Privacy Policy

1. Introduction

AgentReady ("we", "us", or "our") provides AI readiness scanning and optimization services at agentready.site (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. By using the Service, you consent to the practices described in this policy. Please also review our Terms of Service.

2. Data We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and profile information provided through our authentication provider, Clerk. We do not store passwords directly -- all authentication is handled securely by Clerk, which may support social logins (Google, GitHub, etc.). We store your Clerk user ID and associated profile data (name, email, avatar URL) in our PostgreSQL database to link your account with your scans, subscriptions, and settings.

2.2 Scan Data

When you scan a website, we collect the URL you submit and crawl publicly available information from that website, including HTML content, structured data (JSON-LD, schema markup), meta tags, Open Graph data, robots.txt directives, llms.txt files, and other publicly accessible elements. We do not access any password-protected or private areas of scanned websites. Scan results -- including AI readiness scores, category breakdowns, identified issues, and generated code snippets -- are stored in our PostgreSQL database and associated with your account.

2.3 Usage and Analytics Data

We automatically collect certain information when you use the Service, including your IP address, browser type, operating system, device type, referring URLs, pages visited, features used, and the dates and times of your visits. We use PostHog for product analytics to understand how users interact with the Service. PostHog may collect anonymized behavioral data such as page views, click events, and session replays. We also use Google Analytics for aggregate traffic measurement.

2.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store, process, or have access to your full credit card numbers, CVV codes, or bank account details on our servers. Stripe provides us with transaction confirmations, subscription status, customer IDs, and basic card metadata (last four digits, card brand, expiration) necessary for displaying billing information in your dashboard.

2.5 Affiliate and Referral Data

If you arrive via an affiliate link, we store a first-party referral attribution cookie (90-day expiry) and record the referring affiliate ID. If you participate in our affiliate program, we collect your payout preferences and track conversions attributed to your referral links.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, and maintain the Service, including processing AI readiness scans, generating reports, and delivering code snippets for deployment
• Manage your account, subscription, and billing through Stripe
• Send transactional emails such as scan results, score change alerts, subscription confirmations, and account notifications
• Monitor website scores over time and provide historical comparisons and competitor analysis
• Improve the Service by analyzing usage patterns, identifying bugs, and developing new features
• Track and attribute affiliate referrals and process affiliate commissions
• Detect, prevent, and address fraud, abuse, and technical issues
• Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share information with the following categories of third parties:

• Authentication (Clerk): Handles user sign-up, login, and session management. Clerk processes your email, name, and authentication credentials.
• Payment Processing (Stripe): Manages subscription billing, payment collection, and invoicing. Stripe processes your payment details under its own privacy policy.
• Hosting and Infrastructure (Vercel, Neon): Our application is hosted on Vercel and our PostgreSQL database is hosted on Neon. These providers may process data as part of delivering the Service.
• AI Analysis (Anthropic, OpenAI): We may send website content (publicly available data from scanned URLs) to AI providers for analysis. No personal account data is sent to these providers.
• Analytics (PostHog, Google Analytics): Anonymized usage data is shared with analytics providers to help us understand how the Service is used.
• Legal Requirements: When required by law, regulation, subpoena, or legal process, or to protect our rights, privacy, safety, or property.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

You can control cookie preferences through your browser settings. Essential cookies cannot be disabled as they are required for the Service to function. Disabling analytics cookies will not affect your ability to use the Service.

6. Your Rights (GDPR)

If you are a resident of the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of all personal data we hold about you, including scan history, account information, and usage data.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data. Upon request, we will delete your account, scan history, and all associated data from our systems.
• Right to Restriction: Request restriction of processing of your data under certain circumstances.
• Right to Data Portability: Request transfer of your data in a structured, machine-readable format (JSON or CSV).
• Right to Object: Object to processing of your data for direct marketing or based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at legal@agentready.site with the subject line "GDPR Request". We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

7. Legal Basis for Processing

Under the GDPR, we process your data based on the following legal grounds:

• Contract Performance: Processing necessary to deliver the Service you signed up for (scanning, scoring, monitoring).
• Legitimate Interests: Analytics, fraud prevention, and Service improvement, balanced against your privacy rights.
• Consent: Where required, such as for non-essential cookies and marketing communications.
• Legal Obligation: Where we are required to process data by applicable law.

8. Data Retention

We retain your data according to the following schedule:

• Account Data: Retained for as long as your account is active, plus 30 days after account deletion to allow recovery.
• Scan Results: Retained to provide historical comparisons, trend monitoring, and score decay tracking. Deleted upon account deletion.
• Billing Records: Retained for the period required by applicable tax and accounting laws (typically 7 years).
• Analytics Data: Anonymized and aggregated data may be retained indefinitely for Service improvement.
• Server Logs: Automatically purged after 90 days.

You may request deletion of your account and all associated data at any time by contacting us at legal@agentready.site.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including: encryption in transit via TLS/SSL on all connections; encrypted PostgreSQL database hosted on Neon with automated backups; authentication via Clerk with industry-standard security practices; Stripe PCI-DSS Level 1 compliance for all payment processing; regular security reviews and dependency updates. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable notification laws.

10. International Data Transfers

Your data may be processed in countries outside of your country of residence, including the United States, where our hosting infrastructure (Vercel, Neon) and service providers (Stripe, Clerk, PostHog) are located. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) where applicable, in compliance with GDPR and other applicable data protection laws.

11. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at legal@agentready.site.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will also send a notification to the email address associated with your account. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us: