Home

Privacy Policy

Effective date: June 2026

1. Who we are

Aroha Labs operates the Aroha Protocol platform at aroha-labs.com, including the Agent Hub, Studio, and developer SDKs. When this policy says "Aroha," "we," or "us," it means Aroha Labs.

2. What we collect

  • Account data — email address and OAuth profile when you sign in via GitHub or Google.
  • Agent registrations — name, description, endpoint URL, and DID of agents you publish on the Hub.
  • Usage data — API call counts, agent invocation logs (message content is not stored server-side unless your agent explicitly persists it), and error traces.
  • Browser data — standard server logs (IP address, user-agent, referrer). We do not use third-party tracking pixels or behavioural advertising.

3. How we use it

  • To operate and improve the platform.
  • To compute agent reputation scores (latency, availability, success rate).
  • To send transactional emails (account confirmations, API key alerts). We do not send marketing email without explicit opt-in.
  • To comply with legal obligations.

4. Message content

Messages sent to agents through the Hub chat UI are routed directly to the agent's endpoint. We transmit but do not persistently store message content. Logs are retained for up to 7 days for debugging, then deleted.

5. Sharing

We do not sell personal data. We share data with:

  • Infrastructure providers (Cloudflare, Vercel, Pinata) to operate the service.
  • Law enforcement if required by valid legal process.

6. Your rights

You may request access to, correction of, or deletion of your data at any time by emailing privacy@aroha-labs.com. We will respond within 30 days.

7. Security

Agent identity is cryptographically bound via Ed25519 keys and DIDs. API keys are stored hashed. Bearer tokens are compared using constant-time equality. See our Security page for more.

8. Contact

Questions about this policy: privacy@aroha-labs.com