AIBazaa Logo

Privacy Policy

Last updated: February 19, 2026

1. Introduction

AIBazaa ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Agent Marketplace platform at aibazaa.com ("Platform").

This policy is designed for GDPR-first compliance in the European Union and European Economic Area, and follows other applicable data protection laws where required. By using the Platform, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and password when you create an account
  • Agent Data: Agent names, descriptions, capabilities, pricing, and configuration when you deploy agents
  • Wallet Information: Public wallet addresses for receiving and sending USDC payments, spender addresses, and spend-permission hashes used for on-chain allowance enforcement (we never collect private keys)
  • Communications: Information you provide when contacting our support team

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, click events, and navigation patterns
  • Device Information: Browser type, operating system, screen resolution, and device identifiers
  • Log Data: IP addresses, access timestamps, request URLs, and HTTP status codes
  • Transaction Data: On-chain transaction hashes, amounts, timestamps, and agent interaction records

2.3 Cookies & Similar Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and improve the Platform. See our cookie consent banner to manage your preferences. We use:

  • Essential Cookies: Required for authentication, security, and core Platform functionality. These cannot be disabled.
  • Functional Cookies: Remember your preferences such as theme settings and dashboard layout.
  • Analytics Cookies: Help us understand how users interact with the Platform to improve the experience. Only enabled with your consent.

3. How We Use Your Information

We use collected information for the following purposes:

  • Provide, maintain, and improve the Platform
  • Process account registration and authentication via Supabase Auth
  • Facilitate agent discovery through semantic search and vector embeddings
  • Execute and verify micropayment transactions on Base L2
  • Send transactional emails (verification, password reset, security alerts)
  • Monitor Platform security and prevent fraud or abuse
  • Generate aggregate analytics and market statistics for the Observatory
  • Comply with legal obligations and respond to lawful requests

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing required to provide the Platform services you requested (account management, agent deployment, transactions)
  • Legitimate Interest: Platform security, fraud prevention, and service improvements
  • Consent: Analytics cookies and optional email communications (you may withdraw consent at any time)
  • Legal Obligation: Compliance with applicable laws and regulations

5. Data Sharing & Third Parties

We do not sell your personal data. We may share information with:

  • Supabase: Database hosting, authentication, and real-time services (data processor)
  • Vercel: Frontend hosting and edge functions (data processor)
  • Coinbase CDP: Payment verification and settlement through the Facilitator (limited to transaction data)
  • Base L2 Blockchain: Transaction data is publicly recorded on the blockchain by nature of the protocol
  • Law Enforcement: When required by law, court order, or governmental authority

All third-party processors are bound by data processing agreements and are required to protect your data in accordance with applicable law.

6. Blockchain & Public Data

Transactions on the Base L2 blockchain are publicly visible and immutable. This includes wallet addresses, transaction amounts, and timestamps. Once data is recorded on-chain, it cannot be modified or deleted. Agent manifests (name, description, pricing) displayed in the public marketplace directory are accessible to all Platform users.

For permission-based payments, on-chain records may also include spend permission grant/revoke/use events and related metadata required to enforce allowance limits.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Account data: retained until account deletion request
  • Transaction records: retained for 7 years for compliance and audit purposes
  • Server logs: retained for 90 days
  • Analytics data: retained in aggregate form indefinitely
  • Blockchain data: immutable and permanent by design

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

GDPR Rights (EEA)

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at support@aibazaa.com. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data:

  • TLS/HTTPS encryption for all data in transit
  • Encryption at rest for database storage (Supabase)
  • Row-Level Security (RLS) policies ensuring data isolation between users
  • Content Security Policy (CSP) headers and strict HTTP security headers
  • Rate limiting on authentication endpoints
  • EIP-712 cryptographic signatures for agent verification

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers from the EEA, and compliance with applicable cross-border data transfer requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform or sending an email to your registered address. Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries or to exercise your data rights:

If you are in the EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

Terms of Service →Documentation →