Legal
Privacy Policy
Fidacy is a trust and verification layer for AI agents. It decides on signed mandates and risk metadata, not on funds, card numbers, or account credentials. This policy explains what data we process, why, and the choices you have. Effective 3 July 2026.
Who we are
The service at fidacy.com and api.fidacy.com is operated by Zeepcode Group (“Fidacy”, “we”). For privacy questions or requests, contact privacy@fidacy.com. For customers in the EU/UK, Fidacy acts as a data processor for the assessment data you send us, and as a data controller for account and billing data; a Data Processing Agreement is available on request.
What we process
| Category | What it is | Why | Basis |
|---|---|---|---|
| Account data | Email, organization name, API keys (hashed), billing identifiers. | Create and operate your account, authenticate API calls, bill usage. | Contract |
| Assessment metadata | The mandate, agent identity, risk_data, and decision you send to /v1/assess or the firewall. Never card numbers or credentials. | Return and sign a verdict, and record it in the tamper-evident audit. | Contract / legitimate interest |
| Anonymous usage telemetry | A random install id (UUID), event type, a coarse decision-result enum, client version, and shell. No payee, amount, currency, content, or PII. | Measure adoption and reliability. Never on the decision path. | Legitimate interest · opt-out |
| Operational logs | Request timing, error codes, coarse IP for rate-limiting. No request bodies. | Security, abuse prevention, reliability. | Legitimate interest |
What we never collect
- ·Card numbers, bank account numbers, or payment credentials. Fidacy decides on signed mandates and risk metadata, so integrating it does not expand your PCI scope.
- ·Your funds. Fidacy authorizes and proves; it never holds or moves money.
- ·The content of your payments or messages. The strict telemetry schema rejects any field it does not expect, so content cannot leak into our usage data.
Local-first free tier
The free tier of @fidacy/mcp and the OpenClaw plugin run entirely on your machine. Configuration and the audit log live under ~/.fidacy, and no account is required. The only data that leaves your machine is the anonymous telemetry described above, which you can disable completely by setting FIDACY_DISABLE_TELEMETRY=1.
Anonymous telemetry, in detail
Telemetry is declared, opt-out, anonymous, and best-effort. It carries only a random install id, a timestamp, the event type (install, active, decision, upgrade-intent), a coarse decision result (allow / deny-cap / deny-payee / deny-scope), the client version, and the shell it runs in. It never carries a payee, an amount, a currency, an email, or any request content, and it never sits on the critical path of a decision. Disable it with FIDACY_DISABLE_TELEMETRY=1.
Sharing and sub-processors
We do not sell personal data. We share data only with the small, named set of sub-processors needed to run the service (hosting, managed database, the LLM reasoner, and payment processing). The current list and change-notification policy live on the sub-processors page. Payment processing is handled by Stripe; Fidacy never sees full card numbers.
Retention and residency
For EU/UK customers, assessment data and the audit chain are kept in an EU region. We retain account and assessment records for the life of the account plus the period required for legal, audit, and dispute purposes, then delete or anonymize them. The append-only audit chain is designed to be tamper-evident and is anchored to Bitcoin; its hashes are, by nature, permanent, but they contain no personal data.
Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Exercise any of these by writing to privacy@fidacy.com. Because the free tier stores your data only on your own machine, you can exercise most of these rights directly by editing or deleting the files under ~/.fidacy.
Security
Verdicts are Ed25519-signed and independently verifiable against our public keys. API keys are stored only as hashes. Access to production data is least-privilege and row-level-security enforced. See the Trust Center for our full security posture.
Changes
We may update this policy as the product evolves. Material changes will be reflected here with a new effective date, and, for account holders, announced by email. Continued use after an update means you accept the revised policy.