Legal · Effective May 20, 2026 · Last updated May 20, 2026
Privacy Policy
How Agentic-U collects, uses, shares, and protects your personal information — and the rights you have over it.
1. Who we are
"Agentic-U" is an institution operated by Hunter & Thomas, Inc., a Delaware corporation ("we", "us", "our"). The standards Agentic-U accredits against are published by Governable AI, a separately operated standards body. This policy covers personal information processed by agenticu.org, quiz.agenticu.org, and any associated Agentic-U products or services (the "Services").
Contact for privacy matters: legal@agenticu.org. Mailing address available on request via that channel.
2. Scope
This policy applies to personal information of all visitors, prospects, members, and customers worldwide. Where state or country law gives you stronger rights than this policy describes, those rights apply. Specific notices for California, Virginia, Colorado, Connecticut, Utah, the EEA/EU, the UK, and Switzerland are in Section 10.
3. Categories of personal information we collect
We collect the following categories of personal information. We do not sell personal information and we do not share personal information for cross-context behavioral advertising as those terms are defined under California law.
- Identifiers — name, email address, account handle (e.g. your X handle if you DM us), IP address.
- Commercial information — products purchased, tier, transaction amount, refund history. Card numbers are handled directly by Stripe and never touch our servers.
- Internet activity — pages viewed, referring URL, device type, broad geolocation derived from IP (country/region), interactions with the diagnostic.
- Diagnostic responses — the answers you submit to the Spine Pillar Diagnostic and the resulting pillar scores.
- Professional or work-related information — what you tell us about your role, company, or work product in your application, voice memo, or written correspondence.
- Audio, electronic, visual, or similar information — voice memos you send us, screenshots or videos you attach, recordings of council/mastermind sessions you have explicitly consented to.
- Inferences — recommendations drawn from diagnostic responses (which pillar you're leaking on, etc.).
- Sensitive personal information — we do not solicit, and try not to receive, personal information about race, ethnicity, religion, union membership, genetic data, biometric data, health, or sexual orientation. If you volunteer such information in correspondence we treat it as confidential and do not use it for profiling.
4. How we collect it
- Directly from you — when you fill out the diagnostic, email or DM us, purchase a tier, or book a session.
- Automatically — server logs, privacy-respecting analytics (page views and aggregate referrer/device data only; we do not use cross-site tracking pixels).
- From service providers — payment status from Stripe, booking confirmations from Cal.com.
5. Why we process it (purposes & legal bases)
- To provide the Services — deliver your diagnostic result, fulfill purchases, schedule sessions, issue receipts and certificates of work. Legal basis (GDPR): contract.
- To communicate with you — respond to inquiries, send service messages, deliver the dispatch you subscribed to. Legal basis: contract / consent (for marketing communications) / legitimate interest (for service messages).
- To protect the Services — detect fraud, abuse, and unauthorized access; preserve the integrity of receipts and accreditation. Legal basis: legitimate interest.
- To comply with law — respond to lawful subpoenas, court orders, or regulatory requests. Legal basis: legal obligation.
- To improve the Services — analyze aggregate patterns (never individualized profiles) to improve the diagnostic and curriculum. Legal basis: legitimate interest.
6. How we share it (subprocessors)
We share personal information only with the following categories of recipients, all bound by written agreements that prohibit using your data for any purpose other than providing services to us:
- Stripe, Inc. (USA) — payments processing for all paid tiers.
- Cal.com, Inc. (USA) — session scheduling for council, mastermind, and clarity sessions.
- Cloudflare, Inc. (USA) — hosting, edge compute, DDoS protection for agenticu.org and quiz.agenticu.org.
- Email delivery provider — whichever transactional email provider we use at the time (currently Resend, Inc., USA); details on request.
- Legal and regulatory recipients — only when required by valid legal process.
- Successors — in the event of merger, acquisition, or asset transfer of Hunter & Thomas, Inc., subject to this policy.
We do not sell personal information for money or other valuable consideration. We do not share personal information for cross-context behavioral advertising.
7. Receipts wall & certificates of work
Agentic-U issues machine-readable receipts and certificates of work attesting to outcomes you complete inside the curriculum. Items appear on the public receipts wall only with your explicit, prior, written consent, anonymized to a pillar profile and outcome summary, and never including your name, email, or any direct identifier unless you affirmatively request attribution. You may revoke consent at any time by emailing legal@agenticu.org; we will remove the receipt from public surfaces within seven days. The cryptographic record of the receipt itself is preserved for accreditation integrity but is decoupled from your identity upon revocation.
8. Cookies & similar technologies
We use a small number of strictly-necessary cookies (session, CSRF, payment flow) and may use a single first-party analytics cookie for aggregate page-view counts. We do not use third-party advertising cookies or cross-site tracking. You can disable cookies in your browser; the Services will still function with reduced personalization.
9. Retention
- Diagnostic responses & results — retained while your account is active; deleted within 90 days of account deletion request.
- Purchase records — retained for the longer of (a) seven years (US tax law) or (b) the period required by applicable law in your jurisdiction.
- Session recordings — retained only with your prior consent; otherwise deleted within 30 days of the session.
- Server logs — retained for up to 90 days for security and debugging.
- Marketing email lists — retained until you unsubscribe, after which your email is moved to a suppression list to honor your preference.
10. Your rights
10.1 California residents (CCPA / CPRA)
California residents have the right to: (i) know what personal information we collect, use, disclose, and the purposes thereof; (ii) access a copy of the personal information we hold about you; (iii) delete personal information, subject to legal exceptions; (iv) correct inaccurate personal information; (v) opt out of sale or sharing for cross-context behavioral advertising — we do not do either, but the right is preserved; (vi) limit use of sensitive personal information — we do not use sensitive personal information for inferences beyond what is necessary to provide the Services; (vii) non-discrimination — we will not deny service, charge different prices, or provide a different level of quality because you exercised any of these rights; (viii) authorize an agent to exercise rights on your behalf. To exercise any of these rights, email legal@agenticu.org from the address on file or otherwise verify your identity. We will respond within 45 days (extendable once by 45 days with notice).
Shine the Light: California Civil Code § 1798.83 allows California residents to request disclosure of personal information shared with third parties for those parties' direct marketing purposes. We do not share for that purpose.
10.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA)
Residents of Virginia, Colorado, Connecticut, and Utah have the rights to access, correct, delete, obtain a portable copy of, and (where applicable) opt out of targeted advertising, sale, or profiling that produces legal or similarly significant effects. We do not engage in targeted advertising, sale of personal information, or such profiling. Exercise these rights by emailing legal@agenticu.org. If we deny a request, you may appeal by replying to our denial; if your appeal is also denied, Colorado and Connecticut residents may contact their state attorney general.
10.3 EEA / UK / Switzerland (GDPR & UK GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the rights to access, rectify, erase, restrict, port, and object to processing of your personal data, and where processing is based on consent, to withdraw consent at any time without affecting processing already carried out. Where we transfer personal data outside the EEA/UK, we rely on the European Commission's Standard Contractual Clauses or an applicable adequacy decision. You may lodge a complaint with your local supervisory authority. Exercise rights by emailing legal@agenticu.org.
10.4 All other jurisdictions
Wherever you are, you may email us at legal@agenticu.org to request access to, correction of, or deletion of your personal information. We will honor reasonable requests to the extent permitted by law.
11. Children
The Services are not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact legal@agenticu.org and we will delete it promptly.
12. Security
We use industry-standard administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2+) and at rest, least-privilege access, audit logging, and regular review of subprocessor security postures. No system is perfectly secure; if we become aware of a breach affecting your personal information we will notify you and the appropriate regulators as required by applicable law.
13. Do Not Track
Our Services do not respond to Do Not Track signals because no consistent industry standard exists. We do not engage in the third-party tracking those signals were designed to address.
14. Changes to this policy
We may update this policy from time to time. The effective date above tracks the most recent revision. Material changes will be announced to dispatch subscribers and members; non-material changes will be posted here. Continued use of the Services after the effective date constitutes acceptance of the updated policy.
15. Contact
Privacy questions, rights requests, complaints, and authorized-agent requests: legal@agenticu.org. General contact: lab@agenticu.org.