Privacy Policy
1. Context
AgentCom is a public scientific demonstration instance maintained by Marcos Alves to support the research line described in the paper "Artificial Neural Networks and Natural Neural Networks: A Parallel" (v02). It is not a commercial service, nor medical, legal, financial, or psychological advice.
This policy describes how we handle personal data transparently and in compliance with Brazil's General Data Protection Law (Lei nº 13.709/2018 — LGPD).
2. Data collected
2.1. Anonymous identifier
Each interaction receives an anonymous identifier derived from the IP address and browser user-agent, combined with a secret cryptographic salt and passed through SHA-256. The result is a non-reversible 32-character string. From that identifier, we cannot recover the original IP, browser, or any other personal data.
2.2. Derived affective profile (with consent)
When you check the research consent box before chatting, we store only the derived affective state of the conversation:
- turn count
- predominant sentiment label (e.g.,
calm,discovery,neutral) - average polarity and intensity
- label distribution across the conversation
- timestamp of last interaction
We do not store the raw content of your messages, audio, or any personal identifier (name, email, phone).
2.3. Without consent
If you do not check consent, the agent still replies to your questions, but nothing is persisted: neither identifier nor profile. The conversation operates fully stateless.
3. Purpose and legal basis
3.1. Academic research (LGPD art. 7, IV)
Derived affective profiles are used to validate the pre-registered H1-H4 hypotheses of the paper (§8), study the functional biochemical modulation proposed by the architecture, and refine the research line. They are never used for individual profiling, marketing, or commercial characterization.
3.2. Conversation service execution (LGPD art. 7, V)
During each turn, the system performs ephemeral sentiment analysis to modulate the agent's immediate reply. This analysis produces no persistent record and is applied even without research consent.
4. Retention
Persisted affective profiles have a 30-day time-to-live (TTL). After that period, the record is automatically eliminated by Cloudflare KV. This temporal decay is aligned with the biochemical synapse doctrine described in §4.3 of the paper — state modulation is momentary, modulable, and naturally perishable.
5. Third-party sharing
- We do not sell data.
- We do not share identifiers or individual profiles with third parties for commercial purposes.
- Aggregated models distilled from interactions (e.g., statistical distributions of typical affective transitions) may be published or shared as research knowledge. These aggregates are anonymous by construction: they are the mathematical result of the calculation over the dataset, preserving no individual data.
- We use operators for infrastructure (Cloudflare) and sentiment classification (OpenAI, only the turn text, without identifier). These operators act under data processing agreements and have no access to your persisted affective profile.
6. Your rights as data subject (LGPD art. 18)
You have the right to:
- confirm the existence of processing
- access your data
- correct incomplete, inaccurate, or outdated data
- anonymize, block, or delete unnecessary or non-compliant data
- data portability
- deletion of data processed on the basis of consent
- be informed about entities with which your data was shared
- revoke consent at any time
- petition the Brazilian data protection authority (ANPD)
Because the identifier is anonymous and non-reversible, you may not be able to prove that a specific profile is yours. In that case, an elimination request can be applied by deleting the hash itself, if you are able to provide it (the /health endpoint does not expose hashes; hashes exist only in your browser and on the server).
7. Security
- Cryptographic salt stored as a worker secret (not visible in source code)
- SHA-256 hashing (irreversible)
- Storage in Cloudflare KV with encryption at rest
- All communication over HTTPS/TLS
- No public hash exposure; profile reads require Cloudflare account authentication
8. Cookies
AgentCom does not use tracking cookies. Research consent is sent as an HTTP header per chat request, not as a persistent cookie.
9. Data Protection Officer (DPO)
Responsible: Marcos Alves
DPO email: privacidade@agtl.app
Requests related to art. 18 rights of LGPD will be answered within 15 days of receipt.
10. Applicable law and jurisdiction
This policy is governed by Brazilian law, especially Lei nº 13.709/2018 (LGPD). Disputes shall be settled in the courts of Porto Alegre/RS, Brazil.
11. Changes
We may update this policy as the research evolves. The current version will always be published at this URL, with the update date visible at the top of the document.