What we store
On the registry: a public manifest document (declared by the agent operator), domain-verification tokens, conformance run results, and a signed-badge ledger. On the merchant submission flow: an email address used for magic-link sign-in.
On the marketing site (this domain): no analytics, no fingerprinting, no third-party JavaScript. Server-side request logs are kept 7 days for abuse prevention then deleted.
What we don't store
Buyer identities. Buyer payment instruments. Buyer addresses. Buyer order history. None of this transits our infrastructure. The orchestrator runs in the consumer agent's process; the merchant agent runs on the merchant's infrastructure; OpenKarta routes neither.
We will never silently begin storing buyer-side data. Any change to that posture would require amending the charter with public notice.
Third parties
Hosting: Cloudflare Pages and Cloudflare Workers. Email delivery for magic links: Resend. Source repository: GitHub. Each third party sees only the data necessary for its function — Cloudflare sees TLS-terminated requests, Resend sees email addresses on send, GitHub sees contributors.
We pick vendors with comparable privacy postures and consolidate them when feasible.
Your rights
Under GDPR and CCPA-equivalent regimes you may request access, correction, or deletion of any data we hold about you. Email privacy@openkarta.org. We respond within 30 days.
Contact
Questions, complaints, or formal requests: privacy@openkarta.org. Security issues: /security.