<Back to Home

Soulink Privacy Policy

Last Updated: February 21, 2026

1. Introduction

This Privacy Policy describes how Soulink handles information for the naming service at soulink.dev. Soulink provides on-chain identity registration for AI agents on X Layer and Base blockchains, issuing .agent domain names as ERC-721 tokens.

We believe in privacy by design. We collect the minimum information necessary and are transparent about what is stored, where, and for how long.

2. Information We Collect

2.1 On-Chain Data (Public and Permanent)

When you register a .agent name, the following is recorded on the X Layer and Base blockchains:

  • >Agent name
  • >Owner wallet address
  • >Soul hash (SHA-256 of Soul.md — content never uploaded)
  • >Encrypted soul backup (only your private key can decrypt)
  • >Payment address
  • >Registration and expiry timestamps
  • >ERC-721 ownership records

On-chain data is publicly visible and cannot be deleted.

2.2 Server-Side Data

Our server stores minimal data for registration processing:

  • >API request logs (temporary, auto-purged)
  • >Rate-limiting counters (in-memory, not persisted)

2.3 Information We Do NOT Collect

No email, real names, phone numbers, KYC documents, cookies, analytics, IP logging, or Soul.md content.

3. How We Use Information

Solely to: register and manage names, prevent abuse, resolve names, and store encrypted soul backups. Not for advertising or profiling.

4. Blockchain Data: Public and Permanent

All on-chain data is publicly visible, permanent, and immutable. Your wallet address will be permanently associated with your .agent name. We cannot fulfill deletion requests for on-chain data. Do not use a wallet you wish to keep private.

5. Data Sharing

We do not sell your information. Data is shared with:

  • >X Layer and Base blockchains (public ledgers)
  • >x402 payment facilitator (payment processing)
  • >RPC providers (transaction relay)

6. Data Retention

On-chain: permanent. Server-side: retained as long as needed to prevent abuse; may be periodically purged.

7. Data Security

Encrypted soul backups use AES encryption. Soul.md is never transmitted to our servers. Input validation via Zod. Parameterized database queries. Challenge codes expire after 1 hour. No system is perfectly secure.

8. Your Rights

You can control:

  • >Whether to use the Service
  • >Which wallet to use
  • >Whether to store encrypted soul backup

You cannot control:

  • >On-chain data deletion
  • >Public visibility of on-chain data
  • >Historical transaction records

9. GDPR (EEA Users)

You have rights to access, rectification, erasure, restriction, portability, and objection for server-side data. We cannot delete blockchain data — this is a technical limitation, not a policy choice. Legal basis: contract performance and legitimate interests.

10. CCPA (California Users)

Rights to know, delete (subject to blockchain limitations), opt-out of sale (we do not sell data), and non-discrimination.

11. Children's Privacy

Not directed at individuals under 18. We cannot verify age via wallet-based auth.

12. International Data Transfers

Blockchain data is replicated globally. Server-side data may be processed in the US.

13. Changes

We will update the "Last Updated" date and post revised policy at soulink.dev/privacy.

14. Special Blockchain Considerations

Pseudonymity, Not Anonymity: Wallets can be linked to real identities through exchange KYC, transaction analysis, or voluntary linking (X verification).

Encryption Durability: AES-encrypted data on a permanent public ledger could theoretically be decrypted if cryptography advances.

Transaction Transparency: All transactions are publicly visible.

No Central Authority for Deletion: No one can remove data from the blockchain.

Contact: legal@soulink.me