B2A Blue Pillow (b2a.bluepillow.com) is the agent-facing surface operated by Blue Pillow S.p.A. This short notice covers what is specific to anonymous, agent-driven access to the B2A API and MCP server. The full Blue Pillow privacy notice (data subject rights, retention, transfers, contact for data requests) remains authoritative.
What we collect
- Anonymous API keys. When an agent or a visitor requests a key
through
POST /v1/keys, theb2a_get_keyMCP tool, or the on-site widget, we generate a random opaque key. No email, account, or other identifier is required. The key is the only credential bound to the caller. - Request metadata. We log the requested path, response status, latency, and the anonymous key id (not the key itself). We do not log request bodies that would identify an end-user.
- IP address. Truncated to /24 (IPv4) or /48 (IPv6) and retained only for abuse-prevention and rate-limit enforcement.
- Analytics on the human site (this site). Subject to your cookie consent, we may load Google Analytics 4 to measure traffic. The agents site at agents.b2a.bluepillow.com is analytics-free.
What we don't collect
- No personal data tied to the anonymous API key.
- No third-party advertising tags on either site.
- No request body content from agent calls beyond what is needed to serve the response.
Your rights
You can request access, correction, or deletion of any data we hold about you under the GDPR. Because B2A anonymous keys are not linked to a personal identifier, in practice the data we hold per key is limited to the metadata listed above. Contact info@bluepillow.com for requests.
Full policy
For the complete Blue Pillow Platforms policy, see bluepillow.com/privacy.