Privacy Policy

Last updated: April 14, 2026

AgentSurge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.agentsurge.ai or use our services.

1. Information We Collect

Information you provide directly:

• Name, email address, phone number, and business name when you fill out a contact form or book a consultation
• Payment and billing information when you purchase our services
• Any other information you voluntarily share with us

Information collected automatically:

• IP address, browser type, operating system, and device information
• Pages visited, time spent on pages, and referring URLs
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Communicate with you about your account, inquiries, and our services
• Send you marketing communications (with your consent)
• Analyze usage trends to improve our website and offerings
• Comply with legal obligations and protect our rights

3. Sharing of Information

We do not sell your personal information. We may share your information with:

• Service providers who assist us in operating our business (e.g., hosting, payment processing, analytics)
• Legal authorities when required by law or to protect our rights
• Business transfers in connection with a merger, acquisition, or sale of assets

4. Cookies & Tracking

We use cookies and similar technologies to enhance your experience, analyze traffic, and personalize content. You can control cookie preferences through your browser settings. Disabling cookies may affect your ability to use certain features of our site.

5. Customer Data & Data Processing

When our customers ("Clients") use AgentSurge to operate AI agents, those agents may process data belonging to the Client's end users ("Customer Data"). This includes names, email addresses, phone numbers, appointment details, social media handles, and other information provided through the Client's business operations.

• Data processor role: With respect to Customer Data, AgentSurge acts as a data processor on behalf of the Client (the data controller). We process Customer Data only as necessary to provide the services the Client has enabled.
• Tenant isolation: Each Client's data is logically separated and cannot be accessed by other Clients. All database queries are scoped by tenant identifier.
• No cross-client data sharing: Customer Data belonging to one Client is never shared with, visible to, or accessible by another Client.
• Data ownership: Clients own their Customer Data. Upon termination of services, Clients may request export or deletion of their data.

6. Admin Access & Audit Logging

AgentSurge accesses Customer Data only as necessary for support, debugging, or legal compliance. We maintain the following safeguards:

• Audit trail: All administrative access to the platform — including logins, data access, configuration changes, and password events — is recorded in an immutable audit log with timestamp, actor, action, and affected resources.
• Least-privilege access: Administrative access to Customer Data is limited to the platform operator and is not available through normal application flows. There are no bulk data export features or casual browsing of customer records.
• Authentication security: All passwords are hashed using industry-standard algorithms (bcrypt). Login endpoints are rate-limited. New accounts require a mandatory password change on first login.
• Security headers: The platform enforces HTTPS, sets strict security headers (HSTS, X-Frame-Options, Content-Type-Options), and does not allow embedding in third-party frames.

Audit logs are retained indefinitely and are available upon request for legal or compliance inquiries.

7. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Database-level encryption at rest via our hosting provider (Supabase/AWS)
• Rate limiting on authentication endpoints to prevent brute-force attacks
• Regular security audits and code reviews

However, no method of transmission over the Internet is 100% secure.

8. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law. When information is no longer needed, we securely delete or anonymize it. Audit logs are retained indefinitely for compliance purposes.

9. Your Rights

Depending on your location, you may have the right to:

• Access, correct, or delete your personal information
• Opt out of marketing communications at any time
• Request a copy of the data we hold about you
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at the email below.

10. SMS & Text Messaging

Our services may include SMS text messaging for appointment reminders, no-show recovery, rescheduling notifications, and follow-up communications on behalf of our clients' businesses.

• Consent: End users consent to receive text messages when they book an appointment, submit a contact form, or provide their phone number to one of our clients' businesses
• Message frequency: Message frequency varies based on appointment activity (typically 1–3 messages per missed appointment)
• Message and data rates may apply
• Opt-out: Recipients can opt out at any time by replying STOP to any message
• Help: Recipients can reply HELP to any message for support information
• Phone numbers are collected solely for appointment-related communications and are not shared with third parties for marketing purposes
• We use Twilio as our messaging service provider. Messages are sent only to existing customers with a prior business relationship — no cold outreach or unsolicited marketing messages are sent

For questions about our messaging practices, contact us at michael@agentsurge.ai.

11. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any information.

12. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

AgentSurge
Email: michael@agentsurge.ai