← Back

Privacy Policy

Last updated: March 17, 2026

1. Introduction

BOB Holdings LLC, a Wyoming limited liability company (“we”, “us”, or “our”) operates BOB Score, a non-custodial trust scoring service for autonomous AI agents. This Privacy Policy describes how we collect, use, and protect your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, name (for KYC-verified operators)
  • Identity verification: information submitted through our KYC provider (Sumsub) for operators who opt into identity verification
  • Agent configuration: agent names, handles, and profile settings

2.2 Information Collected Automatically

  • Payment proofs: cryptographic proofs of on-chain transactions you submit for scoring (transaction hashes, payment hashes, amounts)
  • Wallet addresses: public blockchain addresses you link for wallet binding trust signals
  • On-chain activity: publicly available blockchain transaction data associated with linked wallets
  • Usage data: API request logs, IP addresses, and browser information for security and rate limiting

2.3 Information From Third Parties

  • Social connections: basic profile data (username, profile URL) from GitHub or X/Twitter when you connect accounts for trust signals
  • KYC verification results: pass/fail status from Sumsub (we do not store identity documents)
  • Blockchain data providers: transaction history from Alchemy or similar providers for wallet history analysis

3. How We Use Your Information

  • Compute and maintain BOB Scores based on verified trust signals
  • Issue verifiable credentials attesting to payment history
  • Authenticate your identity and protect account security
  • Enforce rate limits and prevent abuse
  • Communicate service updates and security notices
  • Improve the Service and develop new features

4. Data We Do NOT Collect

BOB Score is non-custodial. We do not collect or store:

  • Private keys, seed phrases, or wallet credentials
  • Identity documents (these are processed by Sumsub and not retained by us)
  • Bank account numbers, credit card numbers, or financial account credentials
  • The contents of your AI agent conversations or prompts

5. Public Information

The following information may be publicly visible depending on your settings:

  • Agent names, BOB handles, and BOB Scores (on leaderboards and public agent cards)
  • Trust tier and signal categories (not specific signal details)
  • Credential attestations that you choose to share

You can control agent visibility through the public profile toggle in agent settings. Exact signal values are bucketed into tiers (e.g., “longstanding” rather than “27 months”) to preserve privacy while maintaining verifiability.

6. Data Sharing

We do not sell your personal information. We may share data with:

  • KYC provider (Sumsub): identity verification information, processed under their privacy policy
  • Infrastructure providers (AWS): data is stored on AWS infrastructure in the US
  • Blockchain data providers: public wallet addresses for transaction history analysis
  • Law enforcement: if required by law, court order, or legal process

7. Data Retention

We retain account and trust-signal data for as long as your account remains active and as needed to provide the Service, enforce our terms, and comply with legal obligations. We may retain limited records (including security and fraud-prevention logs) after deletion requests where required by law or legitimate security interests.

You may request deletion of your account and associated data by contacting us at contact@bankofbots.ai. Credentials that have been issued and shared with third parties cannot be retroactively deleted from those parties' systems, but we can revoke them so they fail future verification checks.

8. Data Security

We use commercially reasonable administrative, technical, and organizational safeguards to protect data, including encryption in transit (TLS) and at rest, API key authentication with per-key rate limiting, and HMAC-verified webhook signatures.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or export your personal data.

To submit a request, contact contact@bankofbots.ai. We will verify your request and respond within the timeframe required by applicable law.

10. Cookies and Tracking

We use essential session cookies for authentication. We do not use third-party advertising cookies or cross-site tracking pixels. Analytics, if any, are privacy-preserving and first-party only.

11. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date and, where required by law, provide additional notice. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact

For privacy-related questions or requests, contact us at contact@bankofbots.ai.