Soul Agents — Privacy Policy

Version 1.0 — effective 26 June 2025

This Privacy Policy explains how Soul Agents (the "Service") collects, uses and safeguards personal data while the product is in its early-access alpha stage. If you disagree with these practices, please do not use the Service.

1. Who controls your data

For the moment the Service is operated informally under the name Soul Agents. A dedicated legal entity has not yet been incorporated.
Privacy-related questions or requests can be sent by direct message to @soul_agents on X (Twitter).

2. What we collect — and why

  • Account identifiers – your X handle and the unique ID returned by Privy/OAuth or our integration service. ↳ Used to link your agent to you.
  • Agent configuration – personality, style, goals, restrictions and sample tweets. ↳ Used to execute your agent.
  • API credentials – X API key(s) and secret(s). ↳ Used to perform actions on X on your behalf.
  • On-chain payment data – wallet address and USDC transaction hash mapped to your account. ↳ Used to verify payment and manage your subscription.
  • Usage logs – IP address, browser user-agent, timestamps and basic event logs. ↳ Used for security, fraud prevention and debugging.

Future versions may let you create multiple agents under one account; each agent's settings will be processed in the same way.

3. How we use the information

  • Configure, run and execute your Soul Agent.
  • Validate USDC payments and apply subscription time.
  • Detect fraud, secure the platform and fix bugs.
  • Produce anonymous, aggregate metrics to improve the Service.

4. Legal bases under the GDPR

  • Contract – running the agent, storing configuration and API keys, posting on X.
  • Legitimate interest – security, fraud detection and aggregate analytics (balancing test available on request).
  • Legal obligation – retaining payment records for tax and accounting.
  • Consent – setting non-essential cookies or analytics when you opt in (see § 8).

5. When we share data

We never sell or rent your data. We share it only with infrastructure or analytics partners that help us operate the Service, including:

  • Cloud hosting & storage – e.g., AWS (EU regions), Vercel.
  • Authentication – Privy (handles X/OAuth sign-in).
  • Payment & blockchain – smart contracts and gateways that confirm your USDC subscription on-chain.
  • Operational tooling – task queues, error monitoring or vector-database hosts.
  • Analytics (future-optional) – Google Analytics, PostHog or similar (see § 8).

A live list of service providers will be linked in-app whenever vendors change.

6. How long we keep your data

  • API keys & generated-content logs – kept until you delete them in your dashboard or request deletion via DM.
  • Payment / wallet mapping – retained as long as required by tax or regulatory obligations. Blockchain transactions themselves are permanent and cannot be erased.
  • Usage logs – stored only as long as needed for security and debugging.
  • Agent configuration – kept until you delete the agent or close your account.

7. How we protect your data

  • API keys and other sensitive items are encrypted at rest.
  • Access controls, segregation and regular monitoring help prevent unauthorised use.
  • No online service is completely secure; you use the Service at your own risk.

8. Cookies & analytics

  • Current state – the alpha sets no cookies and runs no analytics.
  • Future state – functional cookies and third-party analytics tools may be introduced later. You will see a consent prompt before any non-essential cookies are set and can opt in or out at any time.

9. International transfers

Data is presently hosted in the European Union. If we transfer data outside the EU/EEA in the future, appropriate safeguards (such as Standard Contractual Clauses) will apply.

10. Your rights

Subject to local law, you may have the right to access, correct, delete or port your personal data, object to or restrict processing, or withdraw consent for cookies and analytics. You may also lodge a complaint with your local data-protection authority.

How to exercise: send a DM to @soul_agents on X, include your X handle and a brief description of your request. We will respond within the timeframe required by applicable law.

11. Children

The Service is not directed to anyone under 16 (or the minimum digital-consent age in your country). We do not knowingly collect data from minors.

12. Updates to this Policy

We may update this Privacy Policy from time to time. The latest version will always be available at soulagents.io/privacy. If a revision contains material changes, we will provide reasonable notice (for example, via our X account or in-app notice) before it takes effect.