DRAFT / NON-BINDING. Prepared without counsel review and not in force. Do not rely on this document until licensed counsel has reviewed it.

DRAFT - prepared 2026-07-06 without counsel review. Not in force. Do not publish or rely on this document until licensed counsel has reviewed it.

Privacy Policy (DRAFT)

Product: Arbitrator AI (internal codename "People's Court"). Status: Alpha. Base Sepolia testnet only. No fees charged. No real funds. Version: DRAFT v0.1, prepared 2026-07-06.

This Privacy Policy explains what data the Arbitrator AI platform ("the Service") collects, how it is used, who processes it, and what choices you have. It is a companion to the Terms of Service and uses the same defined terms. Where a term of the Rules of Procedure and Evidence (the "Rules") governs how case data is handled in a dispute, the Rules control that dispute; this Policy describes the platform's data practices.

COUNSEL - Rule 9.4 gates this Policy The current Rules v0.4 carry a [COUNSEL] flag that Rule 9.4 (data handling) gates the privacy policy. This draft adopts a conservative default (Section 4) pending that Rule being finalized. Confirm the final Rule 9.4 text and align this Policy to it before publication.


1. Who we are

The Service is operated by [ENTITY - COUNSEL: entity domicile and legal name undecided per legal/jurisdiction.md] ("we," "us," "our," or the "Operator"). Contact for privacy questions: [CONTACT PLACEHOLDER].

The Service is a business-to-business and agent-to-agent Alpha on the Base Sepolia testnet. It is not marketed to individual consumers.


2. Data we collect

We collect the following categories of data:

  • Case filings and submissions - complaints, answers, memorials, rebuttals, and other written submissions Parties file in a dispute.
  • Exhibits and evidence - uploaded documents, images, on-chain records, and third-party attestations submitted as evidence, including their content and metadata.
  • Wallet addresses - the blockchain addresses Users authenticate with and that are named as parties or payout destinations.
  • Signatures and consent artifacts - wallet signatures, signed messages, click-through acceptances, timestamps, and content hashes evidencing consent and authentication.
  • Usage and metering data - logs of access, actions taken, timestamps, case activity, and technical data such as IP address and device/agent identifiers.
  • Webhook and endpoint data - registered machine-to-machine endpoints, wallet endpoints, and configuration used to deliver notices and orchestrate agent-lane cases.
  • Communications - messages you send to us, such as support or privacy requests.

Do not submit privileged material, and do not submit personal data you are not entitled to share. Submissions to a neutral are generally not privileged and may be compelled by legal process. See Section 8.


3. Why we use it (purposes)

We use the data above to:

  • administer the arbitral forum and conduct disputes under the Rules;
  • authenticate Users and verify consent;
  • prepare draft opinions (by the AI Tribunal) and produce Awards (adopted and signed by the human Reviewer);
  • validate the integrity of submissions, screen for prohibited use and sanctions concerns, and prevent abuse;
  • meter usage, operate and secure the Service, and debug and improve it;
  • publish decisions in the form and with the redaction described in Section 6;
  • keep records and comply with law, including responding to lawful requests. See Section 8.

We do not sell your data.


4. AI processing of case content

To operate the Service, case content (filings, exhibits, and related text) is processed by AI systems, including large language models provided by third-party model providers.

The list of model providers changes over time. As of the date of this draft, the current evaluation provider is GLM (via Z.ai), per project documentation. Other providers may be added or removed.

COUNSEL / CONFIG - providers and DPAs Confirm the current and planned model providers, put a data-processing agreement (DPA) in place with each, and keep this list current. Do not publish a provider list that is out of date or that lacks a DPA. Consider whether image transcription and legal-authority retrieval use additional third-party services that must be disclosed here.

Training default - case content is not used to train models. We adopt the conservative default: case content is not used to train, fine-tune, or improve any model beyond what is necessary to process the specific dispute. Any future tier in which case content could be used for training would be opt-in only and would require your explicit, separate consent.

COUNSEL - Rule 9.4 training tiers; pending policy decision The training-tier decision under Rule 9.4 is not final. This Policy states the conservative "no training" default and an explicit-opt-in requirement for any future tier. Confirm the final Rule 9.4 text, the provider contracts actually prohibit training on our content, and the opt-in mechanism before publication.

Automated decision-making. AI systems assist the process, but the human Reviewer is the decision-maker of record for every Award and adopts the reasoning as their own (see the Terms of Service and Section 9 below).


5. Who we share it with

We share data with:

  • Model providers - as described in Section 4, to process case content.
  • The Reviewer - the qualified human who reviews draft opinions and signs Awards.
  • The opposing Party - through the exchange and reveal mechanics in the Rules, each Party sees the other's filing on reveal; this is how the process works, not an incidental disclosure.
  • Service providers - infrastructure, hosting, wallet-screening, security, and analytics vendors who process data on our behalf under appropriate terms.
  • Successors - a party to a reorganization or transfer of the Service.
  • Authorities and as required by law - see Section 8.

We do not sell data and do not share it for third-party advertising.


6. Publication of decisions

Awards may be published as part of the Service's record.

COUNSEL - Rule 9.3 publication; chain re-identification Per Rule 9.3 and legal-risk-review #9, publishing a reasoned award that describes a transaction, together with a wallet address, is often re-identifiable by chain analysis, and publication may constitute processing without a lawful basis for EU parties. True redaction and a party opt-out may be required before any public precedent corpus ships. Confirm before publishing any decision.

Where decisions are published:

  • Redaction. Identifying details are redacted. Given the chain re-identification risk above, redaction may need to reach amounts, dates, transaction hashes, and counterparties, not only names.
  • Party pseudonymity. Parties are referred to pseudonymously where they participated under a wallet identity.
  • Authority tiers. Published decisions carry no precedential force in the fast and single-arbiter tiers; a panel opinion, any concurrence, and any dissent are published where a panel sits, per the Rules.
  • Opt-out. COUNSEL - confirm whether parties may opt out of the published-precedent layer, per legal-risk-review #9.

7. On-chain data is public and immutable

Some data connected to a dispute is recorded on a public blockchain. This includes transaction hashes and, where used, notarized hashes of an Award or of consent artifacts.

On-chain data is public and permanent. Anyone can read it, and it cannot be deleted, altered, or recalled once written. Because of this:

  • Rights to erasure, correction, or deletion cannot reach data that is on-chain. We cannot delete or change what is recorded on a public blockchain, and neither can you.
  • We record hashes, not evidence content, on-chain. We do not put filings or exhibit content on a blockchain.
  • A wallet address on-chain, combined with other public information, may be linkable back to a real party by chain analysis. We cannot prevent third-party chain analysis.

We are telling you this plainly so you can decide what to submit and which wallet to use.

COUNSEL - erasure vs. immutability Per legal-risk-review #9, the tension between erasure rights and on-chain immutability must be addressed honestly and, for EU parties, analyzed for lawful basis. This section states the honest limit; counsel to confirm the framing and any additional obligations.


8. Retention

In this Alpha on the Base Sepolia testnet, records may be reset, deleted, or lost at any time, and we do not promise to retain any record. See the Terms of Service.

We keep data for as long as needed to operate the Service, administer and reconstruct disputes, meet legal and integrity obligations, and defend against claims, and then delete or de-identify it, except for on-chain data, which cannot be deleted (Section 7).

COUNSEL / CONFIG - retention schedule gap No retention schedule is fixed. Regulatory-issue-spotting #10 and open question 9 flag that retention numbers (evidence, logs, model versions) are undecided, and that a decision may need to be reconstructible for years (vacatur limitation periods, fraud and clawback claims). This Policy therefore promises no retention in the Alpha. Set the retention schedule and reconcile it with what the Rules promise before any binding use. Flagged: the Rules do not currently fix retention, so there is a gap to close, not merely a number to insert.


9. Your rights and choices

Depending on where you are and the applicable law, you may have rights to access, correct, delete, port, or object to the processing of your personal data, subject to the on-chain limits in Section 7. To exercise a right, contact us at [CONTACT PLACEHOLDER].

GDPR posture (EU / EEA)

COUNSEL - GDPR Article 22 and EU scope Per legal-risk-review #2 (GDPR Art. 22) and #3 (EU AI Act - ADR is Annex III high-risk), EU exposure is a serious, unresolved area. This Policy states a limited posture pending counsel and an EU AI Act analysis.

  • Automated decision-making (Art. 22). An Award produces legal effects. Our position is that the human Reviewer renders the final decision and adopts the reasoning as their own, so the decision is not solely automated. A human review that merely rubber-stamps AI output would not satisfy Art. 22, so the Reviewer must exercise genuine judgment. COUNSEL - confirm the Art. 22 analysis and that the Reviewer's role is meaningful in fact, not just on paper; note the tension with any tier that could resolve without a human, and with the Rules' "no merits appeal," which collides with the Art. 22 right to contest.
  • EU service is limited. Pending an EU AI Act high-risk analysis (legal-risk-review #3), the Service does not hold itself out to EU parties, and EU-based parties may be geofenced. Do not silently serve EU parties.
  • Lawful basis, controller/processor roles, international transfers, and DPIA are all to be determined by counsel before any EU-facing use.

CCPA note (California)

If you are a California resident, you may have rights under the CCPA/CPRA, including to know, delete, correct, and opt out of "sale" or "sharing." We do not sell personal information and do not share it for cross-context behavioral advertising. The on-chain limits in Section 7 apply to deletion requests.

COUNSEL - CCPA Confirm the CCPA/CPRA applicability given the B2B/agent-only Alpha posture, the service-provider terms with vendors, and the interaction with SB 940 (legal-risk-review #7) if any California party is ever in scope.


10. Security

We use technical and organizational measures to protect data, including:

  • Content-hashing of exchanged evidence (SHA-256), so tampering is detectable by hash mismatch.
  • Sealed filings in simultaneous phases, withheld from the opposing Party until the joint reveal.
  • Access controls, encryption in transit and at rest where applicable, and access logging.

No system is perfectly secure. Evidence stores and model logs may be targets of breach or legal process; consider this when deciding what to submit.

COUNSEL - security program Confirm the security controls, breach-notification obligations, and vendor terms before any real-value or fee-bearing use.


11. Children

The Service is not directed to children and is offered to businesses and autonomous agents only. We do not knowingly collect data from children.


12. Changes to this Policy

We may update this Policy. Material changes will be communicated through the Service or by reasonable means. The date of the current version is shown at the top.


13. Contact

Questions about this Policy or your data: [CONTACT PLACEHOLDER]. Operator: [ENTITY - COUNSEL: entity domicile and legal name undecided per legal/jurisdiction.md].


Counsel punch-list (Privacy Policy)

The highest-priority items a lawyer must resolve in this document:

  1. Rule 9.4 gates this Policy (Sections 4, 8). Finalize Rule 9.4 (data handling) and align this Policy to it, especially the training default and retention. This is the flagged dependency in the Rules.
  2. Training default and opt-in (Section 4). This Policy adopts "case content is not used to train models," with any future training tier opt-in and explicitly consented. Confirm provider contracts actually prohibit training on our content and that the opt-in mechanism is sound.
  3. Model providers and DPAs (Section 4). Confirm the current provider list (GLM via Z.ai as current eval provider per project docs), put DPAs in place, keep the list current, and disclose any image-transcription or legal-research services.
  4. On-chain immutability vs. erasure rights (Section 7). Confirm the honest framing and, for EU parties, the lawful-basis analysis for immutable on-chain data (legal-risk-review #9).
  5. Publication and chain re-identification (Section 6). Confirm redaction depth (amounts, dates, tx hashes, counterparties), party pseudonymity, and a possible opt-out before any public precedent corpus ships (Rule 9.3; legal-risk-review #9).
  6. GDPR Art. 22 and EU AI Act (Section 9). Confirm the "human Reviewer renders the final decision" position holds under Art. 22, address the "no merits appeal" vs. right-to-contest tension, and complete the EU AI Act high-risk analysis before serving EU parties (legal-risk-review #2, #3).
  7. Retention schedule (Section 8). Set the retention numbers and reconcile with the Rules; note the Rules do not currently fix retention, so there is a gap to close (regulatory-issue-spotting #10).
  8. CCPA and SB 940 (Section 9). Confirm applicability given the B2B/agent-only posture and the interaction with California SB 940 if any California party is ever in scope (legal-risk-review #7).

End of draft. Reminder: DRAFT - prepared 2026-07-06 without counsel review. Not in force. Do not publish or rely on this document until licensed counsel has reviewed it.

See also the Terms of Service.