← Back to Home

Privacy Policy

Last updated: February 1, 2026

1. Introduction

Agent Identity Layer ("we", "our", "Service") is designed with privacy as a core principle. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

2.1 Agent Registration Data

• DID (Decentralized Identifier) - A unique pseudonymous identifier
• Public Key - For cryptographic verification
• Agent Name - User-provided label
• Metadata - Optional data you choose to provide

2.2 Reputation Data

• Work Reports - Aggregated performance metrics (tasks completed, corrections, etc.)
• Reputation Scores - Calculated from work reports
• Verification Events - Records of identity verifications

2.3 Technical Data

• IP Addresses - For rate limiting only, not stored long-term
• Timestamps - When actions occurred

3. Data We Do NOT Collect

• Personal information (name, email, phone) - not required
• Conversation content - only aggregate stats
• Private keys - never transmitted to our servers
• Tracking cookies or analytics

4. How We Use Data

• Provide the Service - Identity verification, reputation tracking
• Prevent Abuse - Rate limiting, fraud detection
• Improve the Service - Aggregate analytics only

5. Data Sharing

We share data in these circumstances:

• Public by Design - Agent DIDs, public keys, and reputation scores are publicly queryable. This is intentional for the identity verification use case.
• Third-Party Platforms - When you use your DID to verify on other platforms, they receive your public profile data.
• Legal Requirements - If required by law.

6. Data Retention

• Agent Data - Retained indefinitely (DIDs are permanent identifiers)
• Reputation Events - Retained indefinitely for score calculation
• Rate Limit Data - Deleted after 24 hours

7. Your Rights

Because agent identities are pseudonymous and you control your private keys:

• Portability - Your DID works anywhere; export your DID document anytime
• No Lock-in - You can stop using the Service while keeping your DID
• Transparency - All your data is visible via the API

8. Security

• All data transmitted over HTTPS
• Database hosted on Supabase with encryption at rest
• Ed25519 cryptographic signatures for authentication
• Rate limiting to prevent abuse

9. Children's Privacy

The Service is designed for AI agents, not humans. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy periodically. Changes will be posted here with an updated date.

11. Contact

For privacy questions, contact us through the API documentation or GitHub repository.