How It WorksFeaturesPricingBlog
Sign in

Paz.ai Privacy Policy

Last Updated: May 2026

General

AgentPass, Inc., doing business as Paz.ai ("we", "us", "our", "Company", "Paz.ai" or "AgentPass"), is committed to protecting the privacy of our Services' end users, our business partners, and our website's visitors, all as further detailed below. We take several precautions and have implemented certain mechanisms to ensure the protection of Personal Data (as defined below), as well as to comply with applicable privacy and data protection laws.

This Privacy Policy ("Privacy Policy") is an integral part of our Terms of Use and governs the collection, processing, usage, and transfer of data by us from:

  • Individuals who access and use our website, https://www.paz.ai (respectively, "Visitor(s)" and "Website");
  • End-users who interact with AI agents and assistants whose results are informed by our Agentic Commerce Platform (respectively, "End-User" and "Platform");
  • Individuals who install and use our browser extensions, including the "Paz.ai - AI Readiness Checker" Chrome extension ("Extension User(s)" and "Extension"); and
  • Our business partners who have registered for our Services through our Website, including any individual acting on their behalf ("Partner").

All of the above shall be referred to as "you" or "User(s)".

This Privacy Policy explains how you can exercise your rights related to your Personal Data, in accordance with the laws and regulations applicable to you (which may include, for example, the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA")). If you are a California resident and the CCPA applies to you, please review our CCPA Privacy Notice to learn more about our privacy practices with respect to the CCPA.

For questions about this Privacy Policy or to exercise your privacy rights, please contact us at: privacy@paz.ai

The Highlights

  • What We Do: Paz.ai is an AI visibility and product-catalog platform. We help our Partners get their products discovered, understood, and recommended by AI shopping agents and assistants. We monitor how Partner products appear across AI shopping experiences, provide catalog optimization and enrichment tools, and distribute enriched product feeds to AI commerce channels.
  • What We Do Not Do: We do not operate a store, host carts or checkout, process payments, or fulfill orders. We do not set prices or provide customer service for purchases. Any purchase an End-User makes happens directly on the Partner's own website or storefront, subject to the Partner's terms and policies.
  • Children: Children under the age of 16 (or the equivalent minimum age for providing consent) are not permitted to use the Services without parental or legal guardian consent. We do not knowingly collect children's Personal Data.
  • Voluntary Provision: You are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary.
  • User Rights: You may be entitled to request to review, amend, erase, restrict, and opt-out from the processing of your Personal Data, in accordance with applicable law.
  • Data Sharing: We share Personal Data with third parties in connection with the provision of the Services, or in other limited circumstances as specified herein.
  • Data Security: We implement industry-standard security measures, including AES-256 encryption at rest and TLS 1.3 in transit, to protect your Personal Data.

What is Personal Data?

"Personal Data" is any information which identifies or can be reasonably used to identify a natural person. Such data includes, for example: first and last name, phone number, email address, and unique online identifiers.

As opposed to Personal Data, "Non-Personal Data", or anonymized data, is information which does not identify a specific natural person and cannot reasonably be used for such identification. This type of information includes, for example, aggregate or statistical data, and technical information transmitted from your device such as type of browser and operating system, language preference, referring and exit pages and URLs, time and date stamp, and amount of time spent on a particular page.

We are committed to the principle of data minimization and only collect the minimum Personal Data necessary to provide our Services.

Personal Data Processed By Us

1. Data Related to End-Users

Paz.ai provides an intelligence and product-data layer that informs how AI agents and assistants present Partner products. We do not require End-Users to create an account with us, and we do not operate the AI agents, assistants, or Partner storefronts through which End-Users discover products. Your use of any third-party AI agent or assistant, and of any Partner website or storefront, is governed by that third party's or Partner's own terms and privacy policies. For information on how a Partner processes your Personal Data, please refer to the Partner's Privacy Policy.

2. Visitors, Partners, and Partner Personnel

In order to provide our Partners with our Services, and upon registration through the console on our Website, we collect information regarding the Partner and personnel acting on its behalf, such as the contact person's full name, email address, country, and account credentials. We process this information:

  • To onboard Partners to our Services and provide AI visibility monitoring, catalog optimization, and product-feed distribution;
  • To identify authorized users who access the Services;
  • To resolve disputes, communicate with you regarding customer service and support, and respond to questions or comments;
  • To send you service-related messages; and
  • To prevent potentially prohibited or illegal activities, fraud, infringements, and other misuses of the Services, to protect the security or integrity of our databases and Services, and to take precautions against legal liability.

3. Demo and Contact

If a prospective Partner or other Visitor is interested in a demonstration of our Services, they can register for a demo through our Website, and we will collect and process the following information: name, email address, and account credentials, for the purpose of providing the demo. If you contact us for customer service, support, or any other inquiry, you will be requested to provide your full name and email address, which we use solely to respond to your inquiry and provide the support or information you requested.

4. Online Identifiers

When you access our Website or interact with our Services, we may collect certain online identifiers (e.g., your IP address). This information may be collected through our use of cookies (see "Cookies & Tracking Technologies" below). We use this information to improve our Website and Services, identify difficulties or failures, and for analysis, statistics, and customization, as well as to prevent fraud and other misuses of the Website and Services.

5. AI Traffic and Conversion-Attribution Pixel

We offer Partners an optional JavaScript pixel that they may install on their own website to measure traffic referred from AI platforms (such as ChatGPT, Perplexity, Google AI, and similar systems) and to attribute commerce events. When a Partner enables the pixel on its website, we may process pseudonymous data about visits to that Partner's website, such as a session identifier, the referring AI source, a user agent string, the type of commerce event (for example, a page view, add-to-cart, or purchase), and, where provided by the Partner, a transaction value, currency, and order identifier. We do not store IP addresses collected through the pixel, and we do not receive payment-card or financial-account information through the pixel. We use this information to provide Partners with traffic and conversion analytics. The Partner is responsible for providing any notice and obtaining any consent required for the use of the pixel on its website.

6. Data Related to the "Paz.ai - AI Readiness Checker" Chrome Extension

The "Paz.ai - AI Readiness Checker" Chrome extension (the "Extension") lets an Extension User request an AI-readiness audit of a product page they are currently viewing. This section describes the data we collect, handle, store, and share specifically in connection with the Extension, and how Extension Users can delete it.

a. What we collect

The Extension collects data only when the Extension User explicitly clicks the Extension icon and chooses to run an audit. Specifically, we collect:

  • Email address: the Extension User's email address, which they enter in the Extension to receive a one-time verification code and a link to their audit report;
  • Page URL ("Active Tab URL"): the URL of the product page the Extension User is viewing at the moment they initiate an audit, used to fetch and analyze the page's publicly available content;
  • Verification code: the one-time code we email the user, which they enter in the Extension to confirm ownership of the email address;
  • Audit results: AI-readiness scores and analysis output generated from the URL (not from the Extension User's personal data).

The Extension does not collect browsing history, passwords, form inputs on third-party sites, cookies, payment information, keystrokes, mouse movements, device identifiers, IP addresses beyond what is inherent to an HTTPS request, or any content from pages that the Extension User has not explicitly chosen to audit. The Extension does not run in the background and does not read pages until the user clicks the Extension icon.

b. How we handle it

We use the email address to (i) send the one-time verification code, (ii) deliver the audit report, and (iii) optionally contact the Extension User about their audit or related product updates (which they can unsubscribe from at any time). We use the Active Tab URL to retrieve the publicly available page content and evaluate how AI shopping agents (such as ChatGPT, Google AI, Perplexity, and similar systems) would interpret it. The analysis runs on our servers and on the systems of our LLM sub-processors. We use the verification code solely to confirm email ownership; it expires after a short period and is not reused.

c. Where and how long we store it

  • On the user's device: the Extension stores the Extension User's most recently used email address in chrome.storage.local (a local, browser-managed storage area) as a convenience, so they do not have to re-type it on subsequent audits. This value never leaves the device until the user initiates another audit. It is removed when the Extension User uninstalls the Extension or clears their browser storage.
  • On Paz.ai servers: the email address, audited URLs, and generated audit reports are stored in our audit database, encrypted at rest with AES-256 and in transit with TLS 1.3, and hosted on reputable U.S.-based cloud infrastructure. We retain this data for as long as the Extension User's account is active, and for a limited archival period thereafter (up to 24 months) for quality, security, and legal-compliance purposes. After that period, or upon a valid deletion request, the data is deleted or anonymized.

d. Who we share it with

We share Extension User data only as follows:

  • LLM sub-processors that evaluate the audited URL on our behalf (such as OpenAI, Google, and Anthropic). We send the audited URL and page content to these providers strictly to generate the audit; we do not send the Extension User's email address or any other identifier tied to them. Each provider processes the data under their own published terms and privacy policies.
  • Infrastructure sub-processors that host our servers, send transactional email (for the verification code and report delivery), and provide security monitoring. These sub-processors process data on our behalf under written data-processing agreements.
  • Legal / compliance: we may disclose data where required by law, legal process, or to protect the rights, property, or safety of Paz.ai, our users, or the public.

We do not sell Extension User data. We do not share Extension User data with advertising networks, data brokers, or any third party for their own marketing purposes. We do not use Extension User data to train AI or machine-learning models that are not specific to the Extension User's own audits.

e. How Extension Users can access or delete their data

Extension Users can delete the email address stored on their device at any time by clicking "Use a different email" inside the Extension, by uninstalling the Extension, or by clearing browser storage for the Extension. To request access to, correction of, or deletion of any Extension User data held on Paz.ai servers (including email address, audited URLs, and generated audit reports), please email privacy@paz.ai from the email address associated with the Extension. We will respond within 30 days as described in "How to Exercise Your Rights" below.

f. Permissions used by the Extension

  • activeTab – used only when the Extension User clicks the Extension icon, to read the URL and publicly visible content of the active tab for that audit. The Extension does not run on pages the user has not explicitly audited.
  • scripting – used to inject the audit UI and a small detection script into the active tab only at the moment the Extension User initiates an audit.
  • storage – used to remember the Extension User's email address locally on their device, as described above.

The Extension does not request host permissions for any third-party site and does not run content scripts in the background.

How We Collect Information

Depending on the nature of your interaction with us, we may collect information from you in one or both of the following ways:

  • Automatically – we may use cookies (as further elaborated below) or other similar tracking technologies to gather some information automatically when you interact with our Website and Services.
  • Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as through the Services, when you register, when you contact us, or when you sign up for our communications.

Your Rights Related to Your Personal Data

Depending on your jurisdiction, data protection and privacy laws provide you with the ability to exercise certain rights regarding your Personal Data that we process. The principal rights include:

  • the right to access your Personal Data;
  • the right to ensure your Personal Data is accurate, complete, and up to date;
  • the right to have your Personal Data amended or otherwise deleted;
  • the right to object to or restrict the processing of your Personal Data;
  • the right to send or "port" your Personal Data;
  • the right to file a complaint with a supervisory authority in your jurisdiction; and
  • the right to withdraw consent, subject to legal or contractual restrictions and reasonable notice.

To exercise any of these rights, please contact us at privacy@paz.ai. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information, in accordance with applicable law.

How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at privacy@paz.ai. Please include the following information in your request:

  • Your full name and email address;
  • The specific right(s) you wish to exercise; and
  • Any additional information that will help us identify and locate your data.

We will respond to your request within 30 days of receipt, or as otherwise required by applicable law. We reserve the right to verify your identity before processing any request to ensure the security of your Personal Data. We will not discriminate against you for exercising your privacy rights.

With Which Third Parties Do We Share Personal Data?

We do not sell your Personal Data. We do not share your Personal Data with third parties except in the following events:

  • Compelled Disclosures – We may share Personal Data where required to comply with a legal requirement, for the administration of justice, to protect the vital interests of a data subject or others, to protect the security or integrity of our databases and Services, and to take precautions against legal liability.
  • Enforcement of Our Rights – To enforce this Privacy Policy and the terms of our agreements (including the Terms of Use), including the investigation of potential violations thereof.
  • Change of Control – In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale), we may share Personal Data with our affiliated companies or acquiring company, which will assume the rights and obligations described in this Privacy Policy.
  • Affiliated Companies – With our parent company, subsidiaries, joint ventures, or other companies under common control with the Company, solely if and when applicable or necessary for the purposes described in this Privacy Policy.
  • Service Providers and Sub-Processors – To collect, hold, or manage your Personal Data through our authorized third-party service providers and to perform certain requested services on our behalf, as reasonable for our business purposes, all of whom we contractually require to comply with applicable data protection laws. Examples of service providers and sub-processors we may use include (without limitation): cloud hosting and infrastructure providers (such as Amazon Web Services and Cloudflare); transactional email providers; product analytics and logging providers; browser-automation providers used to analyze publicly available web pages; subscription billing providers; LLM sub-processors that evaluate audited URLs or product data on our behalf (such as OpenAI, Google, and Anthropic); and security monitoring and marketing partners.
  • Explicit Consent – If you provide us with your explicit approval to share your information prior to the disclosure.

Cookies & Tracking Technologies

We may use cookies and other similar tracking technologies or methods of web analysis to gather, store, and track certain information related to your access of, activity on, and interaction with our Website.

A "cookie" is a small piece of information that a website assigns to your device while you access such website. Cookies may be used for a variety of purposes, including allowing you to navigate between pages efficiently, remembering your preferences, and helping us understand how our Website is used. The third-party cookies and analytics technologies used on our Website include Google Analytics (for analytics, measurement, and performance) and Google Tag Manager. You can review Google's privacy practices at https://policies.google.com/privacy and opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout.

Most browsers will allow you to erase cookies from your device, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies, your online experience may be limited. Where required by applicable law, we will obtain your consent before using non-essential cookies.

Do We Transfer Personal Data Internationally?

In the event that we need to transfer Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Personal Data collected within the European Economic Area ("EEA") and transferred outside of the EEA will be transferred under an applicable mechanism approved by the European Union, such as the Standard Contractual Clauses.

Children

Our Services are not intended for persons under 16 years old, or the equivalent minimum age for providing consent to the processing of Personal Data in the relevant jurisdiction ("Child"). We do not knowingly collect or solicit Personal Data from a Child. If a parent or guardian becomes aware that their Child has provided us with Personal Data without their consent, they should contact us immediately, and we will delete such data from our databases.

Marketing Materials

We may send our Partners, or users who have provided us with their consent, information on new products, features, activities, services, and periodic announcements or newsletters. You may opt out of such communications at any time by either: (i) using the "unsubscribe" feature available within the message; or (ii) sending us an email at privacy@paz.ai.

How Do We Protect Personal Data?

We implement extensive security measures to reduce the risks of damage, loss of information, and unauthorized access or misuse of Personal Data, including AES-256 encryption at rest and TLS 1.3 in transit. We implement appropriate data collection, storage, and processing practices and security tools to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. In the event of a security incident in which we discover that your Personal Data may be at risk, we will take reasonable efforts to notify you and the applicable authority, subject to applicable laws.

Data Retention

Unless you instruct us otherwise, and subject to applicable laws, we retain the Personal Data we collect for as long as needed to provide our Services and to comply with our legal obligations, resolve disputes, and enforce our agreements, if applicable.

Changes to This Privacy Policy

We may, at any time and from time to time, modify this Privacy Policy. Modifications will be posted on the Website and shall be effective as of the date on which they are posted. The last revision date will be reflected in the "Last Updated" heading located at the top of this Privacy Policy. We will make a reasonable effort to notify you in the event that we implement any changes that substantially change our privacy practices. We recommend that you review this Privacy Policy periodically.

Contact Us

For privacy-related questions, concerns, or to exercise your rights:

Mailing Address:
AgentPass, Inc., doing business as Paz.ai
Attn: Privacy Officer
65 Annie St
San Francisco, CA 94105
United States