How It WorksFeaturesPricingBlog
Get Started

Paz.ai Privacy Policy

Last Updated: April 23, 2026

General

AgentPass, Inc., doing business as Paz.ai ("we", "us", "our", "Company", "Paz.ai" or "AgentPass"), is committed to protecting the privacy of our services' end users, business partners and our website's visitors, all as further detailed below. We take several precautions and have implemented certain mechanisms to ensure the protection of Personal Data (as defined below), as well as to comply with applicable privacy and data protection laws.

This Privacy Policy ("Privacy Policy") is an integral part of our Terms of Use and governs the collection, processing, usage and transfer of data by us from:

  • Individuals who access and use our website: https://www.paz.ai (respectively, "Visitor(s)" and "Website");
  • End-users who interact with our Partners' products and services through AI agents and platforms enabled by our Agentic Commerce Platform (respectively, "End-User" and "Platform");
  • Individuals who install and use our browser extensions, including the "Paz.ai - AI Readiness Checker" Chrome extension ("Extension User(s)" and "Extension"); and
  • Our business partners who have been registered to our services through our Website, including any individual on their behalf ("Partner").

All of the above shall be referred to as "you" or "User(s)".

This Privacy Policy explains how you can exercise your rights related to your Personal Data, in accordance with the laws and regulations applicable to you (which may include for example the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA")).

If you are a California resident and the CCPA applies to you, please review our CCPA Privacy Notice to learn more about our privacy practices with respect to the CCPA.

For questions about this Privacy Policy or to exercise your privacy rights, please contact us at: privacy@paz.ai

The Highlights

  • Facilitating AI Commerce: Paz.ai provides a platform that connects our Partners' product catalogs with various AI agents and platforms. When an End-User interacts with a Partner's store via an AI agent (e.g., to search for products, manage a cart, or initiate a checkout), our Services facilitate the transmission of data, including certain End-User Personal Data, directly between the AI agent and the Partner's systems.
  • End-User Personal Data (Pure Pass-Through): Paz.ai operates strictly as a data conduit. We do not store or retain any End-User Personal Data that is transmitted through our platform for these commerce actions. Our processing of such data is strictly limited to the real-time transmission required to connect the AI agent with the Partner's commerce system.
  • Children: Children under the age of 16 (or equivalent minimum age for providing consent) are not permitted to use the Services without parental or legal guardian consent. We do not knowingly collect children's Personal Data.
  • Voluntary Provision: You are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary.
  • User Rights: You may be entitled to request to review, amend, erase, restrict and opt-out from the processing of your Personal Data, in accordance with applicable law.
  • Data Sharing: We share Personal Data with third parties in connection with the provision of the Services, or other limited circumstances as specified herein.
  • Data Security: We implement industry-standard security measures including AES-256 encryption at rest and TLS 1.3 in transit to protect your Personal Data.

What is Personal Data?

"Personal Data" is any information which identifies or can be reasonably used to identify a natural person. Such data includes for example: first and last name, phone number, email address, unique online identifiers, billing information, credit card details, etc.

As opposed to Personal Data, "Non-Personal Data", or anonymized data, is information which does not identify a specific natural person and cannot reasonably be used for such identification. This type of information includes for example aggregate or statistical data, technical information transmitted from your device such as type of browser and operating system, language preference, referring and exit pages and URLs, time and date stamp, amount of time spent on particular page.

We are committed to the principle of data minimization and only collect the minimum Personal Data necessary to provide our Services.

Personal Data Processed By Us

1. Data Related to End-Users (Pure Pass-Through)

Note: Paz.ai acts as a Data Processor on behalf of the Partner. The Partner is the Data Controller. End-Users should refer to the Partner's Privacy Policy for information on how their Personal Data is processed, stored, and managed by the Partner.

2. Authentication & Account Linking

When an End-User interacts with a Partner's store via an AI agent, they may be asked to authenticate or link their account.

  • Pass-Through Authentication: We facilitate the secure transmission of authentication tokens or login requests between the AI agent and the Partner's system using OAuth 2.0 or similar secure protocols.
  • No Credential Storage: We do not store passwords or credentials. Any authentication data is transmitted securely using encrypted channels and is used strictly for linking the user's session to the Partner's store.

3. Data Related to the "Paz.ai - AI Readiness Checker" Chrome Extension

The "Paz.ai - AI Readiness Checker" Chrome extension (the "Extension") lets an Extension User request an AI-readiness audit of a product page they are currently viewing. This section describes the data we collect, handle, store, and share specifically in connection with the Extension, and how Extension Users can delete it.

a. What we collect

The Extension collects data only when the Extension User explicitly clicks the Extension icon and chooses to run an audit. Specifically, we collect:

  • Email address: the Extension User's email address, which they enter in the Extension to receive a one-time verification code and a link to their audit report.
  • Page URL ("Active Tab URL"): the URL of the product page the Extension User is viewing at the moment they initiate an audit. We use this to fetch and analyze the page's publicly available content.
  • Verification code: the one-time code we email the user, which they enter in the Extension to confirm ownership of the email address.
  • Audit results: AI-readiness scores and analysis output generated from the URL (not from the Extension User's personal data).

The Extension does not collect browsing history, passwords, form inputs on third-party sites, cookies, payment information, keystrokes, mouse movements, device identifiers, IP addresses beyond what is inherent to an HTTPS request, or any content from pages that the Extension User has not explicitly chosen to audit. The Extension does not run in the background and does not read pages until the user clicks the Extension icon.

b. How we handle it

  • We use the email address to (i) send the one-time verification code, (ii) deliver the audit report, and (iii) optionally contact the Extension User about their audit or related product updates (which they can unsubscribe from at any time).
  • We use the Active Tab URL to retrieve the publicly available page content and evaluate how AI shopping agents (such as ChatGPT, Google AI, Perplexity, and similar systems) would interpret it. The analysis runs on our servers and on the systems of our LLM sub-processors.
  • We use the verification code solely to confirm email ownership; it expires after a short period and is not reused.

c. Where and how long we store it

  • On the user's device: the Extension stores the Extension User's most recently used email address in chrome.storage.local (a local, browser-managed storage area) as a convenience, so they do not have to re-type it on subsequent audits. This value never leaves the device until the user initiates another audit. It is removed when the Extension User uninstalls the Extension or clears their browser storage.
  • On Paz.ai servers: the email address, audited URLs, and generated audit reports are stored in our audit database, encrypted at rest with AES-256 and in transit with TLS 1.3, and hosted on reputable U.S.-based cloud infrastructure. We retain this data for as long as the Extension User's account is active, and for a limited archival period thereafter (up to 24 months) for quality, security, and legal-compliance purposes. After that period, or upon a valid deletion request (see Section (e) below), the data is deleted or anonymized.

d. Who we share it with

We share Extension User data only as follows:

  • LLM sub-processors that evaluate the audited URL on our behalf (such as OpenAI, Google, and Anthropic). We send the audited URL and page content to these providers strictly to generate the audit; we do not send the Extension User's email address or any other identifier tied to them. Each provider processes the data under their own published terms and privacy policies.
  • Infrastructure sub-processors that host our servers, send transactional email (for the verification code and report delivery), and provide security monitoring. These sub-processors process data on our behalf under written data-processing agreements.
  • Legal / compliance: we may disclose data where required by law, legal process, or to protect the rights, property, or safety of Paz.ai, our users, or the public.

We do not sell Extension User data. We do not share Extension User data with advertising networks, data brokers, or any third party for their own marketing purposes. We do not use Extension User data to train AI or machine-learning models that are not specific to the Extension User's own audits.

e. How Extension Users can access or delete their data

Extension Users can delete the email address stored on their device at any time by clicking "Use a different email" inside the Extension, by uninstalling the Extension, or by clearing browser storage for the Extension.

To request access to, correction of, or deletion of any Extension User data held on Paz.ai servers (including email address, audited URLs, and generated audit reports), please email privacy@paz.ai from the email address associated with the Extension. We will respond within 30 days as described in the "How to Exercise Your Rights" section below.

f. Permissions used by the Extension

  • activeTab - used only when the Extension User clicks the Extension icon, to read the URL and publicly visible content of the active tab for that audit. The Extension does not run on pages the user has not explicitly audited.
  • scripting - used to inject the audit UI and a small detection script into the active tab only at the moment the Extension User initiates an audit.
  • storage - used to remember the Extension User's email address locally on their device, as described in Section (c) above.

The Extension does not request host permissions for any third-party site and does not run content scripts in the background.

How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at: privacy@paz.ai

Please include the following information in your request:

  • Your full name and email address
  • The specific right(s) you wish to exercise
  • Any additional information that will help us identify and locate your data

We will respond to your request within 30 days of receipt, or as otherwise required by applicable law. We reserve the right to verify your identity before processing any request to ensure the security of your Personal Data. We will not discriminate against you for exercising your privacy rights.

Contact Us

For privacy-related questions, concerns, or to exercise your rights:

Mailing Address:
AgentPass, Inc.
Attn: Privacy Officer
65 Annie St
San Francisco, CA 94105
United States

Response Time: We aim to respond to all privacy inquiries within 30 days.

This Privacy Policy was last updated on April 23, 2026