Policy

Responsible Scanning

The Zeodyn Scanner™ assesses e-commerce sites for AI agent commerce readiness, scoring them 1–100 across six technical dimensions. This page explains how the scanner operates, what data it collects, and how site operators can opt out.

What the scanner examines

Every scan targets publicly accessible pages only. Depending on the scan tier, this means the homepage plus up to four automatically discovered product pages.

Across those pages, the scanner reads HTTP response headers (server identification, security headers, caching directives, TLS certificate details), HTML structure, and schema.org markup — Product, Offer, Organization, BreadcrumbList, and related types. It also fetches protocol and discovery files: robots.txt, sitemap.xml, llms.txt, agent.json, security.txt, and ai-plugin.json.

Technology fingerprinting identifies the CMS platform, CDN provider, payment providers, and analytics tools present on the site. Performance signals — time to first byte, page weight, resource count — are captured from each request.

Not examined

Anything behind authentication is off limits. The scanner never submits login forms, API keys, or credentials of any kind.

Customer data, user-generated content, reviews, and comments are not collected. Individualised pricing and session-specific content are invisible to the scanner because it reads server-rendered HTML only — no JavaScript execution, no headless browser.

Crawl behaviour

Every HTTP request carries the User-Agent string ZeodynScanner/1.0 (+https://zeodyn.com/responsible-scanning). No request is ever made without this identifier.

Requests to the same domain are spaced at least 2 seconds apart. Multi-page scans run sequentially — never in parallel — and cap at 5 requests per domain per scan.

The scanner reads and respects robots.txt directives. If a site disallows crawling for the ZeodynScanner user-agent (or all bots), the scan continues only with externally observable signals — HTTP headers, DNS records, TLS certificate — and does not fetch page content.

If response times spike during a multi-page scan (indicating server load), delay intervals increase automatically and the page count is reduced.

All scans currently originate from Azure UK South (London). Multi-region scanning is planned but not yet operational.

Data collected and stored

Each scan produces a composite score (1–100) and six dimension scores using the Agent Commerce Stack™ methodology, along with results from 54 individual technical sub-checks, platform and technology detection, protocol file presence snapshots, and HTTP header and performance measurements.

Results are returned to the person or system that requested the scan. Scan data is also stored for aggregate market intelligence — anonymised statistical analysis across markets and verticals. Published reports contain aggregate statistics only; individual site scores are not published without consent, except for a small set of named public benchmarks acknowledged on the methodology page.

Scan data does not include page content, product listings, pricing, customer information, or any text beyond structural metadata.

Opt-out

Two mechanisms are available to block scanning of your site.

robots.txt

Add the following to your robots.txt file:

User-agent: ZeodynScanner
Disallow: /

Email request

Contact Contact us with your domain name. Requests are processed within 48 hours.

Once processed, the domain is added to a permanent exclusion list checked before every scan. Existing scan data for opted-out domains is retained for historical corpus integrity but excluded from all future published analysis.

Data protection

The data collected relates to publicly accessible website infrastructure — HTTP headers, HTML structure, schema markup, protocol files, technology fingerprints, and performance metrics. This is technical data about commercial web properties.

Domain names of business entities are not personal data under UK GDPR or the Data Protection Act 2018. Where a domain includes a natural person’s name (such as a sole trader), the data collected relates to the web presence and its technical characteristics, not the individual.

No visitor data, customer data, or user-generated content is collected. Site operators can exercise their right to object via the opt-out mechanisms described above.

Why sites are scanned

Scans are triggered through three channels: research campaigns covering specific markets and verticals, on-demand requests through AI platform integrations (ChatGPT, Claude, Copilot), and direct user requests via zeodyn.com/scan.

Scan selection is based on market coverage and user demand, not commercial arrangements.

Contact

For opt-out requests and security concerns, email Contact us.

For general enquiries about the scanning methodology or this policy, visit the contact page or email Contact us.