Privacy Policy

We only collect what is necessary to provide the Custodex governance platform: - Account information you provide during registration (name, email, company) - API keys are SHA-256 hashed on creation,we never see or retain your plaintext keys - Agent telemetry metadata (action type, scope, decision, latency),we do not inspect or retain the content of your agent's prompts, responses, or tool outputs - Basic usage analytics to improve the platform We do not track you across other websites. We do not use third-party advertising trackers.

Your data is used exclusively to operate and improve Custodex: - Providing real-time policy evaluation, monitoring, and compliance reporting - Sending critical security alerts and platform notifications - Responding to your support requests - Improving platform reliability and performance - Meeting regulatory obligations under applicable AI governance frameworks We do not use your data to train machine learning models. We do not sell, rent, or monetize your data in any form.

Trust is foundational to a governance platform. We commit to the following: - We never sell your personal information or telemetry data - We never share your data with advertisers or data brokers - We never inspect the content of your agents' inputs or outputs - We never retain plaintext API keys or credentials - We never access your systems, source code, or infrastructure,Custodex operates on metadata only - We never use your governance data for purposes other than providing the service you signed up for

Security is not an afterthought,it is what we do: - All data is encrypted in transit (TLS 1.3) and at rest (AES-256) - API keys are irreversibly hashed with SHA-256 before they touch any database - All platform actions are recorded in immutable, hash-chained audit logs - Role-based access controls enforce least-privilege across the platform - We conduct regular security assessments and third-party penetration testing - Our audit trail is cryptographically verifiable,any tampering is immediately detectable

You retain full ownership and control of your data: - Access: Request a copy of all data associated with your account at any time - Correction: Update or correct your information through your account settings - Deletion: Request complete deletion of your account and all associated data - Portability: Export your governance data in standard formats (JSON, CSV) - Objection: Opt out of non-essential data processing at any time For users subject to GDPR, the EU AI Act, or other regional privacy frameworks, all applicable rights and protections are fully honored. Contact us to exercise any of these rights.

Questions about your privacy or data practices? We respond within 24 hours. Email: hello@a2agov.com General: hello@a2agov.com