Privacy and data controls
We minimize personal data, keep scan capabilities private by default, and separate essential processing from optional analytics, dataset reuse, marketing, and card signals.
On this page
Operator and contact
Operator: Operator identity pending confirmation. Privacy contact: privacy@agentify.ad.
Final legal identity, jurisdiction-specific lawful basis, and processor terms are not yet confirmed. This deployment must not receive paid traffic until they are approved.
Data we process
- Submitted and canonical target URL, target host/hash, segment, and scan status.
- Structured check outcomes, score, coverage, rubric version, and coarse fingerprint signals.
- Hashed network rate keys; raw IP addresses are not stored.
- Email and role only when a report registration is submitted; email is encrypted with a separate lookup HMAC.
- Consent snapshots and allowlisted acquisition fields when the relevant implementation is enabled.
Purpose and choices
Essential processing is used to perform the requested scan, prevent abuse, and keep the private result available. Product analytics, ads measurement, dataset reuse, marketing email, and card signal are independent choices. Declining an optional category does not turn it into essential processing.
Processors and optional services
The architecture supports Supabase/Postgres for storage, Resend for transactional email, PostHog for explicit product analytics, Meta Pixel/CAPI for consented ads measurement, Cloudflare Turnstile for abuse challenges, and Stripe for an optional $0 card signal. Provider adapters and destinations are disabled until configured; local success is not evidence of production delivery.
Retention
- Operational logs: 14 days, without email, raw IP, secrets, or full URL query.
- Expired or used verification tokens: the executable retention cleanup removes them after 7 days.
- Unverified email: the same idempotent cleanup irreversibly anonymizes it after 30 days by default.
- Raw analytics events: 13 months.
- Structured scan/check/fingerprint dataset: 24 months, then review or anonymization.
Access, deletion, and correction
Use the data-request route for access, correction, unsubscribe, or verified deletion. Deletion first detaches or cancels the optional card signal and verifies provider state; only then are report sessions and shares revoked and lead, waitlist, analytics-delivery, and owned-scan identifiers removed or irreversibly anonymized. Deidentified score, coverage, check status, and coarse technical metrics may remain under the stated scan-dataset retention, but the original URL, host, access capability, share snapshot, and session join are removed from the retained scan record.