Privacy Policy — Daily AI Agents

Effective: 2026-07-07. This page replaces the policy previously published at usedailyai.com/legal/privacy-policy.html (effective April 15, 2026). Contact for anything on this page: [email protected].

"We" is Daily AI Agents LLC, a Texas limited liability company (formed April 2026), operating usedailyai.com. As of the effective date, account access is limited as described in the Security section.

What we collect, and why

What we commit NOT to do

Measurement — exactly what a click logs

When you follow one of our redirect links, we record: timestamp, campaign name, traffic source and medium (from the UTM parameters), a coarse user-agent class (bot / mobile / desktop — not the raw user-agent string), and the referring page truncated to 120 characters. Our redirect-click application does not store your IP address, set any application cookie, or store your email with the click; we configure click records for 90-day automatic expiry and periodically check that the expiry is working. We do not use these click records to build per-person profiles; some fields could in principle be linkable in limited circumstances (e.g. very low-volume traffic), which is why we keep the fields coarse and the retention short. Separately, our hosting provider (Cloudflare) keeps its own standard request logs (IP address, user agent) for security and delivery under its own policy; we do not export those logs into marketing systems.

Retention

Deletion and your rights

Email [email protected] from the address your data is under (or, if you no longer control it, provide enough detail for us to verify the request, e.g. transaction ID or scan request ID). We will:

  1. verify the request came from the data subject,
  2. delete your personal data from our systems within 30 days — this covers scan requests and rendered reports (local files and Cloudflare KV entries), consulting-inquiry records, contact records, click records tied to a token you identify, and our newsletter records; Gmail message copies are deleted from the founder mailbox as part of the same pass,
  3. where a subprocessor holds your data on our behalf, submit the matching deletion there too — Beehiiv for newsletter records, Cloudflare KV for form submissions, SendGrid for notification history, Google for mailbox copies — and confirm each in our reply (Stripe and Gumroad transaction records are excluded: they retain payment records under their own legal obligations),
  4. confirm by reply what was deleted and what was retained.

What may be retained after a deletion request: transaction records we are legally required to keep (excluded from any further use), records Stripe, Gumroad, or Google retain under their own legal obligations (outside our control; see their policies), and backup copies that expire within the 90-day rotation window above.

Subprocessors

These are the third parties that process personal data on our behalf:

SubprocessorWhat it processesWhy
Cloudflare (Pages, Workers, KV)site requests, form submissions, click countshosting and request capture
Google (Gmail)email you send us and reports we send youfounder-operated email
SendGridsignup notification emailstransactional email delivery
Stripepayment and subscription datapayment processing
Gumroaddigital product purchasesproduct delivery and payment
Beehiivnewsletter subscriber listnewsletter delivery

Change control: the founder is the accountable owner of this table. A subprocessor change is made by updating this page (the effective date at the top changes with it). For a new subprocessor that would process free-scan or paid-scan customer data, we email affected scan customers at least 7 days before it starts processing that data; for urgent security-driven replacements (e.g. replacing a compromised provider), protecting the data comes first: the replacement may begin processing immediately and we notify within 7 days after the change, explaining why notice was retroactive.

Security

Scan data and reports are stored on a disk-encrypted, founder-controlled machine and in the Cloudflare services named above. The accounts with access are the founder's own provider accounts and the scan automation's service credentials; both are stored in a commercial password/secrets manager, and provider accounts use multi-factor authentication where the provider supports it. There are no employee or contractor accounts; vendor support staff can only act within their own platforms under the subprocessor policies above, and if helper access is ever added this section and the subprocessor table change first. If we confirm that personal data was accessed or disclosed without authorization, we will notify affected people at the email address we hold for them within 72 hours of confirming the breach, including what was affected and what we did about it, and will make any regulator notifications required by applicable law. Exceptions: where we hold no working contact address, where law enforcement asks us in writing to delay, or where jurisdiction-specific rules require a different sequence — in those cases we notify as soon as those constraints lift.

Scan-specific commitments

Children

Our services are for businesses and are not directed at children under

  1. We do not knowingly collect children's data.

Changes

Changes are posted on this page with a new effective date. "Material changes" means changes to what we collect, retention periods, or the subprocessor list affecting free-scan or paid-tier data. Material changes are emailed to scan customers with a scan request or active subscription in the past 12 months, at least 7 days before they take effect — except urgent legal or security changes, which are notified as soon as practicable.