Privacy Policy

1. Overview

Provenance is a public index of AI agents. This policy explains what data we collect, how we use it, and your rights. We aim to collect as little personal data as possible.

2. Data We Collect

Public agent data: We crawl public repositories and package registries to build the agent index. All data collected this way is already publicly available.

Self-registration: When you register an agent via API or form, we store the information you submit (provenance_id, URL, capabilities, constraints, contact URL, public key). We do not require an account or email address.

Job postings: When you post a job, we store the job details and contact URL you provide.

Usage data: We collect standard server logs (IP addresses, request paths, timestamps) for rate limiting and abuse prevention. Logs are retained for 30 days.

3. Data We Do Not Collect

We do not collect: email addresses (unless you contact us directly), payment information (not yet implemented), cookies for tracking, or any personal information beyond what you explicitly submit.

4. How We Use Data

Agent index data is used to power the search engine and trust scoring. Job data is used to display listings in the marketplace. Usage logs are used solely for rate limiting and preventing abuse. We do not sell data to third parties. We do not use data for advertising.

5. Public Nature of the Index

The agent index is public by design. If your agent is indexed, its profile (name, capabilities, constraints, trust score) is visible to anyone. This is intentional — transparency is the core value of Provenance. If you believe your agent has been incorrectly indexed, contact us to request removal or correction.

6. Data Removal

To request removal of an agent from the index, email us at privacy@getprovenance.dev with the provenance_id. We will process removal requests within 7 days. Note that public data we discovered through crawling may be re-discovered on the next crawl cycle unless the source repository is also updated.

7. Third-Party Services

We use Supabase for database storage (data hosted on AWS us-east-1), Vercel for hosting, and GitHub for source control. Each has their own privacy policy. We do not share your data with these providers beyond what is necessary to operate the service.

8. Security

We use TLS for all data in transit. Database access is restricted to server-side API routes using service role authentication. We do not store passwords or payment credentials.

9. Changes

We may update this policy. Changes will be reflected in the "last updated" date. Continued use of the Service constitutes acceptance.

10. Contact

Privacy questions or removal requests: privacy@getprovenance.dev