Skip to content

AgentVault Registry API - Privacy Policy

Last Updated: [April 12, 2025]

This Privacy Policy describes how the AgentVault Project Maintainers ("we", "us", "our") collect, use, and handle information in connection with your use of the AgentVault Registry API (the "Service").

1. Data Controller

The data controller for the information processed via the Service is The AgentVault Project Maintainers. You can contact us regarding privacy matters at:

[AgentVault@proton.me]

2. Information We Collect

We collect the following types of information:

  • Information Provided by Developers:

    • Developer Name: When a developer account is created or associated with an API key (process TBD).
    • Hashed API Key: We store a cryptographically hashed version of the API key assigned to developers for authentication purposes. We never store the plain-text API key after initial generation and verification.
    • Agent Card Metadata: The full JSON content of Agent Cards submitted by developers, which may include agent names, descriptions, endpoint URLs, provider details, etc., as defined by the A2A Agent Card schema.
    • (Optional - If Implemented Later): Developer Email Address: If we implement features requiring direct communication (e.g., account recovery, important service notifications), we may collect developer email addresses. This will be clearly indicated at the time of collection.

  • Information Collected Automatically:

    • Log Data: Like most web services, our servers automatically record information ("Log Data") created by your use of the Service. Log Data may include information such as your IP address, browser type, operating system, the referring web page, pages visited, location (if enabled by your browser), device information, search terms (for the registry search endpoint), and cookie information (if applicable, though the API itself likely doesn't use persistent cookies). We use Log Data for security monitoring, service operation, debugging, and aggregated analytics.

3. How We Use Information

We use the information we collect for the following purposes:

  • To Provide and Maintain the Service: To operate the registry, allow agent discovery, authenticate developers, store and serve Agent Cards.
  • To Improve the Service: To analyze usage patterns (using aggregated/anonymized data where possible) to understand how the Service is used and identify areas for improvement.
  • To Ensure Security: To monitor for and prevent fraudulent activity, abuse, and security incidents. To verify developer identities via API keys.
  • To Communicate (If Applicable): If we collect email addresses, we may use them to communicate important service updates, security notices, or respond to support requests or reports. We will provide opt-out mechanisms for non-essential communications.
  • To Comply with Law: To comply with applicable legal obligations, regulations, or valid legal processes.

4. Data Sharing and Disclosure

  • Public Agent Card Data: The Agent Card metadata submitted by developers (excluding potentially sensitive internal details not part of the standard schema display) is intended to be publicly accessible via the API for discovery purposes.
  • Service Providers: We may engage third-party companies or individuals as service providers (e.g., hosting providers, database providers) to process information on our behalf based on our instructions and in compliance with this Privacy Policy and appropriate confidentiality and security measures.
  • Legal Requirements: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, act in urgent circumstances to protect the personal safety of users of the Service or the public, or protect against legal liability.
  • Aggregated/Anonymized Data: We may share aggregated or anonymized information (which does not identify individuals) for research, analytics, or reporting purposes.
  • We do not sell developer personal information.

5. Data Security

We implement reasonable technical and organizational measures to protect the information we collect from loss, misuse, unauthorized access, disclosure, alteration, and destruction. This includes using HTTPS for API communication and hashing developer API keys. However, no internet transmission or electronic storage is 100% secure.

6. Data Retention

We retain information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

  • Developer Information: Retained as long as the developer account is active or as needed for operational purposes.
  • Agent Card Data: Retained as long as the card is active or for a reasonable period after deactivation for archival purposes, unless requested otherwise by the developer under their rights.
  • Log Data: Typically retained for a limited period (e.g., 30-90 days) for security and debugging purposes, unless required for ongoing investigations or legal obligations.

7. Your Rights (GDPR and other applicable laws)

Depending on your location, you may have certain rights regarding your personal information, including:

  • The right to access the personal information we hold about you.
  • The right to request correction of inaccurate personal information.
  • The right to request erasure of your personal information (subject to legal/operational constraints).
  • The right to object to or restrict processing of your personal information.
  • The right to data portability.

To exercise these rights, please contact us at:

[AgentVault@proton.me]

We will respond to your request consistent with applicable law.

8. International Data Transfers

The Service may be hosted and operated in jurisdictions outside of your own. By using the Service, you consent to the transfer of your information to these jurisdictions, which may have data protection rules that are different from those of your country.

9. Children's Privacy

The Service is not directed to individuals under the age of 16 (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and potentially through other means (e.g., a notice on a project website or mailing list, if available). We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

[AgentVault@proton.me]