How we handle your data.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and your choices regarding your data. Last updated April 27, 2026.
Scout & Yessie LLC, a California limited liability company doing business as Armada Works (referred to as "Armada Works," "we," "us," or "our"), operates armadaworks.ai and related services (the "Service"). By using the Service, you agree to the practices described here.
1. Information we collect
Contact and inquiry details. When you submit the contact form on /book, book a call through Calendly, or email us directly, we collect the email address you provide plus any name, company, and notes you share. This information is stored in our Supabase database so we can respond to you.
Calendly booking data. When you book a call, Calendly sends us a webhook containing your name, email, selected event time, and your answers to the booking-form questions. Same storage and purpose as above.
Admin authentication. If you access the internal admin dashboard at /admin, we create a Supabase auth record tied to your email. Only addresses on our admin allowlist can actually sign in. The session is set via HTTP-only cookies.
Usage and analytics. We automatically collect page views, click events, and aggregate interaction data via PostHog (see §4). This includes browser type, device type, and referring URL. We do not fingerprint, track across sites, or run third-party advertising pixels.
Server logs. Our hosting provider (Vercel) maintains standard access logs: IP address, user-agent, request path, response code: retained per their default policy for security and debugging.
Email correspondence. If you email robert@armadaworks.ai or reply to any of our messages, we retain the content in Google Workspace (Gmail) under standard business record practices.
2. How we use your information
We use the information we collect to:
- Respond to inquiries and prepare for discovery calls
- Deliver transactional email (booking confirmations, follow-ups, proposal documents)
- Send occasional marketing email, but only if you've explicitly opted in; see §7
- Triage inbound leads and track engagement-pipeline state for business operations
- Analyze aggregate site usage to understand what's working
- Maintain the security and integrity of the site
- Comply with legal obligations and respond to lawful requests
3. AI agents and automated data processing
Armada Works operates a fleet of autonomous AI agents powered by Anthropic Claude that run our ownmarketing, SEO, sales triage, and outbound work. These agents may reference the contact records you've submitted in the course of their work: for example, a Sales Lead agent reading a new booking record to prepare a pre-call research note.
When our agents send text to Anthropic's API (Claude) for processing, that text is subject to Anthropic's data usage policy. Per Anthropic's commercial terms, API inputs and outputs are not used to train their models by default.
We do not train our own AI models on your data. Agent outputs (briefs, drafts, state files) are reviewed by a human before any external action is taken: no agent autonomously sends you email or publishes content mentioning you.
4. Analytics, cookies, and tracking
PostHog. We use PostHog for product and page analytics. PostHog collects usage data: page views, click events, session duration: and may set a first-party session identifier cookie scoped to this domain.
LinkedIn Insight Tag.When LinkedIn Ads campaigns are running, we use the LinkedIn Insight Tag to measure which marketing- page visits originated from a LinkedIn ad click and which led to a guide download or Discovery booking. The Insight Tag is a third-party tracking cookie set by LinkedIn that reports anonymized visit data and a LinkedIn-issued identifier back to LinkedIn. We use this data only for ad attribution and audience-quality measurement, not for resale or for cross-site retargeting beyond LinkedIn's own ad network. You can opt out of LinkedIn's ad tracking via your LinkedIn account settings (Settings & Privacy → Data privacy → Advertising data) or via a browser-level ad blocker.
We use cookies and similar technologies for:
- Authentication. To maintain your admin session.
- Analytics. To understand site usage (PostHog).
- Ad attribution. To measure LinkedIn Ads campaign performance (LinkedIn Insight Tag, when campaigns are active).
- Preferences. Theme or layout state where applicable.
We do not sell your personal information to advertisers or data brokers. We do notuse cross-site tracking beyond the LinkedIn Insight Tag described above (which is scoped to ad-attribution measurement on LinkedIn's ad network).
5. Third-party service providers
We share information with the following providers solely to operate the Service. Each receives only what it needs to perform its function:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database, admin auth | Contact records, auth sessions |
| Vercel | Hosting, server logs | IP addresses, request logs |
| Calendly | Booking widget | Name, email, booking answers |
| Resend | Transactional email delivery | Email address, message content |
| PostHog | Product analytics | Usage data, page views |
| LinkedIn (Insight Tag) | Ad attribution, audience measurement | Anonymized visit + click data, LinkedIn-issued identifier |
| Google Workspace | Email (robert@armadaworks.ai) | Email content |
| Anthropic | AI (Claude) for internal agents | Agent-generated text, contact references |
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
6. Data retention
Contact records in our database are retained while you're in active conversation with us and for a reasonable period afterward (typically 24 months) in case you re-engage. After that, we archive or delete them.
If you request deletion, we remove your personal data from our systems within 30 days, except where we're required to retain it for legal, tax, or audit purposes.
Usage analytics is retained in aggregate form and may be kept indefinitely for understanding long-term trends. Aggregate data is not linked to identifiable individuals after deletion of the underlying contact records.
7. Your choices and rights
Access and correction. Email robert@armadaworks.ai and we'll send you a copy of the records we have, correct anything that's wrong, or delete what you don't want us to keep. Typical response within two business days.
Marketing email. Any marketing email we send includes an unsubscribe link. You can also email us directly to be removed. Transactional messages related to an active discussion (call confirmations, proposal follow-ups) are not classified as marketing.
Cookies. Most browsers allow you to block or delete cookies through their settings. Disabling essential cookies may prevent the admin dashboard from working.
8. California residents (CCPA)
If you're a California resident, the CCPA gives you additional rights regarding your personal information:
- Right to know: the categories and specific pieces of personal information we've collected.
- Right to delete: subject to legal exceptions.
- Right to opt out of sale: we do not sell your personal information.
- Non-discrimination: we won't treat you worse for exercising these rights.
To exercise any of these, email robert@armadaworks.ai.
9. European residents (GDPR)
If you're located in the EEA, UK, or Switzerland, GDPR gives you additional rights:
- Legal bases. We process your data based on (a) your consent, (b) performance of a contract (replying to your inquiry), (c) our legitimate interest in running the business, and (d) legal compliance.
- Data subject rights. Access, rectify, erase, restrict, port, object, and withdraw consent.
- Data transfers. Your data may be processed in the United States. We rely on standard contractual clauses for international transfers where applicable.
- Supervisory authority. You may lodge a complaint with your local data protection authority.
Exercise these rights by emailing robert@armadaworks.ai.
10. Children's privacy
The Service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, email robert@armadaworks.ai and we'll delete it promptly.
11. Security
We implement reasonable technical and organizational measures: encryption in transit (TLS for all site traffic), encrypted data at rest, secure authentication (Supabase magic-link with email allowlist), HTTP-only session cookies, and access controls limiting employee access to personal data. No method of transmission or storage is 100% secure; we can't guarantee absolute security.
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email to addresses we hold on file, or by a prominent notice on the site, at least 14 days before taking effect. The “Last updated” date at the top of this page reflects the most recent revision.
13. Contact
Questions, requests, or concerns regarding this policy or your data:
Email: robert@armadaworks.ai
Armada Works