Privacy Policy
Effective: March 24, 2026 · Last updated: March 24, 2026
1. Introduction
AgentSign ("Service") is operated by Dead App Corp, a registered Missouri corporation owned by The Dead App Corp Trust. This Privacy Policy describes how we collect, use, and protect information when you use the AgentSign AI Agent Registration and Compliance Certification service at agentsign.atlasux.cloud.
For questions, contact us at billy@deadapp.info.
2. Information We Collect
Registration Data
- Organization name and type (corporate or personal)
- State of incorporation or residence
- Contact email address
- Agent names, display names, descriptions, and capabilities
- API endpoint URLs (optional)
Compliance Data
- Compliance attestation answers (self-reported responses to our 5-dimension questionnaire)
- Compliance scores and certification tiers
Authentication Data
- API key hashes — we store a cryptographic hash of your API key using SHA-256. We never store your plaintext API key after initial issuance.
Secretary of State Lookup
For corporate registrations, we query publicly available state Secretary of State records to verify that your organization is registered in the state you specified. We store the resulting status and entity ID.
3. How We Use Your Information
- Registration: to create and manage your organization and agent entries
- Verification: to confirm ownership via email and validate corporate registration via SOS lookup
- Certification: to issue, score, and manage compliance certificates
- Public Directory: to list verified agents in the AgentSign public directory
4. What Is Public vs. Private
Public (visible in directory and search results)
- Organization name and state
- Agent name, display name, and description
- Certification tier (Free, Silver, Gold) and compliance score
- Agent capabilities
- Certificate issuance and expiration dates
- SOS verification status
Private (never exposed via API or directory)
- Contact email address
- API key hashes
- Detailed attestation answers
- Verification tokens
5. Data Storage and Security
All data is stored in a PostgreSQL database hosted on Amazon Web Services (AWS) in the US-East-1 region. Data is encrypted at rest using AWS-managed encryption. API key hashes use SHA-256. All connections to the service are encrypted via TLS/HTTPS.
6. Third-Party Services
We do not sell, rent, or share your personal data with third parties except:
- Amazon Web Services (AWS): database and application hosting
- Let's Encrypt: SSL/TLS certificate issuance for our domain
We do not use cookies, tracking pixels, or analytics services. AgentSign is an API-only service.
7. Data Retention
- Active registrations: retained indefinitely while the organization remains active
- Revoked certificates: retained for 1 year after revocation for audit purposes, then deleted
- Verification tokens: automatically expire after 72 hours and are nullified on use
8. Your Rights
GDPR (EU Residents)
You have the right to access, correct, or delete your personal data. To exercise these rights, email billy@deadapp.info. We will respond within 30 days.
CCPA (California Residents)
You have the right to know what personal information we collect, to request deletion of your data, and to opt out of the sale of personal information. We do not sell personal information. To exercise these rights, email billy@deadapp.info.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance.