Terms of Service

1. Service as-is

The free tier of AIAuth is provided without warranty of any kind. There is no service-level agreement (SLA), no uptime guarantee, and no promise that the signing server will remain available indefinitely. If the free service becomes unavailable, receipts already issued remain cryptographically verifiable offline against the public key published at /.well-known/aiauth-public-key.

2. Limitation of liability

To the maximum extent permitted by law, Finch Business Services LLC is not liable for any direct, indirect, incidental, consequential, or special damages arising from use of the free tier, including but not limited to loss of data, loss of business, or loss of reputation. The free tier is not a substitute for independent legal, compliance, or evidentiary counsel.

3. Data retention

Hash registry entries (content hash, receipt id, parent hash, doc id, registration timestamp) are retained indefinitely so that chain discovery continues to work for receipts issued at any time in the past. No content, no user identifiers, and no behavioral metadata are stored alongside those entries. If the free service is ever planned to be shut down, 90 days of notice will be posted on aiauth.app and the last known public key and hash registry will be archived to a public location (GitHub release or IPFS) before takedown.

4. Intellectual property

You retain all rights to the content you attest with AIAuth. Finch Business Services LLC claims no rights to your content, your receipts, or any metadata on your receipts. The AIAuth source code, receipt format specification, and protocol are licensed under Apache 2.0 (core) and BUSL 1.1 (self-hosted deployment bundle); see the LICENSE file.

5. Acceptable use

You agree not to:

• Use the signing server for mass automated attestation beyond the documented rate limits (100 requests/minute per IP, 1,000 requests/hour per IP on /v1/sign).
• Attempt to interfere with the signing server, its rate limits, or its availability for other users.
• Use AIAuth receipts to misrepresent human review — for example, attesting content without actually reviewing it, or attesting content authored by another person as your own review.
• Use AIAuth in a context where a qualified attorney has advised that receipts alone would not meet your evidentiary or regulatory requirements.

6. No PHI / no regulated content on the free tier

The free tier is intended for general-purpose use. Do not use the free tier to attest protected health information (PHI), classified government data, or any content subject to HIPAA, ITAR, or similar strict regulation. For regulated use, deploy the self-hosted enterprise build on infrastructure you control.

7. Modification of terms

Material changes to these terms will be announced on aiauth.app with at least 30 days of notice. Continued use of the service after the notice period constitutes acceptance. These terms will be versioned with a dated header above — the Last updated line reflects the most recent effective date.

8. Governing law

These terms are governed by the laws of the Commonwealth of Virginia, United States, without regard to conflict-of-law rules. Any dispute that cannot be resolved informally will be brought in the state or federal courts of the Commonwealth of Virginia.

9. Contact

Questions about these terms: legal@aiauth.app. Security reports: see SECURITY.md. General contact: sales@aiauth.app.