Skip to content

Legal

Terms of Service

Effective date: March 22, 2026 · Last updated: April 4, 2026

1. Acceptance of terms

By accessing or using the Intended platform, APIs, SDKs, CLI tools, website, or documentation (collectively, the "Services"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Services on behalf of an organization, you represent that you have authority to bind that organization. If you do not agree to these Terms, do not use the Services.

2. Description of services

Intended provides an AI Authority Runtime — a deterministic enforcement layer that evaluates AI agent intents against the Open Intent Layer, issues cryptographically signed authority tokens, executes authorized actions through connectors, and maintains hash-chained audit trails. The Services include the Authority Engine API, SDKs, CLI tools, connectors, escalation workflows, audit infrastructure, and documentation.

3. Accounts and API keys

  • You must provide accurate information when creating an account
  • You are responsible for maintaining the confidentiality of your API keys (mrt_live_ and mrt_test_ prefixed credentials)
  • You must notify Intended immediately of any unauthorized use of your account or API keys
  • API keys should be stored securely and never committed to source control or shared publicly
  • Intended may suspend or terminate accounts that violate these Terms or exhibit suspicious activity

4. AI agent authorization

You are solely responsible for the AI agents you connect to the Intended platform. By connecting an AI agent to the Services, you represent and warrant that:

  • You have the right and authority to connect the AI agent and authorize it to submit intents to the Authority Engine
  • You are responsible for all intents submitted by your connected AI agents, including the actions those intents request
  • You will configure appropriate policies, risk thresholds, and escalation workflows to govern your AI agents' behavior
  • You acknowledge that Intended evaluates intents according to your configured policies but does not independently verify the legitimacy or appropriateness of the underlying AI agent actions
  • You will monitor your AI agents' activity and promptly address any unauthorized or anomalous behavior

5. Acceptable use

You agree to use the Services only for lawful purposes and in accordance with these Terms. You may not:

  • Use the Services to authorize actions that violate applicable laws or regulations
  • Attempt to bypass, disable, or circumvent the Authority Engine's risk scoring, policy evaluation, or token verification
  • Reverse engineer, decompile, or disassemble any part of the Services (except as permitted by applicable law)
  • Submit intentionally malicious intents designed to exploit the risk scoring or policy engine
  • Use the Services to process data that you do not have the right to process
  • Interfere with or disrupt the Services or infrastructure
  • Share, resell, or redistribute access to the Services without written authorization
  • Attempt to access other tenants' data, keys, or authority decisions

6. Plans and usage limits

The Services are offered under Free, Team, and Enterprise plans with differing authority decision volumes, connector limits, retention periods, and support levels. Usage exceeding plan limits is handled according to your plan: Free plan decisions are queued until the next billing cycle; paid plans incur overage charges. Intended reserves the right to modify plan features with 30 days advance notice.

7. API rate limiting

Intended enforces API rate limits to protect the integrity, availability, and performance of the Services for all customers. Rate limits vary by plan tier and are documented in the API reference. Automated abuse, excessive requests, or patterns consistent with denial-of-service activity may result in temporary or permanent throttling, suspension, or termination of API access. Intended will make commercially reasonable efforts to notify you before imposing permanent restrictions, except where immediate action is necessary to protect the platform.

8. Authority tokens

Authority tokens issued by the Intended Authority Engine are cryptographically signed credentials that represent a scoped authorization decision. You acknowledge and agree that:

  • Authority tokens are cryptographically signed using RSA-4096 keys and contain scoped claims, expiry timestamps, and single-use nonces
  • You are responsible for verifying authority tokens at the point of execution using the @intended/verify SDK, connector adapters, or equivalent verification logic
  • Intended does not guarantee specific decision outcomes. Decisions are determined by your configured policies, risk thresholds, and the intent parameters submitted
  • Tokens expire according to their embedded expiry claim and cannot be renewed or extended after issuance
  • You must not attempt to forge, modify, replay, or otherwise tamper with authority tokens
  • Failure to verify tokens at execution time is solely your responsibility and Intended shall have no liability for unauthorized actions resulting from unverified tokens

9. Connectors and third-party systems

Connectors enable the Authority Runtime to execute authorized actions in third-party systems (GitHub, Jira, ServiceNow, etc.). You are responsible for:

  • Providing valid credentials for connected systems and maintaining their security
  • Ensuring that actions executed through connectors comply with the terms of service of those third-party systems
  • Understanding that Intended acts as an authorized intermediary — the authority token grants permission, but execution occurs in the target system under your credentials
  • Monitoring connector health and responding to connection failures
  • Reviewing and deploying any policy artifacts, configuration bundles, or runtime-specific outputs that Intended generates for customer-operated third-party runtimes
  • Accepting that third-party runtimes or integration targets identified as alpha, preview, or reference surfaces remain subject to the upstream provider's terms, limitations, and security posture
  • For NVIDIA OpenShell and NVIDIA NemoClaw integration paths, acknowledging that Intended supplies policy compilation and governance boundaries but does not operate, secure, or warrant the upstream runtime software

10. Audit trails and data

  • Authority decisions and audit records are stored in a hash-chained ledger for the retention period specified by your plan
  • Audit records are immutable once written to the chain. Intended cannot modify or delete individual audit entries
  • You may export audit data and evidence bundles through the API for the duration of your retention period
  • After the retention period, audit data is archived according to your plan configuration
  • Enterprise customers with extended retention have data stored in S3 Object Lock (Compliance mode)

11. Service levels

Free and Team plans are provided on a commercially reasonable effort basis. Enterprise plans include a Service Level Agreement (SLA) with specific uptime commitments, support response times, and remedies. SLA terms are documented in your enterprise agreement and the Intended SLA policy. Intended targets 99.9% uptime for the Authority Engine API for all plans.

12. Intellectual property

Intended retains all rights, title, and interest in the proprietary Services, including the hosted Authority Engine, control-plane workflows, approvals, analytics, proprietary connectors, and associated documentation, except where a component is expressly released under an open-source license. You retain all rights to your data, policies, configurations, and authority decision history. The following intellectual property rules apply:

  • Open-source Intended components, including the MIR taxonomy and designated SDKs, adapters, and CLI packages, are licensed under their published repository licenses, including Apache 2.0 where stated
  • These Terms do not restrict rights expressly granted under an applicable open-source license for a Intended package or artifact
  • Custom policies, risk thresholds, escalation workflows, and decision configurations created by you remain your intellectual property
  • Authority decision records and audit trails generated from your usage belong to you and are exportable
  • These Terms do not grant you any rights to Intended's trademarks, brand assets, or proprietary methodologies
  • Feedback, suggestions, or enhancement requests you provide may be used by Intended without obligation to you

13. Data portability

You own your data. Upon termination of your account or at any time during the term of your subscription, you may export your data — including authority decision history, audit trails, policies, and configurations — through the API or export tools provided by the Services. Following termination, Intended will maintain your data in an exportable state for thirty (30) days, after which it will be deleted in accordance with our data retention policies, except where retention is required by applicable law. For details on data processing locations, sub-processors, and international data transfer mechanisms, see our Data Processing Agreement at /legal/dpa.

14. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, Intended SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM YOUR USE OF THE SERVICES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS INTERRUPTION, REGARDLESS OF WHETHER Intended HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Intended'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE AMOUNTS PAID BY YOU TO Intended IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THIS LIMITATION APPLIES REGARDLESS OF THE THEORY OF LIABILITY, WHETHER BASED IN CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE, AND EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

15. Warranty disclaimer

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. Intended DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR THAT AUTHORITY DECISIONS WILL PREVENT ALL UNAUTHORIZED ACTIONS. YOU ARE RESPONSIBLE FOR CONFIGURING POLICIES AND RISK THRESHOLDS APPROPRIATE FOR YOUR RISK TOLERANCE.

16. Indemnification

You agree to indemnify, defend, and hold harmless Intended, its officers, directors, employees, and agents from and against all claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the Services, (b) your violation of these Terms, (c) actions executed through connectors using your credentials, (d) your content or data processed through the Services, (e) the behavior of AI agents you connect to the platform, or (f) your failure to verify authority tokens at the point of execution.

16A. Intended IP indemnification

Intended will defend, indemnify, and hold harmless Customer from and against any third-party claim alleging that Customer's authorized use of the Services in accordance with these Terms infringes any third-party intellectual property rights ("IP Claim"). Intended's obligations under this section do not apply to any IP Claim arising from: (a) Customer's modification of the Services, (b) combination of the Services with products, services, or technologies not provided by Intended, (c) Customer's continued use of the Services after receiving notice of an alleged infringement, or (d) use of the Services not in accordance with these Terms. Upon becoming aware of an IP Claim, Intended shall (a) assume sole control of the defense and settlement of the claim, and (b) at Intended's sole option, (i) modify the Services so they become non-infringing, (ii) procure a license for Customer's continued use of the affected Services, or (iii) terminate the affected portion of the Services and provide a pro-rata refund of prepaid fees for the terminated portion. This Section 16A states Customer's sole and exclusive remedy, and Intended's entire liability, with respect to any IP Claim.

17. Dispute resolution and arbitration

PLEASE READ THIS SECTION CAREFULLY — IT AFFECTS YOUR LEGAL RIGHTS.

  • Any dispute, controversy, or claim arising out of or relating to these Terms or the Services shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, in Wilmington, Delaware
  • The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court having jurisdiction
  • Intended shall bear all arbitration filing fees and arbitrator fees where the Customer is an individual or a company with fewer than fifty (50) employees. In all other cases, the parties shall share equally the fees of the arbitrator and AAA
  • Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement of intellectual property rights
  • SMALL CLAIMS EXCEPTION: Either party may bring an individual action in small claims court in Delaware if the claim qualifies for small claims court jurisdiction
  • The arbitration provisions of this Section do not apply where prohibited by applicable law, including where the Customer is a consumer as defined under Directive 2011/83/EU or is located in a jurisdiction where mandatory arbitration clauses are unenforceable. In such cases, disputes shall be resolved by the courts of the Customer's jurisdiction

18. Class action waiver

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, YOU AND Intended EACH AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. YOU AND Intended EACH WAIVE THE RIGHT TO A TRIAL BY JURY AND THE RIGHT TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING OF ANY KIND. If any court or arbitrator determines that this class action waiver is void or unenforceable for any reason, or that arbitration can proceed on a class basis, then the arbitration provisions in Section 17 shall be deemed null and void in their entirety, and the parties shall be deemed to have not agreed to arbitrate disputes.

19. Force majeure

Neither party shall be liable for any failure or delay in performing its obligations under these Terms to the extent that such failure or delay results from circumstances beyond the party's reasonable control, including but not limited to: acts of God, natural disasters, epidemics or pandemics, war, terrorism, riots, government actions or orders, labor disputes, power failures, internet or telecommunications failures, cyberattacks (including distributed denial-of-service attacks), or failures of third-party hosting providers. The affected party shall provide prompt notice and use commercially reasonable efforts to mitigate the impact and resume performance.

20. Export compliance

The Services may be subject to United States export control and sanctions laws, including the Export Administration Regulations (EAR) and programs administered by the Office of Foreign Assets Control (OFAC). You represent and warrant that:

  • You are not located in, or a national or resident of, any country subject to comprehensive U.S. sanctions (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions)
  • You are not listed on any U.S. government restricted party list, including the Specially Designated Nationals (SDN) List, the Entity List, or the Denied Persons List
  • You will not use, export, re-export, or transfer the Services in violation of any applicable export control or sanctions laws
  • You will not use the Services to process, store, or transmit data in connection with activities prohibited by applicable export controls or sanctions

21. Anti-corruption

Each party represents and warrants that it has not and will not, in connection with the transactions contemplated by these Terms, directly or indirectly offer, pay, promise, or authorize the payment of any money or anything of value to any government official, political party, or candidate for political office for the purpose of influencing any official act or decision, or securing any improper advantage. Each party shall comply with all applicable anti-corruption and anti-bribery laws, including the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act 2010 (to the extent applicable).

22. Regulatory compliance

Intended is designed to support customers' compliance obligations across multiple regulatory frameworks. The following compliance provisions apply:

  • GDPR: Where Intended processes personal data of EU/EEA data subjects, it does so in accordance with the General Data Protection Regulation (EU 2016/679). Intended's Data Processing Agreement governs such processing
  • CCPA/CPRA: For California residents, Intended complies with the California Consumer Privacy Act as amended by the California Privacy Rights Act. Intended does not sell personal information. Details are in our Privacy Policy
  • SOX: Enterprise customers using Intended for audit trail generation in financial systems should review the immutable hash-chain and evidence bundle capabilities, which are designed to support Sarbanes-Oxley Section 404 internal control documentation
  • Additional frameworks: Intended's architecture supports compliance with HIPAA (with BAA), PCI DSS, SOC 2 Type II (audit in progress), and sector-specific regulations through configurable policies and retention controls

23. Termination

Either party may terminate the agreement at any time with thirty (30) days written notice. Intended may terminate or suspend your access immediately upon material breach of these Terms. Upon termination, your access to the Services will cease. You may export your data for thirty (30) days following termination in accordance with Section 13 (Data Portability). Audit records subject to regulatory retention requirements will be maintained for the applicable retention period. Sections on intellectual property, limitation of liability, warranty disclaimer, indemnification, arbitration, class action waiver, and export compliance survive termination.

24. Changes to terms

We may modify these Terms with 30 days advance notice for material changes. Notice will be provided through the Services or by email. Continued use after the effective date constitutes acceptance. If you do not agree with the modified Terms, you must stop using the Services before the effective date.

25. Governing law

These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles. Subject to the arbitration provisions in Section 17, any disputes not subject to arbitration shall be resolved in the state or federal courts located in the State of Delaware. You agree to personal jurisdiction in those courts.

26. Severability

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible, and the remaining provisions shall remain in full force and effect.

27. Entire agreement

These Terms, together with the Privacy Policy, Data Processing Agreement, Acceptable Use Policy, and any applicable enterprise agreement or order form, constitute the entire agreement between you and Intended with respect to the Services and supersede all prior or contemporaneous communications, proposals, and agreements, whether oral or written.

28. Restrictions on competitive use

Customer shall not use the Services, or any information obtained through the Services, to build, improve, or contribute to a product or service that competes with any Intended product or service. This restriction survives termination for a period of two (2) years.

29. Regulatory compliance disclaimer

The Services are designed to support Customer's compliance efforts but do not constitute legal, regulatory, or compliance advice. Intended's audit trails and evidence bundles support but do not replace Customer's own internal control frameworks, including those required under the Sarbanes-Oxley Act (SOX), HIPAA, GDPR, or other regulatory frameworks. Customer remains solely responsible for its own compliance obligations.

30. Contact

For questions about these Terms, contact legal@intended.so or write to Intended, Inc., Attn: Legal, Austin, Texas, USA.