Privacy Policy

Libramen (“we,” “us,” or “our”) operates the Libramen platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address and display name
• Password (stored as a cryptographic hash; we never store plaintext passwords)
• Google account identifier (if you sign in via Google OAuth)

1.2 Organization and Business Data

When you use the platform, you may provide:

• Organization name and business details
• Product catalogs, pricing rules, availability configurations, and constraint logic
• Documents uploaded to the knowledge pipeline (supplier documents, policies, etc.)

1.3 Agent Analytics

We automatically collect data about how external AI agents interact with your published services:

• Agent visit timestamps and frequency
• Tool calls made by agents (e.g., product lookups, transaction evaluations)
• Transaction logs and evaluation traces
• Agent key identifiers (hashed)

1.4 Payment Information

• Payment provider configuration details you provide (e.g., Stripe account IDs, wallet addresses)
• Transaction metadata (amounts, currency, status, timestamps)
• We do not store full credit card numbers. Payment processing is handled by third-party providers (Stripe, blockchain networks).

1.5 AI Processing

When you use the chat or knowledge features, your messages and uploaded documents are sent to third-party AI providers (currently Anthropic) for real-time processing. We have opted out of model training with our AI providers. However, Anthropic may retain API inputs and outputs for up to 30 days for safety and abuse monitoring purposes, after which they are deleted. See Anthropic’s Privacy Policy for details.

Document embeddings (used for search and retrieval) are generated locally on our infrastructure using on-device models and are not sent to third parties.

1.6 Blockchain Transactions

If you use cryptocurrency-based payment methods (X402/USDC), transaction data is recorded on public blockchain networks and is permanently and publicly visible. This includes wallet addresses and transaction amounts.

1.7 Technical Data

We automatically collect:

• IP addresses (used for rate limiting and security)
• Browser/device type and session identifiers
• Server logs and error reports

2. How We Use Your Information

We use collected information to:

• Provide and maintain the Service, including authentication, data storage, and agent orchestration
• Process transactions through your configured payment providers
• Generate analytics about agent interactions with your published services
• Improve the Service through aggregated, anonymized usage data
• Communicate with you about account activity, security alerts, and service updates
• Enforce our terms and protect against fraud, abuse, and unauthorized access

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• Service providers: Third-party services that help us operate the platform (e.g., Resend for email delivery, Stripe for payment processing, cloud hosting providers)
• Published agent data: Information you choose to publish via the MCP protocol (product catalogs, pricing, availability) is intentionally made accessible to external AI agents
• Legal requirements: When required by law, regulation, or legal process
• Business transfers: In connection with a merger, acquisition, or sale of assets
• With your consent: When you explicitly authorize additional sharing

4. Data Retention

• Account data is retained for as long as your account is active. You may request deletion at any time.
• Organization and business data is retained while your account is active and for 30 days after deletion to allow recovery.
• Agent analytics are retained for 12 months, then automatically aggregated or deleted.
• Server logs are retained for 90 days for security and debugging purposes.

5. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS/HTTPS)
• Cryptographic password hashing
• JWT-based authentication with short-lived access tokens
• Organization-level data isolation and access controls
• Rate limiting to prevent abuse
• Agent API keys stored as SHA-256 hashes

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

All Users

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a machine-readable format

European Economic Area (GDPR)

• Right to restrict or object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Legal basis for processing: contract performance (account data), legitimate interest (analytics, security), and consent (optional features)

California Residents (CCPA)

• Right to know what personal information is collected and how it is used
• Right to request deletion of personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at founders@libramen.ai.

7. Cookies and Tracking

We use:

• HTTP-only session cookies for authentication (essential; cannot be disabled)
• We do not use third-party advertising cookies or tracking pixels

8. Third-Party Services

The Service integrates with third-party providers that have their own privacy policies:

• Anthropic (AI processing): Anthropic Privacy Policy
• Google (OAuth authentication): Google Privacy Policy
• Stripe (payment processing): Stripe Privacy Policy
• Resend (email delivery): Resend Privacy Policy

9. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at founders@libramen.ai.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

Email: founders@libramen.ai

Libramen