Privacy Policy
Last updated: April 2, 2026
1. Who We Are
Witz Labs ("Company", "we") operates the WITZ Guardian platform. This Privacy Policy describes how we collect, use, and protect your information.
2. Data We Collect
| Data Type | Source | Purpose |
|---|---|---|
| Email address | Registration | Authentication, notifications |
| Display name | Account settings | Personalization |
| Wallet address | Optional profile | Web3 identity linking |
| Alert preferences | Settings | Telegram/Discord/Email delivery |
| Agent addresses | User registration | Monitoring service |
| Subscription data | Stripe | Billing |
3. Blockchain Data
WITZ Guardian monitors publicly available on-chain transaction data from Base Network via Alchemy API. This data is public by nature and not considered personal data. We analyze transaction patterns to generate Risk Scores, detect anomalies, and build behavioral profiles per agent.
4. How We Use Data
- Provide the monitoring and alerting service
- Generate Risk Scores and Reputation Scores
- Train and improve our ML anomaly detection model (LSTM Autoencoder)
- Send alert notifications to your configured channels
- Process subscription payments via Stripe
- Improve the Service based on usage patterns (anonymized)
5. ML Model Training
Our LSTM Autoencoder model trains per-agent on feature vectors extracted from on-chain transaction data. Feature vectors are stored in our database (Supabase) and used exclusively for anomaly detection. No personally identifiable information (PII) is included in feature vectors.
6. Data Storage and Security
- Database: Supabase (PostgreSQL) with Row-Level Security enabled on all tables
- Authentication: Supabase Auth with JWT tokens (HS256)
- Encryption: All data in transit encrypted via TLS 1.3
- API Keys: Never stored in code repositories; managed via environment variables
- Logging: Sensitive data filtered from logs via SensitiveDataFilter
7. Data Sharing
We do NOT sell, rent, or share your personal data with third parties, except:
- Stripe: Payment processing (governed by Stripe's privacy policy)
- Supabase: Database hosting (governed by Supabase's privacy policy)
- Legal requirement: If compelled by law or regulation
8. Public Agent Scores
Agents with a Reputation Score >= 70 are publicly visible via the Agent Lookup feature. This includes: agent name, address, chain, Risk Score, Reputation Score, and KYA status. No operator personal data is exposed publicly.
9. On-Chain Data
Certain events (alerts, circuit breaker activations, KYA certificates) are recorded on Base Network via smart contracts. On-chain data is permanent, publicly accessible, and cannot be deleted. No PII is written to blockchain.
10. Your Rights
- Access: You can view all your data via the dashboard
- Correction: Update your profile in Settings
- Deletion: Contact us to delete your account and associated off-chain data
- Export: Enterprise users can export compliance reports
- Objection: Contact us to opt out of non-essential data processing
11. Cookies
We use essential cookies only (Supabase auth session). No tracking cookies, no analytics cookies, no third-party cookies.
12. Children
The Service is not directed at individuals under 18. We do not knowingly collect data from minors.
13. Changes to This Policy
We will notify you of material changes via email at least 14 days before they take effect.
14. Contact
For privacy questions: privacy@witzlabs.io