npm - web-agent-bridge - Versions diffs - 3.2.0 → 3.3.0 - Mend

web-agent-bridge 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/LICENSE +72 -72
package/README.ar.md +1286 -1152
package/README.md +1764 -1635
package/bin/agent-runner.js +474 -474
package/bin/cli.js +237 -138
package/bin/wab.js +80 -80
package/examples/bidi-agent.js +119 -119
package/examples/cross-site-agent.js +91 -91
package/examples/mcp-agent.js +94 -94
package/examples/next-app-router/README.md +44 -44
package/examples/puppeteer-agent.js +108 -108
package/examples/saas-dashboard/README.md +55 -55
package/examples/shopify-hydrogen/README.md +74 -74
package/examples/vision-agent.js +171 -171
package/examples/wordpress-elementor/README.md +77 -77
package/package.json +16 -3
package/public/.well-known/agent-tools.json +180 -180
package/public/.well-known/ai-assets.json +59 -59
package/public/.well-known/security.txt +8 -0
package/public/agent-workspace.html +349 -349
package/public/ai.html +198 -198
package/public/api.html +413 -412
package/public/browser.html +486 -486
package/public/commander-dashboard.html +243 -243
package/public/cookies.html +210 -210
package/public/css/agent-workspace.css +1713 -1713
package/public/css/premium.css +317 -317
package/public/css/styles.css +1235 -1235
package/public/dashboard.html +706 -706
package/public/dns.html +507 -0
package/public/docs.html +587 -587
package/public/feed.xml +89 -89
package/public/growth.html +463 -463
package/public/index.html +1070 -982
package/public/integrations.html +556 -0
package/public/js/agent-workspace.js +1740 -1740
package/public/js/auth-nav.js +31 -31
package/public/js/auth-redirect.js +12 -12
package/public/js/cookie-consent.js +56 -56
package/public/js/wab-demo-page.js +721 -721
package/public/js/ws-client.js +74 -74
package/public/llms-full.txt +360 -360
package/public/llms.txt +125 -125
package/public/login.html +85 -85
package/public/mesh-dashboard.html +328 -328
package/public/openapi.json +580 -580
package/public/phone-shield.html +281 -0
package/public/premium-dashboard.html +2489 -2489
package/public/premium.html +793 -793
package/public/privacy.html +297 -297
package/public/register.html +105 -105
package/public/robots.txt +87 -87
package/public/script/wab-consent.d.ts +36 -36
package/public/script/wab-consent.js +104 -104
package/public/script/wab-schema.js +131 -131
package/public/script/wab.d.ts +108 -108
package/public/script/wab.min.js +580 -580
package/public/security.txt +8 -0
package/public/terms.html +256 -256
package/script/ai-agent-bridge.js +1754 -1754
package/sdk/README.md +99 -99
package/sdk/agent-mesh.js +449 -449
package/sdk/commander.js +262 -262
package/sdk/index.d.ts +464 -464
package/sdk/index.js +12 -1
package/sdk/multi-agent.js +318 -318
package/sdk/package.json +1 -1
package/sdk/safety-shield.js +219 -0
package/sdk/schema-discovery.js +83 -83
package/server/adapters/index.js +520 -520
package/server/config/plans.js +367 -367
package/server/config/secrets.js +102 -102
package/server/control-plane/index.js +301 -301
package/server/data-plane/index.js +354 -354
package/server/index.js +531 -427
package/server/llm/index.js +404 -404
package/server/middleware/adminAuth.js +35 -35
package/server/middleware/auth.js +50 -50
package/server/middleware/featureGate.js +88 -88
package/server/middleware/rateLimits.js +100 -100
package/server/middleware/sensitiveAction.js +157 -0
package/server/migrations/001_add_analytics_indexes.sql +7 -7
package/server/migrations/002_premium_features.sql +418 -418
package/server/migrations/003_ads_integer_cents.sql +33 -33
package/server/migrations/004_agent_os.sql +158 -158
package/server/migrations/005_marketplace_metering.sql +126 -126
package/server/models/adapters/index.js +33 -33
package/server/models/adapters/mysql.js +183 -183
package/server/models/adapters/postgresql.js +172 -172
package/server/models/adapters/sqlite.js +7 -7
package/server/models/db.js +681 -681
package/server/observability/failure-analysis.js +337 -337
package/server/observability/index.js +394 -394
package/server/protocol/capabilities.js +223 -223
package/server/protocol/index.js +243 -243
package/server/protocol/schema.js +584 -584
package/server/registry/certification.js +271 -271
package/server/registry/index.js +326 -326
package/server/routes/admin-premium.js +671 -671
package/server/routes/admin.js +261 -261
package/server/routes/ads.js +130 -130
package/server/routes/agent-workspace.js +540 -540
package/server/routes/api.js +150 -150
package/server/routes/auth.js +71 -71
package/server/routes/billing.js +45 -45
package/server/routes/commander.js +316 -316
package/server/routes/demo-showcase.js +332 -332
package/server/routes/demo-store.js +154 -0
package/server/routes/discovery.js +417 -417
package/server/routes/gateway.js +173 -157
package/server/routes/license.js +251 -240
package/server/routes/mesh.js +469 -469
package/server/routes/noscript.js +543 -543
package/server/routes/premium-v2.js +686 -686
package/server/routes/premium.js +724 -724
package/server/routes/runtime.js +2148 -2147
package/server/routes/sovereign.js +465 -385
package/server/routes/universal.js +200 -185
package/server/routes/wab-api.js +850 -501
package/server/runtime/container-worker.js +111 -111
package/server/runtime/container.js +448 -448
package/server/runtime/distributed-worker.js +362 -362
package/server/runtime/event-bus.js +210 -210
package/server/runtime/index.js +253 -253
package/server/runtime/queue.js +599 -599
package/server/runtime/replay.js +666 -666
package/server/runtime/sandbox.js +266 -266
package/server/runtime/scheduler.js +534 -534
package/server/runtime/session-engine.js +293 -293
package/server/runtime/state-manager.js +188 -188
package/server/security/cross-site-redactor.js +196 -0
package/server/security/dry-run.js +180 -0
package/server/security/human-gate-rate-limit.js +147 -0
package/server/security/human-gate-transports.js +178 -0
package/server/security/human-gate.js +281 -0
package/server/security/index.js +368 -368
package/server/security/intent-engine.js +245 -0
package/server/security/reward-guard.js +171 -0
package/server/security/rollback-store.js +239 -0
package/server/security/token-scope.js +404 -0
package/server/security/url-policy.js +139 -0
package/server/services/agent-chat.js +506 -506
package/server/services/agent-learning.js +601 -575
package/server/services/agent-memory.js +625 -625
package/server/services/agent-mesh.js +555 -539
package/server/services/agent-symphony.js +717 -717
package/server/services/agent-tasks.js +1807 -1807
package/server/services/api-key-engine.js +292 -261
package/server/services/cluster.js +894 -894
package/server/services/commander.js +738 -738
package/server/services/edge-compute.js +440 -440
package/server/services/email.js +204 -204
package/server/services/hosted-runtime.js +205 -205
package/server/services/lfd.js +635 -635
package/server/services/local-ai.js +389 -389
package/server/services/marketplace.js +270 -270
package/server/services/metering.js +182 -182
package/server/services/modules/affiliate-intelligence.js +93 -93
package/server/services/modules/agent-firewall.js +90 -90
package/server/services/modules/bounty.js +89 -89
package/server/services/modules/collective-bargaining.js +92 -92
package/server/services/modules/dark-pattern.js +66 -66
package/server/services/modules/gov-intelligence.js +45 -45
package/server/services/modules/neural.js +55 -55
package/server/services/modules/notary.js +49 -49
package/server/services/modules/price-time-machine.js +86 -86
package/server/services/modules/protocol.js +104 -104
package/server/services/negotiation.js +439 -439
package/server/services/plugins.js +771 -771
package/server/services/price-intelligence.js +566 -566
package/server/services/price-shield.js +1137 -1137
package/server/services/reputation.js +465 -465
package/server/services/search-engine.js +357 -357
package/server/services/security.js +513 -513
package/server/services/self-healing.js +843 -843
package/server/services/sovereign-shield.js +542 -0
package/server/services/stripe.js +192 -192
package/server/services/swarm.js +788 -788
package/server/services/universal-scraper.js +662 -661
package/server/services/verification.js +481 -481
package/server/services/vision.js +1163 -1163
package/server/utils/cache.js +125 -125
package/server/utils/migrate.js +81 -81
package/server/utils/safe-fetch.js +228 -0
package/server/utils/secureFields.js +50 -50
package/server/ws.js +161 -161
package/templates/artisan-marketplace.yaml +104 -104
package/templates/book-price-scout.yaml +98 -98
package/templates/electronics-price-tracker.yaml +108 -108
package/templates/flight-deal-hunter.yaml +113 -113
package/templates/freelancer-direct.yaml +116 -116
package/templates/grocery-price-compare.yaml +93 -93
package/templates/hotel-direct-booking.yaml +113 -113
package/templates/local-services.yaml +98 -98
package/templates/olive-oil-tunisia.yaml +88 -88
package/templates/organic-farm-fresh.yaml +101 -101
package/templates/restaurant-direct.yaml +97 -97
package/public/score.html +0 -263
package/server/migrations/006_growth_suite.sql +0 -138
package/server/routes/growth.js +0 -962
package/server/services/fairness-engine.js +0 -409
package/server/services/fairness.js +0 -420

package/public/privacy.html CHANGED Viewed

@@ -1,297 +1,297 @@
-<!DOCTYPE html>
-<html lang="en" dir="ltr">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Privacy Policy — Web Agent Bridge</title>
-  <meta name="description" content="Privacy Policy for Web Agent Bridge. GDPR and AVG compliant.">
-  <link rel="preconnect" href="https://fonts.googleapis.com">
-  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-  <style>body{background:#0a0e1a;color:#f0f4ff;font-family:Inter,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;margin:0;min-height:100vh}</style>
-  <link rel="preload" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'">
-  <noscript><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet"></noscript>
-  <link rel="stylesheet" href="/css/styles.css?v=3.0.1">
-</head>
-<body>
-  <nav class="navbar" id="navbar">
-    <div class="container">
-      <a href="/" class="navbar-brand">
-        <div class="brand-icon">⚡</div>
-        <span>WAB</span>
-      </a>
-      <ul class="navbar-links">
-        <li><a href="/#features">Features</a></li>
-        <li><a href="/#pricing">Pricing</a></li>
-        <li><a href="/docs">Docs</a></li>
-      </ul>
-      <div class="navbar-actions">
-        <a href="/login" class="btn btn-ghost">Sign In</a>
-        <a href="/register" class="btn btn-primary btn-sm">Get Started</a>
-      </div>
-    </div>
-  </nav>
-  <div class="container" style="padding-top: 120px; padding-bottom: 80px; max-width: 800px;">
-    <div class="section-header" style="text-align: left;">
-      <span class="label">Legal</span>
-      <h1 style="font-size: 2.2rem;">Privacy Policy</h1>
-      <p style="max-width: 100%;">Last updated: March 22, 2026</p>
-    </div>
-    <div class="docs-content">
-      <h2 id="introduction">1. Introduction</h2>
-      <p>
-        Web Agent Bridge ("WAB", "we", "us", "our") is an open-source middleware platform operated from the Netherlands.
-        We are committed to protecting your personal data in accordance with the <strong>General Data Protection Regulation (GDPR — EU 2016/679)</strong>
-        and the <strong>Dutch Implementation Act (Uitvoeringswet AVG / UAVG)</strong>.
-      </p>
-      <p>
-        This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website
-        (<strong>webagentbridge.com</strong>), our services, and our open-source software.
-      </p>
-      <h2 id="controller">2. Data Controller</h2>
-      <p>The data controller responsible for your personal data is:</p>
-      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
-        <strong>Web Agent Bridge</strong><br>
-        The Netherlands<br>
-        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
-      </div>
-      <h2 id="data-collected">3. What Data We Collect</h2>
-      <h3>3.1 Account Data</h3>
-      <p>When you register for an account, we collect:</p>
-      <ul>
-        <li><strong>Name</strong> — to personalize your account</li>
-        <li><strong>Email address</strong> — for authentication and communication</li>
-        <li><strong>Password</strong> — stored as a bcrypt hash (we never store plain-text passwords)</li>
-        <li><strong>Company name</strong> (optional) — for billing purposes</li>
-      </ul>
-      <h3>3.2 Site & License Data</h3>
-      <p>When you add a site to WAB, we collect:</p>
-      <ul>
-        <li>Domain name and site name</li>
-        <li>Configuration preferences (permissions, restrictions)</li>
-        <li>Generated license keys (unique identifiers)</li>
-        <li>Subscription tier information</li>
-      </ul>
-      <h3>3.3 Analytics Data</h3>
-      <p>When the WAB bridge script is active on your website, we collect anonymous interaction data:</p>
-      <ul>
-        <li>Action names triggered by AI agents (e.g., "click-signup")</li>
-        <li>Agent identifiers (if provided by the agent)</li>
-        <li>Trigger type (click, fill, scroll, etc.)</li>
-        <li>Success/failure status</li>
-        <li>Timestamps</li>
-      </ul>
-      <p><strong>We do not collect personal data from your website's end users.</strong> Analytics are about AI agent behavior only.</p>
-      <h3>3.4 Payment Data</h3>
-      <p>
-        Payment processing is handled by <strong>Stripe, Inc.</strong> We do not store your credit card details.
-        Stripe processes payments in accordance with PCI DSS standards. See
-        <a href="https://stripe.com/privacy" style="color: var(--accent-blue);" target="_blank" rel="noopener">Stripe's Privacy Policy</a>.
-      </p>
-      <h3>3.5 Technical Data</h3>
-      <p>Our server automatically collects:</p>
-      <ul>
-        <li>IP address (used for rate limiting and security only, not stored long-term)</li>
-        <li>HTTP request logs (retained for 30 days for security monitoring)</li>
-      </ul>
-      <h2 id="legal-basis">4. Legal Basis for Processing (GDPR Art. 6)</h2>
-      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
-        <thead>
-          <tr style="border-bottom: 2px solid var(--border-color);">
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Purpose</th>
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Legal Basis</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Account creation & service delivery</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Payment processing</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Security & abuse prevention</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Analytics (AI agent behavior)</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Cookies (non-essential)</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Consent (Art. 6(1)(a))</td>
-          </tr>
-          <tr>
-            <td style="padding: 12px; color: var(--text-secondary);">Legal obligations (Dutch tax law)</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Legal obligation (Art. 6(1)(c))</td>
-          </tr>
-        </tbody>
-      </table>
-      <h2 id="data-sharing">5. Data Sharing & Transfers</h2>
-      <p>We share personal data only with:</p>
-      <ul>
-        <li><strong>Stripe, Inc.</strong> (USA) — Payment processing, with EU Standard Contractual Clauses (SCCs)</li>
-        <li><strong>Server hosting provider</strong> — Infrastructure only, no access to application data</li>
-      </ul>
-      <p>We do not sell, rent, or trade your personal data to third parties.</p>
-      <p>
-        Where data is transferred outside the EEA, we ensure appropriate safeguards are in place
-        (Standard Contractual Clauses or adequacy decisions per GDPR Art. 46).
-      </p>
-      <h2 id="retention">6. Data Retention</h2>
-      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
-        <thead>
-          <tr style="border-bottom: 2px solid var(--border-color);">
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Data Type</th>
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Retention Period</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Account data</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Until account deletion + 30 days</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Analytics data</td>
-            <td style="padding: 12px; color: var(--text-secondary);">90 days (auto-purged)</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Payment records</td>
-            <td style="padding: 12px; color: var(--text-secondary);">7 years (Dutch fiscal obligation — Belastingdienst)</td>
-          </tr>
-          <tr>
-            <td style="padding: 12px; color: var(--text-secondary);">Server logs</td>
-            <td style="padding: 12px; color: var(--text-secondary);">30 days</td>
-          </tr>
-        </tbody>
-      </table>
-      <h2 id="rights">7. Your Rights (GDPR Art. 15–22)</h2>
-      <p>As an EU/EEA resident, you have the right to:</p>
-      <ul>
-        <li><strong>Access</strong> — Request a copy of your personal data</li>
-        <li><strong>Rectification</strong> — Correct inaccurate data</li>
-        <li><strong>Erasure</strong> ("Right to be forgotten") — Request deletion of your data</li>
-        <li><strong>Restriction</strong> — Restrict processing of your data</li>
-        <li><strong>Data portability</strong> — Receive your data in a structured, machine-readable format</li>
-        <li><strong>Object</strong> — Object to processing based on legitimate interest</li>
-        <li><strong>Withdraw consent</strong> — At any time, without affecting prior processing</li>
-      </ul>
-      <p>
-        To exercise any of these rights, contact us at
-        <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>.
-        We will respond within <strong>30 days</strong> as required by GDPR.
-      </p>
-      <h2 id="cookies">8. Cookies</h2>
-      <p>
-        We use minimal cookies. For full details, see our <a href="/cookies" style="color: var(--accent-blue);">Cookie Policy</a>.
-      </p>
-      <ul>
-        <li><strong>Essential cookies</strong> — Authentication session (JWT token) — no consent required</li>
-        <li><strong>No tracking cookies</strong> — We do not use Google Analytics, Facebook Pixel, or similar trackers</li>
-      </ul>
-      <h2 id="open-source">9. Open Source & Self-Hosting</h2>
-      <p>
-        WAB is open-source software licensed under the <strong>MIT License</strong>. If you self-host WAB,
-        <strong>you become the data controller</strong> for any personal data processed by your instance.
-        This privacy policy applies only to the hosted service at <strong>webagentbridge.com</strong>.
-      </p>
-      <h2 id="children">10. Children's Data</h2>
-      <p>
-        WAB is not directed at children under 16 years of age (per Dutch UAVG Art. 5).
-        We do not knowingly collect personal data from children. If we learn we have collected
-        data from a child, we will delete it promptly.
-      </p>
-      <h2 id="security">11. Security Measures</h2>
-      <p>We implement appropriate technical and organizational measures including:</p>
-      <ul>
-        <li>TLS/SSL encryption for all connections</li>
-        <li>Bcrypt password hashing</li>
-        <li>Domain-locked session tokens</li>
-        <li>Rate limiting and abuse detection</li>
-        <li>Regular security updates</li>
-      </ul>
-      <h2 id="dpa">12. Supervisory Authority</h2>
-      <p>
-        If you believe we have not handled your data correctly, you have the right to lodge a complaint with the
-        Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
-      </p>
-      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
-        <strong>Autoriteit Persoonsgegevens</strong><br>
-        Postbus 93374, 2509 AJ Den Haag<br>
-        Website: <a href="https://autoriteitpersoonsgegevens.nl" style="color: var(--accent-blue);" target="_blank" rel="noopener">autoriteitpersoonsgegevens.nl</a><br>
-        Phone: +31 (0)70 888 8500
-      </div>
-      <h2 id="changes">13. Changes to This Policy</h2>
-      <p>
-        We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated
-        "Last updated" date. For significant changes, we will notify registered users via email.
-      </p>
-      <h2 id="contact">14. Contact</h2>
-      <p>
-        For privacy-related questions or to exercise your data rights:<br>
-        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
-      </p>
-    </div>
-  </div>
-  <footer class="footer">
-    <div class="container">
-      <div class="footer-grid">
-        <div class="footer-brand">
-          <a href="/" class="navbar-brand"><div class="brand-icon">⚡</div><span>Web Agent Bridge</span></a>
-          <p>Open-source middleware for AI agent and website interaction.</p>
-        </div>
-        <div class="footer-col">
-          <h4>Product</h4>
-          <ul>
-            <li><a href="/#features">Features</a></li>
-            <li><a href="/#pricing">Pricing</a></li>
-            <li><a href="/docs">Documentation</a></li>
-          </ul>
-        </div>
-        <div class="footer-col">
-          <h4>Developers</h4>
-          <ul>
-            <li><a href="/docs#quick-start">Quick Start</a></li>
-            <li><a href="/docs#api-reference">API Reference</a></li>
-            <li><a href="https://github.com/abokenan444/web-agent-bridge" target="_blank" rel="noopener">GitHub</a></li>
-          </ul>
-        </div>
-        <div class="footer-col">
-          <h4>Legal</h4>
-          <ul>
-            <li><a href="/privacy">Privacy Policy</a></li>
-            <li><a href="/terms">Terms of Service</a></li>
-            <li><a href="/cookies">Cookie Policy</a></li>
-          </ul>
-        </div>
-      </div>
-      <div class="footer-bottom">
-        <span>&copy; 2026 Web Agent Bridge. MIT License. Operated from the Netherlands.</span>
-      </div>
-    </div>
-  </footer>
-</body>
-</html>
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Privacy Policy — Web Agent Bridge</title>
+  <meta name="description" content="Privacy Policy for Web Agent Bridge. GDPR and AVG compliant.">
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <style>body{background:#0a0e1a;color:#f0f4ff;font-family:Inter,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;margin:0;min-height:100vh}</style>
+  <link rel="preload" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'">
+  <noscript><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet"></noscript>
+  <link rel="stylesheet" href="/css/styles.css?v=3.0.1">
+</head>
+<body>
+  <nav class="navbar" id="navbar">
+    <div class="container">
+      <a href="/" class="navbar-brand">
+        <div class="brand-icon">⚡</div>
+        <span>WAB</span>
+      </a>
+      <ul class="navbar-links">
+        <li><a href="/#features">Features</a></li>
+        <li><a href="/#pricing">Pricing</a></li>
+        <li><a href="/docs">Docs</a></li>
+      </ul>
+      <div class="navbar-actions">
+        <a href="/login" class="btn btn-ghost">Sign In</a>
+        <a href="/register" class="btn btn-primary btn-sm">Get Started</a>
+      </div>
+    </div>
+  </nav>
+  <div class="container" style="padding-top: 120px; padding-bottom: 80px; max-width: 800px;">
+    <div class="section-header" style="text-align: left;">
+      <span class="label">Legal</span>
+      <h1 style="font-size: 2.2rem;">Privacy Policy</h1>
+      <p style="max-width: 100%;">Last updated: March 22, 2026</p>
+    </div>
+    <div class="docs-content">
+      <h2 id="introduction">1. Introduction</h2>
+      <p>
+        Web Agent Bridge ("WAB", "we", "us", "our") is an open-source middleware platform operated from the Netherlands.
+        We are committed to protecting your personal data in accordance with the <strong>General Data Protection Regulation (GDPR — EU 2016/679)</strong>
+        and the <strong>Dutch Implementation Act (Uitvoeringswet AVG / UAVG)</strong>.
+      </p>
+      <p>
+        This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website
+        (<strong>webagentbridge.com</strong>), our services, and our open-source software.
+      </p>
+      <h2 id="controller">2. Data Controller</h2>
+      <p>The data controller responsible for your personal data is:</p>
+      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
+        <strong>Web Agent Bridge</strong><br>
+        The Netherlands<br>
+        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
+      </div>
+      <h2 id="data-collected">3. What Data We Collect</h2>
+      <h3>3.1 Account Data</h3>
+      <p>When you register for an account, we collect:</p>
+      <ul>
+        <li><strong>Name</strong> — to personalize your account</li>
+        <li><strong>Email address</strong> — for authentication and communication</li>
+        <li><strong>Password</strong> — stored as a bcrypt hash (we never store plain-text passwords)</li>
+        <li><strong>Company name</strong> (optional) — for billing purposes</li>
+      </ul>
+      <h3>3.2 Site & License Data</h3>
+      <p>When you add a site to WAB, we collect:</p>
+      <ul>
+        <li>Domain name and site name</li>
+        <li>Configuration preferences (permissions, restrictions)</li>
+        <li>Generated license keys (unique identifiers)</li>
+        <li>Subscription tier information</li>
+      </ul>
+      <h3>3.3 Analytics Data</h3>
+      <p>When the WAB bridge script is active on your website, we collect anonymous interaction data:</p>
+      <ul>
+        <li>Action names triggered by AI agents (e.g., "click-signup")</li>
+        <li>Agent identifiers (if provided by the agent)</li>
+        <li>Trigger type (click, fill, scroll, etc.)</li>
+        <li>Success/failure status</li>
+        <li>Timestamps</li>
+      </ul>
+      <p><strong>We do not collect personal data from your website's end users.</strong> Analytics are about AI agent behavior only.</p>
+      <h3>3.4 Payment Data</h3>
+      <p>
+        Payment processing is handled by <strong>Stripe, Inc.</strong> We do not store your credit card details.
+        Stripe processes payments in accordance with PCI DSS standards. See
+        <a href="https://stripe.com/privacy" style="color: var(--accent-blue);" target="_blank" rel="noopener">Stripe's Privacy Policy</a>.
+      </p>
+      <h3>3.5 Technical Data</h3>
+      <p>Our server automatically collects:</p>
+      <ul>
+        <li>IP address (used for rate limiting and security only, not stored long-term)</li>
+        <li>HTTP request logs (retained for 30 days for security monitoring)</li>
+      </ul>
+      <h2 id="legal-basis">4. Legal Basis for Processing (GDPR Art. 6)</h2>
+      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
+        <thead>
+          <tr style="border-bottom: 2px solid var(--border-color);">
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Purpose</th>
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Legal Basis</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Account creation & service delivery</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Payment processing</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Security & abuse prevention</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Analytics (AI agent behavior)</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Cookies (non-essential)</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Consent (Art. 6(1)(a))</td>
+          </tr>
+          <tr>
+            <td style="padding: 12px; color: var(--text-secondary);">Legal obligations (Dutch tax law)</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Legal obligation (Art. 6(1)(c))</td>
+          </tr>
+        </tbody>
+      </table>
+      <h2 id="data-sharing">5. Data Sharing & Transfers</h2>
+      <p>We share personal data only with:</p>
+      <ul>
+        <li><strong>Stripe, Inc.</strong> (USA) — Payment processing, with EU Standard Contractual Clauses (SCCs)</li>
+        <li><strong>Server hosting provider</strong> — Infrastructure only, no access to application data</li>
+      </ul>
+      <p>We do not sell, rent, or trade your personal data to third parties.</p>
+      <p>
+        Where data is transferred outside the EEA, we ensure appropriate safeguards are in place
+        (Standard Contractual Clauses or adequacy decisions per GDPR Art. 46).
+      </p>
+      <h2 id="retention">6. Data Retention</h2>
+      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
+        <thead>
+          <tr style="border-bottom: 2px solid var(--border-color);">
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Data Type</th>
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Retention Period</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Account data</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Until account deletion + 30 days</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Analytics data</td>
+            <td style="padding: 12px; color: var(--text-secondary);">90 days (auto-purged)</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Payment records</td>
+            <td style="padding: 12px; color: var(--text-secondary);">7 years (Dutch fiscal obligation — Belastingdienst)</td>
+          </tr>
+          <tr>
+            <td style="padding: 12px; color: var(--text-secondary);">Server logs</td>
+            <td style="padding: 12px; color: var(--text-secondary);">30 days</td>
+          </tr>
+        </tbody>
+      </table>
+      <h2 id="rights">7. Your Rights (GDPR Art. 15–22)</h2>
+      <p>As an EU/EEA resident, you have the right to:</p>
+      <ul>
+        <li><strong>Access</strong> — Request a copy of your personal data</li>
+        <li><strong>Rectification</strong> — Correct inaccurate data</li>
+        <li><strong>Erasure</strong> ("Right to be forgotten") — Request deletion of your data</li>
+        <li><strong>Restriction</strong> — Restrict processing of your data</li>
+        <li><strong>Data portability</strong> — Receive your data in a structured, machine-readable format</li>
+        <li><strong>Object</strong> — Object to processing based on legitimate interest</li>
+        <li><strong>Withdraw consent</strong> — At any time, without affecting prior processing</li>
+      </ul>
+      <p>
+        To exercise any of these rights, contact us at
+        <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>.
+        We will respond within <strong>30 days</strong> as required by GDPR.
+      </p>
+      <h2 id="cookies">8. Cookies</h2>
+      <p>
+        We use minimal cookies. For full details, see our <a href="/cookies" style="color: var(--accent-blue);">Cookie Policy</a>.
+      </p>
+      <ul>
+        <li><strong>Essential cookies</strong> — Authentication session (JWT token) — no consent required</li>
+        <li><strong>No tracking cookies</strong> — We do not use Google Analytics, Facebook Pixel, or similar trackers</li>
+      </ul>
+      <h2 id="open-source">9. Open Source & Self-Hosting</h2>
+      <p>
+        WAB is open-source software licensed under the <strong>MIT License</strong>. If you self-host WAB,
+        <strong>you become the data controller</strong> for any personal data processed by your instance.
+        This privacy policy applies only to the hosted service at <strong>webagentbridge.com</strong>.
+      </p>
+      <h2 id="children">10. Children's Data</h2>
+      <p>
+        WAB is not directed at children under 16 years of age (per Dutch UAVG Art. 5).
+        We do not knowingly collect personal data from children. If we learn we have collected
+        data from a child, we will delete it promptly.
+      </p>
+      <h2 id="security">11. Security Measures</h2>
+      <p>We implement appropriate technical and organizational measures including:</p>
+      <ul>
+        <li>TLS/SSL encryption for all connections</li>
+        <li>Bcrypt password hashing</li>
+        <li>Domain-locked session tokens</li>
+        <li>Rate limiting and abuse detection</li>
+        <li>Regular security updates</li>
+      </ul>
+      <h2 id="dpa">12. Supervisory Authority</h2>
+      <p>
+        If you believe we have not handled your data correctly, you have the right to lodge a complaint with the
+        Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
+      </p>
+      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
+        <strong>Autoriteit Persoonsgegevens</strong><br>
+        Postbus 93374, 2509 AJ Den Haag<br>
+        Website: <a href="https://autoriteitpersoonsgegevens.nl" style="color: var(--accent-blue);" target="_blank" rel="noopener">autoriteitpersoonsgegevens.nl</a><br>
+        Phone: +31 (0)70 888 8500
+      </div>
+      <h2 id="changes">13. Changes to This Policy</h2>
+      <p>
+        We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated
+        "Last updated" date. For significant changes, we will notify registered users via email.
+      </p>
+      <h2 id="contact">14. Contact</h2>
+      <p>
+        For privacy-related questions or to exercise your data rights:<br>
+        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
+      </p>
+    </div>
+  </div>
+  <footer class="footer">
+    <div class="container">
+      <div class="footer-grid">
+        <div class="footer-brand">
+          <a href="/" class="navbar-brand"><div class="brand-icon">⚡</div><span>Web Agent Bridge</span></a>
+          <p>Open-source middleware for AI agent and website interaction.</p>
+        </div>
+        <div class="footer-col">
+          <h4>Product</h4>
+          <ul>
+            <li><a href="/#features">Features</a></li>
+            <li><a href="/#pricing">Pricing</a></li>
+            <li><a href="/docs">Documentation</a></li>
+          </ul>
+        </div>
+        <div class="footer-col">
+          <h4>Developers</h4>
+          <ul>
+            <li><a href="/docs#quick-start">Quick Start</a></li>
+            <li><a href="/docs#api-reference">API Reference</a></li>
+            <li><a href="https://github.com/abokenan444/web-agent-bridge" target="_blank" rel="noopener">GitHub</a></li>
+          </ul>
+        </div>
+        <div class="footer-col">
+          <h4>Legal</h4>
+          <ul>
+            <li><a href="/privacy">Privacy Policy</a></li>
+            <li><a href="/terms">Terms of Service</a></li>
+            <li><a href="/cookies">Cookie Policy</a></li>
+          </ul>
+        </div>
+      </div>
+      <div class="footer-bottom">
+        <span>&copy; 2026 Web Agent Bridge. MIT License. Operated from the Netherlands.</span>
+      </div>
+    </div>
+  </footer>
+</body>
+</html>