Privacy Policy

Noxy Network (“Noxy,” “we,” “us,” or “our”) provides human-in-the-loop (HITL) infrastructure for AI agents: systems that orchestrate encrypted decision requests from autonomous systems to end-user clients (for example mobile push, web, or messaging platforms) so people can approve or reject proposed actions. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our documentation website, software development kits (SDKs), relay services, and related offerings (collectively, the “Services”).

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

1. Privacy by Design

Privacy is a core principle of Noxy. Our architecture is designed to minimize the data we can access:

  • End-to-end encryption: Decision request payloads are encrypted client-side. The relay infrastructure cannot decrypt message content.
  • Passwordless developer sign-in: The Create App dashboard uses email one-time passcodes (OTP). We do not collect or store passwords.
  • Email-based accounts: Your developer account is tied to the email address you verify. End-user routing may use other identifier types (such as email, phone, user ID, or wallet) as configured by each application integrator.
  • No marketing profiles: We do not build advertising-style user profiles beyond what is necessary to operate the Services.

2. Information We Collect

2.1 Information We Do Not Collect

We do not collect or store:

  • Passwords (sign-in uses email OTP only)
  • Private keys, seed phrases, or cryptographic material that could decrypt your decision requests
  • Decision request content (we only relay encrypted data)

2.2 Developer account information

When you sign in to the Create App dashboard or manage billing, we collect and process:

  • Email address: Your account identifier, used to send sign-in codes and service-related messages
  • One-time passcodes: Short-lived codes used only to verify sign-in; we do not store them as credentials after verification
  • Account and app metadata: Account ID, apps you create, plan and quota usage, API tokens, and related configuration
  • Billing data: Subscription and payment information processed by Paddle.com Market Ltd. (“Paddle”), our Merchant of Record

2.3 Relay, SDK, and website data

To operate the relay and provide the Services, we may also collect:

  • Public routing identifiers: Used to route decision requests to registered clients (for example wallet addresses, email addresses, phone numbers, user IDs, or app-specific IDs). Identifiers are supplied by application integrators to address decisions to end users.
  • Device identifiers: Anonymous device IDs for routing and session management.
  • Technical data: Connection metadata (e.g., timestamps, request IDs) for operational and security purposes.
  • Website usage: Standard analytics (pages viewed, referrers) to improve documentation, using privacy-preserving analytics where possible.

3. How We Use Information

We use the information we collect to:

  • Authenticate developer accounts and manage billing
  • Route decision requests to the correct clients and devices
  • Maintain session state and connection routing
  • Enforce rate limits and prevent abuse
  • Improve our Services and documentation
  • Comply with applicable laws and respond to lawful requests

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information only:

  • With service providers who assist in operating our infrastructure (e.g., cloud hosting, email delivery for sign-in codes, Paddle for payments and subscriptions), under appropriate confidentiality and data-processing obligations
  • When required by law, court order, or government request
  • To protect our rights, safety, or the rights and safety of others

5. Third-Party Applications

Applications built with Noxy SDKs may have their own privacy practices. When you use an app that integrates Noxy, that app's privacy policy applies to how they handle your data. Noxy provides the infrastructure; application developers are responsible for their own data practices.

6. Data Retention

We retain operational data only as long as necessary to provide the Services and for legitimate business, legal, or security purposes. Encrypted decision request payloads in our queue are delivered or expire according to the applicable time-to-live; we do not retain decrypted content.

7. Security

We implement technical and organizational measures to protect the data we process, including TLS encryption in transit and access controls. However, no system is completely secure. You are responsible for safeguarding access to your email inbox, dashboard session, API credentials, devices, and any keys or signing material used with the Services.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. To exercise these rights or ask questions about our practices, contact us at the address below.

9. Children

Our Services are not intended for individuals under 13 years of age (or higher where required by law). We do not knowingly collect personal information from children.

10. International Transfers

Our infrastructure may be hosted in various jurisdictions. By using our Services, you consent to the transfer of your information to countries that may have different data protection laws.

11. Changes

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Continued use of the Services after changes constitutes acceptance of the revised policy.

12. Contact

For questions about this Privacy Policy or our privacy practices, contact us at: contact@noxy.network