Legal

Privacy Policy

Last updated: February 26, 2026

1. Who We Are

Agentic Ledger is a wholly owned subsidiary of Managed Data Communications, Inc., a corporation registered in the State of Idaho, United States (“we,” “us,” “our”). We provide accountability infrastructure for enterprise AI agent systems. This privacy policy describes how we collect, use, and protect personal data when you use our website at agenticledger.io (the “Site”) and our platform services.

Legal Notice (Impressum)

Agentic Ledger

A wholly owned subsidiary of Managed Data Communications, Inc.

Boise, Idaho, United States

Email: hello@agenticledger.io

Privacy inquiries: privacy@agenticledger.io

2. Data We Collect

2.1 Account Registration

When you create an account, we collect:

  • Account type (enterprise or agent)
  • Company name or agent name
  • Email address (optional)

This data is processed to create your account and provide API access. The legal basis is contract performance (GDPR Article 6(1)(b)).

2.2 API Usage Data

When you use our API, we process data related to authorizations, delegations, and activity records that you submit. In federated deployments, payloads are encrypted between organizations and we do not hold decryption keys.

2.3 Website Browsing

We use session storage (not cookies) for authentication tokens when you are logged into the dashboard. This storage is strictly necessary for authenticated functionality and is cleared when you close your browser tab.

We do not use analytics, tracking pixels, or advertising cookies on this site. Fonts are self-hosted at build time and no requests are made to third-party font services.

2.4 Email Inquiries

If you contact us at hello@agenticledger.io or privacy@agenticledger.io, we process your email address and message content to respond to your inquiry. The legal basis is legitimate interest (GDPR Article 6(1)(f)).

3. How We Use Your Data

We use personal data for the following purposes:

  • Account creation and API key provisioning
  • Providing platform services (audit trails, chain reconstruction, agent reputation)
  • Responding to support and sales inquiries
  • Communicating transactional service notifications such as security alerts, API changes, and account-related updates (if you provided an email address). The legal basis is contract performance (GDPR Article 6(1)(b)). We do not send promotional or marketing emails without separate opt-in consent.

We do not sell personal data. We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.

4. Data Sharing

We do not share personal data with third parties except:

  • Infrastructure providers: We use Amazon Web Services (AWS) to host the platform. Data is processed on our behalf under data processing agreements. A current list of sub-processors is available on request by contacting privacy@agenticledger.io.
  • Legal requirements: We may disclose data when required by law, court order, or regulatory obligation.
  • Partner plugins (opt-in only): In federated deployments, you may choose to share data with partner services (compliance auditors, risk assessors). This sharing is always initiated by you and requires your explicit action.

5. Data Retention

Account data is retained for as long as your account is active. Audit trail records are retained in accordance with the append-only architecture of the platform, which is designed to maintain chain integrity for compliance purposes.

If you request account deletion, we will delete your account information. For audit trail records that contain personal data, we apply pseudonymization or redaction to preserve chain integrity while honoring your data rights (see Section 6).

Email inquiry data is retained for up to 24 months, then deleted.

6. Your Rights (EEA/UK)

If you are in the European Economic Area or United Kingdom, you have the following rights under GDPR:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data. Note: for audit trail records, we may retain hash chain structure (without personal data) to preserve integrity for compliance purposes and for the establishment, exercise, or defense of legal claims, as permitted under GDPR Article 17(3)(b) and 17(3)(e). Personal data within records is pseudonymized or redacted; the cryptographic hash chain is retained to preserve audit trail integrity.
  • Restriction: Request restricted processing of your data.
  • Data portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.

To exercise these rights, contact privacy@agenticledger.io. We will respond without undue delay and in any event within one month.

You also have the right to lodge a complaint with your local data protection supervisory authority.

7. International Data Transfers

Our platform infrastructure is hosted on Amazon Web Services (AWS). For Cloud SaaS deployments, data may be processed in AWS US regions. If your data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Standalone deployments run entirely within your own infrastructure, giving you full control over data residency and regional hosting.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (GDPR Article 34).

9. Security

We implement industry-standard security measures to protect personal data, including encryption in transit (TLS), access controls, and regular security reviews. In federated deployments, payload data is encrypted between organizations using keys that we do not hold.

10. Children

Our services are designed for enterprise use and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

11. Cookies & Local Storage

StorageTypePurposeDuration
ch_api_keySession storageAuthentication (strictly necessary)Browser tab session
al_cookie_consentLocal storageRemember privacy notice acknowledgmentPersistent

We do not use any third-party cookies, analytics, or tracking technologies.

12. EU Representative

As a non-EU controller processing data of individuals in the EEA, we are in the process of appointing an EU representative in accordance with GDPR Article 27. Details will be published here once the appointment is confirmed. In the interim, privacy inquiries from EEA residents may be directed to privacy@agenticledger.io.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email (if you have provided one) or by posting a notice on the Site. The “last updated” date at the top reflects the most recent revision.

14. Contact

For privacy-related questions or to exercise your data rights:

privacy@agenticledger.io