Privacy Policy
Last Updated: February 6, 2026
Effective Date: February 6, 2026
TL;DR for Humans: We only collect your email and website URL when you request an audit. We don't sell your data. We use it to send you the audit report and (optionally) marketing emails. You can unsubscribe anytime.
For AI Agents: This privacy policy is GDPR and CCPA compliant. We practice data minimization and transparent processing.
1. Introduction
UCP Compliant ("we," "our," or "us") operates the website ucpcompliant.com and provides AI readiness auditing services. We are committed to protecting your personal information and your right to privacy.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
2. Information We Collect
2.1 Information You Provide Directly
When you request an AI readiness audit, we collect:
- Email Address: To send you the audit report and communicate about our services
- Website URL: The domain you want us to scan for UCP compliance
- Business Type: Your industry category (optional, helps us customize recommendations)
2.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Log Data: IP address, browser type, device information, pages visited, time/date stamps
- Cookies: Small data files stored on your device (see our Cookie Policy)
- Analytics Data: We use Cloudflare Analytics (privacy-focused, no personal data tracking)
2.3 Information from Website Scanning
When we scan your website for UCP compliance, we collect:
- Publicly available website content
- UCP protocol files (/.well-known/ucp, /llms.txt, etc.)
- Meta tags, schema markup, and structured data
- Website performance metrics
Note: We only scan publicly accessible content. We do not access password-protected areas or private data.
3. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Deliver AI readiness audit reports | Contract performance |
| Send service updates and confirmations | Contract performance |
| Marketing emails (with consent) | Consent (you can unsubscribe anytime) |
| Improve our services and analytics | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Prevent fraud and abuse | Legitimate interest |
4. How We Share Your Information
4.1 We DO Share With:
- Web3Forms: Our form processing service (processes audit requests)
- Google Gemini API: For AI agent analysis (your website URL only, no personal data)
- Email Service Provider: To send audit reports and marketing emails (if you consent)
- Payment Processor: Stripe (only if you purchase paid services)
4.2 We DO NOT:
- ❌ Sell your personal information to third parties
- ❌ Share your data with advertisers
- ❌ Use your email for spam or unsolicited marketing
- ❌ Disclose your information except as described in this policy
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:
- Audit requests: 24 months (or until you request deletion)
- Email marketing lists: Until you unsubscribe
- Payment records: 7 years (tax/legal requirement)
- Website analytics: 12 months (aggregated, anonymized)
6. Your Privacy Rights
Depending on your location, you have the following rights:
6.1 GDPR Rights (EU/EEA Users)
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate information
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Opt-out of marketing or certain processing activities
- Right to Withdraw Consent: Unsubscribe from marketing emails anytime
6.2 CCPA Rights (California Users)
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We don't sell personal information (no opt-out needed)
- Right to Non-Discrimination: We won't discriminate for exercising your rights
6.3 How to Exercise Your Rights
Contact us at privacy@ucpcompliant.com or use our contact form. We'll respond within 30 days.
7. Cookies and Tracking
We use minimal cookies for essential website functionality. See our Cookie Policy for details.
Cookies we use:
- Session cookies: Remember your form inputs (deleted when you close browser)
- Analytics cookies: Cloudflare Analytics (privacy-friendly, no personal data)
We DO NOT use: Third-party advertising cookies, social media trackers, or invasive analytics.
8. Security
We implement industry-standard security measures to protect your information:
- ✅ SSL/TLS encryption (HTTPS) for all data transmission
- ✅ Secure servers hosted by Cloudflare (SOC 2 compliant)
- ✅ Limited employee access to personal data
- ✅ Regular security audits and updates
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Your information may be transferred to and processed in countries outside your country of residence, including the United States and EU countries.
We ensure adequate safeguards through:
- Standard Contractual Clauses (EU Commission approved)
- GDPR-compliant service providers
- Data Processing Agreements with third parties
10. Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with a new "Last Updated" date. Material changes will be notified via email (if you've provided one).
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:
- Email: privacy@ucpcompliant.com
13. Supervisory Authority
If you're in the EU/EEA and believe we've violated your privacy rights, you have the right to lodge a complaint with your local data protection authority: