Last updated: April 7, 2026 · Adworth℠ LLC · Charleston, SC
adworth-ads Cloudflare Worker (v5.3.0, powered by DataForSEO), which includes a PII Advertiser Name Classifier that detects and anonymizes individual person names in public ad data before any response leaves the worker — only a non-reversible SHA-256 audit hash is retained. The public /analyze endpoint that powers the Ad Intelligence Dashboard is rate-limited (10 requests per IP per hour via Cloudflare KV) rather than authentication-gated, ensuring the live demo remains accessible while preventing abuse. Consent tokens and ledger entries are governed by specific rules around immutability and data ownership. The Invisibility Ledger intentionally contains synthetic “chaff” entries alongside real events — this is a privacy protection, not an inaccuracy, and does not affect consent enforcement or payout accuracy. The State-Persistence Monitor and Removal Payload Engine currently operate in simulated mode for demonstration purposes. The RPE runs as a standalone worker (adworth-rpe v2.3.0) and communicates with the adworth-rules Worker via a Cloudflare Service Binding (RULES_WORKER) for secure worker-to-worker communication, evaluating regulation rules at runtime from a versioned, machine-readable regulation rules table (adworth-rules Worker, rules v1.0.0, effective March 5, 2026) — legal citations, deadlines, and obligations are fetched deterministically from version-controlled JSON. The Privacy Governance Engine (v2.3.0) enforces consent in real time, applies a Minor Shield block for all advertising requests when minor user status is detected, and honors Global Privacy Control (GPC) Sec-GPC: 1 signals as valid opt-outs under CPRA § 1798.135(d). The Ingestion API (adworth-ingestion-api v1.3.0) and Privacy Cockpit Chrome extension allow advertisers to securely submit cryptographically signed marketing data — private keys are generated on-device and never transmitted to Adworth. As of v1.3.0, upon successful Ed25519 signature verification the Ingestion API also writes a CONSENT_ISSUED event to the ADWORTH_LEDGER KV namespace, enabling the Privacy Governance Engine to evaluate the issued token in real time during advertiser access requests. The adworth-ingestion-api Worker now has three KV bindings: PUBLIC_KEYS (public key storage), INGESTED_DATA (verified ingestion records), and ADWORTH_LEDGER (consent event ledger). All API endpoints use constant-time HMAC-SHA256 key comparison via crypto.subtle and enforce strict origin allowlist CORS (no wildcards). API access requires authentication; keys are held in JavaScript memory for the session only, never written to localStorage, sessionStorage, cookies, or any server-side log. The consent token API is now served by adworth-consent-widget (v3.4.0, the active consent infrastructure worker; the legacy deployment adworth-consent-api has been decommissioned) with user ID SHA-256 hashing, location quantization, and IP-based rate limiting. Waitlist submissions are processed through our own Cloudflare Worker (adworth-waitlist v2.3.0) with self-hosted font delivery (v1.2.0). Enterprise pricing is indicative. Questions? .
By accessing or using any Adworth℠ service — including adworth.app, app.adworth.app, the Ad Intelligence pipeline, the Consent API, the Privacy Governance Engine, the State-Persistence Monitor, the Removal Payload Engine, the Invisibility Ledger, the Regulation Rules Worker, the Ingestion API, the Privacy Cockpit Chrome extension, or any associated applications — you agree to be bound by these Terms of Service and our Privacy Policy.
If you do not agree to these terms, please do not use our services.
Adworth℠ is a privacy technology platform currently providing:
adworth-ads Cloudflare Worker v5.3.0) that retrieves publicly available advertiser data via DataForSEO, analyzes it using Anthropic’s Claude AI, and includes a PII Advertiser Name Classifier that detects and anonymizes individual person names before any response leaves the worker — logging only a non-reversible SHA-256 audit hash with 90-day retention. The public /analyze endpoint is rate-limited by IP (10 requests per hour) rather than authentication-gated, ensuring the live demo remains accessible. All API endpoints use constant-time HMAC-SHA256 key comparison and strict origin allowlist CORS/submit JSON endpointadworth-rpe v2.3.0) available both within the State-Persistence Monitor and as a standalone Cloudflare Worker that generates legally-cited, HMAC-SHA256-signed deletion requests when violations are detected (Patent Component #5). As of March 11, 2026, the RPE communicates with the adworth-rules Worker via a Cloudflare Service Binding (RULES_WORKER) for secure worker-to-worker communication and evaluates regulation rules at runtime — supported rights include GDPR-ART17, GDPR-ART7, CCPA-1798105, CCPA-1798120, DSA-ART26, and DSA-ART25adworth-rules) that serves a versioned, machine-readable JSON regulation rules table to the RPE at runtime. Rules are version-controlled in GitHub, stored in an isolated Cloudflare KV namespace (ADWORTH_RULES), and evaluated deterministically. Current version: v1.0.0, effective March 5, 2026adworth-ingestion-api v1.3.0 Cloudflare Worker) that receives, cryptographically verifies, and stores Ed25519-signed marketing data submitted by the Privacy Cockpit Chrome extension — private keys are generated on user devices and never transmitted to Adworth. As of v1.3.0, upon successful signature verification the Ingestion API also writes a CONSENT_ISSUED event to the ADWORTH_LEDGER KV namespace, enabling the Privacy Governance Engine to evaluate the issued token in real time during subsequent advertiser access requestsadworth.app/ccpa-gap) displaying aggregated data from publicly available CCPA transparency reports under California Civil Code § 1798.185(a)(7)We are an early-stage company. Our services are actively being developed and may change, be interrupted, or be discontinued at any time. We will make reasonable efforts to notify users of significant changes.
CONSENT_ISSUED ledger write are all live. The Privacy Cockpit extension is currently distributed as a developer build and has not been published to the Chrome Web Store. Demo-mode notices generated via the enterprise page carry no legal effect. The Regulation Rules Worker (adworth-rules) is live and serving v1.0.0 rules to the RPE in production. Advanced Privacy Protocols (Ledger Chaff, Differential Privacy, Grid Quantization, Minor Shield) are active in production. The Nashville Offline Protocol and Biometric Gating are on the product roadmap and are not yet deployed.
Adworth relies on the following infrastructure providers to deliver its services. By using our services, you acknowledge that your use is also subject to these providers’ applicable terms and privacy policies.
All server-side logic runs on Cloudflare Workers edge infrastructure. Our complete active worker fleet (28 Workers): adworth-ads (Ad Intelligence pipeline and PII Advertiser Name Classifier), adworth-consent-widget (Consent Token API v3.4.0, the active consent infrastructure worker; the legacy deployment adworth-consent-api shared this same codebase and has been decommissioned — CPRA opt-out page, user ID SHA-256 hashing, location quantization/fuzz, IP-based rate limiting), adworth-bouncer (Privacy Governance Engine v2.3.0, including Minor Shield and GPC Detection), adworth-ledger (Invisibility Ledger read-only viewer, including Ledger Chaff entries), adworth-state-monitor (State-Persistence Monitor), adworth-rpe (standalone Removal Payload Engine v2.3.0 with runtime rule evaluation via RULES_WORKER Service Binding and public verification endpoints), adworth-rules (Regulation Rules Worker serving versioned machine-readable regulation rules table from isolated ADWORTH_RULES KV namespace), adworth-waitlist (waitlist processing v2.3.0 and authenticated admin dashboard), adworth-ccpa-gap (CCPA Enforcement Gap public API and admin dashboard), adworth-ingestion-api (Ed25519 signature verification, public key management, and ingestion data storage for the Privacy Cockpit extension; v1.3.0 — upon successful signature verification also writes CONSENT_ISSUED events to ADWORTH_LEDGER KV; three KV bindings: PUBLIC_KEYS, INGESTED_DATA, ADWORTH_LEDGER), adworth-fonts (self-hosted font delivery v1.2.0, origin-aware CORS, edge-cached proxy eliminating Google tracking), and adworth-auth-guard (sovereign key protection v1.2.0 — rate limiting, brute force blocking, and authentication audit log for the Worker fleet; stores IP addresses temporarily in the ADWORTH_AUTH_GUARD KV namespace for rate limit enforcement only, with a 300-second rolling window and 900-second block duration; IP data is used solely for security purposes and is not shared with third parties; audit log retains the last 500 entries), adworth-social (social content draft queue and content library v1.1.0 — stores drafts in ADWORTH_SOCIAL KV; no user PII stored; strict CORS origin allowlist, HMAC-SHA256 auth, IP-based rate limiting, XSS protection via esc(), event delegation, memory-only API key), adworth-comms (internal communications metadata log — metadata-only logging, no message body storage; all communications handled through Cloudflare Workers; stores metadata in ADWORTH_COMMS KV), adworth-changelog (infrastructure change log — append-only record of all Worker deployments and configuration changes in ADWORTH_CHANGELOG KV), adworth-expenses (internal expense tracker v1.1.0 — no user data; stores operational cost records in ADWORTH_EXPENSES KV; strict CORS origin allowlist, HMAC-SHA256 auth, IP-based rate limiting, CSV export via header-based auth, XSS protection via esc(), event delegation, memory-only API key), adworth-dsr (Data Subject Request processor — handles GDPR/CCPA deletion and access requests; stores DSR records in ADWORTH_DSR_LOG KV with verification token TTL of 3600 seconds), adworth-headers (security header enforcement — injects Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy headers on all adworth.app responses), adworth-retention (automated data retention enforcement — runs on a daily cron trigger at 03:00 UTC; purges expired consent tokens, KV entries beyond retention window, and stale monitor state), adworth-breach (breach detection and notification — logs security events in ADWORTH_BREACH_LOG KV; sends email alerts to on new breach events), adworth-age-gate (age certification enforcement — stores age certifications in ADWORTH_AGE_GATE KV; enforces Minor Shield eligibility at the platform front door), adworth-healthcheck (fleet health monitoring — runs on a daily cron trigger at 06:00 UTC; pings all Worker /health endpoints and logs availability status), adworth-audit-export (audit trail export — generates user-facing exports of real ledger entries, excluding chaff; exports contain no PII), adworth-consent-receipt (consent receipt delivery — generates and delivers cryptographically signed consent receipts to users upon token issuance), adworth-key-rotation (API key rotation log — stores rotation events and key fingerprints in ADWORTH_KEY_ROTATION_LOG KV; never stores key values), adworth-deploy-integrity (deployment integrity verification — records Worker deployment hashes in ADWORTH_DEPLOY_LOG KV for tamper detection), and adworth-abuse (abuse detection and rate limiting — logs abuse events in ADWORTH_ABUSE_LOG KV; provides coordinated blocking across the fleet), and adworth-well-known (serves RFC 9116 security.txt at adworth.app/.well-known/security.txt and reserves the /.well-known/* route for future use; no personal data processed or stored; deployed March 18, 2026). All Workers use a shared API_SECRET_KEY environment variable for authentication, stored encrypted in Cloudflare’s environment variable system. API key comparison across all Workers uses constant-time HMAC-SHA256 verification via crypto.subtle to prevent timing attacks, and all Workers enforce strict origin allowlist CORS with no wildcard origins. Cloudflare processes request metadata as part of serving and securing our services. Cloudflare’s terms: cloudflare.com/terms.
Adworth employs multiple layers of Cloudflare bot protection on adworth.app to prevent unauthorized AI training crawlers from scraping site content. These protections are purely defensive and do not collect, store, or process any user personal data. The following features are active as of March 11, 2026:
robots.txt file at adworth.app/robots.txt includes explicit Disallow: / rules for 13 known AI training crawlers: GPTBot, ChatGPT-User, Google-Extended, CCBot, anthropic-ai, Claude-Web, Bytespider, cohere-ai, PerplexityBot, Amazonbot, FacebookBot, meta-externalagent, and Applebot-Extended. This is a standards-compliant signal that site content must not be used for AI model trainingThese protections apply only to the adworth.app domain. They do not affect Cloudflare Worker API endpoints, worker-to-worker Service Bindings, or any authenticated API traffic. Adworth’s content — including legal documents, technical descriptions, patent-pending system documentation, and live demo interfaces — is proprietary and may not be used to train AI models without express written permission from Adworth LLC.
Our primary website (adworth.app) is hosted and deployed via Vercel as part of a GitHub → Vercel → Cloudflare pipeline. Vercel may retain standard server access logs. Vercel Analytics is explicitly disabled on our deployment. Vercel’s terms: vercel.com/legal/terms.
IONOS is used for two purposes: (1) hosting the app.adworth.app subdomain served from IONOS webspace (separate from the main adworth.app Vercel deployment), and (2) routing system email from . No user personal data is stored within IONOS infrastructure beyond standard server access logs. IONOS terms: ionos.com/terms-gtc.
Source code is hosted in a private repository under the adworthllc organization on GitHub. The adworth-rules.json regulation rules table is version-controlled in GitHub as the source of truth for all legal citations evaluated by the RPE — changes require a commit and are synced to Cloudflare KV before taking effect at runtime. No user data — including waitlist emails, consent tokens, ledger entries, ingestion records, or any personally identifiable information — is stored in or transmitted through GitHub. API secrets and environment variable values are never committed to version control. GitHub’s terms: docs.github.com/terms.
Correspondence sent to is handled via Proton Mail, which provides end-to-end encrypted email infrastructure. Email content you send to us is stored within Proton Mail and is not shared with third parties except as required by law. Waitlist broadcast communications are sent via Proton Mail using BCC to protect subscriber email addresses from other recipients. Proton Mail’s terms: proton.me/legal/terms.
The Ad Intelligence Dashboard uses DataForSEO to retrieve public Google search and advertiser data. All DataForSEO calls are made exclusively from our adworth-ads Cloudflare Worker via the POST /v3/serp/google/organic/live/advanced endpoint — no DataForSEO requests originate from the user’s browser. When you submit a domain for analysis, that domain name is transmitted to DataForSEO using Basic Auth credentials stored as encrypted Cloudflare Worker secrets. No personal user data is transmitted to DataForSEO. Before any DataForSEO response is returned to the dashboard, the PII Advertiser Name Classifier runs within adworth-ads to detect and anonymize any individual person names in the returned ad data. Results are cached in Cloudflare KV (AD_CACHE) for six hours to minimize external data processor calls. DataForSEO’s terms: dataforseo.com/terms.
AI privacy analysis in the Ad Intelligence Dashboard is generated by Anthropic’s Claude API. All Anthropic calls are made from our adworth-ads Cloudflare Worker. Data transmitted to Anthropic is already-anonymized ad metadata — any individual person names detected by the PII Advertiser Name Classifier have been replaced before this call is made. No personal user data, waitlist emails, consent token data, or ingestion records are sent to Anthropic. Anthropic’s terms: anthropic.com/legal/consumer-terms.
Adworth does not use any third-party form processors, mailing list providers, or external email delivery services for waitlist management or subscriber communications. Waitlist form submissions and all associated communications are processed entirely through our own Cloudflare Workers. Email addresses are stored in Cloudflare Workers KV and are never transmitted to external services for any purpose.
The following terms govern your use of the Adworth Ingestion API (adworth-ingestion-api) and the Privacy Cockpit Chrome extension.
The Privacy Cockpit extension uses Ed25519 asymmetric cryptography (FIPS 186-5 approved) to sign all data submissions. By installing and using the Privacy Cockpit extension, you acknowledge that:
crypto.subtle) during first-run setupchrome.storage.local on your device as a non-extractable key objectuser:{user_id}:pubkey:{device}The Privacy Cockpit extension extracts campaign-level metrics from advertising platform dashboards (including Google Ads and Meta Ads) that you are actively viewing in your browser. By using the extension, you acknowledge that:
Verified ingestion records are stored in Cloudflare Workers KV under the key pattern ingestion:{user_id}:{ingestion_id}. Each record contains: sanitized campaign metrics, submission timestamp, device identifier, and a signature_verified: true flag. No personally identifiable information is present in stored ingestion records.
As of Ingestion API v1.3.0 (deployed April 7, 2026), upon successful Ed25519 signature verification the Ingestion API additionally writes a CONSENT_ISSUED event to the ADWORTH_LEDGER KV namespace. This event contains: a unique token ID (matching the ingestion ID), the user ID, advertiser ID, data scope, expiry timestamp (one year from issuance), issuance method (privacy_cockpit_extension), and a signatureVerified: true flag. This event is used by the Privacy Governance Engine (adworth-bouncer) to evaluate advertiser access requests against the live ledger in real time. The CONSENT_ISSUED event is subject to the same immutability, retention, and audit rules as all ledger entries described in Section 4. No personally identifiable information is written to the ledger. The ledger write is non-fatal — if the ledger write fails, the ingestion record is still stored and the API returns a success response. You may request deletion of your ingestion records by contacting .
CONSENT_ISSUED ledger write are all live on Cloudflare. The extension is currently distributed as a developer build and has not been published to the Chrome Web Store.
The following terms govern the adworth-rules Cloudflare Worker and the machine-readable regulation rules table it serves to the Removal Payload Engine at runtime.
The Regulation Rules Worker (adworth-rules) is patent-supporting infrastructure that replaces hardcoded legal citations in the RPE with deterministic, runtime-evaluated rules. By using any Adworth service that depends on the RPE, you acknowledge that:
adworth-rules, not from static strings embedded in the RPE WorkerGDPR-ART17 (Right to Erasure), GDPR-ART7 (Conditions for Consent), CCPA-1798105 (Right to Delete), CCPA-1798120 (Right to Opt-Out), DSA-ART26 (Transparency of Advertising), and DSA-ART25 (Prohibition of Dark Patterns)adworth-rules.json) is version-controlled in the adworthllc/adworth-mvp GitHub repository as the source of truth. Every change is a committed, timestamped, and attributed diffADWORTH_RULES Cloudflare KV namespace before taking effect at runtime. The sync constitutes a deliberate human checkpoint between GitHub approval and live enforcement logicschema_version and effective_date fields in the rules table are recorded in every RPE-generated notice, providing a permanent audit link between any notice and the exact rules version that produced itrules_version it was generated under. If you later dispute the legal basis of a notice, the rules version embedded in the notice can be retrieved from GitHub commit history to reconstruct the exact ruleset that was appliedThe rules table is designed to be extended without requiring RPE code changes. Planned additions include Brazil LGPD, UK GDPR, CAN-SPAM, and U.S. state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA). When new regulations are added, these terms will be updated and waitlist members will be notified.
The adworth-rules Worker exposes public, unauthenticated read endpoints for the rules table: GET /rules (full table), GET /rules/:regulation_id (single regulation), and GET /rules/:regulation_id/:right_id (single right). These endpoints are publicly accessible to support transparency, third-party verification, and regulatory audit. Write and sync endpoints (POST /admin/sync) require API key authentication. No personal data is served by or transmitted to this Worker.
adworth-rules is live in production at adworth-rules.adworthllc.workers.dev serving rules v1.0.0. The RPE (adworth-rpe v2.3.0) communicates with this Worker via a Cloudflare Service Binding (RULES_WORKER) for secure worker-to-worker communication, with a 5-minute in-memory cache. Admin sync operations currently require manual KV entry; GitHub Actions CI-triggered sync is planned for a future release.
The following terms govern your use of Adworth’s consent token system and Invisibility Ledger.
Consent tokens represent specific, bounded grants of data consent. By issuing a consent token, you acknowledge that:
All consent lifecycle events (issuance, validation, revocation, expiration) and enforcement events (access decisions, violation detection, removal payload generation) are recorded in the Invisibility Ledger. By using the consent system, you acknowledge and agree that:
CONSENT_ISSUED (written by the Consent Widget or, as of Ingestion API v1.3.0, by the Ingestion API upon successful Ed25519 signature verification), CONSENT_REVOKED, CONSENT_EXPIRED, ACCESS_CHECKED, VIOLATION_DETECTED, RPE_GENERATED, and MINOR_SHIELD_ACTIVEadworth-ledger) is read-only by architectural design — it cannot create, modify, or delete entriesYour data remains yours. Adworth’s consent infrastructure does not transfer ownership of your data to Adworth or any third party. The consent token system exists to enforce your decisions about who can access your data, for what purpose, and for how long.
Adworth acts as infrastructure — we facilitate consent enforcement but do not access, use, or monetize the underlying user data that consent tokens govern.
The following terms govern your use of Adworth’s State-Persistence Monitor (Patent Component #4) and Removal Payload Engine (Patent Component #5).
The State-Persistence Monitor scans for unauthorized data retention by third parties after consent has been revoked or expired. By using or benefiting from this service, you acknowledge that:
VIOLATION_DETECTED entries and are subject to the same immutability and retention rules as all ledger entriesMONITOR_STATE) for audit and compliance purposesThe Removal Payload Engine generates legally-cited deletion requests when violations are detected. It operates both within the State-Persistence Monitor and as a standalone Cloudflare Worker (adworth-rpe v2.3.0). As of March 11, 2026, the RPE communicates with the adworth-rules Regulation Rules Worker via a Cloudflare Service Binding (RULES_WORKER) for secure worker-to-worker communication and evaluates all legal citations, deadlines, and obligations at runtime rather than from hardcoded strings. By using or benefiting from this service, you acknowledge that:
GDPR-ART17, GDPR-ART7, CCPA-1798105, CCPA-1798120, DSA-ART26, DSA-ART25rules_version and rules_effective_date under which it was generated, creating a permanent audit link to the exact regulatory ruleset appliedgdpr-17, ccpa-1798) are mapped to current right IDs for backwards compatibilityRPE-YYYY-XXXXXX and are unique, non-sequential identifiersRPE_GENERATED entriesadworth-rpe worker provides public verification endpoints allowing any party to independently verify the integrity and authenticity of a generated notice using its Notice ID, without authenticationSIMULATED. The enterprise page includes an RPE demo that generates clearly-marked demonstration notices. No deletion requests have been sent to any third party.
The adworth-rpe worker exposes public endpoints that allow anyone with a Notice ID to verify that a removal notice was generated by Adworth and has not been tampered with. Verification responses include the rules_version under which the notice was generated. Demo-mode notices are clearly identified in verification responses.
Adworth’s State-Persistence Monitor and Removal Payload Engine are designed to assist with post-consent enforcement, but Adworth does not guarantee that all instances of unauthorized data retention will be detected, that data brokers will comply with removal payloads, or that detection or enforcement actions will satisfy specific regulatory requirements. These tools are provided as technical infrastructure to support your data rights. They do not replace legal counsel, regulatory filings, or direct communication with data processors.
The Privacy Governance Engine (adworth-bouncer) is a real-time consent enforcement service that evaluates data access requests against active consent tokens. By using the Governance Engine, you acknowledge that:
GOVERNANCE_LOG) and Invisibility Ledger (ADWORTH_LEDGER)TOKEN_NOT_FOUND, TOKEN_REVOKED, TOKEN_EXPIRED, ADVERTISER_MISMATCH, SCOPE_MISMATCH, SIGNATURE_INVALID, MINOR_SHIELD_ACTIVE, GPC_OPT_OUT, INVALID_REQUESTMINOR_SHIELD_ACTIVE is returned, all advertising-related data access is blocked regardless of token validity or scope. This block cannot be overridden and applies for all sessions where minor user status is detected (see Section 7a)GPC_OPT_OUT is returned, the request was blocked because the user's browser sent a Sec-GPC: 1 Global Privacy Control signal. Adworth honors GPC signals as valid opt-outs of data sale and sharing under CPRA § 1798.135(d). This block applies regardless of token validity and cannot be overridden by a consent tokenlocalStorage, sessionStorage, cookies, or any server-side systemThe Consent Widget is a demonstration interface that allows users to grant and revoke consent tokens through a visual interface connected to the live Consent API. By using the Consent Widget, you acknowledge that:
The Advertiser Integration page provides documentation and a live API sandbox for testing data access requests against the Privacy Governance Engine. By using the sandbox, you acknowledge that:
The Invisibility Ledger viewer (adworth-ledger) provides read-only access to the tamper-evident audit trail. By using the viewer, you acknowledge that:
localStorage, sessionStorage, cookies, or any server-side logUsers who join the Adworth waitlist prior to the public marketplace launch may be designated as “Founding Members.” By joining the waitlist, you acknowledge that:
Adworth implements the following systemic privacy protocols, active by default across the infrastructure. These mechanisms protect users from external surveillance and are not used to obscure user rights, limit data access, or affect payout accuracy. Full technical disclosure is available in the Privacy Policy Section 8.
The adworth-ledger Worker injects synthetic “chaff” (decoy) entries alongside real consent events. By using the consent system and Invisibility Ledger, you acknowledge that:
A 2% randomized fuzz coefficient is applied to numeric metadata fields in consent scope records where mathematically applicable. By using the consent system, you acknowledge that:
When consent token scope metadata includes a location parameter, coordinates are snapped to a 1 km² grid square. By using location-scoped consent tokens, you acknowledge that:
When a consent token carries user_type: minor metadata, the system enters a High-Shield state. By using services that involve minor users, you acknowledge that:
MINOR_SHIELD_ACTIVE, regardless of token validity or scopeA future capability for device-bound offline consent authorization via Secure Enclave and NFC/Bluetooth Mesh Promissory Tokens. This feature is not yet deployed. These terms will be updated when it enters development. Claiming offline authorization capability through Adworth before this feature launches is not permitted.
A future capability for local biometric verification (FaceID / TouchID) as a gate before consent token activation. This feature is not yet deployed. When deployed, no biometric data will ever be transmitted to or stored by Adworth. These terms will be updated before deployment begins.
Access to the Adworth Consent API, Privacy Governance Engine, State-Persistence Monitor, Removal Payload Engine, Regulation Rules Worker, Ingestion API, and associated services is governed by the following terms:
X-API-Key header or Bearer token in the HTTP Authorization header/rules and /rules/:id) are accessible without authenticationPOST /admin/sync), ingestion submissions, public key registration, and waitlist admin operationsAPI_SECRET_KEY environment variable name for consistency. All API key comparisons use constant-time HMAC-SHA256 verification via crypto.subtle to prevent timing-based side-channel attackslocalStorage, sessionStorage, cookies, or any server-side logAPI access is subject to reasonable rate limits. Public endpoints such as the adworth-ads /analyze endpoint enforce IP-based rate limiting (10 requests per IP per hour) via Cloudflare KV with automatic expiration. We reserve the right to throttle or suspend access for any usage patterns that are excessive, abusive, or that degrade service quality for other users. The adworth-rules Worker implements a 5-minute in-memory cache on regulation rule fetches to minimize inter-Worker request load. State-Persistence Monitor scans process the full ledger on each invocation and should be triggered at reasonable intervals. Ingestion API setup tokens are rate-limited by design to prevent registration abuse.
All Adworth APIs are provided on an “as available” basis. While we strive for high availability, we do not guarantee uptime or response times. If the adworth-rules Worker is temporarily unavailable via the RULES_WORKER Service Binding, the RPE will fall back to the public URL; if both are unreachable, the RPE will reject notice generation requests with a 503 error rather than fall back to hardcoded citations — this is by design to ensure no notice is generated with unverified legal data.
You must be at least 13 years of age to use Adworth services. By using our services, you represent that you meet this requirement.
Users aged 13–17 are subject to the Minor Shield Protocol (Section 7a). No advertising data access is permitted for minor users, and consent tokens associated with minor users cannot be used in the consent marketplace.
If you are using Adworth on behalf of an organization, you represent that you have authority to bind that organization to these terms.
Some features of our platform may require you to create an account or obtain API credentials. When registering, you agree to:
We reserve the right to suspend or terminate accounts that violate these terms.
You agree not to use Adworth services to:
adworth-ads worker/submit JSON endpointADWORTH_RULES KV namespace or the adworth-rules.json regulation rules table without authorizationPOST /admin/sync endpoint with the intent to produce notices with false legal citationsuser_type metadata to obtain advertising data access for a minor userWe reserve the right to investigate and take appropriate action against violations, including API key revocation, device key revocation, account suspension or termination, and referral to law enforcement.
All content, technology, and materials on the Adworth platform — including but not limited to the Privacy Governance and Cryptographic Consent Enforcement System (U.S. Provisional Patent Application, filed February 23, 2026), the Adworth℠ service mark, the consent token architecture, the Invisibility Ledger design (including the Ledger Chaff noise injection system), the State-Persistence Monitor, the Removal Payload Engine (including the standalone adworth-rpe v2.3.0 Worker, its HMAC-SHA256 signing system, runtime regulation rule evaluation via Service Binding, public verification endpoints, and demo mode), the Regulation Rules Worker (adworth-rules) and its machine-readable versioned rules table, the Privacy Governance Engine (including the Minor Shield Protocol), the Advanced Privacy Protocols (Ledger Chaff, Local Differential Privacy fuzz, Location Grid Quantization, Minor Shield), the Ad Intelligence pipeline, the PII Advertiser Name Classifier, the Ingestion API, the Privacy Cockpit Chrome extension, the Ed25519 signing architecture, website design, text, and software — are owned by Adworth LLC and protected by applicable intellectual property laws.
You may not copy, reproduce, distribute, or create derivative works from our intellectual property without our express written permission.
You retain ownership of any content you submit to our platform. By submitting content, you grant Adworth a limited, non-exclusive license to use that content solely to provide and improve our services.
Consent tokens you issue and the consent decisions they represent remain under your control. You may revoke consent at any time, and Adworth will enforce that revocation through the consent system and, where applicable, through the State-Persistence Monitor and Removal Payload Engine. The cryptographic identifiers generated by the system are functional artifacts of the service and do not constitute your intellectual property or personal data.
Adworth services are provided “as is” and “as available” without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.
We do not warrant that our services will be uninterrupted, error-free, or free of viruses or other harmful components. As an early-stage platform, we make no guarantees about uptime, data preservation, or feature availability.
Any pricing figures referenced on adworth.app or associated pages — including but not limited to enterprise licensing ranges, transaction fee percentages, and certification program costs — are indicative projections only and are subject to change without notice. They do not constitute binding price commitments, offers, or contractual terms. Similarly, features described as “coming,” “2026,” or “Phase 2” represent development roadmap intentions, not guaranteed deliverables. The Nashville Offline Protocol and Biometric Gating are roadmap items and are not currently available. Enterprise customers should contact for current pricing and availability.
The regulation rules table served by adworth-rules contains legal citations, deadlines, and obligations derived from publicly available regulatory texts. Adworth does not warrant that the rules table is complete, current, or legally accurate in every jurisdiction. Legal frameworks change; Adworth will make reasonable efforts to update the rules table when material regulatory changes occur, but does not guarantee real-time accuracy. The rules table is informational infrastructure and does not constitute legal advice. Users should consult qualified legal counsel for compliance determinations.
The PII Advertiser Name Classifier in adworth-ads is designed to detect and anonymize individual person names in publicly available ad data before any response leaves the worker. Adworth does not warrant that the classifier will detect every instance of a person name in all ad data, nor that anonymization will satisfy specific regulatory or legal requirements in any jurisdiction.
The Ingestion API uses Ed25519 (FIPS 186-5 approved) to verify data authenticity. Adworth does not warrant that Ed25519 verification satisfies specific regulatory, legal, or compliance requirements in any particular jurisdiction.
The standalone Removal Payload Engine (adworth-rpe v2.3.0) generates notices with HMAC-SHA256 cryptographic signatures and content hashes, with legal citations evaluated at runtime from the versioned rules table via a Cloudflare Service Binding. Adworth does not warrant that these signatures will be accepted as legally sufficient proof in any jurisdiction, nor that public verification endpoint availability will be uninterrupted. Demo-mode notices carry no legal effect regardless of their content or formatting.
The Ledger Chaff, Local Differential Privacy, Location Grid Quantization, and Minor Shield protocols are provided as privacy-protective infrastructure. Adworth does not warrant that these measures will satisfy specific regulatory or legal privacy requirements in any jurisdiction, prevent all forms of external inference or analysis, or constitute compliance with any specific privacy law. These protocols are technical safeguards only and do not replace legal counsel or regulatory compliance review.
The Nashville Offline Protocol and Biometric Gating are not yet deployed. Any description of these features in marketing or informational materials represents roadmap intent only and does not constitute a warranty or commitment to deliver.
The consent token system, Invisibility Ledger, State-Persistence Monitor, and Removal Payload Engine are provided as technical infrastructure. While designed for regulatory compliance support, Adworth does not guarantee that use of our system constitutes full legal compliance with any specific regulation (including GDPR, CCPA, CPRA, or DSA). Users should consult qualified legal counsel for compliance determinations.
Simulated broker check results do not represent actual data broker behavior or actual instances of unauthorized data retention. Removal payloads generated in simulated or demo mode are for demonstration purposes and should not be relied upon as evidence of legal violations.
Nothing on this platform constitutes legal, financial, or investment advice.
To the maximum extent permitted by applicable law, Adworth LLC and its founders, officers, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of — or inability to use — our services.
This includes, without limitation, damages arising from: consent token validation failures, ledger entry delays or inconsistencies, API downtime or authentication errors, State-Persistence Monitor scan failures or inaccurate detection results, Removal Payload Engine generation errors or delivery failures, RPE public verification endpoint unavailability or incorrect verification results, RPE HMAC signature validation failures, regulation rules fetch failures or temporary unavailability of the adworth-rules Worker, rules table inaccuracies or outdated legal citations, Privacy Governance Engine blocking decisions (including MINOR_SHIELD_ACTIVE blocks), Ledger Chaff entries being indistinguishable from real entries, Local Differential Privacy fuzz affecting aggregate analysis, Location Grid Quantization reducing GPS precision, Minor Shield Protocol blocking authorized users due to incorrect user_type metadata, PII Advertiser Name Classifier detection failures or false positives, Ingestion API signature verification failures, Ed25519 keypair generation or registration errors, Privacy Cockpit extension data extraction failures, Auth Guard rate limit blocking of legitimate requests, Auth Guard KV availability affecting authentication audit logging, Consent Widget UI unavailability affecting investor demonstration sessions, or failure of third-party systems (including Cloudflare Workers KV, Vercel, IONOS, GitHub, Proton Mail, DataForSEO, or Anthropic) on which our infrastructure depends.
Adworth is not liable for any consequences arising from third-party data brokers’ failure to comply with removal payloads, whether simulated, demo, or live. Adworth is not liable for any legal, financial, or reputational consequences arising from reliance on simulated or demo-mode results, indicative pricing figures, forward-looking feature descriptions, regulation rules table contents, or Advanced Privacy Protocol behavior.
Our total liability to you for any claims arising under these terms shall not exceed the greater of $100 or the amount you paid to Adworth in the 12 months preceding the claim.
You may stop using our services at any time. You may request deletion of your account and data by contacting us at .
We reserve the right to suspend or terminate your access to our services at any time, with or without notice, for any reason, including violation of these terms. This includes revocation of API keys, revocation of device-registered Ed25519 public keys, and suspension of monitor scan access.
Upon termination, your right to use our services ceases immediately. Provisions that by their nature should survive termination — including intellectual property, disclaimers, limitation of liability, and ledger immutability — will survive.
Note that consent ledger entries, access decision records, violation detection records, and removal payload records (which contain no personally identifiable information) are retained as part of the immutable audit trail even after account termination, as they serve as proof of consent actions and enforcement for all parties involved.
These Terms of Service are governed by and construed in accordance with the laws of the State of South Carolina, United States, without regard to its conflict of law provisions.
Any disputes arising under these terms shall be resolved exclusively in the state or federal courts located in Charleston County, South Carolina, and you consent to personal jurisdiction in those courts.
We may update these Terms of Service at any time. When we make material changes, we will notify waitlist members and registered users by email at least 14 days before the changes take effect. The “Last updated” date at the top of this page will always reflect when the terms were last revised. Your continued use of Adworth services after changes are posted constitutes your acceptance of the updated terms.
In particular, these terms will be updated when: (1) the State-Persistence Monitor and Removal Payload Engine transition from simulated to live operation, as this change materially affects the scope of data processing and third-party communications; (2) the Privacy Cockpit extension is published to the Chrome Web Store; (3) the consent marketplace launches; (4) the Nashville Offline Protocol or Biometric Gating features enter active development; and (5) new regulations are added to the adworth-rules regulation rules table (LGPD, UK GDPR, U.S. state laws). When any of these transitions occur, we will notify users by email in advance of the change taking effect.
If you have questions or concerns about these Terms of Service, please contact us:
For information about how we handle your data, please see our Privacy Policy.
To report a security vulnerability in any Adworth system, see our responsible disclosure policy at adworth.app/.well-known/security.txt or email with the subject line “Security Disclosure.” We will respond within 72 hours.
Enterprise customers requiring a Data Processing Agreement (DPA) under GDPR Article 28, a Business Associate Agreement (BAA), or other data governance documentation should contact with the subject line “DPA Request.” We will respond to DPA inquiries within five business days. Note that formal DPA templates are in development as part of our enterprise readiness roadmap; availability may vary based on current stage of platform maturity.