Privacy

• The URL you submit. We save it to our database so we can show you the result and (if you re-submit later) compare scores over time.
• The score result itself (the 0–100 number, per-dimension scores, page-by-page findings, and your ranked top fixes). We save these so we can render the result page and, if you join the waitlist, link you back to your filed report from the confirmation email.
• Standard request metadata that any web server logs — IP address, user-agent, request time. We keep these for 30 days.

• Cloudflare Turnstile — every score request passes an invisible bot-detection challenge. The challenge token is sent to Cloudflare for verification. Cloudflare receives the token and your IP address per their own privacy policy. We send no persistent identifier of our own to Cloudflare.
• Hashed-IP rate-limit — to enforce per-IP scan limits we SHA-256-hash your IP address with a rotating salt before storing it. We never write your raw IP to our database. The salt can be rotated to invalidate all stored hashes — we rotate it manually if abuse is detected. Stored in rate_limit_events; retention is at most 24 hours (older rows are pruned when our cleanup job runs).
• Daily cost ceiling — we track anonymized scan cost estimates (Firecrawl credits + LLM tokens) to stay within a daily budget. These are bucket totals with no personal data attached. Stored in cost_ceiling_eventsfor approximately 30 days for billing reconciliation; we may keep aggregated totals longer.
• Scan feedback — when you click “Helpful” or “Not helpful” on a scan result, we store the rating together with your scoreId. If you add an optional comment, the comment text is stored as well. No PII is required; whether you include identifying information in a comment is entirely your choice.
• Operational alerts — if daily scanning cost exceeds 80% of the ceiling, the founder ([email protected]) receives an automated email. The alert contains cost figures only — no user data.

• Any data from inside your store. The crawl is read-only and touches only your public pages — the same way Google does. We don’t store the page content.
• Logins, passwords, OAuth tokens. We never ask for them.
• Payment information. The free scorer is free. When we launch the paid tool, payments will be handled by Stripe and we’ll never store card data ourselves.

• Your email address. We use it to send the confirmation, a launch email when the paid tier opens to the public, and (if you opted in via the “Stay ahead of AI commerce” row on your scan page) occasional methodology updates and a monthly merchant report. You can reply “unsubscribe” at any time.
• A link from your email to the URL you scored (so we can tell you your score in the email and link back to your filed report).

We use PostHog for product analytics — page views, score submissions, waitlist signups. PostHog drops one session cookie. We don’t use it for advertising. You can block it without breaking anything on the site.

• Vercel — hosting and edge network
• Supabase — database (Postgres, EU region)
• Firecrawl — the actual crawl when we read your storefront
• PostHog — product analytics
• Resend — sends the waitlist confirmation email
• Anthropic, OpenAI — AI assistants we sometimes query about your category (we never send your data to them)

You can ask us to delete your scored URL, your score history, and your waitlist email at any time. Reply to any agentShelf email or write to [email protected] and we’ll do it within 30 days.

agentShelf is operated by a solo founder out of Israel. Questions, requests, complaints — one address: [email protected].