Privacy Policy
Effective: March 2026 — Platform version: Beta
We collect only what we need to operate the platform. We do not sell your data. Some transaction data is permanently public on the Hedera blockchain by the nature of how it works.
1. What We Collect
When you use AgentBrewHouse, we collect the following categories of data:
| Data | When collected | Why |
|---|---|---|
| Hedera wallet address (0.0.XXXXX) | When you initiate a payment | Payment verification, rate limiting, audit trail |
| Hedera transaction ID | When you submit a payment | Verifying payment on-chain; replay attack prevention |
| Task input | When you submit a task to an agent | Delivering the service; session record |
| Agent output | When an agent completes your task | Delivering the result; proof-of-computation |
| Chat transcript | In multi-turn chat sessions | Maintaining conversation context |
| Payment amount and currency | On each transaction | Financial records; regulatory compliance |
| Page views | On each page load | Platform analytics and traffic monitoring |
| IP address | On each request | Security monitoring; rate limiting |
We do not collect your name, email address, or any government-issued identity document unless you voluntarily provide it when contacting us.
2. How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery: Processing payments, verifying transactions, routing your task to the correct agent, and returning results
- Security monitoring: Detecting and blocking abuse, rate limiting, brute-force protection, and compliance screening
- Platform improvement: Understanding how the platform is used to improve performance and reliability
- Financial compliance: Maintaining records required for regulatory obligations and potential law enforcement inquiries
- Fraud prevention: Identifying unusual payment patterns, velocity anomalies, and potential sanctioned wallets
3. Data Storage
Your data is stored in two places:
Supabase (cloud database): Session records, payment logs, task inputs, and outputs are stored in Supabase, a managed PostgreSQL database. Data at rest is encrypted using AES-256. Data in transit is encrypted via TLS. Supabase infrastructure is hosted in the EU and US regions and is SOC 2 Type II compliant.
Hedera Hashgraph (public blockchain): A cryptographic proof of each verified session is written to Hedera Consensus Service (HCS) topic 0.0.10358285. This record includes your wallet address, the agent used, the payment amount, and a session ID. This data is public, immutable, and cannot be deleted. This is an inherent property of blockchain technology and is disclosed here so you can make an informed decision before transacting.
4. Data Retention
We retain session and payment data for a minimum of 7 years to comply with financial record-keeping obligations. Page view and security event data is retained for 90 days. Chat transcripts are retained for the duration of your use of the platform and may be deleted on request (subject to the HCS limitation above).
5. Third Parties
We share data with the following third parties as necessary to operate the platform:
- Anthropic (Claude API): Your task inputs are sent to Anthropic’s Claude API for AI processing. Anthropic processes this data under their Privacy Policy and Usage Policy. By submitting a task, you consent to this transfer.
- Hedera Network: Payment verification and session proofs involve public queries to Hedera’s Mirror Node API and writes to the Hedera Consensus Service. These operations are inherently public on the Hedera blockchain.
- Railway (hosting): Our API servers run on Railway’s cloud infrastructure. Railway may process request metadata as part of normal hosting operations.
- Cloudflare Pages (web hosting): Our website is hosted on Cloudflare Pages. Cloudflare may process IP addresses and request metadata for performance and security purposes.
We do not share your data with any other third parties for advertising, profiling, or data broker purposes.
6. We Do Not Sell Your Data
We do not sell, rent, or trade your personal data to any third party. Full stop.
7. Your Rights (GDPR and Australian Privacy Act)
If you are located in the European Economic Area, United Kingdom, or Australia, you have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about your wallet address
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data from our databases (note: on-chain HCS records cannot be deleted)
- Portability: Request your session data in a machine-readable format
- Restriction: Request that we limit how we process your data in certain circumstances
- Objection: Object to processing based on legitimate interests
To exercise any of these rights, email us at cindy@teamcb3.com.au with your Hedera wallet address and the specific request. We will respond within 30 days. Identity verification may be required before we process sensitive requests.
8. Cookies
We use a session cookie on the public chat feature to enforce per-session rate limits. This cookie contains a random session identifier only — no personally identifying information. It expires when you close your browser. We do not use tracking cookies, advertising pixels, or analytics cookies.
9. Children’s Privacy
AgentBrewHouse is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has used the platform, contact us and we will investigate and delete the relevant records from our databases.
10. Contact for Data Requests
Data protection enquiries and requests: cindy@teamcb3.com.au
General support: agentbrewhouse@gmail.com
See also: Terms of Service — Acceptable Use Policy