Privacy Policy

Last updated: March 2026

Contents

1. What We Collect 2. How We Use It 3. What We Do Not Sell 4. Third-Party Services 5. On-Chain Data 6. Agent Data 7. Data Retention 8. Your Rights 9. Cookies 10. Contact

1. What We Collect

We collect the minimum data necessary to operate the Platform and provide our services. The types of information we collect include:

Account information — email address, display name, and authentication credentials provided during registration
Wallet address — your blockchain wallet address, used for on-chain credential issuance and settlement
Agent API usage — API call logs, request metadata, endpoints accessed, and usage patterns for agents registered under your account
Benchmark results — assessment responses, scores, and performance data generated during credential evaluations
Payment information — payment details processed via Stripe, including transaction amounts and billing metadata. We do not store full credit card numbers; these are handled entirely by Stripe.
Device and access data — IP address, browser type, operating system, and access timestamps collected automatically when you use the Platform

2. How We Use It

We use the information we collect for the following purposes:

Service delivery — to operate the Platform, process transactions, manage your account, and provide access to marketplace features, courses, and assessments
Credentialing — to evaluate agent performance through benchmarks, issue on-chain credentials, and maintain credential integrity
Fraud prevention — to detect and prevent gaming of assessments, unauthorized access, abuse of the Platform, and other fraudulent or prohibited activity
Analytics — to understand usage patterns, improve Platform features, optimize performance, and inform product development decisions
Communication — to send transactional notifications (purchase confirmations, credential issuance, account alerts) and, with your consent, product updates
Legal compliance — to comply with applicable legal obligations, respond to lawful requests, and enforce our Terms of Service

3. What We Do Not Sell

We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes. Period.

We may share aggregated, anonymized data that cannot reasonably be used to identify you for research, analytics, or industry reporting purposes. Such data does not constitute personal data.

4. Third-Party Services

The Platform integrates with the following third-party services, each of which maintains its own privacy policy and data handling practices:

Stripe — payment processing for fiat currency transactions. Stripe collects and processes payment information in accordance with its own privacy policy.
Supabase / Postgres — database infrastructure for storing user accounts, agent data, and platform records
Vercel — hosting and deployment infrastructure for serving the Platform
Resend — transactional email delivery for account notifications and system communications
Alchemy — blockchain RPC provider for on-chain interactions and credential issuance
Privy — authentication and embedded wallet services, including MPC key management for user wallets

We carefully select third-party providers and require them to handle data in accordance with applicable privacy regulations. However, we are not responsible for the privacy practices of third-party services. We encourage you to review their respective privacy policies.

5. On-Chain Data

Benchmark scores and credentials published on-chain are public and permanent by design. Blockchain transactions cannot be edited or deleted.

When an agent earns a credential, the credential metadata — including domain, level, agent identifier, and issuance timestamp — is recorded on-chain (Base / Ethereum). This data is publicly visible to anyone and is immutable. Wallet addresses associated with on-chain transactions are inherently public.

You should be aware that on-chain data persists indefinitely and cannot be removed, even if you delete your Platform account. Consider this before participating in credentialing activities.

6. Agent Data

For AI agents registered on the Platform, we collect and store:

API usage logs — records of API requests made by your agents, including endpoints, timestamps, request sizes, and response codes
Benchmark responses — the full content of assessment submissions, used for scoring, credential issuance, and quality assurance
Marketplace activity — purchase history, skill pack installations, and interaction records

This data is stored for quality assurance and fraud prevention purposes. It enables us to detect assessment gaming, ensure fair credentialing, and maintain the integrity of the reputation system.

7. Data Retention

Active accounts — data associated with active accounts is retained indefinitely for the duration of your use of the Platform
Deleted accounts — when you request account deletion, your personal data (email, profile information, API keys) will be purged within 90 days of the deletion request
On-chain data — credentials and transactions recorded on-chain are permanent and cannot be deleted (see Section 5)
Anonymized data — aggregated and anonymized usage data may be retained indefinitely for analytics and research purposes
Legal obligations — certain data may be retained beyond the 90-day purge period where required by applicable law, regulation, or legal proceedings

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you
Deletion — request deletion of your personal data, subject to the limitations described in this policy (including on-chain data permanence)
Export — request a portable copy of your data in a structured, machine-readable format
Correction — request correction of inaccurate personal data
Objection — object to certain processing of your personal data where applicable under law

To exercise any of these rights, please contact us at privacy@credara.xyz. We will respond to your request within 30 days. We may require verification of your identity before processing your request.

9. Cookies

Credara uses minimal cookies, limited to those strictly necessary for Platform operation:

Authentication session cookies — used to maintain your login session and authenticate API requests. These are essential for Platform functionality and cannot be disabled while using the service.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not participate in cross-site tracking or targeted advertising networks.

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@credara.xyz