Privacy Policy

Last updated June 28, 2026 · v1 draft — pending legal review

This policy explains what data Trustifer collects, how we use it, how long we keep it, and your rights.

1. What we collect

You provide: email + company/role when you create an API key or request access; dispute submissions.
We compute/observe: public on-chain activity and public agent metadata used to produce scores (about the agent/address being assessed — which may be a third party). Automatically: basic logs (IP, request metadata) and, if enabled, privacy-respecting product analytics.

2. How we use it

To operate the Service (issue keys, compute + serve assessments, deliver requested reports/emails), to secure and improve it, to communicate with you, and to comply with law. We do not sell your personal data.

3. Assessments of third parties

Trustifer publishes informational assessments of AI agents/addresses from verified, observable evidence. If you are an affected party, you may dispute an assessment; upheld corrections propagate. On-chain attestations are public + immutable — they are revoked on-chain, not erased.

4. Processors we use

Supabase (database/hosting), Vercel (app hosting/edge), Alchemy (on-chain RPC), Resend (transactional email), and sanctions/risk data providers. Each processes data only to provide their service to us.

5. Retention

We keep personal data only as long as needed for the purpose, then delete or anonymize it, per our data resilience & retention policy(e.g. access-request emails ~12 months after a decision; logs 30–90 days). Backups follow the same windows.

6. Your rights (GDPR / CCPA)

Subject to law, you may request access to, correction of, or deletion of your personal data, and object to certain processing. Email privacy@trustifer.com. Note: on-chain records cannot be deleted (they can be revoked); we will explain what applies to your case.

7. Cookies & analytics

We use only essential cookies/storage to run the Service. Any product analytics is privacy-respecting and not used to sell data or track you across the web.

8. Security

Keys are stored hashed; signing keys are server-only; transport is encrypted. We monitor service health at /status. No system is perfectly secure — report issues to security@trustifer.com.

9. Changes & contact

We may update this policy; material changes are posted here with a new date. Questions: privacy@trustifer.com.

See also our Terms of Service. This is a v1 draft for review and will be finalized by counsel before public launch.