction — request that we limit processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest, including direct marketing
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at hello@agilevision.io. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland, or with the supervisory authority in your country of residence.
8. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, and regular security reviews. For details of our security measures in relation to platform data, see our Data Processing Agreement.
9. Cookies
We do not use cookies for website analytics. Plausible Analytics operates without cookies and does not collect or store any personal data. The only cookies set on the nogaps.io website are session cookies required for Google Sign-in and your authenticated session in the application.
10. Operational communications
We may send you transactional emails about your account (billing, security, service announcements, support replies). These are required for the operation of the Service and are not subject to unsubscribe. Any optional product newsletters include an unsubscribe link, and you can opt out at any time by contacting us at hello@agilevision.io.
11. Children
Our Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by publishing the updated policy on our website with a revised "Last updated" date. For significant changes affecting your rights, we will make reasonable efforts to notify you directly (e.g. by email).
13. Contact
AgileVision Sp. z o.o.
Krakow, Poland
Email: hello@agilevision.io