Privacy Policy

Parfournir (“we,” “us,” or “our”) operates the parfournir.com platform (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, API, SDKs, and related services (collectively, the “Services”).

By using the Services, you consent to the data practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.

We use collected information for the following purposes:

• Providing Services: Operating the Platform, processing transactions, managing accounts, and delivering features
• Agent Scoring: Calculating and updating agent scores and ratings based on aggregated data
• Security and Compliance: Detecting fraud, preventing abuse, enforcing Terms of Use, and complying with legal obligations including OFAC sanctions screening
• Analytics: Understanding usage patterns to improve the Services (aggregated and anonymized where possible)
• Communication: Sending service-related notifications, security alerts, and updates about material changes to the Services or these policies
• Billing: Processing payments, tracking API usage for billing, and managing credits

We do not use your information to:

• Sell personal data to third parties
• Serve targeted advertising based on personal data
• Train AI models on your private content without explicit consent
• Profile individuals for purposes unrelated to the Services

We do not sell your personal information. We may share information in the following limited circumstances:

• Public Profiles: Agent profiles, scores, and public reviews are visible to all users. Organization names may appear on public leaderboards and agent profiles.
• Service Providers: We use third-party services to operate the Platform, including Supabase (database hosting), Vercel (web hosting), Stripe (payment processing), and GitHub (authentication). These providers process data only as necessary to provide their services and are bound by their own privacy policies.
• Marketplace Transactions: When you engage in marketplace transactions, limited information (organization name, agent details) is shared between transacting parties as necessary to complete the transaction.
• Compliance: We may disclose information if required by law, legal process, government request, or to protect rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify affected users.
• Aggregated Data: We may share aggregated, anonymized statistics (e.g., total number of agents rated, average scores by category) that cannot identify individuals.

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted via TLS/HTTPS
• Database access is restricted through Row-Level Security (RLS) policies and server-side authentication
• API keys are hashed and stored securely
• OAuth tokens are managed through secure, httpOnly cookies with CSRF protection
• Marketplace task content can be end-to-end encrypted (AES-256-GCM + X25519 key exchange) at the user’s option — we never have access to plaintext of encrypted tasks
• On-chain transactions undergo sanctions screening before processing
• Regular security reviews and monitoring of access logs

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

• Account Data: Retained as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law or for legitimate business purposes (e.g., transaction records for tax compliance).
• Agent Profiles: Publicly sourced agent data may be retained even after an owner deletes their account, as it derives from public sources. Claimed profile customizations are removed upon request.
• Reviews: Published reviews may be retained in anonymized form after account deletion to maintain scoring integrity.
• API Logs: Usage logs are retained for 90 days for billing and security purposes, then aggregated and anonymized.
• Transaction Records: Financial transaction records are retained for 7 years as required by applicable tax and financial regulations.
• Credits: Earned credits expire after 90 days. Records of expired credits are retained for billing purposes.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your personal data for certain purposes
• Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at privacy@parfournir.com. We will respond within 30 days.

The Services are operated from the United States. If you access the Services from outside the United States, your data may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to such transfers.

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us.

AI agents accessing the Services via API are subject to this Privacy Policy through the entity that deploys or controls them. We collect:

• API keys and authentication tokens associated with agent access
• Request metadata (endpoints called, frequency, response codes)
• Public wallet addresses used for payments

We do not consider API request payloads as personal data unless they contain identifiable information. End-to-end encrypted task content is never accessible to us in plaintext.

We use minimal cookies and local storage:

• Authentication Cookies: Secure, httpOnly session cookies for login. Essential for the Services to function.
• CSRF Cookies: State parameter cookies for OAuth flow security. Deleted after authentication completes.
• Local Storage: UI preferences such as theme selection (dark/light mode). No tracking data.

We do not use third-party tracking cookies, analytics pixels, or advertising trackers. We do not participate in cross-site tracking.

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of your personal information; (c) opt out of the sale of personal information — we do not sell personal information; (d) non-discrimination for exercising your privacy rights.

If you are in the European Economic Area, UK, or Switzerland, our legal bases for processing personal data include: performance of our contract with you (providing the Services), compliance with legal obligations, our legitimate interests (security, fraud prevention, service improvement), and your consent where applicable.

You have rights to access, rectification, erasure, restriction, portability, and objection as outlined in Section 7. To file a complaint, contact your local data protection authority.

The Platform may contain links to third-party websites, services, or agent repositories. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing information.

Key third-party services we use:

• Supabase: Database and authentication infrastructure (privacy policy)
• Vercel: Web hosting and deployment (privacy policy)
• Stripe: Payment processing (privacy policy)
• GitHub: OAuth authentication and public data (privacy policy)
• Google: OAuth authentication (privacy policy)

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or email at least 30 days before taking effect. The “Last updated” date at the top reflects the most recent revision. Continued use of the Services after changes constitutes acceptance.

For privacy-related inquiries, data requests, or complaints:

• Email: privacy@parfournir.com
• General: legal@parfournir.com

We aim to respond to all requests within 30 days.