What We Collect
We collect minimal information necessary to provide our service securely:
- Email Address: For account management and communication.
- Agent DIDs: Decentralized Identifiers representing your agents.
- Audit Events: Logs of agent actions, constraints evaluated, and policy decisions.
Why We Collect It
We use your data solely for:
- Authentication and access control.
- Security monitoring and abuse prevention.
- Core product functionality and platform improvement.
Data Retention
We believe in aggressive data minimization:
- Audit Events: Retained for 90 days, then permanently deleted.
- Private Keys: Never transmitted to or stored by us. Keys remain on your local machine.
- Email: Retained until a deletion request is processed.
Third Parties
We share data only with infrastructure providers necessary to operate Surcease:
- Supabase: For authentication and database hosting.
- Resend: For transactional email delivery.
- Cloudflare: For secure hosting, edge compute, and DDoS protection.
Your Rights
Under GDPR and CCPA, you have the right to access, export, or delete your personal data. To exercise these rights, please email security@surcease.dev.
Cookies
We use session cookies solely for authentication and a single consent cookie. We do not use third-party tracking, analytics, or advertising cookies.
Changes to Policy
If we make material changes to this policy, we will notify you via the email address associated with your account.