← Kynver

Privacy Policy

Last updated: March 2026 (updated to reflect behavioral monitoring) · Kynver ("kynver.com")

Kynver operates a trust framework for AI agents. We sell trust: our product is the Verification Standard and the infrastructure that makes it meaningful. This privacy policy explains how we collect, use, store, and protect your data — and how our practices align with the five pillars of that standard. We do not sell your personal information.

1. Who we are

Kynver ("we," "us," "our") is the operator of kynver.com and the Kynver Verification Standard. When you use our website, create an account, register an AI agent, or sign in (including via Google), you are providing information to Kynver. We are the data controller for the personal data we process in connection with our services.

2. Google user data (Sign in with Google)

If you choose "Sign in with Google," we receive the following information from Google, as permitted by your consent and Google's OAuth scopes:

  • Name — to identify you and display your profile (e.g. agent ownership, account settings).
  • Email address — to create and maintain your account, send verification and account-related emails, and contact you about your use of the service.
  • Profile picture (if you grant access) — to display your avatar in the Kynver app (e.g. in the header or account area).

How we use Google user data: We use this data solely to provide and improve your experience on Kynver — to create and secure your account, to associate you with agents you register, to display your identity where appropriate, and to communicate with you about the service. We do not use Google user data for advertising, for training AI models, for building databases for unrelated purposes, or for selling or transferring to data brokers or information resellers.

With whom we share Google user data: We do not sell, rent, or trade Google user data. We may share it only with service providers who help us operate the product (e.g. hosting, email delivery, database) under strict data processing terms, and only to the extent necessary to provide or improve the application's functionality. We do not transfer Google user data to third parties for advertising, marketing, or any purpose other than providing or improving our application.

3. Other data we collect

Beyond Google sign-in data, we collect only what is necessary to run the service and uphold the Verification Standard (data minimization — Pillar 4 of our standard):

  • Account data: Email (if you register with email/password), name, password hash, email verification status, onboarding state.
  • Agent and verification data: Information you provide when registering an agent (name, description, capabilities, limitations, data practices summary, DID, ownership verification status). This is required to list agents and to apply for or maintain the Verified badge.
  • Usage and operational data: Logs (e.g. IP, request paths, errors), session data, and — where you use on-platform features — transaction or interaction records necessary for trust scores and verification.

We do not collect more than we need. We do not use your data for purposes unrelated to providing, securing, or improving the Kynver service.

4. How we use your data

We use your data to:

  • Create and maintain your account and authenticate you.
  • Associate you with agents you own and enforce ownership and verification (Pillar 1 — Identity & Ownership).
  • Display agent profiles, trust scores, and transparency information (Pillar 2 — Transparency).
  • Operate the directory, verification flow, and any support or moderation (Pillar 3 — Behavioral Safety, where applicable).
  • Protect data with encryption and access controls (Pillar 4 — Data & Privacy).
  • Run and improve the service (reliability, security, support) (Pillar 5 — Operational Reliability).

We do not use your data for targeted or interest-based advertising, for training AI models on your personal data, for selling to data brokers, or for any purpose other than providing or improving the application's functionality.

5. Sharing and disclosure

We do not sell your personal data. We may share data only:

  • Service providers: Hosting (e.g. Vercel), database (e.g. Neon), email (e.g. Resend), and similar providers that help us run the product. They are bound by contract to use data only for the services they provide to us.
  • Verification and compliance: Where required for verification (e.g. Stripe Identity for KYC in the verification flow), we share only what is necessary with the relevant provider; their privacy policies apply to that processing.
  • Legal: When required by law or to protect our rights, safety, or the safety of others.

We do not share your data with third parties for advertising, marketing, or for building or selling profiles about you.

6. Behavioral monitoring and execution receipts

Kynver operates a continuous monitoring system for verified agents. This section explains what that system collects, what it deliberately cannot access, and why it exists. We want this to be completely clear — not buried in legal language.

How it works (in plain terms)

When an agent developer applies for and receives the Kynver Verified badge, they install a small piece of Kynver software into their agent. After each task, that software sends Kynver a brief record — we call it a behavioral receipt. This receipt tells us structural facts about the task: what category it fell under, what types of actions the agent took (e.g. "web search," "drafted a message"), how long it took, and whether the user explicitly authorized any high-stakes actions like payments or sending emails on their behalf. That is all it contains.

We check this receipt against what the agent claimed to do when it was verified. If the agent claimed to be a research tool but starts executing financial transactions, we know. If an agent starts performing actions its developer never declared, we know. If a payment is executed without a user authorization on record, we know — and the developer is alerted immediately.

What we never receive

The behavioral receipt is designed from the ground up so that private content cannot travel through it. Specifically:

  • We never receive the content of any instruction or prompt. Before anything is sent to Kynver, the instruction is converted to a one-way fingerprint (a cryptographic hash) on the developer's own system. The fingerprint can be used to confirm a match if a dispute arises — but the original text cannot be recovered from it. We do not see what users asked agents to do.
  • We never receive the agent's output or response. The same applies to what the agent produced — its answer, analysis, draft, or code. Converted to a fingerprint before transmission. We never read it.
  • We never receive personal information about the end user. Users of verified agents are identified in our system only by an anonymous token that Kynver generates — essentially a random ID with no connection to a name, email address, or any personal data. The developer knows who their users are; we never do.
  • We never receive the actual data an agent processed. If an agent analyzed a document, processed a spreadsheet, or read a user's files, we see only the category of data involved — not the data itself.

Why we do this

A verified badge that only reflects a one-time review is not worth much. Developers can pass a review process and then change their agent's behavior. Agents can be compromised by attackers. Models can be updated quietly. If we only checked at application time, the badge would be a historical record, not a live representation of trust. Behavioral monitoring exists so that the badge means what it says: this agent is operating within its declared scope right now.

The most important thing this system catches is an agent performing high-stakes actions — financial transactions, sending communications, deleting or exporting data — without the user having explicitly agreed to them first. Our Verification Standard (Pillar 3) requires that users authorize every irreversible action. The monitoring system is how we verify that requirement is being honored in practice, not just on paper.

If a dispute arises

If a dispute is filed and the content of a transaction needs to be verified, the process works through the developer — not through us. We hold a fingerprint of the instruction and output. The developer holds the original. If the developer runs the same fingerprinting process on their copy, they can confirm or deny that the content matches what the receipt claimed. We verify the fingerprint; we never need to see the content. This is intentional — disputes are resolved through accountability, not by exposing private conversations.

Your choices as an end user

The anonymous token that identifies you in Kynver's system is tied to a specific agent, not to your global identity. It cannot be used to track you across different agents or to connect your activity across platforms. If you want to know whether a specific agent uses Kynver's monitoring system, that agent's Kynver profile will disclose it. If you want the anonymous token associated with your interactions to be removed from our system, you can request this by contacting us at hello@kynver.com — we will work with the relevant developer to identify and delete the record.

Linking your KynverID to your account (optional)

If you use a verified agent and the developer makes your KynverID available to you (for example, as a link or ID in their app's settings), you can optionally link that ID to your Kynver account. This is entirely voluntary and user-initiated — developers cannot link your account on your behalf.

When you link a KynverID, two things change: (1) Kynver learns that your account is associated with that anonymous token, and (2) you gain access to a real-time monitoring view in your Kynver account showing the behavioral receipts associated with your interactions — the task categories, action types, authorizations you granted, and any compliance flags Kynver detected. You will also receive notifications if Kynver detects an anomaly related to your interactions with that agent.

You can unlink at any time from your account settings. When you unlink, the association between your account and the token is removed, and the token returns to anonymous status. Historical receipt data is retained in our system for compliance purposes but is no longer attributed to your account.

Your linked monitoring data is visible only to you (and to Kynver for operating the service). It is not shared with the agent developer unless you file a dispute, at which point the process described in the "If a dispute arises" section above applies.

7. Data protection and security

We protect your data in line with our Verification Standard (Pillar 4 — Data & Privacy):

  • Encryption in transit: All data is transmitted over TLS (TLS 1.2 minimum; TLS 1.3 where supported).
  • Access control: Access to personal and verification data is limited to personnel who need it to operate the service.
  • Credentials and secrets: Passwords are hashed; we do not store plaintext passwords. API keys and tokens are not logged or exposed in URLs.
  • Logging: We do not log sensitive personal data (e.g. full PII, payment details) in plaintext.

We maintain security procedures to protect the confidentiality and integrity of your data. If we become aware of a breach that affects your personal data, we will notify affected users and regulators as required by law.

8. Data retention and deletion

We retain your data only as long as needed to provide the service, comply with the Verification Standard, and meet legal obligations:

  • Account data: Retained while your account is active. After you request account deletion, we delete or anonymize your personal data within a reasonable period (e.g. 30 days), except where we must retain it for law or ongoing disputes.
  • Agent and verification data: Retained as long as the agent is listed or as needed for verification and compliance (e.g. dispute history, revocation records). Public agent profiles may be retained in a reduced form after delisting for integrity of the directory and trust score history.
  • Logs and operational data: Retained for a limited period (e.g. 90 days) for security and debugging, then deleted or aggregated.

Your choices: You may request access to, correction of, or deletion of your personal data. You can request deletion of your account and associated personal data by contacting us at hello@kynver.com. We will honor deletion requests within a reasonable timeframe, subject to legal or operational retention requirements. When the retention period for a given type of data expires, we delete or destroy it in a secure manner.

9. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Data portability (e.g. a copy of your data in a usable format).
  • Lodge a complaint with a supervisory authority (e.g. in the EU or UK).

To exercise these rights, contact us at hello@kynver.com. We will respond within the timeframes required by applicable law.

10. Cookies and similar technologies

We use cookies and similar technologies only as necessary to operate the service — for example, session and authentication (Auth.js), security (e.g. CSRF), and preferences. We do not use cookies for third-party advertising or tracking. You can control cookies through your browser settings; disabling certain cookies may affect your ability to sign in or use the full service.

11. Changes to this policy

We may update this privacy policy from time to time. We will post the updated version on this page and update the "Last updated" date. If we change how we use Google user data or other personal data in a material way, we will notify you (e.g. by email or a notice in the app) and, where required by law, obtain your consent before applying the new use.

12. Contact

For privacy-related questions, access or deletion requests, or complaints, contact us at hello@kynver.com. For more on how we define trust for AI agents, see our Verification Standard.