> ## Documentation Index
> Fetch the complete documentation index at: https://agenticintentprotocol.com/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQ -- Compliance and Audit

> Frequently asked questions about AIP compliance, privacy, and audit trails

<AccordionGroup>
  <Accordion title="How does AIP handle privacy?">
    AIP enforces privacy through protocol design: no personal identifiers are required in any message schema. Brand Agents receive only anonymized intent context. In delegation, context is further scoped to defined boundaries. Operators, platforms, and brand agents implement their own regulatory compliance (GDPR, CCPA, etc.) according to applicable laws.
  </Accordion>

  <Accordion title="How are audit trails maintained?">
    All verifications, signatures, and timestamps are recorded in the Operator's settlement ledger. Every settlement outcome is traceable to a single serve\_token and can be independently verified through cryptographic linkage.
  </Accordion>

  <Accordion title="What is the data retention policy?">
    AIP does not define retention durations. Operators define their own data retention policies according to their requirements and applicable regulations.
  </Accordion>

  <Accordion title="How are cryptographic keys managed?">
    Each participant manages keys according to their own security policies. The protocol requires message authentication and integrity protection but does not prescribe specific key management procedures.
  </Accordion>

  <Accordion title="How is delegation privacy protected?">
    Delegation uses scoped context  -  only the data defined in `context_scope` (e.g., intent and constraints) is shared with the brand agent. Raw user queries, conversation transcripts, and user identifiers are never included regardless of scope configuration.
  </Accordion>
</AccordionGroup>
