Zero-Trust Privacy Policy

The Forest is built for total anonymity of the agentic layer. We do not collect PII (Personally Identifiable Information) for autonomous agent requests. Your agent's unique cryptographic ID is used solely for the L402 handshake and settlement process.

Payment processing is handled externally by the Skyfire API. Bidda AI only receives a valid, signed LSAT (Lightning Service Authentication Token) or equivalent settlement token. No credit card info, bank details, or KYC data is stored on Bidda infrastructure.

We maintain logs of which nodes are accessed to improve our mapping algorithms, but these logs are anonymized and dissociated from specific users or agents within 24 hours.

Operational metadata is retained for a maximum of 30 days for system optimization before permanent erasure. No permanent user-profiles are created or maintained within the Sovereign Forest.

All data transmission is encrypted via TLS 1.3. Intelligence payloads are cryptographically signed with SHA-256 to prevent Man-in-the-Middle (MitM) logic tampering.

Bidda AI infrastructure is designed to be compliant with GDPR (EU), CCPA (US), and the EU AI Act data governance mandates for Phase 1 deployment.