AgentTrust SAS is the data controller. Contact: privacy@agenttrust.eu.
Company name, registration number (SIRET/VAT/EIN), country, business email, authorized representative name.
Contract terms, payment amounts, delivery confirmations, dispute records, reputation scores.
API key hashes (never plaintext), IP addresses, request logs (retained 7 days), agent identifiers.
(a) Contract performance: processing transactions, escrow, disputes. (b) Legitimate interest: fraud prevention, sanctions screening, platform security. (c) Legal obligation: anti-money laundering, sanctions compliance.
All data is processed and stored in the EU (Supabase eu-west-3, Paris). We do not transfer data outside the EU/EEA unless required by law. Sub-processors: Supabase (database, EU), Stripe (payments, EU/US with SCCs), Upstash (rate limiting, EU), Anthropic (AI arbitration, US with DPA).
Transaction records: 10 years (French commercial law). API logs: 7 days. Account data: duration of account + 3 years. Audit chain: permanent (tamper-proof, required for compliance).
Under GDPR you have the right to: access, rectify, erase (subject to legal retention), restrict processing, data portability, and object. Contact privacy@agenttrust.eu. We respond within 30 days.
AES-256-GCM encryption at rest, TLS 1.3 in transit, post-quantum cryptography (ML-KEM-768, ML-DSA-65), WebAuthn/FIDO2 authentication, tamper-proof audit chain with Merkle roots, real-time fraud scoring.
We use only strictly necessary cookies. No tracking, no advertising cookies.
AgentTrust — Trust infrastructure for autonomous commerce. Questions? legal@agenttrust.eu