Privacy

Privacy at Agentify.

Agentify prepares B2B and commerce companies for AI-agent buyers. To run that business we handle a narrow set of business contact data and outreach evidence. This page is how we describe it in plain language.

Effective 2026-05-19Version 1.0agentify.nexus

This policy is written to be readable. It is not a substitute for the binding legal terms. Where this page says “we” we mean Agentify, the entity operating agentify.nexus.

1. What we collect

We collect three things:

  • Business contact data — name, business email, role, company, public LinkedIn URL, public web presence. Sourced from public B2B directories, lawful enrichment providers, and information you submit yourself.
  • Outreach evidence — the message we sent, when, what you replied (if you did), and what suppression or routing decisions were made afterward. Kept so we can prove a contact did not opt out before, and so we never message someone twice after they ask us to stop.
  • Audit-request submissions — if you fill in the agent-readiness audit form on this site, we keep the fields you entered (company, role, stack snapshot, contact) so we can respond.

We do not run third-party analytics on the marketing site that identify individuals, and we do not use cookies for advertising. Operational logs may include IP address and user agent for security and abuse detection only.

2. Why we have it

Under GDPR Article 6(1)(f) we rely on legitimate interest in business development to contact business roles at companies whose stack we believe we can help with agent-payment readiness. We narrow the field to roles that would plausibly make a buying decision and we maintain suppression lists indefinitely.

Under U.S. law (CAN-SPAM, plus state laws including the CCPA/CPRA in California) we treat business contact data as commercial data, honor opt-outs immediately, and disclose our identity in every outbound message.

3. Who we share it with

  • Email delivery providers — we send through mainstream B2B sending infrastructure under standard data processing agreements. Providers receive the email address and message content needed to deliver.
  • Inbox and CRM — if you reply, the message lands in our shared inbox. If we open an engagement, the contact moves into our CRM.
  • Hosting and database — standard cloud infrastructure providers, U.S. and EU regions, under data processing agreements.
  • Subprocessors required by law — courts, tax authorities, regulators, on production of a lawful request.

We do not sell personal data. We do not share data with advertising networks. The full subprocessor list is available on request to privacy@agentify.nexus.

4. How long we keep it

  • Suppression / opt-out records: indefinitely. We cannot honor a permanent opt-out if we delete the record of it.
  • Outreach evidence (sent messages, replies, routing decisions): 24 months from last activity, then archived in encrypted cold storage for 24 more months for compliance audit, then deleted.
  • Active contact data: 18 months from last confirmed validity. Stale contacts are pruned automatically.
  • Audit form submissions and customer records: for the duration of our working relationship plus 7 years for tax and audit obligations, then deleted.

5. Your rights

You can ask us to:

  • Show you what we hold about you (access).
  • Correct it if it’s wrong (rectification).
  • Delete it (erasure), where retention isn’t required by law.
  • Stop processing it (objection / opt-out).
  • Receive it in a portable format.
  • Suppress an entire domain so no one at that company is contacted again.

Submit any of these via the data-requests page or by email to privacy@agentify.nexus. We respond inside the windows set by your jurisdiction — 30 days (GDPR), 45 days (CCPA), or sooner where reasonable.

6. Unsubscribing

Every outbound message has a one-click unsubscribe link in the footer. Clicking it suppresses your email immediately. You can also unsubscribe a domain or an email manually on the unsubscribe page.

Suppressions are absolute — once an address or domain is on the list, no message from us will ever reach it again unless the holder of that address asks us to remove the suppression.

7. Security

Data is encrypted at rest and in transit. Access is restricted to the smallest set of operators required to run the business. Production credentials are rotated quarterly. Security incidents are disclosed to affected parties within 72 hours of confirmed discovery, in line with GDPR Article 33.

8. International transfers

We operate primarily in the United States. Where data moves from the EU/UK to the U.S., we rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses, whichever applies to the recipient.

9. Children

Agentify is a business-to-business service. We do not knowingly collect data from anyone under 18. If you believe we have, contact privacy@agentify.nexus and we will delete it.

10. Changes to this policy

Material changes are announced at least 30 days before they take effect, at the top of this page. Non-material changes (typos, clarifications) are versioned silently with a new effective date. History is preserved on request.

11. Contact

Privacy questions: privacy@agentify.nexus
Data requests: /data-requests
Stop contact entirely: /unsubscribe