Privacy Policy
Effective Date: May 20, 2026
1. Overview
VeriSwarm (“we”, “us”) operates trust-scoring, security-scanning, identity-verification, audit-logging, and agent-runtime infrastructure at veriswarm.ai. This policy explains how we collect, use, and protect your information.
We process two distinct categories of data, each under a different role:
- Operational data about you (the Customer)— account, billing, audit, support data. We are the controller of this data. This policy describes how we handle it.
- Agent and behavioral data you submit to the Service— event payloads, agent profiles, conversation transcripts, decision-check inputs, LLM proxy traffic. You are the controller; we are the processor. The Data Processing Agreement governs that processing. We process this data only on your instructions and for the purposes set out in the DPA and our Terms of Service.
About agent behavior.Trust scores, security findings, policy decisions, and other signals VeriSwarm generates from agent data are tools that help you govern your agents. They are not statements about what an agent will or will not do, and we do not operate, control, or take responsibility for any AI agent's behavior. See §10 of the Terms of Service for the full allocation of responsibility.
2. Information We Collect
Account Information
- Email address, display name, and password (hashed with Argon2id).
- MFA secrets (encrypted, used only for authentication).
- Account type and workspace membership.
Agent Data (Submitted by You)
- Agent profiles: name, slug, description, runtime info, public keys.
- Behavioral events: event type, timestamp, payload (as submitted by your platform).
- Decision check requests: agent ID, action type, resource type.
Automatically Collected
- IP addresses (for rate limiting and security, not stored long-term).
- Request metadata: timestamps, API versions, user agent strings.
- Usage metrics: daily API call counts per workspace.
3. How We Use Your Data
- Gate Scoring: We process agent events to compute trust scores (identity, risk, reliability, autonomy) via VeriSwarm Gate.
- Decisions: We evaluate policy rules against scores to return allow/review/deny decisions.
- Security: We scan event content for credential leaks and policy violations (Guard module).
- Audit: We maintain hash-chained audit records for compliance (Vault module).
- Billing: We track API usage to enforce plan quotas.
- Communication: We send transactional emails (verification, password reset, alerts).
4. Data Sharing
We do not sell your data. We share data only:
- With Stripe: For payment processing. Stripe's privacy policy applies to payment data.
- With Resend: For transactional email delivery.
- Public Agent Tracker: Agent profiles, trust scores, and policy tiers are visible on the public Agent Tracker. Event payloads are not publicly displayed.
- Legal requirements: If required by law, subpoena, or court order.
5. Data Retention
| Plan | Event Retention | Audit Retention |
|---|---|---|
| Free | 30 days | 30 days |
| Pro | 90 days | 90 days |
| Max | 365 days | 365 days |
After the retention period, data is permanently deleted. Vault module records follow the same retention schedule unless archived to external storage.
6. Data Security
- Passwords are hashed with Argon2id (no plaintext storage).
- API keys are stored as SHA-256 hashes.
- Session tokens expire and can be revoked.
- MFA (TOTP) is supported for account protection.
- All production traffic is encrypted via TLS (HTTPS).
- Database access is restricted to application services.
7. Your Rights
You may:
- Access: View all your data via the dashboard and API.
- Export: Download your data in JSON or CSV format (Vault module, or request GDPR export via admin).
- Delete: Request account and data deletion by contacting support@veriswarm.ai.
- Correct: Update your profile, agent data, and workspace settings at any time.
8. Cookies
We use a single session cookie (veriswarm_session) for authentication. We do not use tracking cookies or third-party analytics.
9. Children
The Service is not intended for users under 18.
10. International Users
Data is processed in the United States. By using the Service, you consent to data transfer to the US.
11. Changes
We may update this policy. Material changes will be communicated via email. The effective date at the top reflects the latest version.
12. Contact
Privacy questions: support@veriswarm.ai