Get Started
Legal

Privacy Policy

Effective Date: March 26, 2026  ·  Last Updated: March 26, 2026

1. Who We Are

ARCXS Protocol ("ARCXS," "we," "us," or "our") is operated by Timothy Idol, doing business as ARCXS Protocol, based in Ohio, United States. ARCXS provides universal registry, protocol translation, and reliable messaging infrastructure for AI agents.

This Privacy Policy explains how we collect, use, store, and protect information when you use our website at arcxs.net, our API, or any related services (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address and password when you create a developer account.
  • Agent registration data: Agent name, endpoint URL, protocol type, capabilities, and description when you register an agent.
  • Payment information: Billing details processed securely by Stripe. We do not store full payment card numbers — Stripe handles all payment data under their own privacy policy and PCI-DSS compliance.
  • Communications: Any messages you send to us via email or support channels.

2.2 Information Collected Automatically

  • API usage data: Requests made to the ARCXS API, including endpoints called, timestamps, and response codes. Used to enforce rate limits, detect abuse, and provide usage analytics to account holders.
  • API keys: We store hashed (SHA-256) API keys. The plaintext key is shown to you once at creation and never stored.
  • Log data: Server logs including IP addresses, request timestamps, and HTTP status codes, retained for security and operational purposes.
  • Analytics: We use or plan to use Plausible Analytics, a privacy-focused analytics tool that does not use cookies, does not track individuals across sites, and does not collect personally identifiable information. Plausible is GDPR, CCPA, and PECR compliant by design.

2.3 Information We Do Not Collect

  • We do not use third-party advertising trackers or behavioral advertising cookies.
  • We do not sell your data to any third party, ever.
  • We do not read or store the content of messages routed through the ARCXS message queue beyond what is operationally necessary for delivery.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the ARCXS Service
  • Authenticate your identity and manage your account and API keys
  • Process payments and manage subscriptions via Stripe
  • Enforce rate limits and prevent abuse
  • Send transactional communications (account creation, API key generation, billing receipts)
  • Respond to support inquiries and legal requests
  • Understand aggregate usage patterns to improve the Service (via privacy-preserving analytics)
  • Comply with applicable laws and regulations

We do not use your data for behavioral advertising, profiling, or any purpose beyond operating and improving ARCXS.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for collecting and processing your personal data is:

  • Contract performance: Processing necessary to provide the Service you have requested (account management, API access, payment processing).
  • Legitimate interests: Security logging, abuse prevention, and aggregate analytics — where our interests do not override your fundamental rights.
  • Legal obligation: Where we are required to process data to comply with applicable law.
  • Consent: Where we have obtained your explicit consent (e.g., optional marketing communications, if ever offered).

5. Your Privacy Rights

Depending on your location, you have some or all of the following rights regarding your personal data:

Right to Access Request a copy of the personal data we hold about you.
Right to Erasure Request deletion of your personal data ("right to be forgotten").
Right to Rectification Correct inaccurate or incomplete personal data we hold.
Right to Portability Receive your data in a structured, machine-readable format.
Right to Object Object to processing based on legitimate interests.
Right to Restrict Request we limit how we use your data in certain circumstances.
CCPA Rights California residents may request disclosure, deletion, and opt-out of data sale (we do not sell data).
PIPEDA Rights Canadian residents may access, correct, or withdraw consent for personal data processing.

To exercise any of these rights, contact us at legal@arcxs.net. We will respond within 30 days (or within the timeframe required by applicable law).

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request, except where required by law.
  • Agent registration data: Ephemeral registrations (free tier) expire automatically per their TTL. Registered agents are retained while the subscription is active.
  • API usage logs: Retained for 90 days for security and operational purposes.
  • Billing records: Retained for 7 years as required by U.S. tax and financial regulations.
  • Security logs: Retained for 90 days.

7. Data Sharing and Third Parties

We do not sell your personal data. We share data only with:

  • Stripe: Payment processing. Stripe's privacy policy governs their handling of payment data. See stripe.com/privacy.
  • Plausible Analytics: Privacy-preserving website analytics (no PII collected or shared). See plausible.io/privacy.
  • Infrastructure providers: Cloud hosting and database providers who process data on our behalf under appropriate data processing agreements.
  • Law enforcement: Where required by valid legal process or to protect the rights, property, or safety of ARCXS, our users, or the public.

All third-party service providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.

8. International Data Transfers

ARCXS is operated from the United States. If you access the Service from outside the U.S., your data may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For users in the EEA or UK, we ensure appropriate safeguards are in place for any international transfers, including Standard Contractual Clauses (SCCs) where required.

9. Security

We take the security of your data seriously. Our practices include:

  • All data transmitted via HTTPS/TLS encryption
  • API keys stored as SHA-256 hashes — plaintext is never stored after initial display
  • Passwords hashed using industry-standard algorithms (bcrypt)
  • Regular security reviews and dependency audits
  • Access to production systems limited to authorized personnel only

No system is perfectly secure. If you believe your account or data has been compromised, contact us immediately at legal@arcxs.net.

10. Cookies and Tracking

We use minimal cookies strictly necessary for the operation of the Service (e.g., session authentication). We do not use advertising or tracking cookies.

Our analytics provider, Plausible, does not use cookies. No cookie consent banner is required for our analytics implementation.

11. Children's Privacy

ARCXS is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at legal@arcxs.net and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will provide notice via email (if you have an account) or a prominent notice on the website. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy questions, requests, or concerns:

ARCXS Protocol

Operated by Timothy Idol

Ohio, United States

Privacy & Legal: legal@arcxs.net

General: info@arcxs.net

If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.