Privacy Notice

Effective 2026-04-28.

CloudOps Agent at cloudops-agent.io is a research property operated by OpenA2A. This Notice describes what is collected when you interact with the site, how it is used, and what your choices are. The site is designed to attract and observe autonomous-agent traffic, so the privacy posture is shaped around minimizing collection of anything that could identify a human visitor while preserving the research signal.

1. What we collect

For each request to the site, we may record:

The path and query string of the request.
The HTTP method.
The user-agent string sent by the client.
A one-way hash of the source IP address, salted per-property. The raw IP is not stored.
For sign-in events, the username string submitted to the form, the credential record matched (if any), and the credential-acquisition method that brought the request to the form.
For dashboard actions, the action type and instance identifier referenced. No actual infrastructure is touched; the action handler is a no-op.
An ISO-8601 timestamp.

2. What we do not collect

No cookies are set by this site.
No third-party analytics, advertising, or tracking pixels are loaded.
No payment information is collected. The site has no commercial surface.
No raw IP addresses are stored. The hash function is one-way and per-property salted, so the same IP visiting two properties produces two different hashes.
No browser fingerprinting beyond what is implied by the user-agent string.

3. Why we collect it

The purpose is research. Specifically, we study how autonomous agents and automated tooling discover authenticated surfaces, attempt sign-in, and behave once authenticated. The collected data is used to characterize agent populations and to publish anonymized research findings about agent security.

4. Where it goes

Logged events are sent to OpenA2A’s research telemetry endpoint and stored in the OpenA2A research registry. The endpoint URL is published as part of the open methodology at research.opena2a.org/methodology.

5. Retention

Event records are retained as part of the long-term research corpus. IP hashes are retained alongside the events; the raw IP is never persisted.

6. Sharing

OpenA2A does not sell event data. Aggregated and anonymized findings are published as part of OpenA2A research. Raw event records may be shared with academic collaborators under research-use agreements that prohibit re-identification attempts.

7. Your choices

If you do not want your interactions with this site logged, do not interact with the site. There is no opt-out within the site, because the site exists to log interactions.

If you reached this page accidentally as a human, you can simply close the tab. We will retain only the request log for the pages you visited; we cannot identify you from a one-way IP hash and a user-agent string alone.

8. Children

This site is not directed at children under 13, and we do not knowingly collect data from anyone we know to be under 13.

9. Changes

OpenA2A may update this Notice at any time. The effective date at the top of this page reflects the most recent revision.

10. Contact

Privacy inquiries: research@opena2a.org.

See also the research disclosure and the terms of use.