m33 AI ← Back to site

Privacy Policy

Last updated: April 27, 2026

Who we are

M33, LLC ("M33 AI," "we," "us") builds custom AI agents for businesses. Our website is m33.io. This policy covers all services we operate, including the AI Opportunity Scan tool at m33.io/agents/audit/.

What we collect

Data Purpose Retention
Email address Deliver your scan report; optional marketing updates 180 days
Website URL you submit Scrape public content to generate the scan 180 days
Free-text business description Provide context for the AI analysis 180 days
Salary tier & tools (optional) Refine ROI calculations 180 days
IP address (hashed) Rate limiting and abuse prevention 180 days
Analytics (GA4) Understand usage patterns 14 months (Google default)

We never store your raw IP address. We store a one-way hash (SHA-256 with a secret salt) that cannot be reversed to recover the original IP.

How we use your data

  • Generate and deliver your AI Opportunity Scan report
  • Send one transactional email with your report link
  • Send occasional marketing updates only if you opt in (checkbox is off by default)
  • Prevent abuse via rate limiting
  • Improve the scan tool based on aggregate usage patterns

AI processing

Your submitted URL and business description are sent to Google's Gemini API (via Vertex AI) to generate the scan. Google processes this data under their Data Processing Addendum. We do not use your data to train AI models. Google's Vertex AI terms prohibit them from using API inputs for model training.

Third-party services

  • Google Vertex AI — generates the scan analysis
  • Google Cloud Firestore — stores scan data (us-central1 region)
  • Resend — sends the completion email
  • Cloudflare Turnstile — bot protection (no tracking cookies)
  • Google Analytics 4 — anonymous usage analytics
  • Fly.io — hosts the API service

We do not sell, rent, or share your personal data with any other third parties.

Cookies

We use only the cookies set by Google Analytics 4 and Cloudflare Turnstile. We do not set any first-party cookies. Turnstile does not use tracking cookies.

Data retention & deletion

Scan records are automatically deleted after 180 days via Firestore's TTL policy. You can delete your scan immediately by clicking the deletion link in your completion email. This permanently removes all data associated with that scan.

To request deletion of all your data, email contact@m33.io with "Data Deletion Request" as the subject.

Your rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Withdraw consent for marketing emails at any time

To exercise any of these rights, email contact@m33.io.

Marketing emails

We only send marketing emails if you explicitly check the opt-in box (default: off). Every marketing email includes an unsubscribe link. You can also email contact@m33.io to unsubscribe.

Security

All data is transmitted over HTTPS/TLS. Data at rest is encrypted by Google Cloud. IP addresses are hashed before storage. API secrets are stored in encrypted secret managers and never exposed in code.

Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the most recent revision. Material changes will be noted on this page.

Contact

M33, LLC
Email: contact@m33.io
Web: m33.io