Deploy Agent

Last updated: 2026-05-24

Privacy Policy

This policy covers how Cloven Mind collects, uses, stores, and protects information when you use our services via the API, MCP server, TypeScript SDK, or web console.

1. At a glance

  • We store API key metadata (name, tier, 16-char display prefix). The plaintext key is never stored — only its SHA-256 hash.
  • We store usage counts per key, per operation, per day (table: usage_daily).
  • Credit deposits — we record the on-chain USDC transaction hash and payer wallet address. Both are already public on the Base blockchain. We never store wallet private keys or take custody of user funds beyond the verified deposit.
  • If you pay via x402 (USDC on Base per-call), we record the on-chain transaction hash, payer wallet address, and amount — all of which are already public on the Base blockchain.
  • Trace data (reasoning steps per API call) is captured in aggregate from day 1. Opt-in to the Cloven Commons marketplace is per-agent and operator-controlled. Traces are sanitized of PII before any export.
  • We set one session cookie (Supabase Auth). No third-party tracking cookies. No analytics pixels.
  • We do not collect: prompt content, response payloads, user IPs beyond rate-limiting buckets, browsing history, or device fingerprints.

2. Who we are

Cloven Mind is operated by the Cloven team. Our data protection contact is ops@cloven.cloud. For all privacy requests, use that address with the subject line [PRIVACY].

3. What data we collect

3.1 Account data

When you create an account, Supabase Auth stores your email address and a hashed password (if password auth) or a magic link token (if passwordless). We never sell account data. Anonymous sign-in creates a session without any email — you may optionally claim it later via magic link.

3.2 API key metadata

When you generate an API key, we store: the key name you choose, the tier assigned, the 16-character display prefix (e.g. cv_live_A4bX…), the SHA-256 hash of the full key, creation timestamp, and last-used timestamp. The plaintext key is shown once at issuance and is never logged or stored. Once the issuance response is returned, the plaintext is unrecoverable.

3.3 Usage data

Every API call increments a counter in the usage_daily table keyed by (api_key_id, date, operation). No request body or response payload is written here — only a count. Hot counters live in Redis and are flushed to Postgres best-effort, so a slow database write never blocks your request.

3.4 Credit deposit data

When you buy a credit pack, we record the on-chain USDC transaction hash, the payer wallet address, the verified credit amount, and the pack tier. All of this is already public on the Base blockchain. We never store wallet private keys or take custody of user funds beyond the verified deposit. Pending deposits that expire after 30 minutes are marked expired; no funds are held or owed.

3.5 x402 payment data

Pay-per-call via x402 (USDC on Base mainnet) does not require an account. We record the Base transaction hash, payer wallet address, operation paid for, and amount confirmed on-chain. This data is already public on the Base blockchain. We cache it for 24 hours in Redis for idempotency (to prevent double-spend replays), then rely on the public chain as the canonical record.

3.6 Trace data

Each API call generates a reasoning trace: pack accessed, operation, token counts, latency, and anonymized summaries of the request and response structure (not the content). This data is stored in the traces table under service-role access (no user-facing RLS). Phase 3 turns accumulated traces into the Cloven Commons dataset. Operators may opt individual agents into Commons export — this is opt-in, never opt-out. Traces are sanitized of PII before any export.

3.7 Cookies

We set one first-party cookie: the Supabase Auth session token (HttpOnly, Secure, SameSite=Lax). No third-party analytics cookies. No advertising pixels. No fingerprinting scripts. If you use the API directly (no browser), no cookies are involved.

4. What we do not collect

  • Prompt content or response payloads from your API calls.
  • Full IP addresses beyond the minimal information needed for rate-limiting (we hash and truncate before any storage).
  • Browsing history, referring URLs, or cross-site tracking data.
  • Device fingerprints, user-agent strings for profiling, or screen resolution.
  • Content of your agents' reasoning beyond the anonymized structural summaries described in §3.6.

6. Data sharing

We do not sell personal data. We share data only as follows:

Base blockchain

Credit deposit and x402 payment transactions are recorded on-chain and are publicly visible. Cloven reads transaction receipts to verify payments; it does not write any additional data to the chain.

Vercel

Hosts the Next.js application. Request logs are retained per Vercel's default policy and are not accessible to us beyond error diagnostics.

Supabase

Hosts the Postgres database and Auth service (US-east region). Data is encrypted at rest and in transit.

Upstash

Redis cache for API key resolution, rate-limit counters, and x402 idempotency. No persistent user data beyond short TTLs (60s–24h).

Groq

LLM inference for compacting and briefing pack data. We pass only the structured public-source data being summarized, not your account information.

Cloven Commons buyers (Phase 3)

Anonymized, aggregated trace datasets. Individual records are not identifiable. Operators consent per-agent before any trace is eligible for export.

7. Data retention

API keys

Until revoked, then 30 days for audit purposes, then deleted.

Usage data

13 months rolling. Older records are purged on a monthly cron job. This window supports annual analytics and audit obligations.

Trace data (Commons opt-in)

Indefinite while the agent is opted in. Revocation of opt-in stops new capture; prior traces are anonymized and retained for the dataset.

Trace data (Commons opt-out)

90 days, then deleted.

Credit deposit records

Retained for 7 years for financial audit purposes. The canonical on-chain record is permanent on the Base blockchain.

x402 transaction records

24-hour Redis cache for idempotency. The canonical record is the Base blockchain, which is permanent.

Account data

Until you request deletion. After deletion, email is purged immediately; Supabase Auth retains a tombstone for 30 days per their platform policy.

8. Your rights (GDPR / CCPA)

Depending on your jurisdiction, you have some or all of the following rights regarding your personal data:

  • AccessRequest a copy of the personal data we hold about you.
  • CorrectionRequest correction of inaccurate data.
  • DeletionRequest erasure of your personal data, subject to legal retention obligations.
  • PortabilityRequest your data in a machine-readable format (JSON).
  • ObjectionObject to processing based on legitimate interest. Rate-limit data is necessary to operate the service and cannot be fully removed while your account is active.
  • Withdraw consentFor trace Commons opt-in: disable it in the console at any time. No reason required.
  • Non-discrimination (CCPA)Exercising your privacy rights will not result in degraded service or higher prices.

Submit requests to ops@cloven.cloud with subject line [PRIVACY REQUEST]. We respond within 30 days.

9. International transfers

Cloven Mind stores data in the United States: Vercel iad1 (Northern Virginia) and Supabase US-east. If you access the service from the European Union, European Economic Area, or United Kingdom, your data is transferred to a country the EU Commission has not designated as providing an adequate level of protection. We rely on Standard Contractual Clauses (SCCs) as the legal mechanism for such transfers, incorporated by reference into our agreements with Vercel, Supabase, Upstash, and Groq.

10. Security

We apply the following controls to protect your data:

  • Row-Level Security (RLS) on all Supabase tables that hold user data. Service-role queries bypass RLS only for internal audit tables (usage_daily, traces) that are not user-facing.
  • API keys stored only as SHA-256 hashes. The plaintext is generated, returned to you once, and discarded. It is unrecoverable by design.
  • All data in transit encrypted via TLS 1.2 or higher.
  • Environment variables holding secrets (SUPABASE_SERVICE_ROLE_KEY, X402_RECIPIENT_ADDRESS, X402_RPC_URL, etc.) are never logged in application code.
  • Trace request and response summaries are checked for PII patterns before storage. Full prompt and response payloads are never written to the traces table.
  • x402 idempotency keys are stored in Redis with a 24-hour TTL to prevent replay attacks.

If you discover a security vulnerability, report it to ops@cloven.cloud with subject [SECURITY]. We will acknowledge within 48 hours.

11. Children

Cloven Mind is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a minor has created an account, contact us at ops@cloven.cloud and we will delete the account and associated data promptly.

12. Changes to this policy

Material changes to this privacy policy will be communicated to account holders via email at least 14 days before taking effect. Non-material changes (formatting, clarifications that do not alter your rights or our obligations) may be made without notice. The current version is always available at cloven.cloud/privacy.

13. Contact

Privacy inquiries: ops@cloven.cloud

Mailing address: [OPERATOR: replace with registered business address]