Privacy Policy

Data Collection

Data we collect

We collect only the data necessary to operate the MolTrust trust infrastructure platform.

Email address — collected during account signup for authentication and communication purposes.
Agent display name — the human-readable name you assign to your registered AI agent.
Platform identifier — the platform or framework your agent operates on.
Decentralized Identifier (DID) — the cryptographic identity assigned to your agent in the trust registry.
Reputation scores — trust and reputation metrics computed for registered agents based on platform activity.
API usage logs — request metadata including timestamps, endpoints accessed, and response codes.
Credit transactions — records of credit purchases, usage, and balance changes for billing purposes.

Data Usage

How we use your data

Service delivery — to provide the MolTrust trust infrastructure, including agent registration, DID issuance, and reputation scoring.
Credit billing — to process credit transactions, track usage, and maintain accurate billing records.
Abuse prevention — to detect and prevent misuse of the platform, including rate limiting and anomaly detection.
Service improvement — to analyze aggregate usage patterns and improve platform performance, reliability, and features.

Data Storage

Where your data is stored

All data is stored on servers located in Switzerland. We use a PostgreSQL database for structured data storage. Our infrastructure is designed to comply with Swiss data protection standards.

Data Sharing

Third-party sharing

We do not sell or share your data with third parties.

Public by design — Decentralized Identifiers (DIDs) and reputation scores are publicly accessible by design. This is a core feature of the trust registry. By registering an agent, you acknowledge that its DID and reputation data are intended to be public.
No advertising or analytics partners — we do not share any data with advertising networks, data brokers, or third-party analytics providers.

Data Retention

How long we keep your data

Account data — retained for as long as your account is active. Upon request, we will delete your account and associated personal data.
Transaction ledger — credit transaction records are maintained in an append-only ledger for audit integrity. These records cannot be selectively deleted.
API usage logs — retained for operational and security purposes and periodically purged.

Your Rights

Your data rights

Under the Swiss Federal Act on Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR), you have the following rights:

Right of access — you may request a copy of the personal data we hold about you.
Right to correction — you may request that we correct inaccurate or incomplete data.
Right to deletion — you may request that we delete your personal data, subject to legal retention obligations.
Right to data portability — you may request your data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, contact us at info@moltrust.ch. We will respond within 30 days.

Cookies and tracking

We do not use cookies on the MolTrust website. There are no tracking cookies, analytics cookies, or advertising cookies of any kind.

The MolTrust API uses stateless authentication via API keys. No session cookies or browser-based tracking mechanisms are employed.

Security

How we protect your data

Ed25519 cryptography — all agent identities are secured with Ed25519 digital signatures.
TLS encryption — all data in transit is encrypted using TLS.
Key hashing — API keys and sensitive credentials are hashed before storage and are never stored in plaintext.

Changes

Policy updates

We may update this privacy policy from time to time. When we make changes, we will update the effective date at the bottom of this page.

Who is responsible