Legal
If your organization has signed an Order Form or Enterprise Agreement with Ledgix, those documents take precedence over these Terms where they conflict. These Terms govern all other use of the platform.
By accessing or using the Ledgix platform — including the Vault API, customer dashboard, documentation site, and published SDKs (ledgix-ts, ledgix-python) — you agree to be bound by these Terms of Service (“Terms”) on behalf of yourself and the organization you represent (“Customer”).
If you do not have authority to bind your organization, or if you do not agree with these Terms, do not access or use the platform.
Ledgix provides a runtime authorization and audit layer for AI agent actions. Subject to these Terms, Ledgix grants Customer a limited, non-exclusive, non-transferable right to access and use the Platform during the subscription term for Customer's internal business purposes.
Specifically, the Platform provides:
Not a legal opinion. Ledgix produces technical evidence artifacts and authorization decisions. It does not provide legal, compliance, or regulatory advice. Whether the Platform satisfies any particular regulatory requirement — including but not limited to SOX 404, EU AI Act, ISO 42001, or SOC 2 — is Customer's responsibility to assess with qualified advisors.
Not a substitute for human oversight. The Platform facilitates human review of agent actions. It does not replace the obligation to exercise independent human judgment where your regulatory context, internal policy, or applicable law requires it.
Customer must designate at least one administrator account. Customer is responsible for:
Ledgix shows raw API keys only once at creation. If a key is lost or compromised, Customer must rotate it immediately via the dashboard. Ledgix is not liable for unauthorized access resulting from Customer's failure to protect credentials.
Customer must not share accounts across individuals. Each human user should authenticate with their own credentials.
The quality of Ledgix clearance decisions depends on the quality of the policy content Customer provides. Customer is responsible for ensuring that uploaded policy content accurately reflects the rules Customer intends to enforce. Ledgix is not responsible for decisions that flow from inaccurate or incomplete policies.
Customer is responsible for what it sends in tool_args. If Customer submits personal data of third parties in clearance requests, Customer must have a lawful basis for doing so and must ensure it complies with applicable privacy law. Sending only the fields necessary for the authorization decision is strongly recommended.
Ledgix's security model depends on clearance being requested at the correct point — immediately before the real side effect executes. Wrapping planning steps, orchestration logic, or helper functions instead of the actual protected action weakens the guarantee the Platform provides. Ledgix is not responsible for security outcomes resulting from misplaced integration points.
When manual review is configured, Customer is responsible for ensuring that reviewers are available to process requests within the time bounds that Customer's workflows require. Ledgix is not responsible for timeouts or blocked workflows resulting from unattended review queues.
Customer must not use the Platform to:
Ledgix may suspend access immediately and without notice if it reasonably determines that Customer's use poses a risk to the Platform or to other customers.
Customer retains all right, title, and interest in Customer Data. Ledgix acquires no ownership of Customer Data. Ledgix is granted a limited license to process Customer Data solely to deliver the Platform and related support.
The Ledger is designed to be append-only and cryptographically tamper-evident. Once a decision is recorded and anchored to external storage, individual records cannot be deleted or modified without invalidating the cryptographic proof chain. This is a deliberate design choice for compliance purposes, not a limitation of the Platform. Customer acknowledges this characteristic before submitting data to the Ledger.
Each party agrees to protect the other's confidential information with at least the same degree of care it applies to its own confidential information, and no less than reasonable care. Ledgix will not disclose Customer Data to third parties except as described in the Privacy Policy or as required by law.
Ledgix may use anonymized, aggregated usage statistics derived from the Platform (e.g., request volumes, response time distributions) to operate and improve the service, provided such statistics cannot reasonably identify Customer or any individual.
Ledgix and its licensors own all right, title, and interest in the Platform, including all software, models, algorithms, documentation, and trademarks. These Terms do not transfer any ownership interest in the Platform to Customer.
Customer grants Ledgix a limited, non-exclusive license to process Customer Data as necessary to provide the Platform. Ledgix will not use Customer Data to train AI models without Customer's explicit written consent.
Fees are as set out in the applicable Order Form or as displayed on the Ledgix pricing page. Unless otherwise specified:
Ledgix targets high availability for the Vault API and will publish a status page. Specific uptime commitments, SLAs, and associated remedies (e.g., service credits) are available only under a signed Enterprise Agreement. Self-service plans receive commercially reasonable availability without a formal SLA.
Scheduled maintenance will be announced at least 48 hours in advance where practicable. Emergency maintenance may occur without advance notice.
Ledgix warrants that the Platform will perform materially as described in the documentation under normal use and circumstances.
Except for the express warranty above, the Platform is provided “as is”. Ledgix disclaims all implied warranties, including merchantability, fitness for a particular purpose, title, and non-infringement. Ledgix does not warrant that the Platform will be error-free, uninterrupted, or that it will satisfy any specific regulatory requirement.
To the maximum extent permitted by applicable law, in no event will either party be liable for indirect, incidental, special, punitive, or consequential damages, or loss of revenue, profits, data, or business opportunities, even if advised of the possibility of such damages.
Ledgix's total aggregate liability arising out of or related to these Terms, in any 12-month period, will not exceed the greater of (a) the fees paid by Customer to Ledgix in the 12 months preceding the claim or (b) USD $500.
These limitations apply to all claims, whether in contract, tort, or otherwise. Some jurisdictions do not allow certain exclusions, so the above may not apply to you in full. Enterprise customers may negotiate higher liability caps in an Order Form.
Customer will defend, indemnify, and hold harmless Ledgix and its officers, directors, employees, and agents against any third-party claims, losses, damages, and costs (including reasonable legal fees) arising from:
Ledgix will defend and indemnify Customer against third-party claims that the Platform, as provided by Ledgix, infringes any patent, copyright, or trade secret, subject to Customer providing prompt written notice and cooperating in the defense. Ledgix's obligation does not extend to claims arising from Customer's modification of the Platform or combination with third-party products.
These Terms remain in effect until terminated. Either party may terminate for convenience on 30 days' written notice. Either party may terminate immediately if the other party materially breaches these Terms and fails to cure that breach within 15 days of written notice.
Upon termination:
These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict-of-law principles. Any dispute that cannot be resolved amicably will be submitted to the exclusive jurisdiction of the state and federal courts located in Delaware. If Customer is an enterprise organization that has signed an Order Form specifying a different jurisdiction, that specification governs.
The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.
Ledgix may update these Terms from time to time. For material changes, Ledgix will provide at least 30 days' advance notice by email to the tenant administrator. Continued use of the Platform after the effective date constitutes acceptance. If Customer objects to a material change, Customer may terminate as described in section 14.
For questions about these Terms or to exercise any rights they describe:
See also our Privacy Policy.