Privacy Policy

Agentlens is analytics for AI-agent traffic, operated by 1Labs AI Studio (One Infinity Labs, Inc.). Our position on privacy is simple and it is also our product pitch: we count visits, not people. This policy explains exactly what we collect, in plain language, because the list is short enough to write that way.

Two roles, two kinds of data

When you install Agentlens on your website, you are the data controller for your site's traffic and we are your data processor — we process measurement data on your instructions and use it only to provide the service. Separately, we are the data controller for your Agentlens account (email, password hash, billing status) and for this marketing site.

What the snippet collects (processor role)

For each pageview on a site you measure, the al.js snippet records:

• The path of the page viewed (e.g. /docs/quickstart) — never query strings containing personal data.
• The referrer hostname (e.g. chatgpt.com) — hostname only, not the full referring URL.
• A user-agent classification — which agent or browser family the visit looks like. Raw user-agent strings from server-side events are truncated and used for classification.
• A salted hash of the IP address, used once to classify the request (verified agent vs likely vs human context) and then discarded. Raw IP addresses are never stored. The salt is per-site, so hashes cannot be correlated across sites.

The snippet — and the server middleware — never collect:

• No cookies, no localStorage, no identifiers of any kind
• No fingerprinting (no canvas, fonts, hardware, or screen probing)
• No names, emails, or form contents
• No cross-site or cross-session tracking — there are no sessions
• No precise location; nothing finer than what an IP classification needs, then the hash is discarded

Human pageviews are kept only as aggregate counts to provide agent-vs-human context. There is no profile of any human visitor anywhere in Agentlens.

What we collect about you (controller role)

• Account: email address, password hash, sites you register and their keys.
• Billing: handled by Polar, our merchant of record. We store your plan and subscription status; Polar holds payment details under its own policy.
• Email: if you enable alerts or weekly reports, we send them via Resend to the address you configure.
• This marketing site: measured with our own cookieless snippet — the same one described above. It sets one cookie total, and only if you dismiss the cookie notice (see the Cookie Policy).

Retention

• Event data: 30 days on the Free plan, 12 months on Pro and Agency.
• Aggregates powering reports survive the raw events.
• Account data: kept while your account is active; deleted within 30 days of account deletion, except records we must keep for tax or legal reasons (held by Polar).

Where data lives and who touches it

Data is processed by a short list of subprocessors — our database, hosting, email, and billing providers. The current list, with regions, is maintained at DPA & Subprocessors. We do not sell data, we do not share it with advertisers, and we do not use your traffic data to train models.

Your rights

If you are in the EEA, UK, or a jurisdiction with similar rights, you can request access, correction, export, or deletion of your account data by emailing privacy@agentlens.1labs.ai. For traffic data on a customer's site, contact that site's owner — we act on their instructions — though in practice the data contains nothing that identifies you.

Changes

If we change this policy, we update the effective date above and note material changes in the product changelog and by email for material reductions in protection. We will not quietly broaden what we collect.

Contact

privacy@agentlens.1labs.ai · Contact page