Privacy

How Blue Pillow handles personal data for the B2A agents site.

Last updated: 2026-05-28

The B2A agents site is operated by Blue Pillow. This is a short notice for the agent-facing surface. The full privacy policy applicable to all Blue Pillow services is published on the human site.

What we collect

• Anonymous API keys. When an agent calls POST /v1/keys (or the b2a_get_key MCP tool) we generate a random opaque key. No email, account, or other identifier is required. The key is the only credential bound to the caller.
• Request metadata. We log the requested path, response status, latency, and the anonymous key id (not the key itself). We do not log request bodies that would identify an end-user.
• IP address. Truncated to /24 (IPv4) or /48 (IPv6) and retained only for abuse-prevention and rate-limit enforcement.

What we don’t collect

• No tracking cookies, no analytics on the agents site, no third-party tags.
• No personal data tied to the anonymous key.

Full policy

For the complete Blue Pillow privacy notice — including data subject rights, retention, transfers, and contact for data requests — see the human site policy at bluepillow.com/privacy.