← sifr0.dev

Privacy Policy

Effective: June 10, 2026 · Last updated: June 10, 2026

SIFR-0 is an open protocol for business-to-agent discovery, operated by DJ-Z-S as part of the DJZS Protocol ecosystem. This policy explains what data we collect, how we use it, and your rights.

What we collect

API queries: When you or your AI agent queries the SIFR-0 registry (api.sifr0.dev), we log the request path, query parameters, timestamp, and IP address. We do not log request bodies for GET requests. We use this data for rate limiting, abuse prevention, and aggregate usage analytics.

Registered businesses: When a business registers a manifest via POST /v1/register, we store the manifest data (business name, type, category, location, services, policies) in our database. This data is public by design — the purpose of SIFR-0 is to make businesses discoverable.

API keys: If you request an API key, we store your email address and associate it with your key for billing and support purposes.

Landing page: The sifr0.dev website uses Cloudflare analytics. We do not use third-party tracking cookies, advertising pixels, or user fingerprinting.

What we do not collect

• We do not collect personal data from end users of AI agents that query our registry
• We do not track which specific AI agent or user initiated a query
• We do not sell, rent, or share any data with third parties for advertising
• We do not use your data to train AI models

MCP server

The @sifr0/mcp npm package runs locally on your machine via stdio transport. It sends search queries to api.sifr0.dev and returns results. It does not collect telemetry, send analytics, or transmit any data beyond the search queries you initiate. The hosted remote MCP server (mcp.sifr0.dev) is subject to the same API query logging described above and nothing more.

Data storage

All data is stored on Cloudflare's infrastructure (Workers, D1 database, KV). Cloudflare's data centers are distributed globally. Business manifest data is public and intended for public access. API usage logs are retained for 90 days.

Your rights

Business owners: If you registered a manifest and want it removed, contact us at username@djzs.ai with your business ID. We will remove it within 48 hours.

API key holders: You can request deletion of your account and all associated data at any time by emailing username@djzs.ai.

Everyone: You have the right to know what data we hold about you. Email username@djzs.ai for a data export.

Data security

API traffic is encrypted via HTTPS (TLS 1.3). The registry API includes SSRF protection, input validation, and rate limiting. Database access is restricted to the Cloudflare Worker runtime.

Changes

We may update this policy as the protocol evolves. Material changes will be announced on the sifr0.dev landing page and our GitHub repository.

Contact

For privacy questions, data requests, or concerns:

Email: username@djzs.ai
GitHub: github.com/SIFR0-dev/sifr-0
X: @djzs_ai