Secret AgentsAI Business Index

Privacy Policy

Effective date: June 2, 2026

This Privacy Policy describes how AI MARKETING SALES LLC ("Secret Agents AI Business Index," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with the Secret Agents AI Business Index website, the business-owner application, and related services (collectively, the "Service").

1. Scope

This Policy applies to information we collect through our public directory, owner dashboard, sign-in flows, transactional emails, and any page that links to this Policy. It does not apply to third-party websites or services that we link to but do not operate.

2. Information We Collect

Information you provide

  • Account information. When you create an account, our authentication provider Clerk collects your email address and any profile details you choose to share (name, profile picture).
  • Business profile content. Information you submit about your business — company name, website, descriptions, contact information, address, services, products, FAQs, case studies, media mentions, logos, and reviews.
  • Communications. Messages you send to support, feedback, and survey responses.

Information collected automatically

  • Device and usage data. IP address, browser type and version, operating system, referrer, language preference, pages viewed, and timestamps.
  • Cookies and similar technologies. See our Cookie & Tracking Disclosure.
  • AI and search crawler logs. Visits from identifiable AI and search crawlers (e.g., GPTBot, ClaudeBot, PerplexityBot, Googlebot, Bingbot) are logged with bot name, requested path, and user-agent string. This data is used to understand which engines are indexing the directory.

Information from third parties

  • Website extraction. When you ask us to import data from your website, we fetch publicly available pages on your site (homepage and a small number of sub-pages) and process the text to suggest profile values.
  • Google Places API. When you ask us to import reviews from a Google Business profile, we query the Google Places API and receive reviewer names, ratings, review text, review timestamps, and a link to the source location.

3. How We Use Information

  • Provide, operate, and maintain the Service.
  • Authenticate accounts and protect against unauthorized access.
  • Display approved business profiles publicly so they can be discovered by humans and by AI answer engines.
  • Generate suggested profile content, summaries, and FAQs using large-language-model providers (see Section 4).
  • Send transactional and account-related communications (e.g., approval notices, security alerts, billing).
  • With your consent or as otherwise permitted by law, send product updates and marketing communications. See our Email Policy.
  • Detect and prevent fraud, spam, abuse, and security incidents.
  • Comply with legal obligations and enforce our agreements.
  • Aggregate or de-identify data for analytics, research, and product improvement.

4. Third-Party Service Providers

We share information with vendors that process data on our behalf, subject to contractual obligations. As of the effective date these include:

  • Clerk — authentication and account management.
  • Convex — application database and backend.
  • Netlify — web hosting and content delivery.
  • OpenAI — large-language-model inference for AI-assisted content generation and website extraction. Inputs may include text you submit and the public content of pages you ask us to process. OpenAI processes data under its own terms and does not, per its API policy as of this Policy's effective date, train its public models on inputs sent through the API.
  • Google (Places API) — review import lookups, when you initiate them.

5. Public Information

Once an administrator approves your business profile, the content of that profile is public. It is indexed by search engines, can be retrieved by AI crawlers, and is included in our sitemap and /llms.txt file. Public profile content includes the business name, descriptions, services, FAQs, reviews, case studies, location, and other fields you choose to include.

6. Legal Bases (EEA/UK)

While the Service is operated in and directed to the United States, where applicable we rely on the following legal bases under EU/UK GDPR: performance of a contract (account features), legitimate interests (operating, securing, and improving the Service), legal obligation, and consent (marketing emails, certain cookies).

7. Sharing & Disclosure

We do not sell personal information. We share information only:

  • with service providers (Section 4);
  • publicly, when you publish profile content;
  • in response to legal process, lawful requests by public authorities, or to protect the rights, property, or safety of users or others;
  • in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the successor to honor this Policy or notify you of any material change.

8. Retention

We retain account and profile information for as long as your account is active or as needed to provide the Service. Logs and aggregated analytics may be retained for a longer period. You may request deletion of your account at any time (Section 10); we may retain residual copies as required by law or to resolve disputes and enforce agreements.

9. Security

We use industry-standard safeguards including encryption in transit (HTTPS), role-based access controls, and provider-side encryption at rest. No system is perfectly secure; we cannot guarantee absolute security and are not responsible for unauthorized access caused by circumstances outside our reasonable control.

10. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal information, and to withdraw consent. To exercise these rights, email us at support@teamsecretagents.com. We will verify your request and respond within applicable statutory timeframes.

California residents. Under the CCPA/CPRA you have additional rights, including the right to know, the right to delete, the right to correct, and the right to opt out of "sharing" for cross-context behavioral advertising (we do not currently share personal information for such purposes).

Other U.S. states. Residents of states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, and others) have similar rights. We honor verifiable consumer requests in accordance with each applicable law.

Do Not Track. Because there is no industry-standard approach to DNT signals, we do not currently respond to them. We do honor Global Privacy Control where required by law.

11. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, contact us so we can delete it.

12. International Users

We operate the Service from the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

13. Changes to This Policy

We may update this Policy from time to time. We will post the updated version on this page and revise the "Effective date" above. Material changes will be communicated by email or in-product notice.

14. Contact

Questions or requests under this Policy may be sent to: support@teamsecretagents.com, or by mail to AI MARKETING SALES LLC, 214 Barley Drive, Dayton, OH 45415, United States.