Terms of Service
Effective date: May 18, 2026 · IronWeft (“we,” “our,” “us”)
By accessing or using ironweft.io or the IronWeft API (collectively, the “Service”), you agree to these Terms of Service. If you do not agree, do not use the Service.
1. The Service
IronWeft provides Agent IAM infrastructure — registration, credentialing, authorization, and audit logging for autonomous AI agents. We provide the control plane; you are responsible for the agents you register and the actions they take.
2. Your Account
You must provide accurate information when signing up. You are responsible for maintaining the security of your API key. Do not share your API key or embed it in client-side code. If your key is compromised, rotate it immediately via the API or contact us.
You are responsible for all activity that occurs under your account, including actions taken by agents you register.
3. Acceptable Use
You agree not to use the Service to:
- Register agents for prohibited uses as defined by the EU AI Act (social scoring, biometric surveillance in public spaces, subliminal manipulation, predictive policing profiling)
- Circumvent or tamper with the authorization or audit systems
- Attempt to access other tenants' data or systems
- Use the Service in violation of applicable laws or regulations
- Abuse the API in ways that degrade service for other users (rate limits apply)
- Reverse engineer the Service or attempt to derive source code
We reserve the right to suspend or terminate accounts that violate these terms without notice.
4. API Keys and Credentials
API keys are issued once and not recoverable. If lost, you must rotate the key. Short-lived agent credentials (JWTs) expire as configured — you are responsible for credential lifecycle management within your integration.
5. Audit Logs
Audit logs are append-only and hash-chained. We do not modify or delete audit log entries on request, as this would break chain integrity and undermine the compliance value of the Service. This is by design.
You may export your audit trail at any time via the API.
6. Billing
Paid plans are billed as described on our pricing page. Billing is processed through Stripe. We reserve the right to change pricing for new accounts with 30 days notice.
Founding tier pricing is locked for the lifetime of the account at the rate agreed at signup — no rate hikes, no plan changes. Founding pricing is non-transferable and tied to the original account holder. It may not be sold, assigned, or transferred to any third party. Accounts must remain in good standing to retain founding pricing.
Failure to pay may result in service suspension. Disputes must be raised within 30 days of the charge.
7. Uptime and SLA
We aim for high availability but do not guarantee uptime at this stage of the Service. Enterprise SLA terms are available on request. Planned maintenance will be communicated in advance where possible.
8. Data and Privacy
Our collection and use of your data is governed by our Privacy Policy, which is incorporated into these Terms by reference.
9. Intellectual Property
The Service, including its API design, audit chain architecture, and documentation, is owned by IronWeft. Our open source SDKs are licensed under MIT — see each repository for details. These Terms do not grant you any rights to our trademarks or brand.
10. Limitation of Liability
The Service is provided “as is.” To the maximum extent permitted by law, IronWeft shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service, even if advised of the possibility of such damages.
Our total liability to you for any claim arising from the Service shall not exceed the amount you paid us in the 3 months preceding the claim.
11. Indemnification
You agree to indemnify and hold IronWeft harmless from any claims, damages, or expenses (including legal fees) arising from your use of the Service, your agents' actions, or your violation of these Terms.
12. Termination
You may close your account at any time by contacting us. We may suspend or terminate your account for violations of these Terms. Upon termination, your API key is invalidated and your agents are retired. Audit logs are retained per our Privacy Policy.
13. Authorization Decisions and Agent Behavior
Decisions are not enforcement. IronWeft provides authorization decisions (allow, deny, or challenge) in response to calls made to the /authorize endpoint. IronWeft does not enforce those decisions — enforcement is the responsibility of the integrating system. If your system fails to honor a deny or challenge response and an agent proceeds to act, IronWeft bears no liability for resulting actions or damages.
Out-of-band actions. IronWeft only has visibility into actions that are submitted to /authorize. If an agent takes an action without calling /authorize — whether intentionally, due to incomplete integration, or legacy code paths that bypass the control plane — IronWeft has no record of that action, made no decision regarding it, and bears no responsibility for it. The audit log is the definitive boundary of IronWeft's involvement: if an action does not appear in your audit trail, IronWeft was not consulted.
Context accuracy. Authorization decisions are based entirely on the context you provide in each /authorize request. IronWeft does not independently verify the accuracy of the action, resource, parameters, or context fields you submit. If inaccurate or incomplete context results in an authorization decision that permits unintended behavior, that is the responsibility of the integrating party.
Point-in-time decisions. Each authorization decision reflects IronWeft's policy evaluation at the moment of the request. An allow decision does not constitute a warranty that the action is safe, legal, or appropriate — only that it matched the applicable rules and scopes at that instant. IronWeft is not liable for downstream outcomes of authorized actions.
Partial integration. Customers who route only some agent actions through IronWeft receive protection only for those actions. IronWeft makes no representation about, and accepts no liability for, agent behavior outside the scope of its audit trail.
14. Governing Law
These Terms are governed by the laws of the United States. Any disputes shall be resolved through binding arbitration, except where prohibited by law.
15. Changes to These Terms
We may update these Terms as the Service evolves. Material changes will be communicated via email to account holders with at least 14 days notice. Continued use after the effective date constitutes acceptance.
16. Contact
Questions about these Terms: forged@ironweft.io