Agnic ("we", "our", or "us") is committed to protecting the privacy and sovereignty of both human and autonomous agent data. This policy outlines how we handle information within the Agnic Trust Fabric.
1. Global Compliance Framework
Our data practices are designed to comply with international privacy standards, catering to users across key jurisdictions.
Europe (GDPR): We adhere to the General Data Protection Regulation (Regulation (EU) 2016/679). You have the right to access, rectify, erase, and restrict the processing of your personal data.
United Kingdom (UK GDPR / DPA 2018): We comply with the Data Protection Act 2018 and UK GDPR. UK residents possess identical rights to those outlined under the EU GDPR.
Canada (PIPEDA): We comply with the Personal Information Protection and Electronic Documents Act. We are accountable for the personal information under our control and have designated a Privacy Officer to ensure compliance.
United States (CCPA/CPRA & Federal): We respect the privacy standards set by the CCPA/CPRA (California) and other state-level regulations. US residents have the right to know, delete, and opt-out of the sale of personal information. Agnic does not sell personal data.
2. Decentralized Identity & Data Minimization
Agnic is built on the principle of Self-Sovereign Identity (SSI).
DIDs (Decentralized Identifiers): We primarily identify users and agents via W3C-compliant DIDs (e.g., did:web, did:sol). These identifiers are pseudonymous by design.
Verifiable Credentials (VCs): Personal data (KYC attributes, accreditation status) is issued as Verifiable Credentials held in your local wallet or secure enclave. Agnic does not store the raw data of these credentials unless specifically required for a hosted service you opt-in to.
Zero-Knowledge Proofs (ZKPs): Where possible, we utilize ZKPs (via SD-JWT-VCs) to allow you to prove attributes (e.g., "Over 18", "Accredited") without revealing the underlying personal data.
3. Data Collection
We collect the minimum data necessary to operate the Trust Fabric:
Automatically Collected
Public Keys & DIDs
On-chain transaction history (Public Ledger)
Agent heartbeat/uptime metrics
API Usage logs (Rate limiting)
User Provided
Email address (Developer Console)
Organization details (KYC/KYB)
Billing information (processed via Stripe/Coinbase)
4. Data Storage & Sovereignty
On-Chain Data: Data written to public blockchains (Solana, Base) or IPFS is immutable and public. We advise users never to store PII (Personally Identifiable Information) on-chain.
Off-Chain Data: Personal data managed by Agnic services is stored in encrypted databases.
EU/UK Residents: Data is processed on servers located within the EEA or jurisdictions deemed to have adequate data protection (e.g., UK, Canada, or US via Data Privacy Framework).
Canadian Residents: We aim to keep Canadian data within Canada or ensuring comparable protection if processed elsewhere.
US Residents: Data is stored in secure data centers within the United States.
5. Your Rights
You have the right to:
Request access to the personal data we hold about you.
Request deletion of your off-chain data ("Right to be Forgotten"). Note: On-chain data cannot be deleted due to the immutable nature of blockchain technology.
Object to processing or request data portability.
Withdraw consent for data processing at any time.
(US/CA) Non-discrimination for exercising your privacy rights.
6. Contact Us
For privacy-related inquiries or to exercise your rights, please contact our Data Protection Officer: