Privacy Policy
Applies to: agentcymarketing.co and any marketing subdomains
Last updated: May 16, 2026
Contact: [email protected]
This policy describes the information Agentcy collects when you visit our marketing website, how we use it, who we share it with, and the choices you have. It applies only to agentcymarketing.co. Data inside the Agentcy application at app.agentcymarketing.co is covered by the App Privacy Policy.
1. Who we are
Agentcy is a service of Agentcy, LLC, a company that builds an AI-powered marketing platform for businesses. We are the controller of the personal data described in this policy.
If you have any questions about this policy or how we handle your data, email [email protected].
2. What we collect
We try to collect as little as possible on the marketing site. There are three buckets.
2.1 Information you give us directly.
When you submit one of our forms (Day Zero waitlist, contact, demo request, etc.) we collect the fields on that form. Today those are:
- Your name
- Work email address
- Business name
- Business website (optional)
- Industry (optional)
- Any free-text you write in a message field
If you subscribe to a newsletter, we collect your email and the fact that you subscribed.
2.2 Information collected automatically.
When you load a page on agentcymarketing.co, our servers and analytics tooling record:
- IP address and approximate city-level location derived from it
- User-agent string (browser and operating system)
- Referring URL (the page that linked you here)
- Pages viewed, time on page, scroll depth
- Click events on key calls-to-action
This is standard web analytics. We use it to understand which pages convert, which messages resonate, and to debug site issues.
2.3 Cookies and similar storage.
We use a small number of first-party cookies for:
- Session continuity (e.g., remembering you’ve dismissed a banner)
- Conversion attribution (linking a form fill back to the page that referred you)
- Analytics
We do not use cross-site advertising trackers, fingerprinting, or session-replay tools. You can clear or block cookies in your browser at any time without losing the ability to use the site.
What we do not collect on the marketing site: government ID numbers, financial account numbers, health or biometric data, precise device location, social-security numbers, or special-category data under GDPR.
3. How we use the information
We use the data above for the following purposes:
- Respond to you. When you submit a form, we use your contact details to follow up — answer questions, send a demo link, add you to an early-access list.
- Send marketing emails you’ve opted into. Newsletters, product updates, occasional announcements. Every email has a one-click unsubscribe.
- Improve the site. Aggregate analytics tells us which content works and where visitors get stuck.
- Detect and prevent abuse. Bot traffic, scraping, fraudulent signups, attempted exploits.
- Comply with law. Respond to subpoenas, court orders, or regulatory requests where legally required.
We do not sell your personal data. We do not rent it to third parties. We do not use it to train AI models.
4. Legal bases (for EU / UK visitors)
If you are in the EU, UK, or another jurisdiction where GDPR-style rules apply, we rely on these legal bases:
| Purpose | Legal basis |
| Responding to a form submission | Performance of pre-contractual steps at your request (GDPR Art. 6(1)(b)) |
| Sending marketing email | Your consent (GDPR Art. 6(1)(a)), withdrawable at any time |
| Site analytics | Our legitimate interest in understanding site performance (GDPR Art. 6(1)(f)), balanced against your privacy |
| Security and fraud prevention | Our legitimate interest in protecting the service (GDPR Art. 6(1)(f)) |
| Legal compliance | Compliance with legal obligations (GDPR Art. 6(1)(c)) |
5. Who we share it with
We share marketing-site data only with the vendors required to run the site, and only to the extent they need it. Each is bound by a data-processing agreement.
| Vendor | What they process |
| Vercel | Site hosting, edge logs |
| Supabase | Form submission storage |
| Resend (or successor email vendor) | Marketing and transactional email sends |
| Our analytics provider | Page analytics |
| Clerk | Authentication where applicable |
6. Cookies in detail
| Cookie category | Purpose | Required? |
| Strictly necessary | Session, security, load balancing | Yes — cannot be disabled |
| Functional | Remembering preferences and dismissed banners | No |
| Analytics | Aggregate page and event analytics | No |
If you are in a jurisdiction that requires opt-in consent for non-essential cookies, we will request that consent via a banner before any non-essential cookies are set.
You can manage cookies from your browser at any time. Doing so will not affect your ability to read the site, though some preferences may not be remembered between visits.
7. Retention
We hold marketing-site data only as long as needed. Defaults:
- Form submissions: 24 months from last contact, then deleted or anonymized.
- Newsletter subscriptions: Until you unsubscribe, plus 30 days on a suppression list.
- Server access logs: 30 days.
- Analytics events: 14 months.
8. Your rights
Depending on where you live, you may have any or all of these rights over your personal data:
- Access — get a copy of what we hold about you.
- Correction — fix anything inaccurate.
- Deletion — ask us to delete it (see the Data Deletion Policy).
- Portability — receive your data in a structured, machine-readable format.
- Object — to processing based on our legitimate interest.
- Restrict — limit how we process your data.
- Withdraw consent — at any time, for processing based on consent.
- Lodge a complaint — with your local data-protection authority.
To exercise any of these, email [email protected] with a description of your request. We respond within 30 days, or sooner if your jurisdiction requires it. We will not charge you for a reasonable request.
California residents (CCPA / CPRA): you have the right to know what categories of personal information we collect, to delete it, to correct it, to opt out of any “sale” or “sharing” (we do not sell or share for cross-context advertising), and to non-discrimination for exercising these rights. Authorized agents may make requests on your behalf with verifiable proof of authority.
9. International data transfers
Agentcy is based in the United States and our infrastructure runs primarily in the US. If you submit data from outside the US, you are transferring it to the US for processing. Where required, we rely on the European Commission’s Standard Contractual Clauses (or equivalent UK/Swiss mechanisms) with our subprocessors to provide an adequate level of protection.
10. Children
The marketing site is not directed at children under 16, and we do not knowingly collect data from them. If you believe a child has submitted personal data through the site, email [email protected] and we will delete it.
11. Security
We use industry-standard safeguards to protect marketing-site data:
- TLS 1.2+ on all connections
- Encrypted storage of form submissions and email addresses
- Role-based access controls on our internal tooling
- Rate limiting and bot protection on forms
No system is perfectly secure. If we ever experience a breach affecting your personal data, we will notify you in accordance with applicable law.
12. Do Not Track and global privacy signals
We honor the Global Privacy Control (GPC) signal. If your browser sends GPC, we treat it as an opt-out of analytics tracking and any future “sale” or “share” as those terms are defined under US state laws.
13. Changes to this policy
We will update the “Last updated” date when this policy materially changes. For significant changes, we will give notice on the site or by email where we have your address. The current version is always at agentcymarketing.co/privacy-policy.
14. Contact
Agentcy, LLC [email protected]
For data-deletion requests specifically, see the Marketing Website Data Deletion Policy.
This document is operational policy, not legal advice. It should be reviewed by your counsel before publication.