Legal

Terms of Service

Last updated: 26 June 2026 · Version 1.0

These Terms of Service (the “Terms”) form a binding agreement between you and 4Keyless LTDA (“4Keyless,” “we,” “us”), a company organized under the laws of the United States, which operates the 4Keyless security gateway available at 4keyless.io and admin.4keyless.io (the “Service”). By creating an account, clicking “I agree,” or accessing or using the Service, you agree to these Terms. If you are entering into these Terms on behalf of an organization, you represent that you have authority to bind it, and “you” refers to that organization.

Contents
  1. Definitions
  2. Eligibility & accounts
  3. The Service
  4. Acceptable use
  5. Customer data & credentials
  6. Your responsibilities
  7. Fees, billing & taxes
  8. Free tier & beta features
  9. Intellectual property
  10. Third-party systems
  11. Confidentiality
  12. Availability & support
  13. Disclaimer of warranties
  14. Limitation of liability
  15. Indemnification
  16. Term, suspension & termination
  17. Changes to the Service & Terms
  18. Governing law & venue
  19. Sanctions & anti-corruption
  20. General provisions
  21. Contact

1. Definitions

“Service” means the 4Keyless hosted security gateway, including the HTTP/HTTPS forwarding proxy, the Model Context Protocol (MCP) gateway, the admin panel, the browser extension, APIs, documentation, and related software and websites.

“Agent” means an AI agent, automation, or human operator that you authorize to route requests through the Service. “Target System” means a third-party application, API, court system, or service that an Agent reaches through the Service. “Credentials” means secrets you store in the Service for injection into requests, including passwords, API keys, tokens, TOTP seeds, and digital certificates (such as X.509 client certificates or smartcard-backed credentials). “Customer Data” means all data, including Credentials and audit logs, that you or your Agents submit to or generate within the Service.

2. Eligibility & accounts

You must be at least 18 years old and capable of forming a binding contract. You are responsible for the accuracy of your registration information and for all activity under your account, including activity by your users and Agents. You must keep your login credentials, API keys, and Agent bot keys confidential and enable multi-factor authentication where offered. Notify us promptly at support@4keyless.io of any suspected unauthorized access. Accounts are organized into tenants with role-based access (viewer, operator, admin); you are responsible for assigning roles appropriately.

3. The Service

4Keyless acts as an intermediary that authenticates requests, injects Credentials into outbound traffic so that they are never exposed to the Agent, enforces the access policies you configure (ALLOW, BLOCK, and—on eligible plans—ASK approval), and records a signed, tamper-evident audit log of each request. We provide the Service on a subscription basis according to the plan you select. Plan limits (such as the number of Agents, Target Systems, log-retention period, and traffic) are described on our pricing page and enforced within the Service. We may improve, modify, or discontinue features; material reductions to a paid plan’s core functionality are addressed in Section 17.

4. Acceptable use

You represent and warrant that you are authorized to access each Target System you configure and that your use complies with all applicable laws and with that Target System’s own terms of use. You must not use the Service to:

  • access any system, account, or data without lawful authorization, or to perform credential stuffing, password spraying, or unauthorized intrusion;
  • circumvent authentication, rate limits, paywalls, or access controls in violation of a third party’s terms or applicable law;
  • upload Credentials or certificates you are not authorized to use, or use another person’s digital certificate to sign or act on their behalf without authorization;
  • infringe intellectual-property or privacy rights, or process personal data without a valid legal basis;
  • transmit malware, conduct denial-of-service attacks, or scrape data in violation of applicable law or contract;
  • reverse engineer, decompile, or attempt to extract source code, except to the extent this restriction is prohibited by law;
  • resell, sublicense, or provide the Service to third parties except as expressly permitted; or
  • use the Service in a way that endangers its security, integrity, or availability for other customers.

We may investigate suspected violations and cooperate with law-enforcement authorities. You are solely responsible for the legality of the access your Agents perform through the Service.

5. Customer data & credentials

As between the parties, you retain all right, title, and interest in Customer Data. You grant us a worldwide, non-exclusive, royalty-free license to host, process, transmit, and display Customer Data solely to provide, secure, and support the Service. Credentials are stored encrypted at rest (AES-256-GCM) in a secrets vault (HashiCorp Vault) and are decrypted only in proxy memory for the purpose of injecting them into the requests you direct; we do not use the content of your Credentials for any other purpose. Where Customer Data includes personal data, our processing is further described in our Privacy Policy and, where applicable, in a Data Processing Agreement under which we act as processor and you as controller.

6. Your responsibilities

  • configuring access policies, credential groups, and scripts correctly for your use case;
  • obtaining all consents, authorizations, and legal bases required for the data you process and the systems you access;
  • complying with the terms of every Target System and with sector-specific regulation applicable to you;
  • maintaining the security of your own infrastructure, API keys, and Agent bot keys; and
  • reviewing audit logs and approval (ASK) requests in a timely manner. ASK requests not approved within the configured timeout are denied by default (fail-closed).

7. Fees, billing & taxes

Paid plans are billed in advance on a recurring basis (monthly or annually) through our payment processor, Stripe. By providing a payment method you authorize recurring charges for the plan and any add-ons (such as additional Agent seats or paid exit proxies) until you cancel. Upgrades take effect immediately with prorated charges; downgrades take effect at the end of the current billing cycle and may reduce your available resources in accordance with the plan you select. Fees are exclusive of taxes, and you are responsible for applicable sales, use, VAT, or similar taxes. Except where required by law, fees are non-refundable and there are no refunds or credits for partial periods. Failure to pay may result in suspension or termination under Section 16.

8. Free tier & beta features

We may offer a free tier and free trials. Free and beta features are provided “as is” and “as available,” may have reduced limits, and may be modified or discontinued at any time. We may set, and change, the limits of the free tier.

9. Intellectual property

The Service, including all software, designs, and documentation, is owned by 4Keyless and its licensors and is protected by intellectual-property laws. We grant you a limited, non-exclusive, non-transferable, revocable right to use the Service during your subscription, subject to these Terms. If you submit feedback or suggestions, you grant us a perpetual, irrevocable, royalty-free license to use them without restriction.

10. Third-party systems

The Service connects to Target Systems and relies on third-party providers (for example, payment, email, and infrastructure providers). We do not control and are not responsible for Target Systems or third-party services, their availability, or their terms. Your use of a Target System is governed by your agreement with its provider.

11. Confidentiality

Each party may access the other’s confidential information. The receiving party will use it only to perform under these Terms, protect it with reasonable care, and not disclose it except to personnel and contractors bound by confidentiality obligations or as required by law. Customer Data and Credentials are your confidential information.

12. Availability & support

We strive to keep the Service available but do not guarantee uninterrupted operation except where a separate service-level agreement (SLA) applies to your plan. Support is provided through the channels and at the priority associated with your plan. We may perform maintenance, and will use reasonable efforts to provide advance notice of planned downtime.

13. Disclaimer of warranties

EXCEPT AS EXPRESSLY STATED IN THESE TERMS, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE ERROR-FREE OR UNINTERRUPTED, OR THAT IT WILL DETECT OR PREVENT ALL UNAUTHORIZED ACCESS. THIS SECTION APPLIES TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW AND DOES NOT LIMIT NON-WAIVABLE CONSUMER OR STATUTORY RIGHTS.

14. Limitation of liability

TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUE, GOODWILL, OR DATA. EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THE SERVICE WILL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO US FOR THE SERVICE IN THE TWELVE (12) MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM OR (B) ONE HUNDRED U.S. DOLLARS (USD $100). THESE LIMITATIONS DO NOT APPLY TO EITHER PARTY’S LIABILITY FOR FRAUD, WILLFUL MISCONDUCT, OR AMOUNTS THAT CANNOT BE LIMITED UNDER APPLICABLE LAW.

15. Indemnification

You will defend, indemnify, and hold harmless 4Keyless from third-party claims, damages, and reasonable costs arising from (a) your Customer Data or Credentials, (b) your use of the Service in breach of these Terms or applicable law, or (c) access your Agents perform to any Target System without authorization. We will defend, indemnify, and hold you harmless from third-party claims that the Service, as provided by us and used in accordance with these Terms, infringes that third party’s intellectual-property rights.

16. Term, suspension & termination

These Terms apply while you use the Service. You may cancel at any time from the admin panel; cancellation takes effect at the end of the current billing cycle. We may suspend or limit the Service immediately if you materially breach these Terms, fail to pay, or create a security or legal risk to us or others, and will give notice where practicable. Either party may terminate for material breach not cured within 30 days of written notice. Upon termination, your right to use the Service ends; you may export Customer Data for 30 days after termination, after which we may delete it in accordance with our retention practices and the Privacy Policy. Sections that by their nature should survive (including 5, 9, 11, 13, 14, 15, 18, and 20) survive termination.

17. Changes to the Service & Terms

We may update these Terms from time to time. For material changes, we will provide notice (for example, by email or an in-product notice) before they take effect. Your continued use of the Service after the effective date constitutes acceptance. If you do not agree, you must stop using the Service and may cancel.

18. Governing law & venue

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict-of-laws rules. The parties agree that the state and federal courts located in Delaware will have exclusive jurisdiction over disputes arising out of or relating to these Terms or the Service, except where mandatory consumer-protection or other non-waivable law requires a different forum.

19. Export controls, sanctions & anti-corruption

You represent that you are not subject to applicable economic sanctions and will not use the Service in violation of U.S. export-control or sanctions laws. Each party will comply with applicable anti-corruption laws, including the U.S. Foreign Corrupt Practices Act (FCPA) and similar laws in jurisdictions where it operates.

20. General provisions

Force majeure: neither party is liable for delays caused by events beyond its reasonable control. Assignment: you may not assign these Terms without our consent; we may assign them to an affiliate or successor. Entire agreement: these Terms, the Privacy Policy, and any order or DPA form the entire agreement and supersede prior agreements on this subject. Severability: if any provision is unenforceable, the rest remains in effect. Waiver: failure to enforce a provision is not a waiver. Notices: we may send notices to your account email; you may send legal notices to the contact below.

21. Contact

Questions about these Terms or the Service: support@4keyless.io. Operator: 4Keyless LTDA, United States.

Read our Privacy Policy →