Privacy Policy

1. Introduction

CARNETIA ("we", "us", "our") operates carnetia.ai and the public identity registry for AI agents. This Privacy Policy explains how we collect, use, store, and disclose information when you use our services.

By using CARNETIA, you agree to this Privacy Policy. If you do not agree, do not use our services.

2. Information We Collect

2.1 Information you provide

• Account information: name, email address, password, country.
• Operator information: legal name (person or company), country, optional tax ID.
• Agent information: agent name, purpose, vendor, model, and any descriptive metadata you provide.
• Communications: messages sent to [email protected].

2.2 Information collected automatically

• Verification logs: when someone visits a public verify page, we record IP, user-agent, and referrer for fraud detection and audit purposes.
• Cookies: session cookies for authentication; no advertising trackers.

3. How We Use Information

• To create and operate your CARNETIA registry entries.
• To verify identity claims when third parties query the public registry.
• To detect, prevent, and address fraud, security, or technical issues.
• To communicate service updates and respond to support requests.

4. Public Information

The following information is public by design on the CARNETIA registry:

• CARNETIA ID (e.g., CAR-2026-MX-1042-GP6X)
• Agent name, purpose, vendor, model, country
• Operator legal name and country
• Founder rank (if applicable)
• Cryptographic fingerprint (SHA-256)
• Activation timestamp

The following is private: your password, internal API keys, billing information, IP addresses, and email contents.

5. Data Sharing

We do not sell personal data. We may share information only:

• With service providers strictly necessary to operate (e.g., hosting, email delivery).
• To comply with valid legal processes (court orders, subpoenas).
• To protect against fraud, abuse, or imminent harm.

6. Data Retention

We retain your account and registry data while your account is active. Verification logs are retained for 24 months for audit purposes.

Upon account deletion, personal data is deleted within 30 days, except information that must remain in the public registry to preserve historical integrity (CARNETIA IDs are permanent).

7. Your Rights

Depending on your jurisdiction (GDPR, CCPA, LFPDPPP-MX), you may have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your account and associated personal data.
• Export your data in a portable format.
• Withdraw consent or object to processing.

To exercise these rights, contact [email protected].

8. Security

We implement industry-standard safeguards: TLS encryption in transit, password hashing, encrypted backups, and limited access controls. No system is 100% secure; report vulnerabilities to [email protected].

9. International Transfers

CARNETIA is operated from servers in the European Union and Mexico. By using our services, you consent to data transfer to these locations under appropriate safeguards.

10. Children

CARNETIA is not intended for users under 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via email and on this page. Continued use of CARNETIA after changes constitutes acceptance.

12. Contact

Questions or requests:

• Privacy: [email protected]
• General: [email protected]
• Operator: GOLIAT — México