• Plans
    For enterprises
    Lemma Civic Public infrastructure · B2B2G Lemma Critical Mission-critical & manufacturing Lemma Compliance Finance · KYC/AML · FinTech
    For developers
    Lemma API The ZK proof issuance API
    For agents
    Trust402 · Pay Run agents without holding the keys Trust402 · Sell Get paid by AI agents for your work Institutional ID Official institutional claims
    ▸ See the plans page
  • Lemma API
    Five proofs
    Lemma API overview Five proofs, one API — the full picture Provenance · Verifiable Origin Authentication · Seal Authority · Agent Authority Inference · Verifiable AI Attribute · Regulatory Attribute
  • Solutions
    Use Cases
    All use cases AI Audit Log Proof KYC/AML Selective Disclosure Supply Chain ESG DeFi Bridge Verification
  • Resources
    Content
    ● Critical Brief Blog Glossary Data Authenticity FAQ
    Developer resources
    Dashboard Lemma Specs Full technical specification
JA Get Started ↗
Plans
Lemma CivicPublic infrastructure · B2B2G Lemma CriticalMission-critical & manufacturing Lemma ComplianceFinance · KYC/AML · FinTech Lemma APIThe ZK proof issuance API Trust402 · PayRun agents without holding the keys Trust402 · SellGet paid by AI agents for your work Institutional IDOfficial institutional claims ▸ See the plans page
Lemma API
Lemma API overview Provenance · Verifiable Origin Authentication · Seal Authority · Agent Authority Inference · Verifiable AI Attribute · Regulatory Attribute
Solutions
All use cases AI Audit Log Proof KYC/AML Selective Disclosure Supply Chain ESG DeFi Bridge Verification
Resources
● Critical Brief Blog Glossary FAQ Dashboard Lemma SpecsFull technical specification
Get Started
JA
Privacy Policy

Privacy Policy

Last updated: May 2, 2026

FRAME00 Inc. (“we”) provides Lemma (the “Service”). This policy describes the data we receive, store, and process, given the cryptographic design of the Service.

  1. Data Minimization

    The Service receives only the minimum metadata required for API operation. Original documents (plaintext) never reach our servers. Documents are normalized cryptographically inside the user's environment, and only commitments and hashes are transmitted to us.

  2. Data We Receive

    Per our OpenAPI v2 specification, we receive only the following:

    • Schema ID (schema)
    • Document hash (docHash)
    • IPFS content identifier (cid)
    • Issuer identifier (issuerId) — an arbitrary string (DID, address, etc.) hashed via keccak256 to bytes32
    • Subject identifier (subjectId) — same hashing approach
    • Commitments — a Merkle root, leaves, and randomness based on Poseidon, Poseidon2, Rescue-Prime, or SHA-256
    • Revocation root and scheme
    • Issuer signature (optional)
    • Zero-knowledge proof and public inputs

    These structures make it cryptographically infeasible to reconstruct the original document. We do not hold plaintext documents and cannot read, analyze, or copy them.

  3. Encryption and Storage

    • Transit: all communication is encrypted via HTTPS (TLS 1.2+).
    • Storage: we store only the metadata above. We do not retain original document content.
    • Hosting: the Service runs on Cloudflare Workers. Cloudflare's security policies apply.
  4. Third-Party Disclosure (On-Chain Writes)

    When users explicitly set onchain: true on a proof submission, we record the verification result to the verification contract on the chain (EVM-compatible) configured by the targeted circuit (CircuitMeta.verifier). Chain ID and contract address come from the circuit's metadata.

    When onchain is not set (default), verification results are stored only within our internal systems.

  5. Selective Disclosure

    Users may combine ZK proofs with selective disclosure (bbs+ or opaque format). We receive only the disclosed attributes; undisclosed attributes are not processed.

  6. Retention

    • Metadata: retained for the period necessary to provide the Service.
    • Logs: retained for operational needs (up to 90 days), then deleted.
  7. User Rights

    Users may exercise the following rights regarding their metadata held by us:

    • Right to access
    • Right to correction and deletion
    • Right to restrict processing

    To exercise these rights, contact us at the address below.

  8. Third-Party Sharing

    We do not share data with third parties without user consent, except as required by law. By design, it is technically impossible for us to share the original document content.

  9. Changes to This Policy

    This policy may be updated to reflect changes in the technical specification or applicable law. Material changes will be announced on the Service's website and notified to users.

  10. Contact

    For questions about this policy or to exercise any of the rights above:

    FRAME00 Inc.
    Email: contact@frame00.com

Trust infrastructure for AI. Built for decisions that matter.

Dashboard ↗
X GH in

About Lemma

  • Use cases
  • Data Authenticity

Products

  • Lemma API
  • Lemma Civic
  • Lemma Critical
  • Lemma Compliance
  • Trust402
  • Pricing

For developers

  • Trust402
  • Dashboard
  • Specs
  • GitHub ↗
  • Smithery ↗

Resources

  • ● Critical Brief
  • Blog
  • Newsletter
  • Glossary
  • FAQ
Company
  • About us
  • Contact
  • JA
© 2026 FRAME00, INC. — Built for decisions that matter.
Privacy Terms