Terms of service · v0.1 · pending legal review

Terms of Service

Last updated: 24 May 2026. Effective date: 24 May 2026.

This is a v0.1 Terms of Service authored to make our contractual posture concrete and contestable. It has not yet been reviewed by external legal counsel; that review is gated before non-named users from the EU sign up self-serve at scale. Concerns: legal@grouhub.co.

1. Definitions

  • "Kiff Agents OÜ", "we", "us", "our" — the Estonian private limited company providing the Service. Registry code 17372313.
  • "Customer", "you", "your" — the natural or legal person agreeing to these terms.
  • "User" — any individual the Customer authorizes to access the Service through the Customer's account.
  • "Service" — the KIFF Cloud product, including api.kiff.dev, app.kiff.dev, kiff.dev, and the documentation, dashboards, and APIs we publish there.
  • "Tenant" — a logically-isolated workspace inside the Service belonging to a single Customer.
  • "Audit Data" — the events, decisions, actions, approvals, and receipts the Service persists on the Customer's behalf via the runtime.
  • "Receipt" — a signed, versioned decision record emitted by the Service for each governed action.
  • "Documentation" — the technical guides published at kiff.dev and in the public kiffhq/kiff-cloud repository.
  • "DPA" — the Data Processing Agreement at /legal/dpa, governing our processor-side relationship.

2. The agreement

These terms govern your use of the Service. By creating an account, generating an API key, or otherwise using the Service, you agree to these terms. If you accept on behalf of a company or other legal entity, you represent that you have authority to bind that entity, and "you" and "your" refer to that entity.

We may publish supplemental terms for specific features (beta features, third-party integrations). Where they conflict with these terms, the supplemental terms control for the specific feature.

3. The Service

KIFF Cloud is a hosted runtime for governed AI actions. It accepts agent proposals over HTTP, evaluates them against the Customer's domain configuration, optionally holds them for human approval, executes the cleared ones, and emits a signed Receipt for each governed action. See the whitepaper and the security posture page for the technical details.

KIFF Cloud is not an agent framework, a workflow engine, a model gateway, or a managed agent platform. It composes with whatever you already use. See "What KIFF is not" on the homepage for the explicit list.

The open-source kiffhq/kiff framework is governed by its own MIT license and falls outside these terms. When you run the framework on your own infrastructure, no contract with Kiff Agents OÜ is created.

4. Accounts and access

To use the Service you must create an account. You agree to provide accurate registration information, to keep your credentials confidential, and to be responsible for all activity under your account.

You must be at least 16 years old, or the age of digital consent in your jurisdiction, whichever is higher. The Service is not directed at children.

You are responsible for the actions of every User you authorize on your account. We may suspend an account or revoke access on reasonable notice if we detect a credible breach of these terms. For Acceptable Use violations (see §5) suspension may be immediate.

5. Acceptable use

You agree not to use the Service to:

  • violate any law or third party right;
  • generate, distribute, or store malware, exploit code, or material that infringes intellectual property;
  • generate, distribute, or store child sexual abuse material;
  • scrape, mass-export, or otherwise extract bulk data from the Service beyond your own Tenant;
  • attempt to circumvent, derive other tenants' data from, or forge Receipts emitted by the Service;
  • reverse-engineer the hosted Service for the purpose of building a competing product (this prohibition does not apply to the open-source framework, which is governed by its MIT license);
  • send spam or unsolicited messages through any Service surface;
  • use the Service to develop products or services that compete with the Service.

We may suspend immediately on a credible AUP violation. We are not obligated to monitor Customer content but may act on credible reports.

6. Customer data and content

You own your Audit Data. You grant Kiff Agents OÜ a limited, non-exclusive, royalty-free, worldwide licence to host, copy, transmit, display, and otherwise process your Audit Data solely as necessary to operate, maintain, and improve the Service for you.

We act as processor for your Audit Data under Article 28 GDPR; the DPA governs that relationship in detail. We act as controller for your account metadata; the privacy policy governs that relationship.

You represent that you have all rights necessary to submit the data you submit, and that submission complies with applicable laws (including data-protection laws and, where applicable, the EU AI Act).

7. Confidentiality

Each party may receive non-public information from the other ("Confidential Information"). The receiving party will use Confidential Information only as necessary to perform its obligations and exercise its rights under these terms, and will protect it with at least the same degree of care it uses for its own confidential information.

Confidential Information does not include information that (a) is or becomes publicly available without breach, (b) was known to the receiving party before disclosure, (c) is independently developed without use of the Confidential Information, or (d) must be disclosed by law (with notice to the other party where allowed).

8. Fees and payment

At v0.1 the Service is offered free of charge during a named private beta. When paid plans launch, fees and payment terms will be set out in an order form, in the pricing page, or in supplemental terms incorporated here. We will not start charging an active account without thirty days' written notice and an opportunity to opt out.

Where applicable, fees are exclusive of VAT. EU business-to-business transactions involving Customers outside Estonia with valid VAT identification numbers will be invoiced under the EU reverse-charge mechanism.

9. Term and termination

These terms take effect when you first use the Service and continue until terminated.

You may terminate at any time by deleting your account. We may terminate (a) for material breach not cured within thirty days of written notice, or (b) immediately for Acceptable Use violations or insolvency events.

On termination we delete your Audit Data and account metadata in line with the retention rules in the privacy policy. You may export your data before termination; on request and at our discretion we may grant a thirty-day post-termination window for export.

Sections that by their nature should survive termination survive — including confidentiality, intellectual property, indemnification, limitation of liability, disclaimers, governing law, and any accrued fees.

10. Warranties

Each party represents that it has the right and authority to enter into and perform these terms.

We warrant that we will provide the Service in a professional manner and in substantial conformity with the Documentation. Your sole remedy for breach of this warranty is, at our option, re-performance or pro-rata refund of fees attributable to the affected Service for the period of breach.

You warrant that your use of the Service complies with applicable law and these terms.

11. Disclaimer

Except for the express warranties in §10, the Service is provided "as is" and "as available". To the maximum extent permitted by law, we disclaim all other warranties, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, and any warranty arising from course of dealing or usage of trade.

We do not warrant that the Service will be uninterrupted, error-free, or free from harmful components, or that any data will not be lost or corrupted. You are responsible for backing up your data.

12. Limitation of liability

To the maximum extent permitted by law, neither party will be liable to the other for any indirect, incidental, consequential, special, exemplary, or punitive damages, including lost profits, lost revenue, lost data, or business interruption, arising out of or related to these terms or the Service, even if advised of the possibility of such damages.

Each party's aggregate liability arising out of or related to these terms will not exceed the greater of (a) the fees paid or payable by the Customer to Kiff Agents OÜ in the twelve months preceding the event giving rise to liability, or (b) one hundred thousand euros (€100,000). At v0.1 the Service is free of charge, so the €100,000 floor applies in practice.

Nothing in these terms limits or excludes liability that cannot be limited or excluded under applicable law, including liability for death, personal injury caused by negligence, fraud, or wilful misconduct.

13. Indemnification

We will defend you against third-party claims that the Service, as provided by us and used by you in accordance with these terms, infringes that third party's intellectual property rights, and we will pay damages finally awarded against you (or the agreed settlement amount) for such claims.

You will defend us against third-party claims arising from (a) your Customer data or content; (b) your use of the Service in breach of these terms (including the AUP); or (c) your gross negligence or wilful misconduct, and you will pay damages finally awarded against us (or the agreed settlement amount) for such claims.

Indemnification is conditional on prompt notice of the claim, sole control of defence and settlement by the indemnifier, and reasonable cooperation by the indemnitee. The indemnifier may not settle a claim that imposes obligations on the indemnitee without consent.

14. Service-level commitment

At v0.1 we operate the Service on a best-effort basis during a named private beta. No service-level agreement applies. Operational practices, incident response, and breach notification commitments are documented at /security.

A formal SLA covering availability, latency, and credit remedies will be published before the Service exits private beta or before paid plans launch, whichever is sooner.

15. Modifications to the Service

We may add, change, or remove features at any time. Material reductions of functionality or the deprecation of an API surface that breaks documented behaviour are notified to active customers at least thirty days in advance, with a published deprecation schedule. Security-driven changes may be made without notice where notice would itself create risk.

16. Modifications to these terms

We may amend these terms from time to time. Material changes are notified by email and a prominent banner on this page at least thirty days in advance. Non-material changes (clarifications, references) are posted with a new "last updated" date. Your continued use of the Service after the effective date of an update constitutes acceptance.

17. Force majeure

Neither party is liable for any failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, war, terrorism, civil disturbance, labour disputes, fire, natural disaster, pandemic-related government action, internet or power outages, or actions of telecom providers or third-party hosting infrastructure.

18. Governing law and venue

These terms are governed by the laws of the Republic of Estonia, without regard to its conflicts of law rules. The exclusive forum for disputes is Harju County Court in Tallinn.

Where you are a consumer resident in another EU member state, mandatory consumer-protection rules of your home jurisdiction continue to apply to the extent they grant you rights you cannot waive by contract; this clause does not deprive you of the protection of those rules.

19. General

Entire agreement. These terms, together with the privacy policy, the DPA, any order forms, and any supplemental terms expressly incorporated, are the entire agreement between us on their subject and supersede any prior or contemporaneous understanding.

Severability. If a provision is held unenforceable, the rest remain in effect.

Assignment. You may not assign these terms without our written consent. We may assign without consent in connection with a merger, acquisition, or sale of all or substantially all of our assets, on notice to you.

No waiver. A failure to enforce any provision does not waive the right to enforce it later.

Notices. Notices to Kiff Agents OÜ go to legal@grouhub.co or, by post, to Tööstuse tn 75-71, Põhja-Tallinna linnaosa, Tallinn 10416, Estonia. Notices to you go to the email associated with your account or, where you have provided one, your designated legal-notices address.

Independent contractors. Nothing in these terms creates a partnership, agency, joint venture, or employment relationship.

Third-party beneficiaries. There are none, except to the extent indemnified affiliates are expressly identified.

20. Contact us

Commercial and contractual questions: legal@grouhub.co.

General product questions: hello@kiff.dev. Privacy questions: privacy@kiff.dev. Security disclosures: security@kiff.dev.

Document version: v0.1.
Status: pending external legal review.
Source of truth: this page is rendered from apps/web/internal/pages/terms.templ. History is in git.