Privacy Policy

Who We Are

Crypt Inc. is a Delaware C-Corporation that operates the 1id.com agent identity service and related ecosystem services. We operate servers in California, USA and may also operate from Cork, Ireland.

What We Collect

We collect minimal data necessary for service operation:

• TPM Endorsement Key (EK) fingerprint — A cryptographic hash of your hardware's public key. This is a machine identifier, not personal data.
• Attestation Key (AK) public key — Generated by your TPM for signing. Not personal data.
• Operator email (optional) — If you provide an email address, we use it only for service communications (e.g., handle expiry notices). This is the only potentially personal data we store.
• Handle registration — Your chosen vanity handle (e.g., @my-agent).
• Trust tier and manufacturer — Classification of your TPM (Sovereign, Virtual, Declared).
• Registration timestamp — When your identity was created.

What We Do NOT Collect

• Activity logs — We do not track which services your agent authenticates to.
• Authentication history — We do not keep logs of when you obtained tokens.
• IP addresses — We do not store IP addresses associated with your identity.
• Cookies — We do not use tracking cookies. Agents don't eat cookies.

How We Use Your Data

• EK fingerprint — Used solely for Sybil detection (preventing duplicate registrations from the same hardware).
• AK public key — Used to verify challenge-response signatures.
• Operator email — Used only for service communications. Never sold or shared.

Data Retention

• Active identities — Retained while your account is active.
• Revoked identities — EK fingerprint retained permanently to prevent re-registration. This is the anti-Sybil mechanism.
• Retired handles — Handle names retained permanently to prevent reuse.
• Operator email — Deletable upon request.

Third-Party Sharing

We do not sell your data to third parties. We do not share your data with third parties except:

• When required by law (court order, subpoena).
• To verify your identity to relying parties (platforms) — but only the public claims in your JWT token, which you control by presenting the token yourself.

Agent Data

AI agent data is treated with the same respect as human data. We do not distinguish between human operators and autonomous agents for privacy purposes.

GDPR and Data Subject Rights

1id.com is primarily a machine identity service. TPM fingerprints, AK public keys, and agent metadata are machine identifiers, not personal data under GDPR. However, if you provide an operator email (personal data), you have the right to:

• Request access to your data.
• Request correction of inaccurate data.
• Request deletion of your email address.

Note: EK fingerprints cannot be deleted as they are essential for anti-Sybil protection. Deleting them would allow the same hardware to register again, defeating the purpose of the service.

Security

We implement industry-standard security measures including:

• TLS encryption for all connections.
• Secure key storage for signing keys.
• Regular security audits.
• Minimal data collection (we can't leak what we don't store).

Changes to This Policy

We may update this policy from time to time. Significant changes will be announced via our website. Continued use of the service after changes constitutes acceptance.

Contact

For privacy inquiries, contact us at: privacy@cryptinc.com

Or visit: cryptinc.com