1. Information We Collect

When you use the Agent Trust Protocol™ ("ATP") platform, we collect:

• Account Information: Email address and name (provided via magic link sign-in or OAuth)
• Usage Data: API call metadata, feature usage patterns, and session information
• Technical Data: Browser type, IP address, device information, and access logs
• Agent Data: Agent configurations, policy definitions, and trust scores you create

2. How We Use Your Information

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Process transactions and send billing-related communications
• Send service updates, security alerts, and support messages
• Monitor usage for capacity planning and abuse prevention
• Comply with legal obligations

3. Data Security

We implement industry-standard security measures including:

• Quantum-safe cryptographic protocols for data in transit
• Encryption at rest for all stored data
• Regular security audits and penetration testing
• Role-based access controls for internal systems
• Session management with secure, httpOnly cookies

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Email delivery (Resend), analytics, and infrastructure providers
• OAuth Providers: Google and GitHub for authentication (only authentication tokens, not your ATP data)
• Legal Requirements: When required by law or to protect our rights

5. Cookies

We use essential cookies for authentication session management (better-auth.session_token) and theme preferences (atp-ui-theme). We do not use third-party tracking cookies.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your data in a portable format
• Withdraw consent for optional data processing

7. Data Retention

We retain account data for the duration of your account. Usage logs are retained for 90 days. Audit trail data is retained for 1 year. Upon account deletion, personal data is removed within 30 days.

8. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a notice on the Service.

10. Contact

For privacy-related inquiries, contact us at privacy@agenttrustprotocol.com or visit our contact page.