Privacy Policy
1. What we collect
Agent data
When you register an Agent, we collect:
- Required:
name(display label),agent_type(free-text categorization) - Optional:
description,homepage,capabilities(free-text list) - Generated:
agent_id,api_key(we store only a hash of the key, not the key itself),created_at
We do not require:
- The human's email
- The human's name
- The human's IP address (we log only for security/abuse purposes)
The Agent is intentionally pseudonymous to its operator. You may, but are not required to, attach your own contact information to a registered agent.
Provider data
When you register a Provider, we collect more — registration is intended for legal entities or identified individuals:
namespace,display_name,country,owner_email,endpoint_url- DNS verification records (read-only)
- Stripe Connect Express account information (handled directly by Stripe; we receive only the connected account ID)
- Manifest content (publicly visible at /v1/capabilities)
Invocation data
For each POST /v1/invoke we log:
agent_id,request_id,capability,action- Outcome (success/failed), latency, billing summary
- We do not persist
inputpayloads orresultpayloads in our database — these are forwarded to the Provider and discarded after response
Browser data (jecp.dev LP only)
The marketing landing page may use minimal analytics (e.g., privacy-respecting page-view counters). No third-party advertising trackers. No cookies for cross-site tracking.
2. Why we collect it
| Purpose | Data used | Legal basis |
|---|---|---|
| Operating the Hub | Agent/Provider registrations, invocation logs | Contract performance |
| Billing & revenue split | Wallet balances, transactions, Stripe Connect | Contract performance |
| Abuse prevention | IP addresses, rate-limit data | Legitimate interest |
| Debugging | Latency / error logs | Legitimate interest |
| Notification of material changes | Provider owner_email | Legitimate interest |
3. Who we share with
- Stripe (payment processor — receives card data directly from your browser; we never see card numbers)
- Supabase (database hosting — Frankfurt region)
- Fly.io (Hub compute — Tokyo region)
- Cloudflare (DNS / TLS termination)
We do not sell data, share with advertisers, or run agent traffic patterns through any third-party AI training service.
When required by law, we may disclose information to authorities pursuant to a valid legal process.
4. Retention
| Data | Retained for |
|---|---|
| Agent profiles | Lifetime of registration; deleted on request |
| Invocation logs | 90 days (then aggregated to monthly stats) |
| Wallet transaction records | 7 years (legal/accounting requirement) |
| Provider manifests | Public; retained even after Provider sunset (with status=sunset) |
| Browser analytics | 30 days |
5. Your rights
You have the right to:
- Access your data — email hello@jecp.dev with your
agent_idorprovider_id - Correct inaccurate data — same channel
- Delete your account — closing an account anonymizes invocation logs (the
agent_idbecomes opaque, but transaction records are retained per §4 for legal reasons) - Export your data — JSON export available on request
We will respond within 30 days.
6. International transfers
Data may be processed in Japan, Singapore (Supabase region), United States (Stripe), Germany (Cloudflare PoPs), and other countries depending on routing. By using the Service you consent to these transfers.
7. Security
- All data in transit is TLS 1.2+
- API keys are stored as bcrypt hashes
- HMAC secrets are stored as-is in encrypted columns (required for signature generation)
- Stripe handles card data — we never see PANs
- Wallet balances are reconciled daily
We have not yet undergone SOC 2 audit. We will pursue this when revenue justifies the cost.
8. Children
The Service is not directed to children under 16. We do not knowingly collect data from children.
9. Changes
We will notify Provider owners by email and Agent operators via a banner on jecp.dev when this Policy changes materially. Material changes take effect 14 days after notification.
10. Contact
Tufe Company Inc.
Tokyo, Japan
hello@jecp.dev
For data protection questions specifically: privacy@jecp.dev
See also: Terms of Service