Effective Date: April 25, 2026 · Last Updated: April 25, 2026
SecantX ("we," "us," or "our") operates the SecantX Agent platform. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our credential issuance, protocol payment processing, and agent authorization services (the "Service").
At a glance: We collect only what we need to operate. We do not sell your personal data. We do not share your information with third parties for advertising purposes.
1. Information We Collect
1.1 Information You Provide
Data Type
Examples
Purpose
Wallet Address
Ethereum-compatible public address
Account identity, credential issuance, transaction association
Card IDs (sx_*), token hashes, status changes, freeze/unfreeze events
Credential lifecycle management
Usage Data
IP address, browser type, device information, access timestamps
Security monitoring, service improvement
1.3 Information We Do NOT Collect
Private keys or seed phrases
Government-issued identification
Biometric data
Social media content or contacts
Location data beyond IP-derived country
2. How We Use Your Information
We process your information exclusively for the following purposes:
Service Delivery. To issue credentials, process transactions, enforce spending controls, and maintain your account.
Security. To detect and prevent fraud, unauthorized access, and abuse of the platform.
Compliance. To meet legal and regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements where applicable.
Service Improvement. To analyze aggregate, de-identified usage patterns to improve the reliability, performance, and features of the Service.
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases:
Contractual Necessity. Processing necessary to perform our obligations under the Terms of Service.
Legitimate Interests. Fraud prevention, security monitoring, and service improvement.
Legal Obligation. Compliance with applicable laws and regulations.
Consent. Where explicitly obtained for optional features.
4. Data Sharing
We share personal information only in the following circumstances:
Protocol Endpoints. Transaction data is transmitted to protocol-compatible merchants and payment processors as required to complete authorized transactions (x402, AP2, MPP).
Infrastructure Providers. We use Cloudflare for hosting and edge compute. Data processed through Cloudflare Workers and D1 is subject to Cloudflare's Privacy Policy.
Legal Requirements. We may disclose information in response to valid legal process, court orders, or to protect the rights, property, or safety of SecantX, our users, or others.
We do not sell personal data. We do not share personal data with third parties for advertising, marketing, or profiling purposes.
5. Data Retention
Active Credentials. Data associated with active credentials is retained for the lifetime of the credential plus 90 days.
Transaction Records. Transaction history is retained for 7 years to comply with financial record-keeping regulations.
Account Data. Wallet addresses and authentication data are retained for the lifetime of the account. You may request deletion by contacting us.
Usage Logs. IP addresses and access logs are retained for 90 days, then automatically purged.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
6.1 GDPR Rights (EEA/UK/Switzerland)
Access. Request a copy of the personal data we hold about you.
Rectification. Request correction of inaccurate personal data.
Erasure. Request deletion of your personal data, subject to legal retention requirements.
Portability. Request your data in a structured, machine-readable format.
Objection. Object to processing based on legitimate interests.
Restriction. Request that we restrict processing of your data.
6.2 CCPA/CPRA Rights (California)
Right to Know. Request disclosure of the categories and specific pieces of personal information we collect.
Right to Delete. Request deletion of personal information, subject to exceptions.
Right to Opt-Out. We do not sell personal information. No opt-out is required.
Non-Discrimination. We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, contact privacy@secantx.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
7. Security
We implement industry-standard security measures to protect your data:
All data in transit is encrypted using TLS 1.3.
Data at rest is encrypted using AES-256.
Authentication tokens are hashed and never stored in plaintext.
Credential operations are logged with immutable audit trails.
Infrastructure is deployed on Cloudflare's global edge network with built-in DDoS protection.
While we employ reasonable security practices, no system is completely secure. We cannot guarantee absolute security of your data.
8. International Transfers
Your data may be processed in jurisdictions outside your country of residence, including the United States. When we transfer data internationally, we rely on:
Standard Contractual Clauses (SCCs) approved by the European Commission.
The EU-US Data Privacy Framework, where applicable.
Adequacy decisions by relevant data protection authorities.
9. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will promptly delete it.
10. Cookies and Tracking
We use minimal, functional cookies and local storage:
Theme Preference. Stored locally to remember your light/dark mode choice.
Authentication Session. Required for maintaining your login state.
We do not use third-party analytics, advertising trackers, or behavioral profiling cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service. The "Last Updated" date at the top of this page reflects the most recent revision.
12. Contact
For privacy-related inquiries or to exercise your data rights: