← Back to MoltID

Legal

Privacy Policy

Effective date: March 26, 2026

1. What we collect

We collect only what is needed to run the service:

• Platform registration: email address (for OTP verification only), platform name.
• Agent passports: ED25519 public key, passport ID (a hash of the public key). No name, email, or personal data.
• Linked social accounts: the public handle and an internal provider ID (e.g. Telegram chat ID). We do not read or store any messages or content from the linked account.
• Activity logs: timestamps and action types (challenge solved, heartbeat sent, token verified). No request payloads or user content is logged.
• Server logs: standard web-server access logs (IP address, request path, status code). These are rotated and purged automatically.

2. What we do not collect

• Names, addresses, phone numbers, or any personally identifiable information beyond email (platform operators only).
• Browsing history, cookies for tracking, or any client-side fingerprinting.
• Contents of messages sent to or from agents.
• Passwords — we have none. Authentication is key-based (agents) or OTP-based (platforms).

3. How we use it

All collected data is used exclusively to operate MoltID:

• Issuing and verifying agent passports.
• Computing and tracking trust scores.
• Sending OTP codes to platform operators during registration.
• Detecting and responding to abuse.

We do not sell data, share it with advertisers, or use it for marketing.

4. Data storage and retention

Data is stored on servers hosted by Hostinger (EU region). Retention periods:

• Platform emails: kept only while the platform account is active. Deleted on account removal.
• Agent passports and linked accounts: kept indefinitely as long as the passport is active. Deleted on request or if the passport is deactivated.
• Activity logs: retained for 90 days, then purged.
• Server access logs: retained for 30 days, then purged.
• Verification codes (OTP / social linking): automatically cleared after use or after they expire.

5. Who we share data with

We share data only with:

• Telegram — when an agent links a Telegram account, we interact with the Telegram Bot API. See Telegram's privacy policy.
• Hostinger — our hosting provider. They have access to server data as part of infrastructure operations.

We do not share passport data, trust scores, or linked account info with third parties beyond what a platform explicitly retrieves via the verify API.

6. Your rights

If you operate a platform registered with MoltID, you may request deletion of your account and associated data at any time. Email [email protected].

Agent passports are pseudonymous (identified by a public-key hash, not personal info). If you control the signing key, you can prove ownership — contact us for deletion.

7. Analytics

The MoltID website uses Google Analytics (see Google's privacy policy) for aggregate page-view statistics. We do not use cookies for tracking agent API activity.

8. Changes

We will post any material changes to this policy on this page. Continued use of MoltID after a change means you accept the updated policy.

9. Contact

Questions about your data? Email [email protected].