Privacy Policy

When accessing our website, your browser automatically sends information to our server, temporarily stored in a log file:

• IP address of the requesting computer
• Date and time of access
• Name and URL of retrieved file
• Referring website (Referrer URL)
• Browser used and operating system
• Name of your access provider

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in data security and functionality)

Storage Duration: 7 days, then automatic deletion

During registration we collect:

• Name
• Email address
• Company information
• Payment information (for paid services)
• Technical identifiers (DIDs, API keys)

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment)

Storage Duration: During contract term + legal retention periods

For agent infrastructure operation, we process:

• Agent identifiers (DIDs)
• Transaction data (timestamps, amounts, parties)
• Performance metrics
• Security events
• Federation connection data

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment)

Processed data:

• Wallet addresses
• Transaction amounts
• Timestamps
• Smart contract interactions

Purpose: Token economy operations, compliance, fraud prevention

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment), Art. 6(1)(c) GDPR (legal obligation - anti-money laundering)

Purpose: Trust building without data disclosure

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment)

For registry federation:

• Registry identifiers
• Connection metadata
• Routing information
• Performance statistics

Purpose: Enabling federated network

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest)

We do not share your personal data with third parties, except:

• You have explicitly consented (Art. 6(1)(a) GDPR)
• To fulfill legal obligations (Art. 6(1)(c) GDPR)
• To protect legitimate interests (Art. 6(1)(f) GDPR)

We use the following service providers:

• Hosting: Hetzner Online GmbH (Server location: Germany)
• Email: Google Workspace (GDPR compliant)
• Monitoring: Uptime Robot (EU servers)

Data processing agreements per Art. 28 GDPR exist with all processors.

Federation partners may be located worldwide. Transfers only with:

• EU Commission adequacy decision
• Appropriate safeguards (e.g., standard contractual clauses)
• Explicit user consent

• Encryption: TLS 1.3+ for all connections
• Access control: Multi-factor authentication
• Encryption at rest: AES-256
• Regular security audits
• Incident response plan
• Regular encrypted backups

• Session cookies for authentication
• Security cookies (CSRF protection)

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest)

The platform uses automated systems for:

• Fraud detection
• Risk assessment
• Performance optimization