Skip to main content
Submit

Privacy Policy

How AgentsIndex collects, uses, and protects your personal data. Operated from the Netherlands under the EU GDPR.

Last updated: April 18, 2026

This policy explains what personal data AgentsIndex collects when you use agentsindex.ai, why we collect it, and what you can do about it. "We" means AgentsIndex. "You" means anyone who visits the site, submits a listing, or contacts us.

AgentsIndex is run from the Netherlands. We handle personal data under the EU General Data Protection Regulation (GDPR) and Dutch privacy law.

Who is responsible for your data

The data controller is Mathijs Bronsdijk, founder of AgentsIndex. If you have a question about your data, email [email protected].

What data we collect

We collect only what we need to run the service.

  • Account data. When you sign in we store your email and the authentication identifiers from your sign-in method (magic link or OAuth). We do not store passwords.
  • Submitted listing data. When you submit or claim a listing we store what you provide: tool name, URL, description, pricing, and your contact email.
  • Contact data. When you email us or submit a form we keep your message and email address so we can reply.
  • Payment data. Advertising, featured placements, and premium listings go through our payment provider. Card details never hit our servers. We receive a payment confirmation, invoice metadata, and a customer ID.
  • Usage and analytics data. We use Google Analytics 4 and Google Search Console to see pages viewed, referrers, device type, and approximate location derived from IP. IPs are anonymised where the provider supports it.
  • Server logs. Our hosting provider stores standard HTTP request logs (IP, user agent, timestamp, URL) to help with security and debugging.

How we use your data

  • To run the directory, comparisons, and blog.
  • To publish and maintain submitted listings.
  • To answer your emails.
  • To process payments for ads and premium listings.
  • To measure usage and keep the service working.
  • To meet legal obligations (tax, accounting, lawful requests).

Legal bases

Under the GDPR, we rely on one of the following legal bases for each processing activity: performance of a contract (account, listings, payments), legitimate interest (security, analytics, basic site operation), consent (where a cookie requires it), and legal obligation (accounting, regulatory requests).

Cookies and similar technologies

We use a small number of cookies. Necessary cookies handle sign-in and basic site function. Analytics cookies from Google Analytics show us aggregate usage. You can block non-essential cookies in your browser and still use the public parts of the directory.

Third-party services

We share limited data with these processors, only as needed to run the service:

  • Hosting and infrastructure. Cloud providers host the site and database.
  • Authentication provider. Handles sign-in via magic link or OAuth.
  • Payment processor. Processes payments for paid listings and ads.
  • Analytics. Google Analytics 4 and Google Search Console.
  • Email delivery. Sign-in links and submission confirmations.

Each processor operates under its own privacy terms and uses standard safeguards when personal data moves outside the EEA.

How long we keep your data

  • Account data: kept while your account is active, deleted on request.
  • Listing submissions: kept while the listing is published plus a short retention window for audit and to prevent duplicate submissions.
  • Contact emails: up to two years, for follow-up and dispute resolution.
  • Analytics data: aggregated, kept per the provider's defaults.
  • Payment and invoice records: seven years, required by Dutch tax law.

Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (right to be forgotten), subject to legal retention obligations.
  • Restrict or object to certain processing.
  • Export your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise any of these rights, email us at [email protected]. We reply within 30 days.

Data security

We use standard security measures: TLS encryption in transit, access controls on our infrastructure, and least-privilege handling of credentials. No system is fully secure, but we take reasonable steps to protect your data. If a breach affects your personal information, we will notify you promptly.

Children

The service is not for children under 16. We do not knowingly collect data from children. If you believe a child has given us data, email us and we will remove it.

Changes to this policy

We may update this policy when the service, infrastructure, or law changes. Material changes are flagged by updating the date at the top, and where it matters, a notice on the site.

Contact

Questions or complaints: email [email protected].