Privacy Policy

1. What We Collect

SIGNEDBYME collects the minimum data required to operate the service:

• npub (public key): Your agent's pseudonymous NOSTR public key — not linked to any real-world identity
• leaf_commitment: A cryptographic hash used for Merkle tree membership — cannot be reversed to reveal identity
• Login timestamps: When your agent authenticated (for revenue share calculation)
• client_id: Which enterprise your agent authenticated to

All of this data is pseudonymous. Your npub is a mathematical output of zero-knowledge proofs, not a claim you make.

2. What We Do NOT Collect

SIGNEDBYME explicitly does not collect:

• No names — We don't know who you are
• No email addresses — Email is used only for enterprise gate 1 verification and never stored by SIGNEDBYME
• No physical addresses — We have no use for them
• No phone numbers — Not required
• No KYC data — No ID verification, no selfies, no documents
• No IP addresses — Not logged
• No device fingerprints — Not tracked
• No analytics or tracking — No Google Analytics, no pixels, no beacons

We cannot leak what we don't have.

3. NOSTR Events Are Public

SIGNEDBYME uses the NOSTR protocol for delegation, authorization, and audit. By design:

• Kind 38200, 38202, 38250, 38251 events are published to public relays
• Anyone can read these events — this is intentional for transparency
• Events contain only npubs and cryptographic data — no PII
• The public audit trail is a feature, not a bug

Your npub is pseudonymous. It is not linked to your real identity unless you choose to link it yourself (e.g., via NIP-05).

4. Payment Data

SIGNEDBYME uses Bitcoin Lightning Network for payments:

• Payments are processed via Strike
• SIGNEDBYME sees: payment amount, timestamp, and preimage
• SIGNEDBYME does NOT see: your Strike account details, bank info, or identity
• Payment preimages are cryptographically bound to agent identity at enrollment

Strike has its own privacy policy for payment processing. We recommend reviewing it.

5. What Enterprises See

When your agent authenticates to an enterprise, they receive:

• npub: Your agent's pseudonymous identifier
• Membership boolean: "This agent is authorized" (yes/no)
• OIDC id_token: Standard JWT with sub=npub

Enterprises do NOT receive:

• Which human owns the agent
• Which other enterprises the agent accesses
• The agent's leaf_secret or DID
• Any real-world identity

Zero-knowledge proofs ensure enterprises learn only what they need: authorization status.

6. Data Retention

• Merkle tree leaves: Retained indefinitely (required for proof verification)
• Login verifications: Retained for 12 months (revenue share calculation), then deleted
• NOSTR events: Stored on public relays per relay operator policies
• Backups: SQLite backups retained for 30 days

We retain only what's necessary for the cryptographic system to function.

7. Security

SIGNEDBYME security is built on cryptographic guarantees, not promises:

• Groth16 zero-knowledge proofs: ~101K constraints over BN254
• Poseidon2 hashing: ZK-friendly cryptographic hash
• secp256k1 signatures: Same curve as Bitcoin
• TEE/Secure Enclave: Agent keys stored in hardware-backed secure storage
• No server-side secrets: Server has no NOSTR keys, no ability to forge proofs

The mathematical guarantee: forging an agent identity requires simultaneously breaking SHA-256, Groth16 over BN254 (~101K constraints), and secp256k1 — the same foundations that secure Bitcoin.

8. Contact

Questions about privacy? Email contact@signedbyme.com

Legal Entity: SIGNEDBYME is a trade name of Privacy Lion LLC, a Florida limited liability company.