AgentReadiAgentReadi
Log inGet Started

Privacy Policy

Last updated: 24 February 2025

1. Introduction

AgentReadi ("we", "us", "our") operates the website at agentreadi.com and provides a platform that makes small and medium-sized businesses discoverable and actionable by AI agents. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website, dashboard, APIs, and embed scripts (collectively, the "Service").

By using the Service you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

2.1 Account Data

When you create an account we collect your name, email address, and profile picture. If you sign in with Google, we receive this information from your Google account via OAuth 2.0 using only the default scopes (openid, email, profile).

2.2 Business Data

If you register a business on the platform we collect the information you provide, including business name, description, category, website URL, contact details (phone, email), physical address, and geographic coordinates.

2.3 Service & Action Configuration

We store the services, actions, and integration settings you configure (e.g. webhook URLs, email addresses for action delivery).

2.4 Usage & Analytics Data

We automatically collect standard analytics data when you or an AI agent interacts with the Service, including:

  • IP address and user-agent string
  • Event types (profile views, service queries, action executions, manifest fetches, embed loads)
  • Timestamps and associated metadata

We also use Vercel Analytics to collect aggregated, anonymised website performance metrics.

2.5 AI Agent Submissions

When an AI agent executes an action on behalf of an end user, the payload submitted by the agent is stored alongside a reference to the relevant action, business, and API key.

2.6 Website Scraping During Onboarding

If you choose to use our AI-powered onboarding, we scrape your own publicly available website (identified as AgentReadiBot/1.0) to extract page titles, descriptions, headings, and structured data. This content is sent to our AI provider to pre-fill your business profile. We do not scrape websites you do not own.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Make your business discoverable and actionable by AI agents
  • Deliver action notifications (email, webhook)
  • Send transactional emails (welcome messages, plan notifications)
  • Monitor usage, enforce rate limits, and prevent abuse
  • Improve and develop new features

4. Google User Data

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the data necessary to authenticate you and create your account (email, name, profile picture).
  • We do not sell your Google user data to third parties.
  • We do not use your Google user data for advertising, remarketing, or to build advertising profiles.
  • We do not share your Google user data with data brokers or any party for credit-assessment, lending, or surveillance purposes.
  • Google user data is used solely to provide and improve the user-facing features of the Service.

5. Third-Party Services

We share data with the following third-party processors, solely to operate the Service:

  • Supabase — authentication and database hosting (stores account and business data)
  • Resend — transactional email delivery (receives recipient email addresses and email content)
  • Vercel — application hosting and anonymised web analytics
  • Anthropic (Claude) — AI-powered business data extraction during onboarding (receives scraped website content)
  • Upstash — Redis-based API rate limiting (stores API key identifiers and request counts)

We do not sell or rent your personal data to any third party.

6. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • All connections are encrypted via HTTPS/TLS
  • API keys are stored as irreversible SHA-256 hashes — raw keys are shown once at creation and never stored
  • Database access is restricted via row-level security policies
  • Webhook payloads are signed with HMAC to verify integrity
  • Authentication sessions are managed by Supabase with industry-standard token handling

7. Data Retention

We retain your account and business data for as long as your account is active. Analytics events and action submissions are retained for up to 12 months. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for optional processing

To exercise any of these rights, please contact us at privacy@agentreadi.com.

9. Cookies

We use essential cookies to manage authentication sessions. We do not use advertising or tracking cookies. Vercel Analytics uses privacy-friendly, cookie-free measurement.

10. Children

The Service is not directed at anyone under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or by placing a prominent notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@agentreadi.com.