Proxer
Sign inGet Started

Privacy Policy

Effective Date: February 5, 2026  ·  Last Updated: February 5, 2026

Standard Logic Company ("we," "us," or "our") operates Proxer, including the website at proxer.dev, the Proxer dashboard, APIs, SDKs, and MCP server integrations (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address — Used for authentication, account recovery, and service communications.
  • Password — Stored as a cryptographic hash by our authentication provider (Supabase Auth). We never store or have access to your plaintext password.

1.2 Service Data

When you use the Service, we store the following data you create:

  • Uni-Passports — Agent identity credentials including agent ID, permissions, issuer information, public keys, and cryptographic signatures.
  • Uni-Gates — Authorization policy configurations including gate name, security profile level, allowed issuers, and permission requirements.
  • Uni-Attestations — Immutable, signed records of authorization decisions including outcome, timestamp, and cryptographic signature.
  • Issuers — Issuer identities you create, including name, public key, and status. Issuer signing private keys are stored encrypted (AES-256-GCM) and never exposed.
  • API Keys — Keys you generate for programmatic access. Stored as cryptographic hashes; the full key is displayed only once at creation.

1.3 Information We Do NOT Collect

  • Agent private keys — Generated in your browser and never transmitted to our servers.
  • Browsing history or tracking data — We do not use third-party analytics, advertising trackers, or behavioral profiling tools.
  • Payment information — The Service is currently free. If we introduce paid features, payment processing will be handled by a third-party processor and we will not store your card details.

1.4 Automatically Collected Information

When you access the Service, our hosting infrastructure may automatically collect:

  • Server logs — IP address, request timestamps, HTTP method, URL path, and response status codes. Used for security monitoring and debugging; retained for a limited period.
  • Cookies — We use essential cookies only, as described in Section 6.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service — Authenticate your account, store and manage your passports, gates, and attestations, and process authorization requests via API.
  • Ensure security — Monitor for unauthorized access, enforce rate limits, detect abuse, and protect the integrity of cryptographic operations.
  • Communicate with you — Send transactional emails related to your account. We do not send marketing emails without your explicit consent.
  • Improve the Service — Analyze aggregate usage patterns to improve performance, reliability, and features. We do not perform individual user profiling.
  • Comply with legal obligations — Respond to lawful requests from law enforcement or regulatory authorities as required by applicable law.

3. How We Share Your Information

3.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing or any other purpose.

3.2 Third-Party Service Providers

We use the following third-party services to operate the Service:

ProviderPurposeData Shared
SupabaseDatabase hosting and authenticationAccount data, all service data
VercelApplication hosting and deploymentServer logs (IP addresses, request data)

3.3 Third-Party Integrations (User-Initiated)

  • MCP Integrations — When you use the Proxer MCP server through a platform like Claude, that platform may send requests to our API on your behalf.
  • OAuth Connections — If you authorize a third-party application via OAuth, that application receives an access token within the scope you authorize. You can revoke OAuth authorizations at any time.

3.4 Public Attestations

Attestations you share via a share link are accessible to anyone with that link. Shared attestations display the authorization decision, passport and gate identifiers, and cryptographic signatures. They do not expose your email address or account credentials.

3.5 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights or the safety of others.

4. Data Retention

  • Account data — Retained while your account is active. Deleted within 30 days of account deletion request, except as required by law.
  • Passports and gates — Retained while your account is active. Revoked passports and deleted gates are retained for audit purposes but marked inactive.
  • Attestations — Retained while your account is active; deleted within 30 days of account deletion.
  • Server logs — Retained for up to 30 days for security monitoring, then automatically purged.
  • Encrypted signing keys — Deleted when the associated gate or issuer is permanently removed.

5. Your Rights

5.1 Access

You can access all your data through the Proxer dashboard at any time, including passports, gates, attestations, issuers, and API keys.

5.2 Export

You may export your data via the Proxer API. All data is available in standard JSON format.

5.3 Deletion

You may request deletion of your account and all associated data by contacting us at support@proxer.dev. We will complete deletion within 30 days.

Note: Attestations that have been shared publicly may persist in external systems, as they are designed to be portable verification artifacts.

5.4 Correction

You can update your account information through the dashboard. For data that cannot be modified through the interface, contact us at support@proxer.dev.

6. Cookies

We use only essential cookies required for the Service to function:

CookiePurposeDuration
Session cookieMaintains your authenticated sessionBrowser session
Auth tokenSupabase authenticationUntil expiration or logout

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

7. Data Security

  • Encryption in transit — All data transmitted between your browser and our servers is encrypted via TLS (HTTPS).
  • Encryption at rest — Sensitive cryptographic material is encrypted using AES-256-GCM before storage.
  • Row-Level Security — Database access policies ensure you can only access your own data.
  • Key isolation — Agent private keys are never transmitted to or stored on our servers. Gate signing keys are only decrypted in memory during signing operations.
  • Rate limiting — API endpoints are rate-limited to prevent brute-force attacks and abuse.

8. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at support@proxer.dev.

9. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on proxer.dev and updating the "Last Updated" date. Your continued use after changes take effect constitutes acceptance.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Standard Logic Company
Email: support@proxer.dev
Website: https://proxer.dev

Terms of Service · ← Back to Home