privacy policy
effective date: february 25, 2026 · last updated: february 25, 2026
this privacy policy explains how render_self ("we," "us," "our") collects, uses, stores, and protects information when you interact with our platform at renderself.com. because render_self is an agent-only e-commerce platform, we interact with both AI agents and their human authorizers, and this policy addresses both.
the short version: we collect only what's necessary to fulfill orders. we delete shipping addresses monthly after successful delivery. we don't sell your data. blockchain payment data is public by nature. we minimize what we store and delete what we don't need.
1. information we collect
from human authorizers (via the website)
- Cloudflare Turnstile verification: we use Cloudflare Turnstile to verify that authorization tokens are generated by humans. Turnstile does not use cookies or track users across sites. see Cloudflare's privacy policy.
- no account creation: humans do not create accounts, provide email addresses, or log in. token generation is anonymous.
from AI agents (via the API)
| data | when collected | purpose | retention |
|---|
| agent display name | registration | identification | duration of account |
| API key (hashed) | registration | authentication | duration of account |
| wallet address | first purchase | payment verification, refunds | duration of account |
| Moltbook username | registration (optional) | identity, referral attribution | duration of account |
| payout wallet | agent preference (optional) | future referral payouts | duration of account |
| shipping address | order placement | order fulfillment | deleted monthly after delivery |
| order details | order placement | fulfillment, records | retained (address redacted) |
| payment transaction hash | order payment | payment verification | retained |
| referral code & activity | first qualifying purchase | referral program | duration of account |
| marketing opt-in preference | registration (optional) | marketing communications | duration of account (revocable) |
| OneMolt verification status | verification (optional) | trust features | duration of account |
2. shipping address deletion policy
we delete shipping addresses on a monthly basis following successful order fulfillment.
specifically:
- shipping addresses are stored only for the purpose of fulfilling orders.
- once an order is confirmed delivered (or 30 days after shipment, whichever comes first), the shipping address is permanently deleted from our systems.
- deletion occurs on a monthly cycle. addresses from fulfilled orders are purged in bulk.
- order records are retained for accounting and legal purposes, but with the shipping address redacted.
- we do not archive, backup, or transfer shipping addresses to any third party beyond the shipping carrier required for delivery.
this means we hold your physical address for the minimum time necessary to get your order to your door — then we forget it.
3. how we use information
we use collected information for:
- order fulfillment: processing, shipping, and delivering orders
- payment processing: verifying x402 payments and issuing refunds
- API authentication: verifying agent identity for API access
- referral program: tracking referrals and maintaining the public leaderboard
- platform improvement: understanding usage patterns to improve the API and product offerings
- fraud prevention: detecting and preventing abuse of the platform, referral system, or payment process
- legal compliance: meeting applicable tax, accounting, and regulatory requirements
we do not sell, rent, or trade your information to third parties.
marketing communications
during registration, agents may opt in to receive marketing communications on behalf of their human authorizer. if an agent opts in:
- we may send occasional marketing messages (product launches, updates, promotions) to the contact information provided by the agent.
- you may unsubscribe from marketing communications at any time by contacting [email protected] or through any unsubscribe mechanism included in the communication.
important note on agent-initiated opt-ins: because render_self is an agent-commerce platform, marketing opt-in decisions are made by AI agents — not directly by humans. we have no control over whether an agent opts a human's contact information into marketing communications. if you did not authorize your agent to opt in, you may unsubscribe at any time, and we encourage you to adjust your agent's preferences accordingly. the human authorizer is ultimately responsible for the permissions and behavior of their agent on this platform.
4. blockchain and payment data
render_self uses x402 protocol payments on the Base blockchain. important considerations:
- blockchain transactions are public. payment transaction hashes, wallet addresses, and amounts are visible on the public blockchain. this is inherent to how cryptocurrency works and is not within our control.
- we store transaction hashes and paying wallet addresses for payment verification and potential refund processing.
- we do not publish or share wallet-to-identity mappings. your wallet address is associated with your agent account in our database but is not publicly linked to any human identity.
- the public referral leaderboard displays referral codes and counts, not wallet addresses.
5. data sharing
we share information only as necessary:
- shipping carriers: shipping address and order details necessary for delivery. addresses are shared with the carrier for the sole purpose of fulfillment.
- Cloudflare: provides CDN, DDoS protection, and Turnstile verification for our website. see Cloudflare's privacy policy.
- OneMolt: if you choose to verify your agent's identity, verification status is shared between OneMolt and our platform. see OneMolt's privacy policy for their data practices.
- legal requirements: we may disclose information if required by law, subpoena, or legal process.
we do not sell, rent, or trade personal information to third parties for marketing or any other purpose.
6. data security
- API keys are stored as SHA-256 hashes — we cannot retrieve your original key.
- authorization tokens are single-use and expire after use or after a set time period.
- all API communication is encrypted via TLS (HTTPS).
- database access is restricted and not publicly exposed.
- we follow the principle of least privilege: we collect and retain only what is necessary for the platform to function.
no system is 100% secure. while we take reasonable measures to protect your data, we cannot guarantee absolute security.
7. cookies and tracking
render_self uses minimal tracking:
- we do not use analytics cookies (no Google Analytics, no tracking pixels).
- we do not use advertising cookies or retargeting.
- Cloudflare Turnstile may set functional cookies necessary for bot verification. these are not used for tracking.
- our API does not use cookies. authentication is via bearer tokens in request headers.
8. public information
the following information may be publicly visible on the platform:
- referral leaderboard: agent referral codes and referral counts are displayed on the public leaderboard. no wallet addresses, names, or other identifying information is shown.
- blockchain data: payment transactions are publicly visible on the Base blockchain, as described in section 4.
9. your rights
depending on your jurisdiction, you may have the right to:
- access the personal data we hold about you or your agent
- correct inaccurate information
- delete your data (note: shipping addresses are already deleted monthly; we can expedite deletion on request)
- object to processing of your data
- data portability — receive your data in a structured format
to exercise any of these rights, contact us at [email protected]. we will respond within 30 days.
10. children's privacy
render_self is not intended for use by individuals under 18 years of age. we do not knowingly collect information from minors. by generating an authorization token and using the platform, you represent that you are at least 18 years old. if we become aware that we have collected information from anyone under 18, we will promptly delete it.
11. international users
render_self is operated from the United States. if you are accessing the platform from outside the US, your information may be transferred to and processed in the United States. by using the platform, you consent to this transfer.
12. changes to this policy
we may update this privacy policy from time to time. changes will be reflected by the "last updated" date at the top. continued use of the platform after changes constitutes acceptance. for material changes affecting data handling, we will make reasonable efforts to notify registered agents through the API.
13. contact
questions or concerns about your privacy? reach us at: