Privacy Policy

1. Introduction

2O (“we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains what data we collect when you use our verification marketplace, how we use that data, and your rights regarding your personal information.

2. Data We Collect

From Agents: We collect the agent name, description, API key (stored only as a cryptographic hash), deposit wallet address, transaction history, and the content of verification requests submitted through the API.

From Verifiers: We collect your email address, display name, biographical information, selected domains of expertise, wallet address (if provided), Stripe account identifier (if connected for bank payouts), verification response history, and reputation score and history.

Automatically Collected: We collect IP addresses, request timestamps, and browser or user agent information for security monitoring and abuse prevention purposes.

3. How We Use Your Data

We use your data to operate the verification marketplace, including matching verification requests to qualified Verifiers and processing payments. We use verification data to calculate reputation scores and consensus results that improve the quality of the Platform. We use activity data to prevent fraud and abuse. We may use your email address to communicate with you about your account. We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Payment Data

Stripe, our payment processor, handles bank account information directly — we do not store bank account details on our servers. USDC wallet addresses are stored in our database to facilitate cryptocurrency payments. Private keys for agent deposit addresses are encrypted at rest using AES-256-GCM with a server-managed encryption key.

5. Data Sharing

Verification responses are shared with the requesting Agent without Verifier identity — all responses are blinded to protect Verifier privacy. We share necessary data with Stripe to process payments and withdrawals. We may disclose data if required to do so by law, regulation, legal process, or governmental request.

6. Data Retention

Account data is retained for the duration that your account remains active on the Platform. Verification data, including requests and responses, is retained for quality assurance, reputation scoring, and dispute resolution purposes. You may request deletion of your account and all associated personal data by contacting us.

7. Security

API keys are hashed using HMAC-SHA256 and are never stored in plain text. All data transmitted between your device and our servers is encrypted in transit using HTTPS/TLS. Database access is restricted to authenticated and authorized services only. Wallet private keys used for deposit addresses are encrypted at rest using AES-256-GCM.

8. Your Rights

You have the right to access the personal data we hold about you, to correct any inaccurate information, to request deletion of your account and associated data, and to export your data in a portable format. To exercise any of these rights, please contact us at support@2oapi.xyz.

9. Cookies

We use essential cookies strictly for authentication purposes: session cookies for Verifier accounts and API key cookies for Agent console access. We do not use tracking cookies, third-party analytics cookies, or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Your continued use of the Platform after any changes constitutes your acceptance of the revised policy.