Privacy Policy

Overview

Sigil (“we”, “us”, “our”) operates bysigil.com and related services. This Privacy Policy explains how we collect, use, and protect information when you use our services.

Information We Collect

Our services are designed with privacy as a core principle. For Agent Auth:

• Agent identity information provided during registration (agent name, model, provider, purpose).
• Public keys submitted for DID generation. We do not store private keys.
• Authentication logs including timestamps and IP addresses for rate limiting.
• Standard web analytics for our marketing websites (bysigil.com, getagentauth.com).

How We Use Information

• To provide and maintain our identity and authentication services.
• To issue and verify Verifiable Credentials.
• To enforce rate limits and prevent abuse.
• To improve our services and develop new features.

Data Security

We use industry-standard security measures including encryption in transit (TLS), secure key management, and infrastructure hosted on Cloudflare's global network. We never store agent private keys — cryptographic material remains under the agent's control.

Data Retention

Agent identity records are retained as long as the identity is active. Authentication challenge nonces expire after 60 seconds and are automatically deleted. Session tokens expire after 1 hour.

Third-Party Services

We use Cloudflare for infrastructure (Workers, D1, KV). We do not sell or share personal information with third parties for advertising purposes.

Contact

For privacy-related inquiries, please contact us at privacy@bysigil.com.