Privacy Policy
Last updated: February 17, 2026
Who we are
AgentLayer ("we," "us," "our") operates the GEO audit service at agent-layer.ai. We help businesses understand how AI search engines see their websites.
Contact: [email protected]
What data we collect
Account information
Your email address, provided when you sign in via magic link or Google sign-in. We do not collect passwords.
If you sign in with Google, we also receive your name, profile picture URL, and Google account identifier from Google's authentication service. This data is used solely to create and maintain your account. Google sign-in is optional; magic link email login is always available.
Scan data
The URLs you submit for scanning, the brand name you provide, and the resulting audit scores and check results. Scans analyze publicly available information on the target URL.
Payment information
Payments are processed by Stripe. We do not store credit card numbers. Stripe handles all payment data under their own privacy policy.
Technical data
Server logs record IP addresses, browser type, and pages visited for security and debugging purposes. We use essential cookies for authentication (session) and security (CSRF protection). We do not use advertising or tracking cookies.
How we use your data
- To provide the GEO audit service: running scans, generating reports, processing payments
- To send transactional emails: magic link sign-in, scan completion notifications, payment receipts
- To improve the service: analyzing aggregate scan data to improve our audit checks
- To protect the service: rate limiting, fraud prevention, security monitoring
We do not sell your data. We do not share your data with third parties for marketing purposes.
Analytics
We use Plausible Analytics, a privacy-focused analytics tool. Plausible does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. All data is aggregated and no individual visitors are tracked.
Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Authentication (optional sign-in) | Email, name, profile picture | |
| Stripe | Payment processing | Email, payment details |
| Amazon SES | Transactional email | Email address |
| Hetzner | Server hosting (US) | Data stored on US servers |
| Plausible | Privacy-focused analytics | No personal data (aggregate only) |
| Sentry | Error monitoring | Error logs, IP address |
Data retention
- Account data: retained while your account is active
- Scan data and reports: retained indefinitely so you can access historical results
- Server logs: retained for 90 days, then deleted
- Payment records: retained as required by tax and financial regulations
Your rights
You can request at any time:
- Access: a copy of all data we hold about you
- Correction: updates to inaccurate data
- Deletion: removal of your account and associated data
- Export: your scan history in CSV format (available from your dashboard)
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Children's privacy
Our service is not directed to children under 16. We do not knowingly collect data from children.
Changes to this policy
We will update this page when our practices change. Material changes will be communicated by email to registered users.