AutomateIndex

Privacy for monitor-first AI visibility.

Last updated: 22 April 2026. AutomateIndex is designed to start with public scans, verified ownership, and minimal event data before any stricter policy or paid access path is enabled.

Who is responsible

AutomateIndex is the platform provider. Final legal entity and registered address details will be inserted before public launch. Privacy contact: privacy@automateindex.com.

For account, billing, website, and support data, AutomateIndex acts as controller. For crawler event data collected for a publisher site, the publisher is usually the controller and AutomateIndex acts as processor unless agreed otherwise.

Data we process

  • Account and workspace data: Email, name, workspace role, site domains, platform choices, and support messages.
  • Audit data: Domain, public policy files checked, audit score, recommendations, and submitted lead details.
  • Crawler event data: Request path, user agent, bot classification, timestamp, action taken, status code, country if available, and IP hash.
  • Payment metadata: AgentToll request path, price, currency, network, payment reference, verification status, and transaction signature if used.
  • Technical logs: Security, uptime, abuse prevention, error, and diagnostic logs needed to operate the service.

Why we process data

  • Contract: To provide audits, dashboards, integrations, generated files, and paid agent access features.
  • Legitimate interests: To secure the platform, detect abuse, improve reliability, and understand AI crawler activity.
  • Consent: For optional communications or non-essential cookies if those are added later.
  • Legal obligation: For tax, accounting, compliance, or lawful requests where applicable.

Retention

We keep account and workspace records while an account is active. Crawler events are retained based on plan limits and pilot needs. Security logs are kept only as long as reasonably necessary for safety, troubleshooting, and compliance.

Cookies

The MVP should use only essential cookies or local storage required to operate the product. If analytics, advertising, or non-essential tracking is added later, AutomateIndex should add a consent flow before enabling it for EU visitors.

Your EU privacy rights

  • Access the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to delete data when the law allows it.
  • Ask us to restrict or object to certain processing.
  • Ask for portability of data you provided to us.
  • Withdraw consent where processing is based on consent.
  • Complain to your local EU/EEA data protection authority.

To exercise rights, contact privacy@automateindex.com. We may need to verify your identity before responding.

Security

AutomateIndex hashes IP addresses where possible, signs event ingestion, avoids storing raw IPs by default, and separates monitor-only collection from enforcement. No system is perfectly secure, but the product is designed to minimize unnecessary data.

International transfers

Some infrastructure providers may process data outside the EU/EEA. Before production launch, AutomateIndex should document subprocessors and use appropriate safeguards such as standard contractual clauses where required.