Privacy Policy

Privacy Policy

Privacy Policy

Effective date:

1 September 2025

Contact:

Contact: legal@authra.io (PGP available on request)

Whether you’re browsing the site, signing up for updates, or reaching out for a project — this policy covers how we handle your data.

Our Security Stance

Authra builds infrastructure for cryptographic Proof-of-Presence (PoP) and last-mile QoE. We prioritize user safety, privacy, and transparency. If you believe you’ve found a vulnerability, we want to hear from you.

Here’s what that might include:

  • Basic contact info (like your name, email, or company) when you fill out a form or send us a message

  • Analytics data (like page views, time on site, device type, etc.) collected via tools like Google Analytics or Plausible

  • Project-related details if you’re working with us — like brand files, content, and feedback

  • Any info you choose to share when you email, call, or message us

Safe-harbor commitment

If you follow this policy, Authra will not pursue or support legal action against you for good-faith security research. We consider research to be in good faith when you:

  • Avoid privacy violations, data destruction, service degradation, or interruption.

  • Do not access, modify, or exfiltrate data you do not own.

  • Give us a reasonable time to remediate before public disclosure.

  • Comply with applicable laws.

In scope (non-exhaustive)

  • authra.io and subdomains owned by Authra

  • Public APIs and demo endpoints documented on docs.authra.io

  • Open-source client/SDKs under Authra repos


Production validators and private deployments may be out of scope unless we explicitly grant written permission.


Out of scope / prohibited activity

  • DDoS or volumetric attacks; resource exhaustion

  • Social engineering (including against employees, vendors, or users)

  • Physical attacks on facilities or devices

  • Spam, phishing, or brute-forcing credentials

  • Third-party services where Authra is only a customer

  • Automated scanning that degrades performance

  • Accessing or attempting to access personal data or precise location data


How to report


Email security@authra.io with:

  • A clear description and impact

  • Steps to reproduce (PoC), affected endpoints, and logs/screenshots

  • Your contact info and preferred disclosure timeline


Optionally include a PGP key/fingerprint; we can encrypt replies on request.


Our response targets

  • Acknowledgement: within 72 hours

  • Triage & severity rating: within 5 business days

  • Remediation window: depends on severity

    • Critical: aim ≤ 14 days

    • High: ≤ 30 days

    • Medium/Low: prioritized in next release cycle


We’ll keep you informed of progress and coordinate public disclosure.


Recognition & bounties


We currently do not run a paid bug bounty. With your consent, we offer Hall-of-Fame credit on authra.io/security once fixed.


Responsible testing guidelines

  • Use non-destructive tests.

  • Rate-limit your requests; respect robots.txt and headers.

  • Never attempt to deanonymize contributors or infer personal identity from coarse-geo data.

  • Do not pivot to third parties.

  • Stop immediately if you access data that appears sensitive, and report it.


Changes


We may update this policy. The latest version is always on authra.io/security.

 

Disclosures


Effective date: 1 September 2025

Contact: legal@authra.io


Utility & non-securities disclosure — $ATRX

  • Nature & purpose. $ATRX is designed as a utility token used for access, coordination, and governance within the Authra protocol (e.g., priority API access, dataset credits, governance voting).

  • Not an offer or security. Nothing on authra.io or related materials (including litepaper/whitepaper) constitutes an offer, solicitation, or recommendation to buy or sell any security. $ATRX is not intended to represent equity, debt, a revenue interest, or any ownership right in Authra or related entities.

  • No expectation of profit. $ATRX is not marketed as an investment, and holders should not expect profits from the efforts of others. Token functionality and parameters may evolve via governance.


Eligibility & restrictions


Access to tokens, programs, or features may be restricted by jurisdiction or user type and may require KYC/AML. Certain countries, regions, or persons may be ineligible.


Risks


Interacting with blockchain systems involves market, technical, regulatory, and operational risks, including loss of value, bugs, forks, downtime, and third-party failures.


Forward-looking statements


Plans, timelines, and features are subject to change based on testing, security review, and governance. Do not rely on forward-looking statements without independent verification.


Data & privacy


Authra prioritizes privacy by design: proofs are coarse-location and minimize metadata; no personal identity is required to contribute. See authra.io/privacy for details.


Prevailing terms


If there is any inconsistency, official terms, protocol documentation, and governance decisions prevail over marketing copy.

 

Privacy Policy


Effective date: 1 September 2025

Contacts: privacy@authra.io · legal@authra.io


Who we are


Authra”, “we”, or “us” operates authra.io, related subdomains, and developer resources.


What we collect


We aim to collect the minimum necessary.


Website & docs

  • Device/browser info, pages viewed, timestamps, approximate location (from IP), referrers

  • Cookies and similar technologies (see Cookies below)


Forms & communications

  • Contact details you provide (e.g., name, email, organization, role)

  • Program applications (fields vary by track)

  • Support and security communications


Protocol telemetry (demo/testnet)

  • Coarse geo (e.g., geohash at ~1 km precision) and QoE metrics (latency/jitter/loss/throughput) from non-personal clients or synthetic agents

  • No PII; no precise GPS; cryptographic hashes and signatures


Production deployments may have additional controls and contract terms.


How we use data

  • Provide and improve the site, docs, APIs, and programs

  • Review applications (grants, bounties, sponsored coverage, research)

  • Security monitoring, abuse prevention, and debugging

  • Communicate updates (if you opt-in)

  • Comply with legal obligations


Legal bases (EEA/UK users)

  • Contract performance (when you request services)

  • Legitimate interests (site security, analytics, product improvement)

  • Consent (newsletters, certain cookies)

  • Legal obligations (compliance, KYC/AML where applicable)


Sharing


We may share with:

  • Service providers (hosting, analytics, email, form processing) under confidentiality and data-processing terms

  • Compliance partners for KYC/AML where required

  • Research collaborators or sponsors in aggregated, anonymized form

  • Authorities when legally required


We do not sell personal data.


International transfers


Where data moves across borders, we use appropriate safeguards (e.g., Standard Contractual Clauses) and provider DPAs.


Retention


We keep data only as long as necessary for the purposes above, then delete or anonymize it. Typical retention:

  • Form submissions: 24 months

  • Audit/security logs: 12 months (longer for incidents)

  • Marketing consents: until you unsubscribe


Your rights


Depending on your jurisdiction: access, correction, deletion, portability, restriction, objection, and withdrawal of consent. To exercise rights, email privacy@authra.io. We’ll verify identity before fulfilling requests.


Cookies


We use cookies for:

  • Essential (required for site operation)

  • Analytics (aggregate usage; IP truncated where possible)

  • Preferences (remember settings)


You can control cookies in your browser. Some features may not work without essential cookies.


Children


Authra’s services are not directed to children under 16. If you believe a child provided data, contact us for deletion.


Third-party links


Our site may link to external sites. We are not responsible for their privacy practices.


Changes


We may update this policy. Material changes will be indicated by a new effective date and reasonable notice.

 

Terms of Service


Effective date: 1 September 2025

Contact: legal@authra.io


1. Acceptance


By accessing authra.io, developer resources, or Authra APIs (collectively, the “Services”), you agree to these Terms. If you use the Services on behalf of an organization, you represent you have authority to bind that organization.


2. Eligibility


You must be legally able to form a binding contract and not be a person or entity barred from using the Services under applicable law (e.g., sanctions/export controls).


3. Accounts & security


You are responsible for your account credentials, API keys, and activity under your account. Notify security@authra.io of any suspected compromise.


4. Permitted use


You may use the Services to evaluate, build on, or integrate with Authra’s protocol consistent with documentation and these Terms.


5. Prohibited use


You will not:

  • Violate laws or third-party rights

  • Attempt to access data without authorization or bypass security

  • Interfere with the Services’ operation (e.g., DDoS, resource exhaustion)

  • Upload or transmit malware

  • Attempt to derive or infer personal identity from coarse-geo data

  • Misrepresent affiliation with Authra


6. APIs & rate limits


We may publish rate limits and usage caps; do not exceed them. We may revoke keys that violate policy or degrade stability. Caching rules are defined in the docs.


7. Content & feedback


If you submit content (e.g., form data, code, suggestions), you grant Authra a worldwide, royalty-free, sublicensable license to use it to operate and improve the Services. You represent you have the rights to submit that content.


8. Open-source


Some components may be open-sourced under separate licenses. Those licenses govern your use of that code.


9. Third-party services


We are not responsible for third-party services you connect to. Their terms and privacy policies apply.


10. Beta / experimental features


Some features may be labeled alpha, beta, or experimental and may change or be discontinued. They are provided as-is without warranties.


11. Disclaimers


To the maximum extent permitted by law, the Services are provided “as is” and “as available.” Authra disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement.


12. Limitation of liability


To the maximum extent permitted by law, Authra and its affiliates will not be liable for indirect, incidental, special, consequential, or exemplary damages, or for lost profits, revenues, or data, arising from or related to the Services or these Terms. Authra’s aggregate liability will not exceed USD $100 or the amount you paid to use the Services in the 12 months preceding the claim, whichever is greater.


13. Indemnification


You will indemnify and hold harmless Authra, its affiliates, and personnel from any claims, damages, liabilities, costs, and expenses (including reasonable legal fees) arising from your use of the Services or violation of these Terms.


14. Termination


You may stop using the Services at any time. We may suspend or terminate access if you violate these Terms, create risk, or where required by law. Upon termination, provisions that by their nature should survive (e.g., IP, disclaimers, limitations, indemnity) will survive.


15. Changes to the Services and Terms


We may modify the Services and these Terms at any time. If changes are material, we will provide reasonable notice (e.g., banner or email). Continued use after changes constitutes acceptance.


16. Compliance


You agree to comply with applicable export control, sanctions, and anti-corruption laws. You are responsible for properly classifying and handling any data you process via the Services.


17. Governing law & venue


These Terms are governed by the laws of [Select jurisdiction, e.g., England & Wales], without regard to conflict of law rules. Courts located in [London, UK] will have exclusive jurisdiction. (Update to your chosen jurisdiction before publishing.)


18. Contact


Questions about these Terms: legal@authra.io

 

Placement & linking (so it all connects)

  • Footer: Privacy · Terms · Disclosures · Security

  • Security page: link to security@authra.io and Hall-of-Fame (if you add it).

  • Forms: add the $ATRX utility disclaimer checkbox on Whitepaper/Programs forms.


$ATRX micro-disclaimer for forms (one-liner)


$ATRX is a utility token for access, coordination, and governance; availability may be jurisdiction-restricted; this is not an offer of securities.

 

Sign in to newsletter and never miss any update.

Navigation

Home

Home

Protocol

Protocol

Ecosystem

Ecosystem

Blog

Blog

About

About

Legal

Privacy Policy

Privacy Policy

Terms of Service

Terms of Service

Disclosures

Disclosures

Security

Security

Whitepaper

Whitepaper

Support Wallet

Support Wallet

Grants & Parterships

Grants & Parterships

© 2025 Authra. All rights reserved.

Sign in to newsletter and never miss any update.

Navigation

Home

Home

Protocol

Protocol

Ecosystem

Ecosystem

Blog

Blog

About

About

Legal

Privacy Policy

Privacy Policy

Terms of Service

Terms of Service

© 2025 Authra. All rights reserved.

Sign in to newsletter and never miss any update.

Navigation

Home

Home

Protocol

Protocol

Ecosystem

Ecosystem

Blog

Blog

About

About

Legal

Privacy Policy

Privacy Policy

Terms of Service

Terms of Service

© 2025 Authra. All rights reserved.