Security
We read your website. That’s it.
AgencyProof is a reading tool. It fetches the public pages of the site you point it at, the way a browser would, and writes down what it finds. This page is the complete inventory of what that involves.
01What we access
Public pages only.
A scan fetches up to ten key pages of the website you submit — the homepage, the pages it links to, and the paths visitors expect to exist, like /contact and /privacy. Anything a logged-out visitor can see, we can inspect. Anything they can’t, we don’t touch.
There is nothing to install. No snippet, no plugin, no DNS change, no access to your hosting. Paste a URL; that is the entire integration.
02What we store
The findings, and the text they came from.
We keep the parsed text and metadata of the pages we scanned, the issues the inspection produced, the scores, and the report. That record exists so you can compare scans over time and re-open old reports.
It is deletable. Remove a project and its scans, pages, issues, and reports are removed with it. We store no data about your site’s visitors, because we never meet them.
03What we never do
The short list of hard no’s.
The other half of the access log is the half that never prints. Each of these is refused before it can happen — not a policy we promise to follow, a request the scanner simply never makes.
04Infrastructure
Boring on purpose.
AgencyProof runs on Vercel. Data lives in Supabase (Postgres) with row-level security, so every organization’s projects, scans, and reports are isolated at the database layer — not just in application code. Data is encrypted in transit and at rest.
Lead-form submissions are write-only from the public site: the page that collects your email cannot read anyone else’s.
05AI providers
Page content only, and only when you say so.
The AI audit layer reads the same public page text the crawler collected — nothing else. No account data, no email addresses, no scan history leaves our infrastructure.
It also only runs when an AI provider is enabled. In mock mode, nothing is sent to any provider at all: the deterministic checks run, and the judgment layer stays home.
06Responsible disclosure
Found something? Tell us first.
If you find a vulnerability in AgencyProof, we want to hear about it before the internet does.
security@intelliblitz.com
Include what you found and how to reproduce it. We read every report, reply fast, credit researchers who want credit, and never take legal action against good-faith research.