Privacy Policy

Template, pending counsel review. This page is a placeholder for the public-beta sandbox. It has not been reviewed by legal counsel and is not a binding privacy notice.

1. What we collect

The public-beta sandbox uses an HttpOnly session cookie + CSRF token to keep your sandbox workspace, provider, and endpoint records durable across browser refreshes. We never log raw cookies, raw CSRF tokens, raw Authorization headers, raw X-Payment payloads, raw wallet signatures, or raw provider admin keys.

Identity tokens that appear in the sandbox are bounded fixed literals (0xSANDBOX, did:web:sandbox.aisthetic.services); they are not real wallet addresses or real DIDs.

2. What we do not collect

• We do not ask for your name, email, phone, or company.
• We do not collect payment instruments.
• We do not embed third-party analytics, advertising pixels, or social-media scripts on the marketing site.
• We do not load fonts from third-party CDNs that fingerprint the visitor.

3. Cookies

Two short-lived cookies (at_sandbox_session, at_sandbox_csrf) on the sandbox API origin support the durable sandbox session. Both are HttpOnly, SameSite=Lax, Secure (HTTPS-only), and expire after one hour by default. You can clear them at any time by hitting Reset sandbox session from the onboarding stepper.

See /legal/cookies for the full cookie register.

4. Logs and retention

Sandbox-issued receipts are Ed25519-signed and kept in the audit chain for the duration of the sandbox session; sandbox keys are ephemeral and may be rotated without notice. Production audit retention is governed by separate posture (segments, retention worker, export adapters); see pnpm compliance:evidence.

5. No PII invitation

Do not submit real personal data, real customer data, real production credentials, or any sensitive personal information to the sandbox. The sandbox is not designed for, and not certified for, processing personal data.

6. Third parties

The sandbox runs on Fly.io (compute) and Vercel (static hosting) in production. Static asset traffic is logged by those providers for operational purposes. We do not currently run third-party analytics on the marketing site.

7. Your rights, template

Once counsel review completes and the entity structure is confirmed, this section will name the specific data-subject rights and the request channel under the applicable law. For now, the safest path is: do not submit personal data.

8. Contact

Privacy questions: write to the support address on the homepage.