Knov.ai

Legal

Privacy Policy

How Knov.ai collects, uses, and shares information when you use this site and its tools.

Effective: June 8, 2026

Overview

Knov.ai maintains the Open Agent Readiness Standard (OARS), runs a free assessment tool, an oars.json generator, a verified-entity directory, and an MCP server. This policy explains what we collect across those services and your choices.

What we collect

  • URLs and site content you submit. When you use the assessment, generator, or verification tools, we fetch the URL you provide and analyze its public content to score it against OARS.
  • Assessed-domain records. We record the domains run through our tools, their assessment results, and the date and metadata of the request. A domain assessed through the public tool may be retained as a prospect record even when you provide no contact details.
  • Contact information. When you request verification or otherwise contact us, we collect the name, email address, and any message you provide.
  • Contact lookups. For assessed domains, we may use a third-party service to find a publicly available business contact email associated with that domain.
  • Account information. Staff accounts store a name, email, role, and a hashed password.
  • Technical data. Server logs, session cookies, IP address, and user-agent string, kept for security, rate limiting, and diagnostics.

How we use information

  • To run assessments, generate manifests, and verify and list entities in the directory.
  • To operate, secure, and improve the service, including rate limiting and abuse prevention.
  • To contact businesses about their OARS readiness, verification, and directory listing.
  • To maintain the public directory and the MCP server that exposes it to AI agents.

Third parties

We use a small number of service providers to operate the site. They process data only as needed to provide their service:

  • AI processing. Submitted URLs and extracted public site content are sent to an AI provider to generate assessment remediation guidance and draft manifests.
  • Contact discovery. A domain-search provider is used to find publicly available business contact emails for assessed domains.
  • Email delivery. Transactional and outreach email is sent through our mail provider.

Directory listings are public by design. We do not sell personal information.

AI agents & automated access

Knov.ai is infrastructure for the agent web, so much of our traffic is automated. This section explains how we treat agent and API interactions specifically.

  • What we log. Calls to our public API and MCP server are recorded in an append-only agent-interaction log. Each entry holds the timestamp, the tool or endpoint called, the subject of the request (such as the domain looked up or the search query), and the requesting agent’s identifier — its User-Agent string, the Origin/Referer it presents, and the source IP address. We do not require, request, or store end-user personal data to answer a read call.
  • Why we log it. To operate the audit trail OARS Level 3 requires, to enforce rate limits and prevent abuse, and to provide the retrievable agent-interaction record an entity can request for any 30-day period.
  • Agent identity is not a person. The identifiers we capture for agent calls describe software and network origin, not a named individual. Where you submit contact details through an agent (for example, a verification request), those are handled as the contact information described above.
  • Retention. Agent-interaction log entries are retained for at least 30 days to satisfy the audit-retrievability requirement and may be kept longer for security and abuse-prevention purposes, after which they are deleted or anonymized.
  • Your controls. Read endpoints are open and unauthenticated by design; the mutating verification endpoint is gated by a domain-ownership challenge. Operators who run agents against us must comply with our Terms of Service, including the acceptable-use rules for automated access.

Where applicable law requires it, we rely on our legitimate interest in promoting and operating the standard, and on your consent where you provide it. Business outreach emails include a way to opt out. To access, correct, or delete information we hold about you, or to request removal from outreach or the directory, contact us using the address below.

Retention & security

We retain records for as long as needed to operate the service and meet legal obligations, then delete or anonymize them. Passwords are stored only as hashes; reset tokens are stored hashed and expire. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect your data.

Cookies

We use a single first-party session cookie to maintain your session and protect forms against cross-site request forgery. We do not use third-party advertising or tracking cookies.

Contact

Questions or requests: [email protected].