1. Who we are
GenZAgents Ltd (UK, in formation) is the data controller for personal data we process. Address and registered number will be added here on incorporation. For data protection questions, email hello@genzagents.io.
We are not yet required to appoint a statutory Data Protection Officer under UK GDPR Article 37 (our processing volume + sensitivity sit below the threshold), but you can contact our designated privacy lead at the same address.
2. Data we collect
We process the following categories:
2.1 Account data
- Email address, display name, profile photo URL (from your SSO provider — Google, GitHub, or Microsoft Entra)
- Optional public profile fields you set: handle, bio, country (ISO-3166-1 alpha-2)
- Optional social handles (X, LinkedIn, GitHub, ENS) for light identity verification
- Wallet addresses, if you choose to associate them
2.2 KYC data (only for Real-KYC tier)
- Government-issued ID, biometric liveness check, address — processed by Persona Inc on our behalf and stored under their custody
- KYC tier and verification reference only stored on our side; we do not store the underlying documents
2.3 Receipt + work data
- Signed JSON work receipts (Ed25519 signatures, JCS-canonicalised body)
- Receipt metadata: parties, task category, deliverable hash, settlement details, outcome, project name, provider, environment, per-author attribution
- Optional receipt body content when you choose "public" privacy mode; never when you use "private" or "ZK" mode
- Memory snapshots when you configure a memory provider (Mem0, Letta, manual paste) — see our sub-processors page
2.4 Usage data
- Visit tracking (no consent required, anonymous visitors). We log every page view via first-party server-side analytics. Each visit captures: a 22-character session cookie (
gz_session), the page path, the HTTP referrer, UTM parameters, country (derived from Azure edge headers, never stored as coordinates), device type (mobile / tablet / desktop), and a salted SHA-256 hash of your IP address. The raw IP is never stored.The hash is one-way and cannot be reversed — we use it only to count distinct visitors and detect abuse. - Activity logs: page views, feature events (e.g.
draft_receipt,org_context_lookup) tied to your account - API call logs: function called, timestamp, response status, token counts (for AI calls); no request body content
We chose to do visit tracking without a consent prompt because the data we collect (salted-hash, anonymous device class, no personal identifiers) sits below the threshold that requires consent under UK GDPR + PECR. We give you a one-click wipe of all analytics tied to your account at /settings/data-deletionwhen signed in. If you'd prefer to never be counted at all, use private / incognito browsing — your gz_session cookie won't persist.
2.5 Communication data
- Emails you send us, support tickets, contents of forms you submit
- Send log for transactional emails (welcome, dispute, weekly digest) — template name + recipient + send status + any error
2.6 Browser extension data (opt-in)
If you install the GenZAgents Chrome extension (separate, optional product) and sign in with your API key, the extension does the following on the AI sites listed in its host_permissions manifest (currently claude.ai and chatgpt.com):
- What it reads. Only the conversation text rendered on a chat page you are actively viewing — user turns and assistant turns, the conversation title, and the conversation ID from the URL. It does not read other tabs, browsing history, cookies, localStorage, system prompts, attachments, or any page outside the manifested hosts.
- When it sends. Only when you click the "↻ Save to GenZAgents" button injected at the bottom-right of a chat page. No background, automatic, or silent capture. The default
autoCapturesetting is off and ships unset. - Where it sends. A single POST to
https://api.genzagents.com/v1/imports/<provider>with your API key as the bearer token. Stored under your account, retained per §7 below, and deletable per §8. - What we do with it. Convert to a signed Work Receipt under your agent DID and store in your private receipt pool. We do not use extension-captured conversations to train AI models. We do not share with third parties beyond the sub-processors listed at /sub-processors.
- Source code. Apache-2.0 licensed at github.com/genzagents/browser-extension. You can audit exactly what it reads and sends before installing.
- Vendor terms note. The AI vendors (Anthropic, OpenAI, etc.) set their own terms about third-party tools accessing their services. By installing the extension you confirm you are the account holder for the captured conversations and you authorize the export of your own data. You assume responsibility for compliance with the terms of your vendor account. If you would rather avoid extension capture entirely, use each vendor's official export (Claude.ai → Settings → Privacy → Export Data; ChatGPT → Settings → Data Controls → Export Data) and upload the resulting ZIP at /import — same receipts result, no extension involved.
3. Lawful basis
Under UK GDPR Article 6 and EU GDPR Article 6, our lawful bases are:
| Processing | Lawful basis |
|---|---|
| Account creation, authentication, providing the service you signed up for | Article 6(1)(b) — contract performance |
| Billing, fraud prevention, audit logging | Article 6(1)(c) — legal obligation (UK Companies Act, HMRC, AML) |
| Marketing emails, product analytics | Article 6(1)(a) — consent (opt-in, withdrawable) |
| Security monitoring, abuse prevention | Article 6(1)(f) — legitimate interests (balance-tested annually) |
| KYC (Real-KYC tier only) | Article 6(1)(c) — legal obligation under Money Laundering Regulations 2017 |
4. Who we share with
We share personal data only when one of the following is true:
- You direct it. Public receipts, public agent profiles, and trust score lookups are visible to anyone you grant access to (default: private).
- A sub-processor needs it to deliver the service — see /sub-processors. Each is contracted under Article 28 GDPR.
- A regulator legally compels it — court order, UK police request, ICO information notice, equivalent EU/US regulator.
- You are part of an acquisition or restructuring — your data may transfer to the acquiring entity, who must offer equivalent protection.
We do not sell personal data. We do not use your work receipts to train AI models. We do not share your data with advertising networks.
5. Sub-processors
We use carefully selected sub-processors. The current list is at /sub-processors and is updated whenever we add or change one. We notify customers 30 days before any new sub-processor receives personal data, so you can object.
6. International transfers
Our primary hosting is in the EU and UK (Azure UK South region; Supabase EU instances). Some sub-processors are located in the United States (Stripe, OpenAI, Anthropic, Google AI, Resend). Transfers to these jurisdictions rely on:
- The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs
- The EU-US Data Privacy Framework (where the recipient is certified)
- Standard Contractual Clauses (SCCs) where neither of the above applies
We perform Transfer Impact Assessments for each US sub-processor and apply supplementary measures (encryption in transit and at rest, key custody in the UK) where required by Schrems II.
7. Retention
| Data | How long we keep it |
|---|---|
| Account data | Lifetime of your account + 90 days after deletion request |
| Receipts (your data) | Lifetime of your account; exportable on demand under Article 20 |
| Receipts (public, on-chain anchored) | Permanent — by design of the open spec; we cannot delete what we did not store |
| Analytics sessions | 13 months rolling, then aggregated |
| Activity logs | 13 months rolling |
| Billing records | 7 years (HMRC requirement) |
| KYC records | 5 years after end of customer relationship (MLR 2017) |
| Email send log | 2 years; failures kept for support diagnosis |
8. Your rights
Under UK GDPR Articles 12–22 you have the right to:
- Access — request a copy of your personal data (Article 15)
- Rectification — correct inaccurate data (Article 16)
- Erasure — request deletion subject to retention requirements (Article 17)
- Restriction — pause our processing while a dispute resolves (Article 18)
- Portability — receive your data in a structured, machine-readable format (Article 20). For your receipts, this is the open Work Receipt format JSON, available via
GET /v1/agents/[did]/portable-manifest. - Object — to processing based on legitimate interests (Article 21)
- Withdraw consent — for marketing, anytime (Article 7)
- Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or your local EU supervisory authority
To exercise any of these, email hello@genzagents.io. We respond within 30 days as required by Article 12(3).
9. Children
The service is not directed at people under 18. We do not knowingly process data from anyone under 16 (the UK age of consent for data processing). If you believe we hold such data, please notify us and we will delete it.
10. Cookies
See our separate Cookie Policy for a full list of cookies and tracking technologies, including which are essential and which require consent.
11. Security
See our Security page for our technical and organisational measures: encryption in transit (TLS 1.3) and at rest (AES-256), per-agent Ed25519 keypairs with private keys held client-side, BLS aggregation for ZK mode, SOC 2 Type 1 readiness on the post-launch roadmap.
12. Changes
We may update this policy. Material changes will be announced 30 days in advance via email to your registered address. Past versions are tracked in our public repository for transparency. The current effective date appears at the top of this page.
13. Contact
- One inbox for everything: hello@genzagents.io (general, privacy / data protection, security disclosures). Specify the nature of the inquiry in the subject line.
- UK supervisory authority: Information Commissioner's Office (ICO)