About This Policy
Delegare is a trustless payment authorization layer for AI agents, operated by SecureLend, Inc., a Delaware Corporation ("SecureLend," "we," "us," or "our"). Delegare allows users to delegate scoped payment authority to AI agents without exposing underlying payment credentials, and allows merchants to accept agent-initiated payments.
This Privacy Policy explains how we collect, use, store, and protect information when you use Delegare at delegare.dev, delegare.co, api.delegare.dev, app.delegare.dev, and mcp.delegare.dev(collectively, the "Services").
Delegare is a separate product from SecureLend's loan origination platform. This policy applies only to Delegare. If you are a user of SecureLend's lending platform, please see the SecureLend Privacy Policy.
By using Delegare, you agree to this Privacy Policy. If you do not agree, please do not use the Services.
Who Uses Delegare
Delegare serves two types of users:
- Spending Delegate Users ("Users"): Individuals who set up a spending delegate to authorize their AI agent to make payments on their behalf. Setting up a spending delegate is always free.
- Merchants: Businesses and developers who integrate Delegare to accept agent-initiated payments via the
@delegare/sdk.
This policy describes our data practices for both. Where practices differ, sections are labelled accordingly.
What We Collect
3.1 Spending Delegate Users
When you set up a spending delegate, we collect:
- Identity: Email address (used to associate your delegate with your account and send receipts). Optional: name if provided during setup.
- Spending limits: Maximum per transaction, maximum monthly spend, allowed merchant list, rail preference, and delegate expiry date.
- Fiat payment references: Stripe Customer ID and Payment Method ID (references held by Stripe — we never store your card number, CVV, or full bank account details). Last four digits and card brand for display only.
- Crypto payment references: Your smart wallet address (public blockchain address — not a private key), session key address (public address only), and allowed contract addresses.
- DelegateToken: A cryptographically signed, opaque authorization token issued to your AI agent. Does not encode payment credentials.
- Usage data: Monthly spend counter, last used timestamp, transaction receipts.
- Technical data: IP address (captured at setup and per charge, for fraud detection) and user agent string.
3.2 Merchants
When you register a merchant account, we collect:
- Account information: Business name, website URL, contact email, merchant ID.
- Integration configuration: Webhook URL, allowed origins, maximum charge ceiling, rail requirement.
- Billing: Stripe Customer ID and Subscription Item ID for metered billing at $0.03 per successful transaction. We never store your billing card details directly.
- Security: API key hash (bcrypt — the raw key is shown once at creation and is not recoverable by anyone including Delegare).
- Usage statistics: Total transaction count and total volume (denormalized counters).
3.3 Transaction Logs
For every payment executed through Delegare, we create an immutable transaction receipt containing: receipt ID, hashed delegate reference, merchant ID and name, amount, currency, rail used, description, idempotency key, status, Stripe Payment Intent ID (fiat) or on-chain transaction hash (crypto), platform fee, timestamps, and IP address at time of charge. Transaction logs are immutable and cannot be altered after creation.
3.4 Setup Sessions
Temporary setup session records are created when you initiate delegate setup. They expire automatically after 30 minutes or on completion and are then deleted.
3.5 MCP Interactions
When an AI agent interacts with Delegare via the MCP server at mcp.delegare.dev, we receive the tool call parameters sent by the agent (DelegateToken, requested amount, currency, merchant ID). We do not receive or log the broader contents of the agent's conversation.
What We Never Store
The following are never transmitted to or stored by Delegare under any circumstances:
- Card numbers, CVV codes, or full bank account details — held exclusively by Stripe
- Crypto private keys or seed phrases — your master private key never leaves your wallet
- Session key private keys in DynamoDB or application logs — stored exclusively in AWS Secrets Manager, accessed only at transaction execution time, then discarded from memory
- Passwords — Delegare does not use password-based authentication for spending delegate setup
The DelegateToken and Agent Context
When you complete spending delegate setup, Delegare issues a DelegateToken to your AI agent. This section describes important properties of that token.
What it contains
The DelegateToken is an HMAC-SHA256 signed token encoding your owner ID and expiry date. It does not encode your card number, wallet seed, session key private key, or any other payment credential.
What it authorizes
Presenting a valid DelegateToken to the Delegare vault API authorizes a payment request, subject to the spending limits and merchant restrictions you configured. The token is validated against the DelegateToken record in our database on every use.
Where it lives
The DelegateToken is returned to your AI agent via the MCP tool response and is held in your agent's context window or memory system.
Delegare does not control how your AI agent framework stores, logs, or handles data in its context. Review the privacy policy of your AI platform — for example, Anthropic's policy for Claude or OpenAI's policy for ChatGPT — to understand how tool-returned data is handled within that platform.
Token security
Even if a DelegateToken is obtained by an unauthorized party, it can only be used to initiate charges within your pre-configured spending limits and only at merchants on your allowed list. It cannot be used to retrieve your underlying card details or wallet credentials.
Revocation
You can revoke a DelegateToken at any time via the revoke_delegate MCP tool or the Delegare dashboard. Once revoked, the token is immediately invalid.
Crypto Payments and On-Chain Data
On-chain permanence
Crypto transactions are executed on the Base blockchain (a public Ethereum Layer 2 network). The following information is permanently and publicly visible on-chain and cannot be deleted: transaction hash, sending wallet address (your smart wallet), receiving wallet address, amount, token type (USDC/USDT), and timestamp.
Session keys
Delegare generates an ERC-4337 session key to sign transactions on your behalf. The session key is scoped exclusively to the Delegare payment contract address and cannot be used to interact with any other contract or transfer funds outside your pre-authorized spending limits. The session key private key is stored in AWS Secrets Manager, fetched at transaction execution time, and is never written to application logs or DynamoDB.
Base network
Base is operated by Coinbase. Use of the Base network is subject to Coinbase's terms and Ethereum's underlying protocol. Delegare does not control the Base network or on-chain data.
How We Use Your Information
We use the information described in Section 3 to:
- Execute and verify payments: Validate DelegateTokens, enforce spending limits, route payments to the correct rail, and create immutable receipts
- Prevent fraud and abuse: Detect anomalous transaction patterns, block SSRF attempts, enforce rate limits, and maintain vault security
- Operate the merchant platform: Manage accounts, collect the $0.03 platform fee via Stripe metered billing, deliver webhook notifications
- Deliver receipts: Send transaction receipts to users by email where an address is on file
- Improve the service: Analyze aggregate, anonymized transaction data to improve routing, reliability, and performance
- Comply with legal obligations: Maintain transaction records as required by applicable law, respond to lawful requests
We do not use your data for advertising. We do not sell your data to third parties. We do not use your transaction data to train AI models for other products.
Data Retention
| Data type | Retention period |
|---|---|
| Spending delegate records | Until revoked, then 90 days |
| Transaction logs (receipts) | 7 years (financial record-keeping) |
| Setup sessions | 30 minutes (auto-deleted) |
| Merchant accounts | Duration of relationship + 7 years |
| API key hashes | Duration of relationship |
| IP address logs | 90 days |
| Session key private keys (Secrets Manager) | Duration of delegate + 30 days |
| Stripe Customer IDs | Until delegate revoked + 90 days |
On-chain crypto transactions are permanent and cannot be deleted by Delegare or anyone else.
When data is deleted, we use cryptographic erasure of KMS encryption keys and secure deletion procedures. Deletion from backups occurs within 180 days of primary deletion.
Security
Delegare's vault infrastructure is operated by SecureLend, Inc. under the same security program that governs SecureLend's SOC 2 Type 2 certified lending platform. Key measures include:
- Encryption in transit: TLS 1.3 on all API endpoints
- Encryption at rest: AES-256 via customer-managed AWS KMS keys on all DynamoDB tables
- Secrets management: AWS Secrets Manager for session key private keys — never stored in DynamoDB or logs
- SSRF protection: All outbound vault requests are blocked to RFC 1918 addresses, the AWS metadata endpoint (169.254.169.254), and localhost
- Idempotency: Duplicate charge attempts within 24 hours return the original receipt — no double-charges
- Atomic limit enforcement: DynamoDB conditional writes prevent race conditions under concurrent requests
- API key security: Merchant API keys stored as bcrypt hashes only — raw keys are shown once and are not recoverable
No system is completely secure. You are responsible for revoking your DelegateToken promptly if you believe it has been compromised.
Your Privacy Rights
To exercise any of the following rights, contact us at privacy@delegare.dev. We respond within 30 days.
All users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data — note that transaction logs are retained 7 years for financial record-keeping and cannot be deleted early
- Revocation: Revoke a spending delegate at any time via the
revoke_delegateMCP tool or the Delegare dashboard
California residents (CCPA/CPRA)
- Right to know what personal information we have collected and how it is used
- Right to delete (subject to exceptions for transaction records)
- Right to correct inaccurate information
- Right to opt out of sale or sharing — we do not sell or share personal information for advertising
- Right to non-discrimination for exercising privacy rights
EEA, UK, and Swiss residents (GDPR)
- Right of access, rectification, and erasure
- Right to restriction of processing and data portability
- Right to object to processing based on legitimate interests
- Right to lodge a complaint with your local supervisory authority
Crypto transaction data recorded on the Base blockchain is outside Delegare's control and cannot be deleted pursuant to any rights request.
Children's Privacy
Delegare is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has used Delegare, contact us at privacy@delegare.dev and we will delete the relevant data promptly.
International Data Transfers
Delegare's infrastructure is hosted in the United States (AWS us-east-2). If you access Delegare from outside the United States, your data is transferred to and processed in the United States.
For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) for transfers of personal data outside the EEA. A copy of the applicable SCCs is available on request at privacy@delegare.dev.
Changes to This Policy
For material changes we will update the Effective Date, post a notice on delegare.dev at least 14 days before changes take effect, and email registered merchants and users with an address on file.
Your continued use of Delegare after the effective date of a change constitutes acceptance of the updated policy.
Contact
8 The Green, Dover, DE 19901, United States