Privacy Policy

Last updated June 4, 2026

Who we are

NoForm (noform.dev) is a developer tool that lets applications be signed up for by AI agents using the open auth.md protocol. This policy explains what we collect and why.

Information we collect

Account data. When you create a NoForm account, our authentication provider stores your email address and basic profile. We do not store your password.
App & provisioning data. For each app you create, we store its configuration, API key hashes, and records of the end-user registrations agents create — including the claimed email address, a hashed credential, scopes, source IP, and timestamps.
Audit & operational data. We log protocol events (registrations, claims, rate-limit and cap blocks) to power your governance dashboard and prevent abuse.

How we use information

To provide the service and run the auth.md protocol.
To verify email ownership via one-time codes.
To enforce rate limits, caps and abuse controls that keep the network safe.
To authenticate you and secure your account.

We do not sell your personal information, and we do not use it for advertising.

Sharing & sub-processors

We share data only with the third-party infrastructure providers required to operate the service — for identity & authentication, database & hosting, and transactional email (one-time codes). Each processes data solely to provide its function on our behalf. A current list of sub-processors is available on request. We never sell your data.

Data retention & your rights

Registrations and claim tokens expire automatically. You can delete an app or your account at any time, which removes the associated records. To request access or deletion of your data, contact us at the address below.

Contact

Questions about this policy? Email privacy@noform.dev.

← Back to NoForm