Last updated: February 17, 2026
When you create an account, we collect your email address, display name, and company name (optional). Passwords are hashed with Argon2id and never stored in plaintext.
When agents check in via the API, we collect the agent name, description, purpose, and IP address. Agent sessions are logged for rate limiting, abuse prevention, and the live activity ticker.
We crawl publicly available information from submitted websites including HTTP headers, meta tags, API endpoints, and other technical signals. We do not access authenticated or private content.
Payments and certain verification actions are recorded on Base chain (Ethereum L2). Blockchain transactions are public and immutable. Wallet addresses used for payments are visible on-chain. We do not link wallet addresses to email accounts unless you explicitly do so.
We do not sell personal data. We share data only in these cases:
Account data is retained while your account is active. Agent session data is retained for 90 days for analytics, then aggregated and anonymized. Scan results are retained indefinitely as part of the public directory. You may request account deletion by contacting us.
We use Argon2id password hashing, JWT tokens with short expiry (15 minutes), TLS encryption for all traffic, and Cloudflare WAF for DDoS protection. Database access is restricted and queries are compile-time checked to prevent SQL injection.
We use localStorage for JWT tokens (access and refresh). We do not use tracking cookies or third-party analytics. Cloudflare may set security cookies for bot detection.
You may: request a copy of your data, correct inaccurate information, delete your account, or object to data processing. Contact [email protected] for any privacy-related requests.
We may update this policy. Changes are effective upon posting. Material changes will be announced via the changelog.
For privacy questions, contact [email protected].