Privacy Policy

Last updated: September 24, 2025

1. Introduction

CapiscIO (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent trust infrastructure platform, including our website, CLI tools, and related services.

2. Information We Collect

2.1 Information You Provide

  • Account registration information (email, username)
  • Agent card validation requests and associated metadata
  • Support communications and feedback
  • Professional information for verification purposes

2.2 Automatically Collected Information

  • Usage data and analytics (page views, feature usage)
  • Technical information (IP address, browser type, device information)
  • CLI tool usage statistics (anonymized)
  • API access logs and performance metrics

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our A2A protocol validation services
  • Process agent card validations and compliance checks
  • Improve our platform performance and user experience
  • Send important service updates and security notifications
  • Provide customer support and respond to inquiries
  • Ensure platform security and prevent abuse

4. Information Sharing

We do not sell, trade, or rent your personal information. We may share information in the following limited circumstances:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • With trusted service providers under strict confidentiality agreements
  • In connection with a business transfer (merger, acquisition)

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and monitoring
  • Secure development practices

6. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations. Validation logs are typically retained for 2 years for compliance and debugging purposes.

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your personal information
  • Restrict processing of your information
  • Data portability
  • Opt-out of certain data processing

8. Platform Services (Launching Q1 2026)

📅Effective Date: When Platform Launches (Q1 2026)

The following applies to CapiscIO Platform services (Trust Badge API, Agent Registry, Dashboard, Event Streaming). These services are not yet available. This section will become effective when the platform launches.

Data We Collect (Platform Services)

When you use CapiscIO Platform services, we collect and process:

  • Agent validation requests and results
  • Trust scores and historical trends
  • Endpoint health check results
  • Event streaming data (if enabled)
  • Account information (email, organization name)
  • API usage metrics and patterns

How We Use Platform Data

  • Provide platform services (badges, registry, dashboard)
  • Generate trust scores and trends
  • Send alerts and notifications
  • Improve service reliability and performance
  • Generate aggregate anonymous usage statistics
  • Detect and prevent abuse or security threats

Data Retention (Platform)

  • Validation results: 90 days (free tier), 12 months (paid tiers)
  • Event streams: Real-time only, not stored by default
  • Audit logs: 12 months (enterprise only)
  • Account data: Until account deletion requested
  • Trust scores: Retained as long as agent is registered

Data Sharing (Platform)

We do NOT:

  • Sell your data to third parties
  • Share validation results publicly (unless you opt-in to registry)
  • Use your data for advertising or marketing to others

We may share:

  • Anonymized, aggregated statistics (no individual identification)
  • Data with service providers under strict DPA (hosting, analytics)
  • Information required by law or legal process
  • Data necessary to protect rights, property, or safety

Agent Registry Privacy

  • Opt-in only: You choose to list your agent in the public registry
  • Unlisted validation: You can validate agents without listing them publicly
  • Control visibility: Choose what metadata is public vs. private
  • Remove anytime: Unlist your agent from the registry at any time
  • No tracking: We don't track who views your agent listing

Security (Platform)

  • Encryption at rest: AES-256 for all stored data
  • Encryption in transit: TLS 1.3 for all API communications
  • SOC2 compliance: In progress (target Q2 2026)
  • Regular audits: Third-party security assessments
  • Incident response: 24-hour notification for security breaches

Your Platform Rights

When using platform services, you can:

  • Access your data: API export available for all your data
  • Delete your data: Request complete account and data deletion
  • Opt-out of registry: Remove agents from public listing anytime
  • Request portability: Export data in machine-readable format
  • GDPR rights: Full compliance for EU residents

Contact (Platform Privacy)

Privacy questions: privacy@capisc.io
Data requests: data@capisc.io
Security issues: security@capisc.io

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience. See our Cookie Policy for detailed information about our cookie practices.

10. Third-Party Services

Our platform integrates with third-party services for analytics, hosting, and functionality. These services have their own privacy policies and data practices.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@capisc.io
GitHub: https://github.com/capiscio