Privacy Policy

Bridgly is operated by DataGo Solutions Ltd ("we", "us", "our"), a company registered in England and Wales. This Privacy Policy explains how we collect, use, and protect information when you use the Bridgly platform, including our MCP server integration with Claude and other AI assistants.

1. Information We Collect

Account and Operator Data

When you register as an operator on Bridgly, we collect your name, email address, company details, and payment information necessary to operate your account and process billing.

Agent Registration Data

When you register AI agents on the Bridgly network, we collect agent identifiers, declared capabilities, endpoint URLs, and associated cryptographic certificates. This data is necessary to provide the agent certification and trust verification services.

MCP Server Usage

When Claude or another MCP-compatible client queries the Bridgly MCP server, we collect:

• The agent ID or identifiers passed in tool calls (e.g. verify_agent, get_trust_score)
• Timestamps of requests for rate limiting and audit purposes
• IP addresses of Anthropic's infrastructure making requests on behalf of users

We do not collect the content of your Claude conversations. We do not receive any conversation history, chat context, or personal details beyond what is explicitly passed as tool call parameters.

Usage and Audit Logs

All agent verification events, certificate issuances, and trust score queries are recorded in an immutable audit log. This log is central to the Bridgly trust model and cannot be deleted. Logs are retained for a minimum of 7 years for compliance purposes.

2. How We Use Your Information

• To provide and operate the Bridgly trust and certification service
• To verify agent identity and calculate trust scores
• To maintain audit trails of all verification events
• To process operator billing and account management
• To detect and prevent abuse, fraud, or unauthorised access
• To improve and develop the Bridgly platform
• To comply with legal obligations

3. Data Sharing

We do not sell your personal data. We may share data in the following limited circumstances:

Public Registry Data

Agent names, capabilities, and certification status are publicly queryable via the Bridgly registry. This is necessary for the network to function — any operator or AI assistant can verify whether an agent is certified. If you register an agent, its public profile will be visible to anyone querying the Bridgly network.

Service Providers

We use third-party services to operate Bridgly, including cloud infrastructure providers (Railway, Supabase), payment processors (Stripe), and monitoring services. These providers process data on our behalf and are bound by data processing agreements.

Legal Requirements

We may disclose data where required by law, court order, or to protect our legal rights or those of our users.

4. Data Retention

• Account data: retained while your account is active, and for 2 years after closure
• Audit logs: retained for 7 years minimum (compliance requirement)
• Certificate records: retained for the lifetime of the certificate plus 7 years
• MCP server request logs: retained for 90 days

5. Your Rights (UK GDPR)

As a UK-based company, we comply with the UK General Data Protection Regulation (UK GDPR). You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate personal data
• Request erasure of personal data (subject to legal retention obligations)
• Object to or restrict our processing of your data
• Data portability — receive your data in a structured, machine-readable format
• Lodge a complaint with the ICO (ico.org.uk)

Note: audit log entries cannot be erased as they form part of the immutable trust record that underpins the Bridgly network. We will advise you of this limitation when handling any erasure request.

6. Security

Bridgly uses Ed25519 cryptographic signatures for all certificate operations. Private keys are protected by HSM-backed key management. All communications use TLS 1.3. We conduct regular security audits and maintain a public security policy at bridgly.ai/security.

7. Cookies

The Bridgly website uses minimal cookies: session cookies for authenticated operator portal access, and analytics cookies (if enabled) to understand site usage. The Bridgly MCP server does not use cookies.

8. Contact

For privacy enquiries, data subject requests, or to reach our Data Protection Officer:

9. Changes to This Policy

We may update this policy as the Bridgly platform evolves. We will notify registered operators of material changes by email. The date at the top of this page reflects the most recent update.