Terms for veto.so

1. Scope and Contract Structure

These Terms apply to all use of the hosted Veto platform, including the dashboard, API, authentication flows, policy tooling, approval workflows, managed MCP gateway, and related features.

If you execute a separate order form, master services agreement, enterprise subscription agreement, or data processing agreement with us, that signed agreement controls to the extent of any conflict.

2. Eligibility and Account Security

• You must be legally able to enter into a binding contract.
• If you use the Services for an organization, you represent you have authority to bind that organization.
• You are responsible for all activity under your account, API keys, CLI tokens, and connected integrations.
• You must promptly notify us at sales@veto.so if you suspect unauthorized access.

3. Service Description and Changes

Veto provides authorization controls for AI agent tool execution, including deterministic validation, optional LLM-assisted validation, policy management, audit logging, and approval workflows. Features may evolve over time and may include beta or preview functionality.

We may modify, suspend, or discontinue features where reasonably necessary for security, legal compliance, abuse prevention, reliability, or product changes.

4. Customer Data, Instructions, and Responsibilities

You and your end users control what data is submitted through the Services, including tool arguments, context metadata, policy text, and approval payloads ("Customer Data").

• You are responsible for ensuring you have rights and lawful basis to submit Customer Data.
• You must not submit unlawful content or data in violation of applicable privacy, employment, export-control, or sectoral rules.
• You should avoid including unnecessary sensitive personal data in tool-call payloads and context.

5. Acceptable Use and Prohibited Conduct

• Do not misuse the Services to violate law, sanctions, or third-party rights.
• Do not probe, scan, overload, reverse engineer, or bypass security controls.
• Do not use the Services to distribute malware, phishing campaigns, credential theft, or unauthorized surveillance.
• Do not attempt to interfere with another customer's organization, data, or traffic.

6. AI and Automation Terms

Some features use third-party model providers selected by policy configuration (for example OpenAI, Anthropic, Google, or GitLab Duo). If LLM mode is used, portions of policy content, tool arguments, and context may be transmitted to those providers to generate a decision or policy draft.

You are responsible for human oversight and final operational control of agent actions and production execution. Veto is a control layer, not a guarantee of legal compliance in every use case.

7. Fees, Billing, and Plan Limits

Paid features are subject to pricing and limits displayed in the Services or your order form. Billing operations may be handled by third-party billing infrastructure. You authorize us and our billing providers to process subscription and usage events needed to invoice and enforce plan limits.

Unless otherwise stated in an order form, fees are non-refundable except where required by law.

8. Third-Party Services and Integrations

The Services may connect to third-party systems (identity providers, LLM providers, MCP upstreams, webhook destinations, and payment systems). Your use of those systems is governed by their separate terms and privacy policies.

If you configure outbound webhooks or external integrations, you are responsible for validating destination trust, access controls, and data minimization.

9. Security and Confidentiality

We implement commercially reasonable technical and organizational safeguards, including access controls, encryption in transit, hashed API key storage, and operational monitoring. You remain responsible for secure configuration of your own environments, credentials, and downstream systems.

10. Intellectual Property

We retain all rights in the Services, software, and related materials, excluding Customer Data and third-party content. Subject to these Terms, we grant you a limited, non-exclusive, non-transferable right to use the Services during your subscription term.

Open-source components are licensed under their applicable open-source licenses.

11. Feedback

If you provide suggestions or feedback, you grant us a perpetual, worldwide, royalty-free license to use it for any lawful purpose without obligation to you.

12. Suspension and Termination

We may suspend or terminate access if reasonably necessary to prevent abuse, enforce these Terms, protect security, comply with law, or handle payment default.

You may stop using the Services at any time. On termination, your right to access the Services ends except for rights that survive by nature, including payment obligations, confidentiality duties, and liability limitations.

13. Disclaimer of Warranties

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, PLAW DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR MEET EVERY SECURITY OR COMPLIANCE REQUIREMENT OF YOUR SPECIFIC USE CASE.

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, PLAW AND ITS AFFILIATES WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL.

EXCEPT FOR EXCLUDED LIABILITY THAT CANNOT BE LIMITED BY LAW, PLAW'S AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THE SERVICES WILL NOT EXCEED THE AMOUNTS PAID BY YOU TO PLAW FOR THE SERVICES DURING THE TWELVE (12) MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM.

15. Indemnification

You agree to defend, indemnify, and hold harmless Plaw and its officers, directors, employees, and agents from claims, liabilities, damages, and costs (including reasonable legal fees) arising from your use of the Services, your Customer Data, your integrations, or your breach of these Terms.

16. Dispute Resolution; Arbitration; Class Action Waiver

Before filing a claim, each party will attempt in good faith to resolve disputes by written notice and informal discussion.

Except for claims that qualify for small claims court and claims seeking injunctive relief for IP misuse or security abuse, disputes will be resolved by binding individual arbitration in San Francisco County, California, under JAMS Streamlined Arbitration Rules. No class or representative actions are permitted.

You may opt out of arbitration within 30 days of first accepting these Terms by emailing sales@veto.so with subject line "Arbitration Opt-Out," including your full name and account email.

17. Governing Law

These Terms are governed by the laws of the State of California, excluding conflict-of-law rules. If arbitration does not apply, exclusive venue is in state or federal courts located in San Francisco County, California.

18. Export and Sanctions Compliance

You may not use the Services in violation of U.S. export controls or sanctions laws. You represent that you are not located in, ordinarily resident in, or controlled by restricted jurisdictions or restricted-party lists.

19. Changes to These Terms

We may update these Terms from time to time. Material changes will be posted on this page and may be communicated through the Services. Continued use after the effective date constitutes acceptance of the updated Terms.

20. Contact

Plaw, Inc. can be reached at sales@veto.so.

For details on data handling, see our Privacy Policy.