Privacy Policy

Effective date: February 6, 2026
Last updated: February 6, 2026

1. Controller Identity

The data controller for the personal data described in this policy is Arnstein Banking Systems, the operator of the CornerStone Agentic Score Service.
Privacy contact: privacy@arnstein.ch.

2. Data We Collect

We collect the following data in connection with the CornerStone Agentic Score Service:

  • Wallet addresses that you register on the allowlist (EVM and/or Aptos). These can be associated with you or with an agent you control.
  • Banking application / compliance information (optional), if you provide it during onboarding: full name, email address, and optionally physical address. This is stored in our submissions file (e.g. last 100 entries) for demo and compliance workflow purposes.
  • Lender account data (if you onboard as a lender): we may store a lender account linked to a subscription (e.g. RevenueCat app user id), a single paying wallet address, credits balance, and notes you provide (e.g. link to your company). Subscription and payment processing are handled by RevenueCat and, where applicable, Stripe or the app store; see “Sharing” below.
  • Plaid connection metadata: when you link a bank account via Plaid, we store a record that associates a Plaid access token and item identifier with an agent wallet and timestamp. We do not store your bank account numbers, balances, or transaction history in our databases; that data remains with Plaid and your financial institution.
  • Attestation data (if you use wallet attestation): we may store that an attestation was received for a given address and when, for compliance and audit purposes.

We do not collect: raw bank account or transaction data, social security numbers, or payment card numbers in our systems. Plaid Link is used to connect your bank; Plaid’s own terms and privacy policy apply to the data Plaid collects and processes.

3. Purpose and Legal Basis

We use the data above to:

  • Operate the Service (allowlist, scoring, bank-linked borrower signal).
  • Provide and improve the MCP tools (predictions, backtests, bank linking, scores).
  • Comply with legal and regulatory obligations and to defend our rights.
  • Fulfill our contract with you (e.g. to provide the features you request).

Legal basis: performance of our contract with you; our legitimate interests in operating and securing the Service; and, where required, your consent (e.g. for bank linking and optional compliance information).

4. How We Use Data

  • Allowlist and agent wallets: Used to determine which addresses can call paid MCP tools and to associate Plaid-linked accounts with an agent for borrower scoring.
  • Banking application / submissions: Used for identity and compliance workflows and for demo purposes; may be retained as part of application history.
  • Plaid connection data: Used only to indicate that a given agent wallet has a linked bank account (e.g. to return a borrower score component). We do not pull or store your transaction or balance data in our schema.
  • Attestations: Used to verify that you control the wallet addresses you register and for audit/compliance records.

5. Sharing

We may share data with:

  • Plaid: When you link a bank account, Plaid receives and processes data per their terms and privacy policy. We send only what is necessary to create and exchange the link (e.g. client user id, products, country).
  • RevenueCat and Stripe: If you sign up for a lender or other paid subscription, we use RevenueCat for subscription management and analytics. RevenueCat and (where used) Stripe process personally identifiable information in connection with purchases and subscription billing. Their processing is governed by their respective privacy policies (e.g. RevenueCat Privacy; Stripe’s privacy policy when Stripe is used). We disclose this processing in line with our obligations to you and to our service providers.
  • Infrastructure and service providers: Hosting, databases, and other technical services that process data on our behalf, under appropriate agreements.

A list of subprocessors that may process personal data is available on this site at Subprocessors.

  • Legal and regulatory: When required by law, court order, or to protect our rights, safety, or property.

We do not sell your personal data.

6. Retention

  • Plaid connections: Your bank link is automatically removed after 29 days; you can re-link at any time. We may retain connection metadata for a longer period if required for legal or audit purposes (e.g. up to 7 years where applicable).
    Lender accounts: Retained until you close the account or request deletion. We may retain records longer where required for legal or audit purposes (e.g. up to 7 years).
  • Allowlist: Retained until you remove addresses or we terminate the Service for that data.
  • Attestations: Retained for the period needed for compliance and audit (e.g. up to 7 years if required by counsel).

For detailed retention per dataset and how to request deletion, contact privacy@arnstein.ch.

7. Security

We take reasonable technical and organizational measures to protect your data, including securing databases (e.g. file permissions, environment-based credentials), using HTTPS, and not logging sensitive tokens or full wallet addresses in production where avoidable. No system is completely secure; you use the Service at your own risk.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data, subject to legal and operational constraints (e.g. we may need to retain some data for legal or audit purposes).
  • Portability of your data in a structured format where technically feasible.
  • Object or restrict certain processing.
  • Withdraw consent where processing is based on consent (e.g. you can revoke bank linking via Plaid or by contacting us).

Correction (rectification): To correct inaccurate data (e.g. email, name, address in your submissions or lender account), contact us at privacy@arnstein.ch. We will process your request and, where applicable, correct the data within a reasonable time (typically within 30 days). We may add a self-service correction option on the onboarding site in the future.

Objection and restriction: For objection to processing or restriction of processing, contact privacy@arnstein.ch. We will respond within 30 days and, where applicable, apply the restriction or cease the relevant processing in line with applicable law.

To exercise these rights:

  • Export your data (access/portability): Export and delete cover submissions (banking application), allowlist entries, Plaid connection metadata, and lender account data (email, name, wallet(s), notes) when the request is by the relevant email or wallet.
  • By wallet only (no signature required): Call GET /privacy/export?wallet=YOUR_WALLET_ADDRESS on this application’s onboarding site. The response is JSON with submissions, allowlist entries, Plaid connection metadata, and lender account data (when applicable) for that wallet.
  • By email: You must prove control of a wallet linked to that email. (1) Get a message: GET /privacy/export-message?wallet=0x...&email=YOUR_EMAIL. (2) Sign that message with that wallet (EVM: e.g. MetaMask; Aptos: attestation script). (3) Call GET /privacy/export with query parameters: email, wallet, message, signature, chain ("evm" or "aptos"), and for Aptos public_key_hex. The response is JSON as above for that identity.
  • Delete your data (erasure): You must prove you control the wallet by signing a deletion-authorization message. (1) Request a message: GET /privacy/delete-message?wallet=0x... (optionally add &email=...). (2) Sign that message with your wallet (e.g. MetaMask for EVM, or the Aptos attestation script). (3) Send POST /privacy/delete with JSON: wallet, message, signature, and chain ("evm" or "aptos"); for Aptos include public_key_hex. Optionally include email to also remove submissions and lender account data matching that email. The server removes submissions, allowlist entries, Plaid connection (deactivated), and lender account data for the verified wallet (and, when email is provided, matching that email). Some data may be retained where required by law.

You can also contact us at privacy@arnstein.ch for any of the above rights or for assistance. You may have the right to lodge a complaint with a supervisory authority.

9. Cookies and Analytics

The onboarding site may use minimal technical cookies or similar technologies necessary for the operation of the site (e.g. session or security). If we add analytics or non-essential cookies in the future, we will update this policy and, where required, obtain consent.

10. International Transfers

We may process or store information in countries other than your own, including where our service providers operate. When required, we use appropriate safeguards for cross-border transfers.

11. Children's Privacy

The Service is not directed to children under 18 and we do not knowingly collect personal data from children.

12. Changes and Contact

We may update this Privacy Policy from time to time. We will post the updated policy and, where appropriate, notify you. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

Contact:
Privacy requests: privacy@arnstein.ch
Compliance inquiries: compliance@arnstein.ch
Security incidents: incident@arnstein.ch
Support: support@arnstein.ch