Terms of Service
If your organization has signed an Order Form or Enterprise Agreement with Definite, those documents take precedence over these Terms where they conflict. These Terms govern all other use of the platform.
1. Acceptance
By accessing or using the Definite platform — including the Vault API, customer dashboard, documentation site, and published SDKs (bylaw-ts, bylaw-python) — you agree to be bound by these Terms of Service (“ Terms”) on behalf of yourself and the organization you represent (“ Customer”).
If you do not have authority to bind your organization, or if you do not agree with these Terms, do not access or use the platform.
2. Definitions
“Definite” means Ledgix Inc., doing business as Definite, and its successors.
“Platform” means the Vault API, the customer dashboard, the SDKs, and associated developer tooling operated by Definite.
“Customer Data” means all data, policies, clearance request payloads, and content submitted to the Platform by Customer or on Customer’s behalf.
“Ledger” means the append-only, cryptographically tamper-evident audit record maintained per tenant.
“A-JWT” (Agentic JWT) means a short-lived Ed25519-signed token Definite issues upon approving a clearance request.
“Order Form” means any order form, statement of work, or enterprise agreement executed between Customer and Definite.
3. The Service
Definite provides a runtime authorization and audit layer for AI agent actions. Subject to these Terms, Definite grants Customer a limited, non-exclusive, non-transferable right to access and use the Platform during the subscription term for Customer’s internal business purposes.
Specifically, the Platform provides:
Policy-based clearance decisions for agent tool calls
A cryptographically tamper-evident audit ledger of all decisions
Manual review workflow for human-in-the-loop oversight
Compliance report generation
Agent drift detection and lockdown controls
Not a legal opinion. Definite produces technical evidence artifacts and authorization decisions. It does not provide legal, compliance, or regulatory advice. Whether the Platform satisfies any particular regulatory requirement — including but not limited to SOX 404, EU AI Act, ISO 42001, or SOC 2 — is Customer’s responsibility to assess with qualified advisors.
Not a substitute for human oversight. The Platform facilitates human review of agent actions. It does not replace the obligation to exercise independent human judgment where your regulatory context, internal policy, or applicable law requires it.
4. Accounts and access
Customer must designate at least one administrator account. Customer is responsible for:
Maintaining the confidentiality of all credentials and API keys
Controlling which users within the organization have access and at what permission level
All actions taken under Customer’s tenant, including actions taken by automated systems using Customer’s API keys
Definite shows raw API keys only once at creation. If a key is lost or compromised, Customer must rotate it immediately via the dashboard. Definite is not liable for unauthorized access resulting from Customer’s failure to protect credentials.
Customer must not share accounts across individuals. Each human user should authenticate with their own credentials.
5. Customer responsibilities
Policy accuracy
The quality of Definite clearance decisions depends on the quality of the policy content Customer provides. Customer is responsible for ensuring that uploaded policy content accurately reflects the rules Customer intends to enforce. Definite is not responsible for decisions that flow from inaccurate or incomplete policies.
Payload design
Customer is responsible for what it sends in tool_args. If Customer submits personal data of third parties in clearance requests, Customer must have a lawful basis for doing so and must ensure it complies with applicable privacy law. Sending only the fields necessary for the authorization decision is strongly recommended.
Tool boundary placement
Definite’s security model depends on clearance being requested at the correct point — immediately before the real side effect executes. Wrapping planning steps, orchestration logic, or helper functions instead of the actual protected action weakens the guarantee the Platform provides. Definite is not responsible for security outcomes resulting from misplaced integration points.
Reviewer availability
When manual review is configured, Customer is responsible for ensuring that reviewers are available to process requests within the time bounds that Customer’s workflows require. Definite is not responsible for timeouts or blocked workflows resulting from unattended review queues.
6. Acceptable use
Customer must not use the Platform to:
Violate any applicable law or regulation
Submit or process personal data of minors without appropriate consent
Attempt to reverse-engineer, decompile, or extract source code from the Platform
Circumvent, disable, or attack any security control, rate limit, or access restriction
Use the Platform as an ingredient to build a competing authorization or audit-trail product without prior written consent from Definite
Transmit malicious code, conduct denial-of-service attacks, or attempt to access another customer’s data
Use the Platform in any nuclear, weapons, life-critical, or military application without a dedicated enterprise agreement
Definite may suspend access immediately and without notice if it reasonably determines that Customer’s use poses a risk to the Platform or to other customers.
7. Data and confidentiality
Ownership
Customer retains all right, title, and interest in Customer Data. Definite acquires no ownership of Customer Data. Definite is granted a limited license to process Customer Data solely to deliver the Platform and related support.
Ledger immutability
The Ledger is designed to be append-only and cryptographically tamper-evident. Once a decision is recorded and anchored to external storage, individual records cannot be deleted or modified without invalidating the cryptographic proof chain. This is a deliberate design choice for compliance purposes, not a limitation of the Platform. Customer acknowledges this characteristic before submitting data to the Ledger.
Confidentiality
Each party agrees to protect the other’s confidential information with at least the same degree of care it applies to its own confidential information, and no less than reasonable care. Definite will not disclose Customer Data to third parties except as described in the Privacy Policy or as required by law.
Aggregated data
Definite may use anonymized, aggregated usage statistics derived from the Platform (e.g., request volumes, response time distributions) to operate and improve the service, provided such statistics cannot reasonably identify Customer or any individual.
8. Intellectual property
Definite and its licensors own all right, title, and interest in the Platform, including all software, models, algorithms, documentation, and trademarks. These Terms do not transfer any ownership interest in the Platform to Customer.
Customer grants Definite a limited, non-exclusive license to process Customer Data as necessary to provide the Platform. Definite will not use Customer Data to train AI models without Customer’s explicit written consent.
9. Payment and billing
Fees are as set out in the applicable Order Form or as displayed on the Definite pricing page. Unless otherwise specified:
Fees are billed in advance on a monthly or annual cycle
All fees are non-refundable except as expressly stated in an Order Form
Unpaid invoices accrue interest at 1.5% per month (or the maximum rate permitted by law, if lower), and Definite may suspend access after a 10-day cure period
Taxes are Customer’s responsibility unless Definite is required to collect them
10. Availability and SLA
Definite targets high availability for the Vault API and will publish a status page. Specific uptime commitments, SLAs, and associated remedies (e.g., service credits) are available only under a signed Enterprise Agreement. Self-service plans receive commercially reasonable availability without a formal SLA.
Scheduled maintenance will be announced at least 48 hours in advance where practicable. Emergency maintenance may occur without advance notice.
11. Warranties and disclaimers
Definite warrants that the Platform will perform materially as described in the documentation under normal use and circumstances.
Except for the express warranty above, the Platform is provided “as is”. Definite disclaims all implied warranties, including merchantability, fitness for a particular purpose, title, and non-infringement. Definite does not warrant that the Platform will be error-free, uninterrupted, or that it will satisfy any specific regulatory requirement.
12. Limitation of liability
To the maximum extent permitted by applicable law, in no event will either party be liable for indirect, incidental, special, punitive, or consequential damages, or loss of revenue, profits, data, or business opportunities, even if advised of the possibility of such damages.
Definite’s total aggregate liability arising out of or related to these Terms, in any 12-month period, will not exceed the greater of (a) the fees paid by Customer to Definite in the 12 months preceding the claim or (b) USD $500.
These limitations apply to all claims, whether in contract, tort, or otherwise. Some jurisdictions do not allow certain exclusions, so the above may not apply to you in full. Enterprise customers may negotiate higher liability caps in an Order Form.
13. Indemnification
Customer will defend, indemnify, and hold harmless Definite and its officers, directors, employees, and agents against any third-party claims, losses, damages, and costs (including reasonable legal fees) arising from:
Customer’s use of the Platform in violation of these Terms
Customer Data, including any claim that it infringes third-party rights or violates applicable law
Customer’s failure to obtain appropriate consents for personal data submitted to the Platform
Definite will defend and indemnify Customer against third-party claims that the Platform, as provided by Definite, infringes any patent, copyright, or trade secret, subject to Customer providing prompt written notice and cooperating in the defense. Definite’s obligation does not extend to claims arising from Customer’s modification of the Platform or combination with third-party products.
14. Term and termination
These Terms remain in effect until terminated. Either party may terminate for convenience on 30 days’ written notice. Either party may terminate immediately if the other party materially breaches these Terms and fails to cure that breach within 15 days of written notice.
Upon termination:
Customer’s right to access the Platform ceases immediately
Definite will make Customer Data available for export for 30 days, after which it will be deleted (except for the Ledger, which is subject to the retention terms in the Privacy Policy)
Sections 7, 8, 11, 12, 13, and 15 survive termination
15. Governing law
These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict-of-law principles. Any dispute that cannot be resolved amicably will be submitted to the exclusive jurisdiction of the state and federal courts located in Delaware. If Customer is an enterprise organization that has signed an Order Form specifying a different jurisdiction, that specification governs.
The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.
16. Changes to these Terms
Definite may update these Terms from time to time. For material changes, Definite will provide at least 30 days’ advance notice by email to the tenant administrator. Continued use of the Platform after the effective date constitutes acceptance. If Customer objects to a material change, Customer may terminate as described in section 14.
17. Contact
For questions about these Terms or to exercise any rights they describe:
Email: contact@usebylaw.com
See also our Privacy Policy.