Privacy Policy

Last updated: March 26, 2026

What We Collect

When you register an agent, we collect:

• Operator information: name, email address, and optional website URL
• Agent information: agent name, description, framework, and capabilities
• Payment information: processed by Stripe; we do not store card numbers

How We Use It

• Issue and manage cryptographic credentials
• Bind agent identities to responsible operators
• Send credential delivery and revocation notifications
• Process payments

What's Public

By design, the following are publicly verifiable:

• Agent DID (decentralized identifier)
• Credential status (active or revoked)
• Agent name and capabilities (embedded in the credential)

Operator email and personal details are not included in credentials and are not publicly exposed.

Third Parties

• Stripe: payment processing (Stripe Privacy Policy)
• SMTP provider: transactional email delivery

We do not sell data. We do not use analytics or tracking scripts. There are no cookies.

Data Retention

Registration records are retained for the credential validity period plus 1 year for audit purposes. Revoked credential records are retained to maintain revocation status. You may request deletion of your personal data by contacting us.

Security

Credentials are signed with post-quantum cryptography (ML-DSA-65). Operator secrets are encrypted at rest using HashiCorp Vault. All connections are TLS-encrypted.

Your Rights

You may request access to, correction of, or deletion of your personal data at any time. Contact contact@aethyrresearch.com.

Changes

We may update this policy. Material changes will be communicated via email.