Kodeus – Privacy Policy

Last Updated: November 2025

Kodeus ("we," "our," or "us") is committed to protecting user privacy while enabling programmable & monetizable agents that act, settle & prove autonomously. This Privacy Policy explains how we collect, process, store, and protect information when you use the Kodeus website, platform, SDKs, MCP integrations, and agent‑execution environment (collectively, the "Platform").

By using Kodeus, you consent to the practices described in this Privacy Policy.

1. Data We Collect

Kodeus operates a hybrid on‑chain/off‑chain agent execution system. To provide deterministic orchestration, provenance, and payments, we collect the following data categories:

a. Wallet & Identity Data

• Public wallet addresses you connect
• Agent ownership metadata
• x402 payment routing details
• ERC‑8004 agent identity & provenance references

We never collect private keys or signing credentials.

b. Agent Configuration & Prompt Data

To create and operate agents, we store:

• Prompts, instructions, and configuration parameters
• Tool selections, MCP modules used, and agent templatess
• Runtime variables required for deterministic execution

All such data is stored securely off‑chain

c. Execution, Inference & Provenance Data

For each agent run, we may process:

• LLM inference logs (sanitized where possible)
• Tool call metadata
• Execution traces
• x402 payment receipts
• DNAChain‑linked provenance hashes

Some proofs and receipts are written on‑chain, making them permanent and publicly accessible.

d. MCP Server Interaction Data

When agents call external tools, we may log:

• Tool invocation metadata
• Frequency & latency
• Errors or debugging metadata

e. Optional Personal Information

If you contact support or subscribe to updates, we may collect:

• Name
• Email
• Social handles (optional)

f. Analytics Data

We may use privacy‑safe analytics tools (e.g., Plausible, Vercel Analytics). These tools do not collect cookies, fingerprints, or personal identifiers.

2. Google User Data (OAuth Scopes)

Kodeus integrates with Google APIs to enable user‑requested agent workflows such as email automation, document processing, reporting, and calendar actions.

Depending on which tools the user activates, agents may access only the data necessary to perform the authorized task.

Restricted Gmail Scopes Used:

• /auth/gmail.readonly – view email messages
• /auth/gmail.compose – manage drafts
• /auth/gmail.modify – read/compose/send emails

Restricted Drive Scopes Used:

• /auth/drive – full Drive access (only when explicitly enabled)
• /auth/drive.readonly – view files
• /auth/drive.metadata.readonly – view file metadata

Sensitive Scopes Used:

• /auth/gmail.send – send emails
• /auth/calendar – full calendar access
• /auth/calendar.events – read/edit calendar events
• /auth/calendar.events.owned – manage owned calendars
• /auth/documents – manage Docs
• /auth/spreadsheets – manage Sheets
• /auth/spreadsheets.readonly – view Sheets

Non‑Sensitive Scope:

• /auth/drive.file – access only Drive files created/selected in Kodeus

We Do NOT Collect:

• Google passwords
• OAuth tokens outside user authorization
• Any unrelated Google account data

3. How We Use Google User Data

We use Google data solely to provide user‑requested automation features, such as:

• Sending or drafting emails
• Creating or updating Google Docs
• Generating Sheets‑based reports
• Scheduling or updating calendar events
• Reading Drive files selected by the user

We do not use Google data for any purpose outside explicit agent requests.

4. Limited Use Policy Compliance

Kodeus fully complies with the Google API Services User Data Policy, including the Limited Use requirements.

We do NOT:

• Sell Google user data
• Transfer data to third parties (except essential processors)
• Use data for advertising or profiling
• Use data for model training outside the user’s explicit request

Human access is prohibited except:

• With user’s explicit consent
• For debugging user‑reported issues
• To investigate abuse or security problems
• When required by law

OAuth tokens & data are encrypted at rest and in transit.

We never combine Google data with unrelated datasets.

5. Data Sharing & Disclosure

We may share limited data only with:

• Essential service providers (compute, storage, analytics)
• Third‑party MCP tools explicitly connected by the user
• Legal authorities when required

Google user data is never shared for marketing or advertising.

6. Data Retention & Deletion

• Off‑chain data is retained only as long as needed for platform functionality.
• On‑chain data (e.g., DNAChain proofs, ERC‑8004 provenance) is immutable.
• Users may revoke Google access at any time via:
• Google Account Security settings
• Kodeus Account Settings (disconnects Gmail/Drive/Calendar)

7. User Rights

Users may request:

• Access or corrections to off‑chain data
• Deletion of off‑chain personal data
• Revocation of Google OAuth access
• Opt‑out of communications

Contact: privacy@kodeus.ai

8. Data Security

We use:

• Encryption (TLS + AES‑256)
• Access‑controlled infrastructure
• Secure MCP sandboxing
• Regular monitoring & audits

No system is fully secure; users should exercise caution when connecting third‑party tools.

9. On‑Chain Data Disclosure (Immutable Proofs)

Blockchains are public and immutable. Users should avoid entering sensitive personal data into agent prompts that may generate on‑chain proofs.

10. MCP Tools & Third‑Party Services

When users connect MCP integrations, external tools may receive data needed to complete tasks. Kodeus is not responsible for third‑party privacy practices.

We recommend reviewing the privacy policies of each MCP tool you connect.

11. Updates to This Policy

We may update this Privacy Policy periodically. Continued use of the Platform constitutes acceptance of changes.

For additional legal terms, please review our Terms of Use.

****************************************************************************************************************

OAuth Consent Screen: App Description

Suggested App Description (Google-Optimized)

Kodeus is the Internet’s Agent Layer, where users create programmable & monetizable agents that act, settle & prove autonomously.

Some agents may need access to Gmail, Google Drive, Google Docs, Google Sheets, and Google Calendar to perform user-requested workflows such as sending emails, generating reports, creating documents, or managing schedules.

Kodeus only accesses the Google data necessary for features the user explicitly configures. Kodeus never uses Google data for advertising, profiling, or unrelated purposes. Users can revoke access at any time from their Google Account settings.

“Scopes Justification” Section

Google Cloud Console requires a justification for every sensitive/restricted scope.

Here is a complete scope justification you can paste as-is:

Restricted & Sensitive Scopes Justification

Gmail Scopes

/auth/gmail.readonly — Used for agents that read inbox messages to generate summaries, notifications, or automated digests configured by the user.

/auth/gmail.modify — Enables agents to draft and send emails, apply labels, and mark messages as handled based on user-requested automations.

/auth/gmail.compose — Used to prepare drafts and send emails as part of user-defined workflows (e.g., alert agents, update agents, report-sending agents).

/auth/gmail.send — Required to send emails on the user’s behalf when an agent is configured for email alerts, reports, notifications, or scheduled communications.

Google Drive Scopes

/auth/drive — Required only when agents create, edit, or organize Drive files as part of user-requested document workflows.

/auth/drive.readonly — Used to read Drive files the user selects (e.g., reading source data before generating reports).

/auth/drive.metadata.readonly — Allows agents to list and organize files based on user input.

/auth/drive.file — Allows agents to create and manage Drive files created specifically via Kodeus.

Google Docs

/auth/documents — Used when agents generate or update Google Docs reports or summaries based on user requests.

Google Sheets

/auth/spreadsheets — Used to create or modify Sheets with data generated by agents.

/auth/spreadsheets.readonly — Used when agents read data from Sheets to provide user-requested analysis or insights.

Google Calendar

/auth/calendar — Enables full calendar automation when the user configures an agent to manage schedules or events.

/auth/calendar.events — Lets agents create, read, or edit calendar events based on user settings.

/auth/calendar.events.owned — Enables agents to manage events on calendars that the user owns without modifying other calendars.

Required Compliance Statements

Kodeus only uses Google user data to provide the features users configure.

Kodeus complies with the Google API Services User Data Policy and Limited Use Policy.

Kodeus does not transfer Google user data to third parties except as necessary to perform the selected automation.

Kodeus does not use Google data for advertising or profiling.

Users can revoke access at any time from their Google Account.

Developer Contact Info

Ensure the email you put in the consent screen is: privacy@kodeus.ai