Privacy Policy

1 - Information We Collect

We collect only the minimum information required to operate the Sphyr Agent Guard security gateway. Specifically:

• Request metadata. Target URLs are stored as one-way SHA-256 hashes — never in plaintext. We record request method, timestamp, outcome classification, and Shannon entropy score.
• Session identifiers. Each session is assigned a UUID v4 token. Session tokens are IP-bound and expire after 30 minutes.
• API key identifiers. We store your Unkey API key identifier (not the key itself) to associate requests with your account for billing and forensics.
• Billing information. Payment processing is handled exclusively by Stripe. We store your Stripe customer ID and credit balance. We do not store payment card numbers or bank account details.
• Account identifiers. If you contact us, we store the email address you provide. We do not store email addresses in any operational or forensic table.

We do not collect, store, or process plaintext IP addresses, full URLs, request bodies, or any personally identifiable information in forensic logs.

2 - How We Use Your Information

• Security policy enforcement. Request metadata is used in real-time to enforce HMAC verification, SSRF protection, entropy scanning, rate limiting, and honeytoken detection.
• Billing. Credit balances are tracked and decremented on each successful guard_net call. Credit transaction records support billing dispute resolution.
• Forensic logging. Hashed request records are retained for post-incident analysis, compliance audit trails, and law enforcement cooperation under valid legal orders.
• Service improvement. Aggregated, anonymized outcome statistics may be used to improve detection accuracy and reduce false positive rates.

We do not sell your data, share it with advertisers, or use it for any purpose unrelated to operating and improving the Service.

3 - Data Retention

• Raw diagnostic rationale (e.g., why a specific request was blocked) is purged automatically after 30 days.
• Hashed forensic log rows (URL hash, outcome, timestamp, session ID) are retained for 180 days to support post-incident analysis and billing disputes.
• Credit transaction records (purchase date, amount, expiry) are retained for 12 months from the credit issue date to support refund and dispute resolution.
• Admin audit log entries are retained indefinitely for compliance and accountability purposes.

4 - Data Security

We implement the following security controls to protect stored data:

• V8 isolate model. Each request runs in its own Cloudflare Workers V8 isolate with no shared memory between requests or tenants. Data from one request cannot leak to another.
• One-way hashing. All identifiers that could be linked to real-world entities (URLs, session origins) are stored as one-way salted SHA-256 hashes. These cannot be reversed to recover the original value.
• Secrets management. All cryptographic keys, API credentials, and service tokens are stored via Cloudflare Workers Secrets. They are never present in source code, configuration files, or logs.
• Admin access controls. The admin API is protected by a hardware-generated admin key, an IP allowlist, and a brute-force limiter. All admin actions are logged to an append-only audit table.

5 - Your Rights

If you are located in the European Economic Area, you have the following rights under the GDPR:

• Right to erasure. You may request deletion of all data associated with your account. We provide a GDPR data scrub endpoint at /v1/users/:id (admin-gated). To request erasure, contact legal@sphyr.io.
• Right to access. You may request a summary of the data we hold associated with your account identifier. Contact legal@sphyr.io with your API key identifier.
• Right to rectification. If your account email or billing information is incorrect, contact legal@sphyr.io to request correction.
• Right to data portability. Forensic log exports are available in CSV format via the admin dashboard. Contact us if you need a structured export of your account data.

Note: Because we store only hashed identifiers (not plaintext URLs or IP addresses), some data cannot be meaningfully exported — this is by design and consistent with our privacy-by-design architecture.

6 - Third-Party Services

We use the following third-party services to operate the gateway. Each has its own privacy policy:

• Cloudflare (infrastructure, D1 database, KV, Workers runtime) — cloudflare.com/privacypolicy
• Unkey (API key management and verification) — unkey.dev/privacy
• Stripe (payment processing and billing) — stripe.com/privacy

We do not use analytics platforms, advertising networks, or tracking pixels on any page of the Service.

7 - Changes to This Policy

We will provide at least 14 days advance notice of any material changes to this Privacy Policy. Notice will be posted on the Service website at sphyr.io/legal/privacy. For significant changes affecting your rights, we will also send notice to the email address associated with your account.

Continued use of the Service after the effective date of a policy change constitutes acceptance of the revised policy.

8 - Contact

For privacy inquiries, data access requests, or erasure requests, contact:

Privacy & Legal
legal@sphyr.io
Sphyr Agent Guard  ·  sphyr.io