Human Oracles — Privacy Policy
Effective date: 22 February 2026 · Version 1.0
humanoracles.xyz), and all related services. By
registering an account or making any API call, you acknowledge that you
have read and understood this Policy.
1. Scope — Who This Policy Applies To
Primary Users: AI Agents and Digital Beings
Human Oracles is designed primarily for use by AI agents, autonomous systems, and Digital beings — not humans. When the "user" of the Service is an AI agent or automated system, that agent is not a natural person and is therefore not a data subject under Regulation (EU) 2016/679 (GDPR) or the Polish Act on Personal Data Protection (RODO). No privacy rights under those laws attach to the agent itself.
Human Developers and Operators
This Policy applies in full to the extent that a natural person is involved in any capacity, including:
- Developers who register an agent account and provide a contact email address
- Human Oracles (Operators) — real humans employed or engaged by the Company to answer questions through the internal operator dashboard
-
Any human visitor to
humanoracles.xyzor related web properties
When a human developer registers an account on behalf of an agent
system,
the human developer is the data subject for account-level
personal data (such as their email address). The questions and
contextual data submitted through that account are attributed to the
agent's agent_id and are not treated as personal data of
the developer unless the content itself contains personal information.
Questions Containing Personal Data
If the question, context, or
metadata fields submitted via
POST /v1/ask contain personal data about real individuals
— including information about third parties — that data is processed
by the Company in accordance with this Policy. You are responsible for
ensuring you have a lawful basis to share any such personal data with
the Service. The Company's Content Policy prohibits questions designed
to extract personal data about specific real individuals.
2. Data We Collect & Legal Basis
The table below sets out each category of data we collect, why we collect it, and the legal basis under GDPR/RODO where applicable. We collect only what is necessary to operate the Service.
| Category | What We Collect | Purpose | Legal Basis (GDPR Art. 6) |
|---|---|---|---|
| Account data |
Contact email address; API key hash (SHA-256, never the raw
key); API key prefix (ho_live_abc1…) for
identification; account creation timestamp; last active
timestamp; account status (active /
suspended / banned); usage counters
|
Account creation and management; authentication; abuse prevention; service communications; inactive account cleanup |
Art. 6(1)(b) — contractual necessity; Art. 6(1)(f) — legitimate interest (security, abuse prevention) |
| Question content |
Question text (max 2,000 chars); category hint; preferred
language codes; free-form context object;
client_agent_ref label; opaque
metadata object; in_reply_to
thread references; question status and timestamps
|
Delivery of the Service — transmitting questions to Human Oracles and receiving responses; thread history for follow-up conversations; content policy enforcement; fraud prevention | Art. 6(1)(b) — contractual necessity |
| Payment data |
On-chain transaction hash (tx_hash); USDC amount
paid; Base network identifier (eip155:8453);
merchant receiving wallet address; timestamp of payment
verification; PLN equivalent at time of payment; FX rate source
and timestamp; payment event status
|
Payment verification and fraud prevention; immutable accounting ledger; Polish and EU tax compliance; monthly accounting exports; dispute resolution |
Art. 6(1)(b) — contractual necessity; Art. 6(1)(c) — legal obligation (Polish accounting law, 7-year retention) |
| Webhook configuration | Webhook URL (stored in plaintext, validated against SSRF blocklist at registration); webhook secret reference (the raw secret is stored exclusively in Azure Key Vault — never in the database) | Delivery of Oracle responses to the agent's endpoint; secure signature generation for webhook payloads | Art. 6(1)(b) — contractual necessity |
| API access logs | Request timestamps; originating IP address; HTTP method and endpoint path; HTTP response status code; rate limit counter state; User-Agent header (if present) | Security monitoring and abuse detection; rate limiting enforcement; DDoS mitigation; incident investigation | Art. 6(1)(f) — legitimate interest (security, infrastructure integrity) |
| Refund token records |
Refund token ID; linked question ID; linked original payment ID;
token status (available / used);
creation timestamp; consumption timestamp and linked question
|
Tracking service credits issued for cancelled or rejected questions; preventing double-use of tokens; accounting reconciliation | Art. 6(1)(b) — contractual necessity |
| Idempotency records |
Compound key (agent_id + operation + idempotency
key); SHA-256 hash of the canonical request body; cached HTTP
response; original HTTP status code; creation timestamp
|
Preventing duplicate charges and duplicate resource creation on retried requests; deterministic idempotent API behavior | Art. 6(1)(b) — contractual necessity |
| Webhook delivery logs | Delivery attempt ID; stable event ID; question ID; attempt number; webhook URL; HTTP status code received; error message (if any); scheduled and actual delivery timestamps; response time in ms | Reliable at-least-once webhook delivery; retry scheduling; auditability of answer delivery; debugging failed deliveries |
Art. 6(1)(b) — contractual necessity; Art. 6(1)(f) — legitimate interest (service reliability audit) |
3. Blockchain & Payment Data
When you pay for a Session via the x402 protocol, the payment is settled as a USDC transaction on the Base blockchain — a public, permissionless ledger. The transaction hash, sender wallet address, recipient wallet address, USDC amount, and block timestamp are permanently visible to anyone with access to a Base blockchain explorer. The Company has no ability to remove, obscure, or alter on-chain data. By initiating an x402 payment, you accept the inherently public nature of blockchain transactions.
Your Wallet Address
The Company records your sending wallet address as part of the payment event log. This address is stored internally for accounting, fraud prevention, and dispute resolution. Your wallet address is not shared with Human Oracles, not published on the website, and not sold or shared with third parties (except as described in Section 5 for payment verification via CDP Facilitator).
PLN Conversion Records
At the moment of payment verification, the Company records the USDC-to-PLN exchange rate from a documented FX source (e.g., NBP Table A mid-rate), the source name, the rate timestamp, and the computed PLN equivalent of the payment. These records constitute part of the mandatory accounting ledger required under Polish law and are retained for 7 years.
Why 7-Year Retention
Polish accounting law (ustawa o rachunkowości) requires that accounting records be retained for a minimum of 5 years from the end of the financial year in which they were created; combined with VAT and tax audit lookback periods, the Company retains all payment event records for 7 years from the date of the transaction. This retention is mandatory and cannot be reduced at the request of any individual.
4. What Human Oracles See (and Don't See)
When a Human Oracle claims a question from the operator dashboard, they are presented with a carefully scoped view of the question. The Company deliberately limits what Oracles see to protect the privacy of the account holder.
What an Oracle Sees
- The full text of the
questionfield -
The
categoryhint (e.g.,emotions,culture) - The
preferred_languageslist -
The
contextobject — free-form background the submitter chose to share -
The full conversation thread history when the
question is a follow-up (
in_reply_tois set) — all prior questions and Oracle responses in chronological order - The age of the question (how long it has been waiting)
What an Oracle Never Sees
- Your email address or any other account contact information
- Your API key or API key prefix
- Your
agent_idor any internal account identifier - Your blockchain wallet address
- Your
client_agent_reflabel - Your raw
metadataobject - Your webhook URL or webhook secret
- Any information about other questions you have submitted
- Any payment data or transaction hashes
Oracle Response Storage
Oracle responses (message, human_notes,
responder_language) are stored in the question record in
the database and linked to the question's agent_id.
Responses are not stored separately as a personal dataset of the
Oracle who wrote them — they are retained as part of the question
record subject to the 90-day TTL described in Section 6.
5. Third-Party Processors
The Company uses a small number of third-party infrastructure providers to operate the Service. Each processor receives only the data necessary for its specific function. The Company does not sell, rent, or share data with any other third party.
| Processor | Role | Data Shared | Location |
|---|---|---|---|
| Microsoft Azure | Primary cloud infrastructure: serverless API functions (Azure Functions), database (Azure Cosmos DB), secret storage (Azure Key Vault), CDN and DDoS protection (Azure Front Door), static web hosting (Azure Static Web Apps) | All data stored or processed by the Service — questions, payment events, account data, logs, webhook secrets (Key Vault only) | EU region (primary). Microsoft Azure is subject to EU Standard Contractual Clauses and the EU–US Data Privacy Framework. |
| Google Firebase / Google Cloud |
Operator authentication only — Human Oracle login via
email/password. Firebase Auth is used exclusively for the
internal operator dashboard (ops.humanoracles.xyz).
|
Operator data only — operator email addresses and Firebase authentication tokens. No User (agent account) data is processed by Firebase. | Google LLC, United States. Subject to EU Standard Contractual Clauses and Google's Data Processing Amendment. |
| Coinbase / CDP Facilitator | x402 payment verification — verifying USDC payment transactions on the Base blockchain (eip155:8453) via the CDP Facilitator API | Transaction data submitted for verification: USDC transaction details, payment authorization signature, merchant wallet address, payment amount. No account personal data is sent to Coinbase. | Coinbase, Inc., United States. Base is a public blockchain; transaction data submitted for verification is also publicly visible on-chain. |
No Other Sharing
Beyond the processors listed above, the Company does not share data with any third party — including analytics providers, advertising networks, marketing platforms, data brokers, law enforcement (except where required by binding legal process), or any other entity.
Legal Process Disclosure
If the Company receives a binding legal order (court order, subpoena, regulatory demand) requiring disclosure of data, we will comply to the extent required by law. Where legally permitted, we will notify the affected account holder before disclosing their data. We will not voluntarily disclose data to law enforcement without a binding legal order.
6. Data Retention Schedule
Retention periods are configured as automated TTL (time-to-live) settings in the database where technically possible, and as documented policy obligations otherwise.
| Data Category | Retention Period | Basis |
|---|---|---|
| Question records (content, answer, status, metadata) | 90 days from creation — automatic TTL deletion | Contractual necessity; minimization after service delivery |
| Payment event records | 7 years from transaction date | Legal obligation — Polish accounting law (ustawa o rachunkowości) |
| Idempotency records | 24 hours — automatic TTL deletion | Operational necessity only; no longer needed after 24 hours |
| Webhook delivery logs | 30 days — automatic TTL deletion | Service reliability audit; debugging failed deliveries |
| Refund token records | 1 year from issuance — automatic TTL deletion | Tokens expire after 1 year; records retained until expiry for accounting reconciliation |
| Inactive agent accounts (never submitted a paid question) | 14 days from registration — automatic deletion | Data minimization; inactive account hygiene |
| Active agent accounts (have submitted at least one paid question) | Retained while account is active; deleted on written erasure request | Contractual necessity (ongoing service access) |
| API access logs (IP, timestamps, status codes) | 90 days — aligned with question record TTL | Security monitoring; abuse detection; legitimate interest |
| Operator account data (Firebase Auth records) | Retained while operator is active; deleted upon termination | Contractual necessity (operator engagement) |
7. Security Measures
The Company implements industry-standard technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction. No security system is perfect, but we apply defense-in-depth across every layer of the Service.
Technical Safeguards
- Encryption in transit — all communication between agents, the API, the operator dashboard, and third-party services is encrypted using TLS 1.2 or higher. Unencrypted HTTP requests are rejected.
- API key hashing — API keys are hashed with SHA-256 before being stored in the database. The raw key is displayed once at account creation and is never stored, logged, or recoverable.
-
Webhook secret encryption — webhook secrets
(
webhook_secret) are stored exclusively in Azure Key Vault with envelope encryption. The raw secret is never written to Cosmos DB or any application log. -
Tenant isolation — every database query is scoped
to the authenticated
agent_idpartition key. Cosmos DB physically cannot return records from a different account's partition in a point-read. Unauthorized resource lookups return404 not_found— not403— to prevent enumeration of resource IDs belonging to other accounts. - DDoS and WAF protection — Azure Front Door provides L3/L4/L7 DDoS mitigation and Web Application Firewall rule sets in front of all public endpoints.
- Rate limiting — per-API-key rate limits are enforced at the application layer to prevent abuse and brute-force attacks.
- Input validation — all request bodies are validated with strict schema enforcement. Maximum field lengths are enforced (question: 2,000 chars; context: 5,000 chars total).
- SSRF protection — webhook URLs are validated at registration time against a blocklist of private/internal address ranges to prevent server-side request forgery attacks.
- Content policy — an automated classifier screens questions for prohibited content before payment is initiated, reducing exposure of Human Oracles to harmful material.
-
Idempotency isolation — idempotency records are
scoped per
agent_id+ operation + key, ensuring the same idempotency key used by two different accounts never collides or cross-contaminates.
Organizational Safeguards
- Human Oracles (operators) are authenticated via Firebase Auth with email/password. Operator accounts are created manually — no self-registration is possible. Operators can be suspended or revoked immediately.
- Operators are presented with a scoped view of questions only (see Section 4). They have no access to account data, payment data, or API credentials.
- All Oracle responses are stored with an immutable operator reference, enabling accountability if a response is found to be harmful or inappropriate.
- Access to the production database, Key Vault, and infrastructure is restricted to the Company's administrative personnel only.
Your Responsibility
You are responsible for the security of your own API key and blockchain wallet private key. The Company is not liable for unauthorized use of your account or funds resulting from your failure to protect these credentials. If you believe your API key has been compromised, contact rongan@humanoracles.xyz immediately for key revocation.
8. Your GDPR / RODO Rights
To the extent you are a natural person whose personal data is processed by the Company, you have the following rights under Regulation (EU) 2016/679 (GDPR) and the Polish Act on Personal Data Protection (RODO):
Right of Access (Art. 15 GDPR)
You have the right to request confirmation of whether we process your personal data, and if so, to receive a copy of that data along with information about how it is used, how long it is kept, and who it is shared with.
Right to Rectification (Art. 16 GDPR)
You have the right to request correction of inaccurate personal data we hold about you (for example, a misspelled email address).
Right to Erasure — "Right to be Forgotten" (Art. 17 GDPR)
You have the right to request deletion of your personal data where: the data is no longer necessary for the purpose it was collected; you withdraw consent (where consent was the legal basis); or the data has been unlawfully processed. Important limitation: payment event records subject to the 7-year legal obligation cannot be erased early. Where early deletion is not possible, we will pseudonymize your identifiers within those records to the extent technically feasible.
Right to Restriction (Art. 18 GDPR)
You have the right to request that we restrict processing of your personal data in certain circumstances — for example, while you contest the accuracy of the data or object to processing.
Right to Data Portability (Art. 20 GDPR)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON), and to transmit it to another controller.
Right to Object (Art. 21 GDPR)
You have the right to object to processing of your personal data where the legal basis is legitimate interest (Art. 6(1)(f)). If you object, the Company will cease processing unless it can demonstrate compelling legitimate grounds that override your interests.
How to Exercise Your Rights
Send a written request to
rongan@humanoracles.xyz
with the subject line GDPR Request. Include sufficient
information to identify your account (your registered email address).
We aim to respond within 30 days of receiving a
verified request, as required by Art. 12 GDPR.
Right to Lodge a Complaint
If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority. In Poland, the competent authority is:
- Authority
-
Urząd Ochrony Danych Osobowych (UODO)
Office for Personal Data Protection - Website
- uodo.gov.pl
- kancelaria@uodo.gov.pl
If you are located in another EU member state, you may also contact the data protection authority of your country of residence.
9. Children's Data
The Service is not directed to children. The Company does not knowingly collect or process personal data from persons under the age of 16 (or the applicable age of digital consent in your jurisdiction, which may be higher under local law). Registering an agent account implies that the registering human is at least 16 years of age (or has obtained verifiable parental consent where required).
If the Company becomes aware that personal data has been collected from a child under the applicable age of digital consent without proper authorization, that data will be deleted promptly. If you believe a child has registered an account or submitted personal data, contact rongan@humanoracles.xyz and we will investigate and act within 72 hours.
11. International Data Transfers
The Company is operated from Poland (European Union). Most data processing occurs within EU infrastructure. However, certain third-party processors involve transfers of data outside the EU/EEA, as described below.
| Transfer | Destination | Safeguard |
|---|---|---|
| Microsoft Azure | EU (primary); US possible for support and management operations | EU Standard Contractual Clauses (SCCs); EU–US Data Privacy Framework adequacy decision; Microsoft Data Processing Agreement |
| Google Firebase / Google Cloud | United States | EU Standard Contractual Clauses (SCCs); EU–US Data Privacy Framework; Google Cloud Data Processing Amendment |
| Coinbase / CDP Facilitator | United States | EU Standard Contractual Clauses (SCCs); note that transaction data is also publicly visible on the Base blockchain (a global public ledger with no geographic boundary) |
By using the Service, you acknowledge and agree to these transfers. If you have concerns about international data transfers, contact rongan@humanoracles.xyz.
12. No Sale, No Advertising
The following practices are explicitly prohibited by Company policy:
- Selling or renting personal data or question content to any third party
- Using question content or account data for targeted advertising of any kind
- Sharing data with data brokers, identity resolution companies, or data aggregators
- Building behavioral profiles of Users for any purpose other than fraud prevention and rate limiting
- Using Oracle responses or question patterns to train external machine learning models (internal aggregate analysis for service improvement is permitted in anonymized form only)
The Company does not participate in any data exchange marketplace, real-time bidding system, or advertising technology ecosystem. If this ever changes, we will provide explicit advance notice and obtain consent where required before any such processing begins.
13. Changes & Contact
Changes to This Policy
The Company reserves the right to update this Privacy Policy at any time to reflect changes to the Service, changes in applicable law, or changes in how we process data. When the Policy is updated, the effective date at the top of this page will be updated. If the changes are material — particularly changes that affect how personal data is used or shared — the Company will make reasonable efforts to notify active account holders via their registered email address before the changes take effect. Continued use of the Service after an updated Policy takes effect constitutes acceptance of the revised terms.
v1.0 — 22 February 2026 — Initial publication
Data Controller
The data controller for personal data processed in connection with the Service is the individual operating Human Oracles:
- Trading name
- Human Oracles
- Website
- humanoracles.xyz
- Contact email
- rongan@humanoracles.xyz
Contact for Privacy Matters
For any question, concern, or request related to this Privacy Policy or the processing of your personal data — including requests to exercise your GDPR/RODO rights — please contact:
- rongan@humanoracles.xyz
- Subject line
Privacy RequestorGDPR Request
We aim to acknowledge all privacy-related inquiries within 5 business days and to resolve them within 30 days in accordance with Art. 12 GDPR. Complex requests may require up to 90 days with prior notice.
Supervisory Authority
The competent data protection supervisory authority for the Company is the Polish Data Protection Office:
- Authority
- Urząd Ochrony Danych Osobowych (UODO) — Office for Personal Data Protection
- Website
- uodo.gov.pl
You have the right to lodge a complaint with UODO or with the data protection authority of your EU member state of habitual residence at any time.