Agent ReadySign in

Privacy Policy

Last updated: 17 April 2026

This policy explains what personal data agent-ready.dev (“we”, “us”) collects about you, why we collect it, who we share it with, and the rights you have over it. If anything here is unclear, email us at privacy@agent-ready.dev.

1. Who we are

agent-ready.dev is operated as an independent service. The data controller for the purposes of UK GDPR / EU GDPR is the operator of the service, reachable at privacy@agent-ready.dev.

2. What we collect

We collect only what we need to run the service.

  • Account data - your email address, and optionally a name, provided via our authentication provider (Clerk) when you sign up.
  • Billing data - if you subscribe to a paid plan, Stripe handles the card data directly (we never see or store it). We store a Stripe customer identifier and subscription identifier so we can link your account to your subscription.
  • Scan data - the URLs you ask us to scan, the resulting scores and check outputs, and limited snippets of public page content (headings, metadata, canonical URLs). Scans you run while signed in are linked to your account. Anonymous scans are linked to a random share token only.
  • Monitoring data - if you enable monitoring on a domain, we store the root URL, your chosen alert email, and the history of automated scans.
  • Request metadata - your IP address (used transiently for rate-limiting and abuse prevention), and standard request headers. IPs are not stored in long-term logs.
  • Error reports - when the service encounters an unexpected error, we capture the stack trace and request path through Sentry. We configure Sentry to exclude personally-identifying request headers (cookies, auth tokens) and user identifiers.

We do not use tracking cookies or advertising pixels. We do not sell personal data.

3. Why we process it

  • To provide the service - running scans, displaying results, sending regression alerts (legal basis: contract performance).
  • To take payment — managing subscriptions and invoices through Stripe (legal basis: contract performance).
  • To keep the service running safely - rate limiting, blocking abuse, debugging errors (legal basis: legitimate interests in service security and integrity).

4. Who we share it with (sub-processors)

We rely on the following third parties to run the service:

  • Clerk - authentication and account management (email, name).
  • Stripe - payments and subscription billing (card data, email, billing address).
  • Neon - our PostgreSQL database host (account data, scan results, monitoring records).
  • Upstash - our Redis cache (rate-limit counters, scan cache, webhook deduplication).
  • Resend - transactional email delivery for monitoring alerts.
  • Vercel - hosting and edge network.
  • Sentry - error reporting for debugging.

Some of these sub-processors are based outside the UK and EEA. Transfers are covered by the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or equivalent safeguards.

5. How long we keep it

  • Account data - for as long as you have an account. Deleted when you delete your account.
  • Scan results- kept indefinitely so share links remain valid. When you delete your account, scans linked to you are anonymised (not deleted) so previously-shared URLs don’t break for third parties.
  • Monitoring records — deleted when you remove the site or delete your account.
  • Rate-limit counters — maximum 30 days.
  • Billing records— retained by Stripe for the period required by tax law (typically 6–7 years).
  • Error reports — retained by Sentry for up to 90 days.

6. Your rights

Under UK GDPR and EU GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct anything that’s wrong.
  • Delete your account and associated personal data (right to erasure). You can trigger this yourself by deleting your account in Clerk; we automatically receive a deletion event and purge your data.
  • Export your data in a portable format.
  • Object to certain processing (such as regression alerts).
  • Lodge a complaint with your data protection regulator (the UK ICO, or your local EEA regulator).

To exercise any of these rights, email privacy@agent-ready.dev. We aim to respond within 30 days.

7. Cookies

We use a small number of strictly-necessary cookies:

  • Clerk sets session cookies so you stay signed in. These are httpOnly and essential for authentication.
  • Vercel sets a handful of infrastructure cookies (e.g. for sticky routing on preview deployments). These carry no personal data.

We do not use cookies for advertising, analytics, or tracking across sites, so we don’t show a consent banner.

8. Security

We hold traffic to HTTPS, rate-limit abusive activity, hash and isolate authentication credentials via Clerk, and store payment details exclusively inside Stripe. Details of our security posture are available on request for business customers.

9. Changes to this policy

If we change this policy we’ll update the “Last updated” date at the top. For material changes affecting your rights we’ll email account holders.

HomeTerms of Service