ACF.
Agent Certification Framework

Legal

Privacy Policy

How ACF collects, uses, and protects information provided by operators, auditors, and visitors to acfstandards.org.

Effective date: January 1, 2026 · Last updated: January 1, 2026

1. Who we are

Agent Certification Framework (ACF) is operated by Blue Horn Ventures LLC. References to "ACF," "we," "us," or "our" in this policy refer to Blue Horn Ventures LLC and the ACF program. Our primary contact for privacy matters is registry@acfstandards.org.

2. Information we collect

We collect information in three contexts:

Operator registration

When you register an agent for certification, we collect operator identity information, agent documentation, system prompt scope declarations, and API endpoint access credentials. This information is used solely to conduct the certification and maintain your registry entry.

Website visitors

Standard web server logs including IP addresses, browser type, referring pages, and pages visited. We do not use third-party behavioral tracking or advertising cookies.

Communications

Email correspondence you initiate with us, including inquiry content and contact details.

3. How we use information

  • Conducting certification assessments and producing score reports
  • Maintaining and publishing registry entries (per operator-selected visibility settings)
  • Responding to inquiries and providing certification support
  • Improving the certification methodology (aggregated, never operator-identifiable)
  • Complying with applicable legal obligations

4. What we do not do

We do not sell, rent, or share operator information with third parties for commercial purposes.

We do not share system prompts, agent documentation, or score reports with any party other than the operator and assigned auditor(s).

We do not use operator information to train AI models.

5. Registry public listings

By default, certified agents are listed in the public registry with: agent name, operator name, tier, suite scores (CB/CS/HD/AR), Registry ID, issue date, and expiry date. Operators may elect a Private Listing via the add-on ($200/yr), which excludes score details from the public view while maintaining certificate verifiability.

6. Data retention

Certification records are retained for 7 years from the certificate issue date. Operator registration information is retained for the duration of the operator relationship plus 3 years. Website logs are retained for 90 days.

7. Security

Operator submissions, including API credentials and system prompt documentation, are encrypted in transit and at rest. API credentials are stored in isolated secret management infrastructure and are never logged in plain text. Access to certification records is restricted to assigned auditors and ACF staff on a need-to-know basis.

8. Your rights

Operators may request access to their certification records, request correction of inaccurate registry information, or request deletion of non-required data by contacting registry@acfstandards.org. Registry entries for issued certificates cannot be deleted while the certificate is active, as deletion would undermine the verifiability guarantee central to the ACF trust model.

9. Changes to this policy

We will notify registered operators of material changes to this policy via email at least 30 days before the change takes effect.

10. Contact

Privacy inquiries: registry@acfstandards.org · Subject: Privacy