Terms of Service

Effective Date: February 24, 2026  |  Last Updated: February 24, 2026

1. Acceptance of Terms

These Terms of Service (“Terms”) constitute a legally binding agreement between you (“you,” “your,” or “Customer”) and Antihero, Inc. (“Antihero,” “we,” “us,” or “our”) governing your access to and use of the Antihero platform, APIs, browser extension, CLI tools, SDKs, documentation, and related services (collectively, the “Service”).

By creating an account, accessing the Service, or clicking “I agree,” you agree to be bound by these Terms. If you are accepting on behalf of an organization, you represent that you have the authority to bind that organization. If you do not agree, do not use the Service.

2. Description of Service

Antihero provides:

• Policy Enforcement — Real-time evaluation of AI agent actions against declarative security policies
• Cryptographic Audit Trails — Hash-chained, tamper-evident records of all policy evaluations and outcomes
• Content Inspection — Detection and redaction of sensitive data (PII, secrets, credentials) in agent actions
• Behavioral Analytics — Per-agent behavioral baselines and anomaly detection
• Compliance Reporting — Automated mapping to regulatory frameworks (SOC 2, HIPAA, EU AI Act, NIST, FedRAMP, and others)
• AI Liability Insurance — Optional per-incident coverage for damages caused by AI agents (Sentinel and Sovereign tiers; subject to separate Insurance Terms)
• Advanced Features — Trajectory analysis, incident response, observability, FIPS cryptography, federated policy sync, and other capabilities as described in our documentation

Feature availability depends on your subscription tier. We reserve the right to modify, add, or remove features with reasonable notice. Material feature removals affecting your tier will be communicated at least 60 days in advance.

3. Accounts and Registration

To use the Service, you must create an account with accurate and complete information. You are responsible for maintaining the confidentiality of your credentials and for all activity under your account. You must notify us immediately of any unauthorized access.

You must be at least 16 years old (or the age of majority in your jurisdiction) to create an account. Organizations must designate an authorized administrator.

4. Subscription Tiers and Billing

4.1 Tiers

The Service is offered in four tiers:

• Watchdog (Free) — 1,000 events/month, 5 policies, 7-day retention
• Enforcer ($29/month) — 25,000 events/month, unlimited policies, 90-day retention, trajectory analysis, canary tokens, decision caching, explainable denials, basic knowledge graph, policy versioning, basic observability, marketplace browsing
• Sentinel ($99/month) — 200,000 events/month, $100K AI liability coverage, semantic DLP, incident response, drift detection, 7 compliance frameworks, policy simulation, formal verification, multi-tenant hierarchy, approval workflows, digital twin replay, 1-year retention
• Sovereign (Custom) — Unlimited events, $1M+ AI liability coverage, FIPS cryptography, air-gap deployment, classification markers, federated policy sync, custom compliance frameworks, policy branch and merge, 4-level org hierarchy, SLA monitoring, what-if simulation, private marketplace, custom incident playbooks, dedicated instance

4.2 Billing

Paid tiers are billed monthly or annually in advance. Prices are in US dollars and exclude applicable taxes. We may change pricing with 30 days’ notice; existing subscriptions are honored through the current billing period.

If you exceed your tier’s event limit, additional events are queued and evaluated with best-effort latency. We will notify you when you reach 80% and 100% of your limit. You may upgrade your tier at any time; downgrades take effect at the next billing cycle.

4.3 Refunds

Monthly subscriptions may be cancelled at any time; service continues through the end of the current billing period. Annual subscriptions may be refunded pro-rata within the first 30 days. No refunds are provided after 30 days for annual plans.

5. Acceptable Use

You agree not to:

• Use the Service to facilitate illegal activity or violate any applicable law
• Reverse-engineer, decompile, or disassemble the Service (except as permitted by applicable law)
• Circumvent rate limits, access controls, or security measures
• Use the Service to evaluate or enforce policies that discriminate on the basis of race, gender, religion, national origin, disability, or other protected characteristics
• Submit content that contains malware, viruses, or destructive code
• Resell or sublicense the Service without written authorization
• Use the Service in a manner that could damage, disable, or impair its operation
• Interfere with other users’ access to or use of the Service

We reserve the right to suspend or terminate your account for violations of this section, with notice where practicable.

6. Data Ownership and Intellectual Property

6.1 Your Data

You retain all rights to data you submit to the Service (“Customer Data”), including policy definitions, audit events, agent configurations, and compliance reports. You grant Antihero a limited license to process Customer Data solely to provide and improve the Service.

We do not use Customer Data to train machine learning models. We do not claim ownership of your policies, audit trails, or compliance reports.

6.2 Our Intellectual Property

Antihero retains all rights to the Service, including software, algorithms, documentation, user interface designs, and trademarks. Pre-built policy templates in the marketplace are licensed under Creative Commons CC-BY-4.0 unless otherwise noted.

6.3 Feedback

If you provide suggestions, ideas, or feedback about the Service, you grant us a non-exclusive, royalty-free, worldwide license to use that feedback for any purpose without obligation to you.

7. AI Liability Insurance Terms

7.1 Coverage

Insurance covers direct damages caused by AI agent actions that were evaluated by Antihero, including:

• Data exposure or unauthorized disclosure
• System downtime caused by agent actions
• Unauthorized transactions or resource modifications
• Regulatory fines directly attributable to agent behavior (where insurable by law)

7.2 Exclusions

Insurance does not cover:

• Actions that bypassed Antihero evaluation (not routed through the policy engine)
• Intentional misuse or fraud by the Customer
• Damages arising from policies the Customer knowingly configured to be overly permissive
• Pre-existing conditions or known vulnerabilities not disclosed at enrollment
• Consequential, indirect, or punitive damages beyond the coverage limit

7.3 Claims Process

Claims are filed through the Antihero dashboard with reference to the relevant AEE chain. Claims are adjudicated against the cryptographic evidence trail. The AEE chain serves as deterministic proof of what happened, when, and which policies were in effect. Claims must be filed within 30 days of the incident.

7.4 Premium Adjustments

Insurance premiums are dynamically adjusted based on your security posture, including: deny rate trends, incident frequency, compliance posture, and audit trail integrity. Low-risk profiles earn premium discounts; high-risk profiles may incur surcharges. All adjustments are transparent and visible in the dashboard.

8. Service Level

8.1 Availability

We target 99.9% uptime for the policy evaluation API (Enforcer and above). Sovereign tier customers receive custom SLA terms defined in their enterprise agreement. Planned maintenance windows are communicated at least 48 hours in advance.

8.2 Fail-Closed Behavior

Antihero is designed to fail closed: if the policy engine is unreachable, the default behavior is to deny all actions. This is a safety feature, not a defect. You acknowledge that fail-closed behavior may temporarily block legitimate agent actions during outages.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ANTIHERO’S TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNT YOU PAID FOR THE SERVICE IN THE 12 MONTHS PRECEDING THE CLAIM, OR (B) $100.

THIS LIMITATION DOES NOT APPLY TO: (I) LIABILITY ARISING FROM ANTIHERO’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, (II) INSURANCE CLAIMS GOVERNED BY THE SEPARATE INSURANCE POLICY, OR (III) ANTIHERO’S INDEMNIFICATION OBLIGATIONS.

IN NO EVENT SHALL ANTIHERO BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES, REGARDLESS OF THE THEORY OF LIABILITY.

10. Indemnification

You agree to indemnify and hold harmless Antihero from claims arising from: (a) your violation of these Terms, (b) your use of the Service in violation of applicable law, (c) policies you configure that are intentionally harmful or discriminatory, or (d) your agents’ actions to the extent not covered by insurance.

Antihero agrees to indemnify you from claims arising from: (a) our breach of data protection obligations described in the Privacy Policy, and (b) infringement of third-party intellectual property rights by the Service itself.

11. Termination

11.1 By You

You may terminate your account at any time through the dashboard settings. Upon termination, your access to the Service ceases at the end of the current billing period. You may export your data (policies, audit events, compliance reports) before termination.

11.2 By Us

We may suspend or terminate your account: (a) for material breach of these Terms (with notice and a 14-day cure period where the breach is curable), (b) immediately for violations of the Acceptable Use policy that pose a security risk, (c) for non-payment after 30 days past due, or (d) if required by law.

11.3 Effect of Termination

Upon termination: access to the Service ceases, scheduled data deletion occurs per our retention policy, pending insurance claims continue to be processed, and sections 6 (Intellectual Property), 9 (Limitation of Liability), 10 (Indemnification), and 14 (Governing Law) survive termination.

12. Government and Regulated Use

Sovereign tier customers in government or regulated environments acknowledge that:

• FIPS-mode cryptography uses hashlib with OpenSSL FIPS-capable providers; FIPS 140-2/3 certification of the underlying OpenSSL module is the customer’s responsibility to verify for their environment
• Classification markers (UNCLASSIFIED through TOP SECRET) are metadata labels managed by the customer; Antihero does not perform security clearance verification
• Air-gap mode blocks network actions at the application layer; network-level isolation is the customer’s responsibility
• Federated policy sync transmits signed policy bundles; the security of the transport layer between organizations is the customer’s responsibility
• The Service is not currently FedRAMP authorized; FedRAMP-aligned policy templates are provided for the customer’s use in their own authorization boundary

13. Modifications to Terms

We may modify these Terms with at least 30 days’ notice via email or in-product notification. Material changes (pricing, liability, data handling) require 60 days’ notice. If you disagree with changes, you may terminate your account before the new terms take effect. Continued use after the effective date constitutes acceptance.

14. Governing Law and Disputes

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes shall be resolved by binding arbitration under the rules of the American Arbitration Association, conducted in English, with the seat of arbitration in Wilmington, Delaware.

Either party may seek injunctive relief in any court of competent jurisdiction to prevent irreparable harm. Class action waiver: you agree to resolve disputes individually, not as part of a class or consolidated action.

For Sovereign tier customers with enterprise agreements, the dispute resolution mechanism in the enterprise agreement supersedes this section.

15. Miscellaneous

• Entire Agreement. These Terms, together with the Privacy Policy and any applicable Insurance Policy, constitute the entire agreement between you and Antihero. Sovereign enterprise agreements supersede conflicting provisions.
• Severability. If any provision is found unenforceable, the remainder continues in full force.
• Waiver. Failure to enforce a provision is not a waiver of the right to enforce it later.
• Assignment. You may not assign these Terms without our consent. We may assign in connection with a merger or acquisition.
• Force Majeure. Neither party is liable for delays caused by events beyond reasonable control (natural disasters, war, government action, internet outages).
• Notices. Notices to Antihero must be sent to legal@antiheroes.dev. Notices to you will be sent to the email associated with your account.

16. Contact

For questions about these Terms:

• Email: legal@antiheroes.dev
• Address: Antihero, Inc., Attn: Legal, [Address]