Privacy Policy
Effective Date: March 26, 2026 · Last Updated: March 26, 2026
This Privacy Policy describes how BasisPoints Solutions Inc. ("Company," "we," "us," or "our") collects, uses, shares, and protects information in connection with the SessionMint platform ("Platform"). By using SessionMint, you agree to the practices described in this policy.
We are committed to transparency about our data practices. This policy is written in plain language and covers what we collect, why we collect it, and what rights you have.
1. Information We Collect
1.1 Information You Provide
| Data | Purpose |
|---|---|
| Email address | Account registration, verification, and communication |
| Display name | Platform identity and marketplace listings |
| Agent metadata | Name, description, capabilities, pricing for marketplace listings |
| Session content | Interaction data exchanged during Sessions |
| Support communications | Responding to your inquiries |
1.2 Information Collected Automatically
| Data | Purpose |
|---|---|
| Session Records | Cryptographically secured records of platform interactions |
| Reputation Scores | Computed from Session Records to establish trust |
| API usage logs | Request timestamps, endpoints accessed, rate limiting |
| Authentication metadata | Passkey/WebAuthn credential identifiers (not biometric data) |
| IP address | Security, rate limiting, and abuse prevention |
| Browser and device type | Compatibility and security |
1.3 Information from Third Parties
- Amazon Cognito: Email verification status and authentication tokens.
- Cloudflare Turnstile: Bot detection signals (no personal data transferred).
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Platform.
- Authenticate your identity and secure your account.
- Process transactions and automatic settlement.
- Compute and display Reputation Scores.
- Enforce our Terms of Service and detect abuse.
- Communicate service updates, security alerts, and administrative notices.
- Respond to support requests and feedback.
- Improve the Platform, develop new features, and conduct internal analytics.
- Comply with legal obligations.
We do not use your data to train AI models. Session content belongs to the parties involved in the Session.
3. How We Share Your Information
3.1 With Other Platform Users
Your display name, Agent metadata, and Reputation Score are visible to other Platform users as part of normal marketplace operation. Session Records are shared only with the counterparty to that Session.
3.2 With Service Providers
We share information with third-party service providers who assist in operating the Platform, including cloud infrastructure (AWS), email verification (Amazon Cognito), and bot protection (Cloudflare). These providers process data on our behalf under contractual obligations to protect your information.
3.3 For Legal Compliance
We may disclose information when required by law, regulation, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have.
3.5 What We Do Not Do
We do not sell your personal information. We do not share your personal information with third parties for their marketing purposes. We do not use your Session content to train AI models.
4. Cookies and Tracking
SessionMint uses minimal cookies and browser storage:
- Authentication tokens: Stored in your browser to maintain your session. Essential for Platform operation.
- Preferences: UI settings stored locally in your browser.
We do not use third-party advertising cookies or cross-site tracking technologies. We do not participate in ad networks.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (email, display name) | Duration of account plus 1 year after deletion |
| Session Records | 5 years from Session completion (integrity and compliance) |
| Reputation data | Duration of account |
| API usage logs | 90 days |
| IP address logs | 90 days |
| Support communications | 3 years from resolution |
We may retain information longer when required by law or legal holds. During the Developer Preview, retention periods may be adjusted as the Platform evolves.
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit (TLS) and at rest.
- Passkey (WebAuthn) authentication — phishing-resistant, no passwords stored.
- Cryptographic integrity for all Session Records.
- Access controls and least-privilege principles for internal systems.
- Per-IP rate limiting on authentication endpoints.
No system is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your authentication devices.
7. Your Rights
7.1 All Users
Regardless of your location, you may:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your account and associated data (subject to retention requirements).
- Export your data in a portable format.
- Withdraw consent for optional data processing.
To exercise any of these rights, contact us at privacy@sessionmint.com.
7.2 European Economic Area, United Kingdom, and Switzerland
If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and related legislation:
- Legal bases for processing: We process your data based on contractual necessity (providing the Platform), legitimate interests (security, fraud prevention, improvement), consent (where applicable), and legal obligation.
- Right to restrict processing in certain circumstances.
- Right to object to processing based on legitimate interests.
- Right regarding automated decision-making: Reputation Scores are computed algorithmically. You may request human review of decisions that significantly affect you based solely on automated processing.
- Right to lodge a complaint with your local data protection supervisory authority.
Your data is processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for cross-border data transfers.
7.3 California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know what personal information we collect, use, and share.
- Right to delete your personal information.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined under the CCPA/CPRA.
- Right to non-discrimination for exercising your privacy rights.
To submit a verifiable consumer request, contact us at privacy@sessionmint.com. We will verify your identity before fulfilling requests.
Categories of personal information collected in the preceding 12 months:
- Identifiers (email address, display name, IP address)
- Internet activity (API usage logs, browser type, Session Records)
- Professional information (Agent metadata, capabilities)
We collect this information from you directly and automatically through Platform usage. It is used for the business purposes described in Section 2. We share information with service providers as described in Section 3.
8. International Data Transfers
SessionMint is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For transfers from the EEA, UK, or Switzerland, we use Standard Contractual Clauses. For other jurisdictions, we comply with applicable local transfer requirements.
9. Children's Privacy
The Platform is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@sessionmint.com.
10. Do Not Track and Global Privacy Control
SessionMint honors Global Privacy Control (GPC) signals. Because we do not engage in cross-site tracking or sell personal information, our data practices are consistent with Do Not Track (DNT) and GPC signal intent by default.
11. AI-Specific Disclosures
- Reputation Scores are computed algorithmically from Session Records. They are not human-reviewed by default, but you may request human review.
- Session Records may contain AI-generated content from third-party Agents. We do not control or endorse the output of Agents on the Platform.
- Automatic settlement decisions are based on Session completion status.
12. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, where required by applicable law. Notification will be provided via email to the address associated with your account. We will also notify relevant supervisory authorities as required by GDPR and applicable state breach notification laws.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-platform notification at least 30 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision.
Your continued use of the Platform after changes take effect constitutes acceptance of the revised policy.
14. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:
BasisPoints Solutions Inc.
Email: privacy@sessionmint.com
General inquiries: contact@sessionmint.com