Data Protection
Inter Agentcy takes data protection seriously. With GDPR as our baseline and enterprise-grade security throughout, your data and your clients' data are protected at every level.
GDPR Baseline
As a European-headquartered platform, Inter Agentcy is fully compliant with the General Data Protection Regulation (GDPR). This applies to all users worldwide, not just those in the EU — meaning everyone benefits from the highest standard of data protection.
- Lawful basis for processing: We process data only with legitimate legal grounds — consent, contract performance, or legitimate interest
- Data minimization: We collect only the data necessary for the platform to function
- Purpose limitation: Data collected for one purpose is not repurposed without consent
- Storage limitation: Data is retained only as long as needed, with clear retention policies
Consent for Player Data
Player data is particularly sensitive in the football agent context. Inter Agentcy implements a robust consent framework:
- Explicit consent: Players must provide clear, affirmative consent before their data is stored or shared on the platform
- Granular permissions: Players control exactly what data is visible — personal details, performance stats, contract information, and medical data each have separate consent toggles
- Consent withdrawal: Players can withdraw consent at any time, and their data will be removed from active use within 30 days
- Minor protection: Enhanced safeguards for players under 18, including parental/guardian consent requirements
Agent Responsibility
Encryption & Security
| Layer | Protection |
|---|---|
| Data in Transit | TLS 1.3 encryption on all connections |
| Data at Rest | AES-256 encryption for all stored data |
| Authentication | Multi-factor authentication (MFA) available for all accounts |
| Access Control | Role-based access control (RBAC) with principle of least privilege |
| API Security | OAuth 2.0 with rate limiting and request signing |
| Infrastructure | Hosted on EU-based cloud infrastructure with SOC 2 compliance |
| Backups | Encrypted daily backups with geographic redundancy |
Data Subject Rights
Under GDPR, all users (and players whose data is on the platform) have the following rights, which Inter Agentcy fully supports:
- Right of Access: Request a copy of all personal data held about you — available via self-service in your account settings
- Right to Rectification: Correct inaccurate data at any time through your profile
- Right to Erasure: Request deletion of your data ("right to be forgotten") — processed within 30 days
- Right to Portability: Export your data in a standard machine-readable format (JSON/CSV)
- Right to Restrict Processing: Temporarily halt processing of your data while a dispute is resolved
- Right to Object: Object to processing based on legitimate interest — we will cease processing unless we demonstrate compelling grounds
Self-Service Data Controls
Security Audits
Inter Agentcy undergoes regular security assessments to ensure the platform remains secure:
- Annual penetration testing: Independent third-party security firms test our infrastructure and application for vulnerabilities
- Continuous monitoring: 24/7 automated security monitoring for anomalous activity
- Vulnerability disclosure program: Responsible disclosure policy for security researchers
- SOC 2 Type II audit: Annual compliance audit covering security, availability, and confidentiality
- GDPR compliance audit: Annual review by external data protection consultants
- Incident response plan: Documented procedures for data breach notification within 72 hours as required by GDPR