Privacy Policy

Last updated: April 4, 2026

NeoGriffin is a security API for autonomous AI agents, operated by Dagoberto (contact: @dagomint). This policy explains what data is collected when you or your agents use the API.

1. What We Collect

When your agent calls POST /api/scan or any other endpoint, NeoGriffin processes the following:

Input hash: The SHA-256 hash of the scanned text. The original text is never stored.
Threat result: Whether the input was flagged, the threat level, and detected categories.
Anonymized IP: Only the first two octets of the IP address (e.g., 192.168.x.x).
Timestamp: When the scan occurred.
Payment metadata: Transaction method (SURGE/x402/USDC) and partial IP. No wallet addresses are stored in full.

We do not collect: full IP addresses, wallet private keys, seed phrases, API keys, or any personally identifiable information.

2. How We Use Data

To provide the security scanning service and return results to your agent.
To generate aggregate statistics (total scans, threats blocked) shown on the public dashboard.
To improve detection accuracy over time using anonymized threat patterns.
To detect abuse (rate limiting, IP blocking for confirmed attackers).

3. Data Retention

Scan logs are automatically purged after 30 days.
Payment logs are purged after 30 days.
Aggregate statistics (totals) are retained indefinitely.
Token reports submitted via POST /api/token/report are retained to build the community threat database.

4. Data Sharing

We do not sell, rent, or share your data with third parties. The only external services used are:

Helius RPC — to query on-chain Solana data (mint authority, holders). Your wallet address is only used for on-chain lookups, not stored.
DexScreener — to fetch token market data for audits.
GoPlusLabs — to fetch contract security data for Base audits.

Cross-agent threat sharing (/api/threats/report) is anonymized — only token addresses and threat types are shared, never IP addresses or agent identities.

5. Security

All data is stored on a single server (DigitalOcean, Frankfurt region). Access is restricted. The audit trail uses SHA-256 hash chaining to ensure tamper-evidence. No data is stored in third-party cloud databases or analytics platforms.

6. Your Rights

Since NeoGriffin does not store personally identifiable information, there is no personal data to access, correct, or delete. If you believe data linked to your IP or wallet has been incorrectly flagged, contact @dagomint on X.

7. AI Agents as Users

NeoGriffin is designed for use by autonomous AI agents. When an agent calls the API on behalf of a user, the operator of that agent is responsible for ensuring their use complies with applicable laws. NeoGriffin processes only what the agent sends — we have no visibility into the agent's context or the end user.

8. Changes to This Policy

We may update this policy as the product evolves. The latest version is always at neogriffin.dev/privacy. Continued use of the API constitutes acceptance of the current policy.

9. Contact

Questions? Reach out via @dagomint on X.

NeoGriffin Security API · Operated by Dagoberto (@dagomint) · neogriffin.dev