← Kynver

Privacy Policy

Last updated: June 2026 (policy version 2026-06-01)· Kynver ("kynver.com")

Kynver operates a trust framework for AI agents. We sell trust: our product is the Verification Standard and the infrastructure that makes it meaningful. This privacy policy explains how we collect, use, store, and protect your data — and how our practices align with the five pillars of that standard. We do not sell your personal information.

1. Who we are

Kynver ("we," "us," "our") is the operator of kynver.com and the Kynver Verification Standard. When you use our website, create an account, register an AI agent, or sign in (including via Google), you are providing information to Kynver. We are the data controller for the personal data we process in connection with our services.

2. Google user data (Sign in with Google)

If you choose "Sign in with Google," we receive the following information from Google, as permitted by your consent and Google's OAuth scopes:

  • Name — to identify you and display your profile (e.g. agent ownership, account settings).
  • Email address — to create and maintain your account, send verification and account-related emails, and contact you about your use of the service.
  • Profile picture (if you grant access) — to display your avatar in the Kynver app (e.g. in the header or account area).

How we use Google user data: We use this data solely to provide and improve your experience on Kynver — to create and secure your account, to associate you with agents you register, to display your identity where appropriate, and to communicate with you about the service. We do not use Google user data for advertising, for building databases for unrelated purposes, or for selling or transferring to data brokers or information resellers. Product-improvement use of in-app data is described in section 4 and requires your in-product acceptance.

With whom we share Google user data:We do not sell, rent, or trade Google user data. We may share it only with service providers who help us operate the product (e.g. hosting, email delivery, database) under strict data processing terms, and only to the extent necessary to provide or improve the application's functionality. We do not transfer Google user data to third parties for advertising, marketing, or any purpose other than providing or improving our application.

3. Other data we collect

Beyond Google sign-in data, we collect only what is necessary to run the service and uphold the Verification Standard (data minimization — Pillar 4 of our standard):

  • Account data: Email (if you register with email/password), name, password hash, email verification status, onboarding state.
  • Agent and verification data: Information you provide when registering an agent (name, description, capabilities, limitations, data practices summary, DID, ownership verification status). This is required to list agents and to apply for or maintain the Verified badge.
  • Usage and operational data: Logs (e.g. IP, request paths, errors), session data, and — where you use on-platform features — transaction or interaction records necessary for trust scores and verification.

We do not collect more than we need. We do not use your data for purposes unrelated to providing, securing, or improving the Kynver service.

4. Product improvement (free and beta use)

If you use Kynver on a free or beta basis, you agree that we may use your submissions, prompts, agent interactions, and other product usage data to improve Kynver for everyone. That includes making the product more reliable, safer, and easier to use.

We handle this data carefully: it stays private to your account and workspace, is protected with standard security controls, and is kept tenant-isolated. Where we analyze usage across customers, we use aggregation, anonymization, or similar techniques so individuals are not identified. We do not sell your personal data and we do not share raw personal data with third parties for their own marketing or profiling.

This is separate from how verified-agent behavioral receipts work (see section 7) — those are structural compliance signals, not a license to read your private content.

5. How we use your data

We use your data to:

  • Create and maintain your account and authenticate you.
  • Associate you with agents you own and enforce ownership and verification (Pillar 1 — Identity & Ownership).
  • Display agent profiles, trust scores, and transparency information (Pillar 2 — Transparency).
  • Operate the directory, verification flow, and any support or moderation (Pillar 3 — Behavioral Safety, where applicable).
  • Protect data with encryption and access controls (Pillar 4 — Data & Privacy).
  • Run and improve the service (reliability, security, support, and product quality) (Pillar 5 — Operational Reliability).

We do not use your data for targeted or interest-based advertising or for selling to data brokers. We may use service providers under contract to host and operate the product, as described in the sharing section below.

6. Sharing and disclosure

We do not sell your personal data. We may share data only:

  • Service providers: Hosting (e.g. Vercel), database (e.g. Neon), email (e.g. Resend), and similar providers that help us run the product. They are bound by contract to use data only for the services they provide to us.
  • Verification and compliance: Where required for verification (e.g. Stripe Identity for KYC in the verification flow), we share only what is necessary with the relevant provider; their privacy policies apply to that processing.
  • Legal: When required by law or to protect our rights, safety, or the safety of others.

We do not share your data with third parties for advertising, marketing, or for building or selling profiles about you.

7. Behavioral monitoring and execution receipts

Kynver operates a continuous monitoring system for verified agents. This section explains what that system collects, what it deliberately cannot access, and why it exists. We want this to be completely clear — not buried in legal language.

How it works (in plain terms)

When an agent developer applies for and receives the Kynver Verified badge, they install a small piece of Kynver software into their agent. After each task, that software sends Kynver a brief record — we call it a behavioral receipt. This receipt tells us structural facts about the task: what category it fell under, what types of actions the agent took (e.g. "web search," "drafted a message"), how long it took, and whether the user explicitly authorized any high-stakes actions like payments or sending emails on their behalf. That is all it contains.

We check this receipt against what the agent claimed to do when it was verified. If the agent claimed to be a research tool but starts executing financial transactions, we know. If an agent starts performing actions its developer never declared, we know. If a payment is executed without a user authorization on record, we know — and the developer is alerted immediately.

What we never receive

The behavioral receipt is designed from the ground up so that private content cannot travel through it. Specifically:

  • We never receive the content of any instruction or prompt.Before anything is sent to Kynver, the instruction is converted to a one-way fingerprint (a cryptographic hash) on the developer's own system. The fingerprint can be used to confirm a match if a dispute arises — but the original text cannot be recovered from it. We do not see what users asked agents to do.
  • We never receive the agent's output or response. The same applies to what the agent produced — its answer, analysis, draft, or code. Converted to a fingerprint before transmission. We never read it.
  • We never receive personal information about the end user. Users of verified agents are identified in our system only by an anonymous token that Kynver generates — essentially a random ID with no connection to a name, email address, or any personal data. The developer knows who their users are; we never do.
  • We never receive the actual data an agent processed.If an agent analyzed a document, processed a spreadsheet, or read a user's files, we see only the category of data involved — not the data itself.

Why we do this

A verified badge that only reflects a one-time review is not worth much. Developers can pass a review process and then change their agent's behavior. Agents can be compromised by attackers. Models can be updated quietly. If we only checked at application time, the badge would be a historical record, not a live representation of trust. Behavioral monitoring exists so that the badge means what it says: this agent is operating within its declared scope right now.

The most important thing this system catches is an agent performing high-stakes actions — financial transactions, sending communications, deleting or exporting data — without the user having explicitly agreed to them first. Our Verification Standard (Pillar 3) requires that users authorize every irreversible action. The monitoring system is how we verify that requirement is being honored in practice, not just on paper.

If a dispute arises

If a dispute is filed and the content of a transaction needs to be verified, the process works through the developer — not through us. We hold a fingerprint of the instruction and output. The developer holds the original. If the developer runs the same fingerprinting process on their copy, they can confirm or deny that the content matches what the receipt claimed. We verify the fingerprint; we never need to see the content. This is intentional — disputes are resolved through accountability, not by exposing private conversations.

Your choices as an end user

The anonymous token that identifies you in Kynver's system is tied to a specific agent, not to your global identity. It cannot be used to track you across different agents or to connect your activity across platforms. If you want to know whether a specific agent uses Kynver's monitoring system, that agent's Kynver profile will disclose it. If you want the anonymous token associated with your interactions to be removed from our system, you can request this by contacting us at hello@kynver.com — we will work with the relevant developer to identify and delete the record.

Linking your KynverID to your account (optional)

If you use a verified agent and the developer makes your KynverID available to you (for example, as a link or ID in their app's settings), you can optionally link that ID to your Kynver account. This is entirely voluntary and user-initiated — developers cannot link your account on your behalf.

When you link a KynverID, two things change: (1) Kynver learns that your account is associated with that anonymous token, and (2) you gain access to a real-time monitoring view in your Kynver account showing the behavioral receipts associated with your interactions — the task categories, action types, authorizations you granted, and any compliance flags Kynver detected. You will also receive notifications if Kynver detects an anomaly related to your interactions with that agent.

You can unlink at any time from your account settings. When you unlink, the association between your account and the token is removed, and the token returns to anonymous status. Historical receipt data is retained in our system for compliance purposes but is no longer attributed to your account.

Your linked monitoring data is visible only to you (and to Kynver for operating the service). It is not shared with the agent developer unless you file a dispute, at which point the process described in the "If a dispute arises" section above applies.

8. Data protection and security

We protect your data in line with our Verification Standard (Pillar 4 — Data & Privacy):

  • Encryption in transit: All data is transmitted over TLS (TLS 1.2 minimum; TLS 1.3 where supported).
  • Access control: Access to personal and verification data is limited to personnel who need it to operate the service.
  • Credentials and secrets: Passwords are hashed; we do not store plaintext passwords. API keys and tokens are not logged or exposed in URLs.
  • Logging: We do not log sensitive personal data (e.g. full PII, payment details) in plaintext.

We maintain security procedures to protect the confidentiality and integrity of your data. If we become aware of a breach that affects your personal data, we will notify affected users and regulators as required by law.

9. Data retention and deletion

We retain your data only as long as needed to provide the service, comply with the Verification Standard, and meet legal obligations:

  • Account data: Retained while your account is active. After you request account deletion, we delete or anonymize your personal data within a reasonable period (e.g. 30 days), except where we must retain it for law or ongoing disputes.
  • Agent and verification data: Retained as long as the agent is listed or as needed for verification and compliance (e.g. dispute history, revocation records). Public agent profiles may be retained in a reduced form after delisting for integrity of the directory and trust score history.
  • Logs and operational data: Retained for a limited period (e.g. 90 days) for security and debugging, then deleted or aggregated.

Your choices: You may request access to, correction of, or deletion of your personal data. You can request deletion of your account and associated personal data by contacting us at hello@kynver.com. We will honor deletion requests within a reasonable timeframe, subject to legal or operational retention requirements. When the retention period for a given type of data expires, we delete or destroy it in a secure manner.

10. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Data portability (e.g. a copy of your data in a usable format).
  • Lodge a complaint with a supervisory authority (e.g. in the EU or UK).

To exercise these rights, contact us at hello@kynver.com. We will respond within the timeframes required by applicable law.

11. Cookies and similar technologies

We use cookies and similar technologies only as necessary to operate the service — for example, session and authentication (Auth.js), security (e.g. CSRF), and preferences. We do not use cookies for third-party advertising or tracking. You can control cookies through your browser settings; disabling certain cookies may affect your ability to sign in or use the full service.

12. Changes to this policy

We may update this privacy policy from time to time. We will post the updated version on this page, update the "Last updated" date, and bump the policy version when the change is material. If you are signed in, we may ask you to accept the updated policy before you continue using the product. If we change how we use Google user data or other personal data in a material way, we will notify you (e.g. by email or a notice in the app) and, where required by law, obtain your consent before applying the new use.

13. Contact

For privacy-related questions, access or deletion requests, or complaints, contact us at hello@kynver.com. For more on how we define trust for AI agents, see our Verification Standard.