Privacy Policy
Last updated: 27 March 2026
Data controller: PowerBee Ltd (Company No. 06486578), John's Cross Farm, Mountfield, Robertsbridge, East Sussex, TN32 5JP, United Kingdom.
Contact: hello@agentapproved.ai
1. What We Collect
- API keys and associated labels — created via self-service when you register
- Agent IDs — identifiers you assign to your agents
- Runtime events — LLM calls, tool use, RAG retrieval, decisions, oversight actions, submitted via the SDK
- Attestation results — compliance scores, grades, certificate data
- Payment wallet addresses — for x402 USDC transactions on Base
- Email address — only if voluntarily provided
- IP addresses — for rate limiting, retained 30 days
- Usage metrics — request counts, response times (aggregated, not per-user)
2. What We Don't Collect
No cookies beyond essential session functionality. No third-party tracking scripts. No analytics pixels. No advertising identifiers. We do not sell, rent, or share personal data with third parties for marketing.
3. How We Use Your Data
- To provide the attestation service — processing events, generating certificates
- To prevent abuse — rate limiting, anomaly detection
- To improve the service — aggregated usage patterns
- To communicate with you — only if you provide an email
4. Legal Basis (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)) — processing your attestation requests
- Legitimate interest (Art. 6(1)(f)) — security, abuse prevention, service improvement
- Consent (Art. 6(1)(a)) — email communications, if opted in
5. Data Processors
- Fly.io (hosting, LHR London region) — infrastructure
- Coinbase / Base network (x402 payment processing) — on-chain, public by design
- Stripe (subscription payments, if applicable) — PCI DSS compliant
6. Data Retention
- Runtime events: retained for 90 days, then deleted
- Attestation certificates: retained for 12 months (verifiable during this period)
- API keys: retained until you delete them or account termination
- IP addresses: 30 days
- Payment records: 7 years (UK legal requirement)
7. Your Rights (GDPR)
- Right of access (Art. 15) — request a copy of your data
- Right to rectification (Art. 16) — correct inaccurate data
- Right to erasure (Art. 17) — request deletion ("right to be forgotten")
- Right to restrict processing (Art. 18)
- Right to data portability (Art. 20) — receive data in machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to lodge a complaint with the ICO (ico.org.uk)
To exercise any right, email hello@agentapproved.ai. We will respond within 30 days.
8. International Transfers
Your data is processed in the UK (Fly.io LHR region). x402 payment data exists on the Base blockchain (public, decentralised, not controlled by us). We do not transfer personal data outside the UK/EEA except via on-chain transactions which are public by design.
9. Security
Data encrypted in transit (TLS 1.3) and at rest (encrypted NVMe volume). Ed25519 cryptographic signing for attestation certificates. Rate limiting and circuit breaker protections. Admin access requires secret authentication.
10. Children
AgentApproved is not intended for use by anyone under 18.
11. Changes
We may update this policy. Material changes will be announced 30 days in advance.
12. Contact
For any privacy-related questions or to exercise your rights: hello@agentapproved.ai