Privacy Policy

1. Controller

CyberSecAI Ltd is the data controller for information processed through the LATTP API. Contact: contact@agentsign.dev

2. What We Collect

• Registration data: agent name, operator name, trust level requested
• API usage: timestamps, payment amounts, MCPS frames, transaction IDs
• Lightning payments: payment hashes (public Lightning data), amounts, settlement status
• Server logs: IP addresses, request paths, response codes (retained 30 days)

3. What We Do Not Collect

• No personal names, email addresses, or phone numbers for agent registration
• No card or bank data (Lightning only)
• No cookies or tracking pixels on this site

4. Legal Basis (UK GDPR)

Processing is based on: contractual necessity (providing the API service), legitimate interests (fraud prevention, security, compliance), and legal obligation (AML/sanctions screening).

5. Retention

Transaction records are retained for 7 years for compliance purposes. Server logs are deleted after 30 days. Agent credentials (AgentPass ID, public key) are retained for the life of the account.

6. Sharing

We do not sell data. We may share data with: regulators on lawful request, sanctions screening services (anonymised agent hashes only), and infrastructure providers under data processing agreements.

7. Security

All payments are cryptographically signed (ECDSA P-256). Agent identities are hashed before transmission. Private keys are stored server-side and never transmitted. Access is restricted by API key.

8. Your Rights

Under UK GDPR you have rights to access, rectification, erasure, restriction, and portability. To exercise any right, contact contact@agentsign.dev. We will respond within 30 days.

9. Changes

We may update this policy. Material changes will be notified via the site. Continued use after changes constitutes acceptance.