Privacy Policy¶
Effective Date: March 24, 2026 Last Updated: March 24, 2026
1. What We Collect¶
When you use Identity OS, we collect:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account management, billing | Until account deletion |
| API key metadata | Authentication, rate limiting | Until account deletion |
| Observation data | Processing behavioral signals | Until instance deletion |
| Engine state snapshots | Drift detection, analytics | Until instance deletion |
| Usage metrics | Billing, analytics dashboard | 12 months |
2. What We Do NOT Collect¶
- We do not collect the content of your agent's conversations
- We do not collect end-user personal data from your applications
- We do not collect browser fingerprints, IP addresses, or tracking cookies on our docs site
3. How We Use Your Data¶
- To provide the Service — Processing observations, maintaining state, returning contracts
- To bill you — Tracking cycle usage against your subscription tier
- To improve the Service — Aggregated, anonymized usage patterns (never individual data)
- To communicate — Service updates, security notices, billing issues
4. Data Sharing¶
We do not sell your data. We share data only with:
| Third Party | Purpose | Data Shared |
|---|---|---|
| LemonSqueezy | Payment processing | Email, subscription status |
| Hosting provider | Infrastructure | Encrypted data at rest |
5. Data Security¶
- All API communication requires HTTPS
- API keys are hashed (bcrypt) before storage
- Database access is restricted to the application layer
- Rate limiting prevents abuse
6. Your Rights¶
Under GDPR (applicable as we operate from the Netherlands), you have the right to:
- Access your data
- Export your data (via API endpoints)
- Delete your data (delete your instances and account)
- Object to processing
To exercise these rights, contact: xiocasso@outlook.com
7. Data Retention¶
- Active account data: retained while your account is active
- Deleted instances: purged within 30 days
- Billing records: retained for 7 years (Dutch tax law)
- Server logs: retained for 90 days
8. Cookies¶
Our documentation site (GitHub Pages) does not set cookies. If you use our API, authentication is via API key headers, not cookies.
9. Children¶
The Service is not directed to children under 16. We do not knowingly collect data from children.
10. Changes¶
We may update this Privacy Policy. Material changes will be communicated via email. Continued use constitutes acceptance.
11. Contact¶
Data Controller: Identity OS Email: xiocasso@outlook.com Location: Netherlands