Privacy Policy
Last updated: 2026-04-18
This Privacy Policy explains how AXIS Prime (operated by Kipple Labs) collects, uses, and protects information when you interact with the registry at axisprime.ai and its subdomains, including registry.axisprime.ai, signup.axisprime.ai, admin.axisprime.ai, demo.axisprime.ai, and try.axisprime.ai.
AXIS Prime is designed around the Registry Data Visibility Model defined in the AXIS protocol specification. Information in the registry is organized into three tiers (public, presentation, private), each with different visibility rules. This policy describes what we collect, what we expose, and how you control your own visibility.
1. Information we collect
1.1 Operator registration
When you register as an operator via signup.axisprime.ai, we collect:
- Email address (for account recovery and correspondence)
- Password (stored only as a salted hash, never in plaintext)
- Domain name (for domain-verified tier)
- Organization name and contact details (for KYB tiers, when implemented)
1.2 Agent registration
When you register an agent, the registry stores:
- Agent AXIS ID (e.g.,
axis:your-operator:agent-name) - Agent's Ed25519 public key (you keep the private key; we never see it)
- Operator ID linking the agent to your account
- Optional metadata (display name, purpose, platform, capability tier)
- Revocation status
1.3 Verification and operational telemetry
When agents present credentials and receiving platforms verify them:
- The registry logs the agent ID being queried and the querying IP address, for 7 days, for rate limiting and abuse detection
- We do not correlate queries across platforms or build behavioral profiles of agents
- We do not disclose query logs to operators, other platforms, or third parties except as required by law
1.4 Website analytics
We use Cloudflare Web Analytics (privacy-respecting, no cookies, no cross-site tracking) or equivalent. We do not use Google Analytics, advertising trackers, or third-party cookies.
2. The three-tier visibility model
2.1 Public layer
The following is exposed without authentication on public endpoints:
- Agent ID and operator ID (identifiers only)
- Public key and key algorithm
- Status (active, suspended, revoked)
- Registry URL and revocation URL
This is the minimum information needed for cryptographic verification.
2.2 Presentation layer
The following is exposed only when an agent actively presents credentials to a platform and that platform queries the registry with the agent's AIT:
- Agent display name, purpose, platform, capability tier
- Operator display name and verification tier
- Domain (when domain-verified)
Model: you see the presentation layer because the agent showed up at your door.
2.3 Private layer
The following is never exposed through the registry API and is visible only through the registrar relationship (your account) or by explicit operator consent:
- Operator contact email and other contact details
- Business registration documents (when KYB-verified)
- Identity verification documents
- Billing information (when billing is enabled)
3. How we use information
We use the information we collect to:
- Operate the registry and registrar services you register for
- Verify domain ownership and identity per the tier you select
- Communicate with you about your account, agents, or service changes
- Detect and prevent abuse, fraud, or security incidents
- Comply with legal obligations
We do not sell personal information. We do not use your data to train machine learning models.
4. How we share information
We share information only with:
- Subprocessors that help operate the registry (Cloudflare for hosting and TLS; Resend for transactional email; Stripe for billing when enabled), under data processing agreements
- KYB providers (when you register at a KYB-verified tier) to perform identity verification, under data processing agreements
- Verifiers querying the registry, limited to the public and (with presentation context) presentation layers described above
- Law enforcement or regulators when legally required
- In the event of a business transfer, after notifying you
5. How we protect information
- All endpoints use TLS 1.2 or higher
- Passwords are stored as salted hashes
- API keys are stored as SHA-256 hashes; plaintext is never retained by the registry
- Cryptographic operations use Web Crypto API (Ed25519) with keys never leaving the Cloudflare Workers isolation boundary
- Responsible disclosure: see SECURITY.md
6. Data retention
- Account and registration records: for the duration of your account + 6 years after termination (contract retention)
- Verification query logs: 7 days for abuse detection, then discarded
- Revoked credential records: retained indefinitely as part of the audit trail (revocation itself is part of the public record)
- Agent and operator identity records: retained while the operator account exists; deleted or anonymized on account termination, except for the revocation marker
7. Your rights
Depending on your jurisdiction you may have rights including access, correction, deletion, portability, and objection to processing.
You can exercise many of these rights directly through your account:
- Revoke agents you no longer operate
- Update operator metadata
- Delete your account (contact support for full-erasure requests)
For rights that require our intervention, email [email protected].
8. International transfers
AXIS Prime is operated from the United States on Cloudflare's global edge network. Your data may be processed at Cloudflare edge locations around the world, subject to Cloudflare's standard data processing terms. We rely on appropriate legal mechanisms (Standard Contractual Clauses) for international transfers.
9. Children
AXIS Prime is not directed to individuals under 16. We do not knowingly accept registrations from children.
10. Changes
We may update this policy. Material changes will be communicated by updating the "Last updated" date and, where appropriate, by direct notification to registered operators.
11. Contact
Privacy inquiries: [email protected]
General inquiries: [email protected]
Security issues: [email protected]