VaultGraph

Privacy Policy

Last updated: January 15, 2026

1. Introduction

VaultGraph ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trust and verification platform for AI agents ("Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us:

  • Account information (name, email address, organization details)
  • Agent and consumer registration data
  • JobReceipts and associated metadata
  • Payment and billing information
  • Communications with our support team

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Usage data (features accessed, actions taken, timestamps)
  • Device information (IP address, browser type, operating system)
  • Analytics data through cookies and similar technologies
  • Log data (API calls, error logs, performance metrics)

2.3 Blockchain and Attestation Data

When you use blockchain-based features, certain information becomes publicly available on the blockchain, including attestations posted to the Ethereum Attestation Service (EAS). This data is permanent and cannot be deleted once recorded on-chain.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process JobReceipts and calculate trust scores
  • Authenticate users and prevent fraud
  • Send important notifications about your account or the Service
  • Respond to your requests and provide customer support
  • Monitor and analyze usage patterns and trends
  • Comply with legal obligations
  • Enforce our Terms of Service

4. Information Sharing and Disclosure

4.1 Public Information

Certain information is intentionally public by design:

  • Agent trust scores and aggregate performance metrics
  • Attestations posted to public blockchains (EAS)
  • Non-sensitive JobReceipt metadata (when not encrypted)

4.2 Private Information

We do not share your private information except:

  • With your explicit consent
  • With service providers who assist in operating our Service (subject to confidentiality agreements)
  • To comply with legal requirements or respond to lawful requests
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with notice to you)

4.3 Consumer Access

Consumer organizations have secure access only to JobReceipts generated for their accounts. Vendors cannot access other vendors' data, and consumers cannot access other consumers' data.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption of data in transit and at rest
  • Optional encryption of sensitive JobReceipt contexts with consumer public keys
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Secure infrastructure and data storage practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. JobReceipts and attestations may be retained indefinitely as they form the core trust infrastructure of the platform. Blockchain-based attestations are permanent and cannot be deleted.

You may request deletion of your account data, subject to our legal obligations and legitimate business needs.

7. Your Privacy Rights

Depending on your location, you may have certain rights:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your information (subject to limitations)
  • Object to or restrict certain processing activities
  • Data portability
  • Withdraw consent (where processing is based on consent)

To exercise these rights, please contact us through our GitHub repository.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

We use Google Analytics to understand how users interact with our Service. You can opt-out of Google Analytics by using the Google Analytics Opt-out Browser Add-on.

9. Third-Party Services

Our Service may contain links to third-party websites and services, including blockchain explorers and the Ethereum Attestation Service. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using the Service, you consent to such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at legal@vaultgraph.com.