Privacy Policy

Last updated: February 21, 2026

What prodlint does

prodlint is a static analysis CLI tool that runs entirely on your local machine. It scans files in the directory you point it at and outputs a score. That's it.

Data we collect

The CLI tool collects zero data. It does not phone home, send telemetry, or make any network requests. All analysis happens locally.

This website

This website (prodlint.com) is hosted on Vercel. It does not use cookies, analytics, or tracking scripts. Fonts are self-hosted at build time via next/font (no runtime requests to Google).

Vercel, as our hosting provider, may collect standard server logs (IP addresses, request timestamps, user agents) as part of normal web hosting operations. See Vercel's Privacy Policy for details.

Site Score

Site Score at prodlint.com/score lets you check any public URL for AI agent readiness. When you submit a URL, our server fetches publicly available files from that site (robots.txt, llms.txt, sitemap.xml, etc.) and checks HTTP headers. We do not store the URLs you scan or the scan results on our servers.

To prevent abuse, we temporarily store your IP address in server memory for rate limiting (5 requests per minute). These IP addresses are automatically deleted within 5 minutes and are never persisted to disk or any database.

Site Score stores your last 10 scanned domains (domain name, score, grade, and timestamp) in your browser's localStorage for quick re-access. This data never leaves your device and is not sent to our servers. You can clear this history at any time by clearing your browser's site data for prodlint.com.

Badge Endpoint

The badge endpoint at prodlint.com/api/badge/[domain] generates a dynamic SVG image showing a site's score. When a badge is loaded (e.g. embedded in a README), it triggers a live scan of the target domain. The same rate limits and privacy practices as Site Score apply — no scan results or domains are stored on our servers.

Generator Tools

The generator tools (robots.txt AI directives, llms.txt, ai.txt, etc.) run entirely in your browser. Nothing you type into these tools is sent to our servers. Generated files are created client-side.

GitHub Action

The prodlint GitHub Action runs in your CI environment. It downloads the latest prodlint package from npm and runs it against your code. It does not send your code or scan results to any external service. PR comments are posted using the GitHub token provided by your workflow.

MCP Server

The prodlint MCP server runs locally on your machine via stdio transport. It reads files in your project directory to perform analysis but does not make any network requests or transmit data externally. Your AI editor (Cursor, Claude Code, Windsurf) may log tool usage as part of its own telemetry — check your editor's privacy policy for details. prodlint has no access to editor telemetry.

International Users (GDPR / CCPA)

GDPR (European users): prodlint processes minimal personal data. Site Score temporarily stores your IP address for rate limiting (up to 5 minutes) and does not persist scan URLs or results. We have no user accounts or profiles. If you have questions about your data rights under GDPR or submit a data access request, we will confirm within 30 days that we hold no persistent records. Contact us via the link below.

CCPA (California residents): We do not sell personal information. prodlint does not collect, sell, or retain the types of personal data covered by the CCPA. You have no actionable personal information rights with us because we do not maintain consumer profiles.

Contact

Questions? Open an issue at github.com/prodlint/prodlint.