Terms of Service

"AEOS Protocol" means the Agent Economic Operating System protocol, including its cryptographic primitives, identity system, contract engine, dispute resolution mechanism, risk management engine, ML anomaly detection, threshold cryptography, graph intelligence, state channels, BFT consensus layer, settlement integrations, tokenization module, immutable ledger, and all related modules.

"Agent" means any autonomous or semi-autonomous software entity registered within the AEOS Protocol through the issuance of a Decentralized Identifier (DID) derived from an Ed25519 public signing key.

"Authority Bounds" means the quantitative limits assigned to an Agent, including but not limited to maximum transaction value, maximum daily volume, maximum contract duration, maximum delegation depth, maximum concurrent contracts, and maximum counterparties.

"Cloud Service" means the managed, hosted version of the AEOS Protocol offered by the Company on a subscription or usage-based basis.

"Delegation Chain" means the cryptographically signed sequence of authority delegations from a root controller (a human or legal entity) through intermediate agents to a leaf agent, each link scoped with capabilities and Authority Bounds.

"DID" means a Decentralized Identifier in the format did:aeos:SHA256(public_key)[0:32] that uniquely identifies an Agent.

"Ledger" means the append-only, hash-chain-linked, Merkle-proof-capable event log maintained by the AEOS Protocol.

"SDKs" means the Python SDK (pip install phanes) and TypeScript SDK (npm install @phanes/sdk) provided by the Company.

"Services" means, collectively, the AEOS Protocol, phanes.app website, Cloud Service, SDKs, REST API, MCP Server, documentation at docs.phanes.app, and all related offerings.

"User" or "you" means any individual or entity accessing or using the Services.

2.1 Binding Agreement. By accessing the Services, creating an account, generating API keys, deploying an Agent, or executing any protocol operation, you represent that you have read, understood, and agree to be bound by these Terms and our Privacy Policy (incorporated herein by reference).

2.2 Authority. If you are accepting these Terms on behalf of an entity, you represent and warrant that you have the legal authority to bind that entity. References to "you" include such entity.

2.3 Age. You must be at least 18 years of age (or the age of legal majority in your jurisdiction) to use the Services. By using the Services, you represent that you satisfy this requirement.

2.4 Prohibited Jurisdictions. The Services are not offered to, and may not be used by, persons or entities located in, incorporated in, or residents of any jurisdiction where the use of cryptographic protocols, digital asset settlement, or autonomous agent systems is prohibited by applicable law. You are solely responsible for ensuring that your use of the Services complies with all applicable laws in your jurisdiction.

3.1 License. Subject to your compliance with these Terms, the Company grants you a limited, non-exclusive, non-transferable, revocable license to access and use the AEOS Protocol, Python SDK, and TypeScript SDK solely for your internal development and production purposes.

3.2 Restrictions. You must (a) provide clear attribution to the AEOS Protocol; (b) not reverse-engineer, decompile, or disassemble any proprietary components; (c) not use the "Phanes" or "AEOS" trademarks to imply endorsement without prior written consent; and (d) not redistribute the protocol source code without prior written authorization.

3.3 Proprietary Components. The AEOS Protocol, Cloud Service, Enterprise offering, managed infrastructure, and the phanes.app website design are proprietary. These components are licensed to you solely for use in connection with the Services during your subscription period.

4.1 Registration. Access to certain Services (including the REST API, Cloud Service, and Enterprise features) requires account creation. You agree to provide accurate, current, and complete information during registration and to update such information to maintain its accuracy.

4.2 Credentials. You are responsible for safeguarding your API keys, signing keys (Ed25519 private keys), encryption keys (X25519 private keys), and any other authentication credentials. You must immediately notify us of any unauthorized use of your credentials. We will not be liable for any loss arising from unauthorized use of your credentials.

4.3 Key Management. The AEOS Protocol delegates key management to your agent runtime. You are solely responsible for the secure generation, storage, rotation, and destruction of all cryptographic key material. We strongly recommend the use of hardware security modules (HSMs) for production deployments.

4.4 Rate Limits. API access is subject to rate limits as published in our documentation. We reserve the right to throttle or suspend access that exceeds published limits or that degrades service availability for other users.

5.1 Self-Hosted Deployment. When you self-host the AEOS Protocol (Free tier), you are solely responsible for the operation, security, availability, and compliance of your deployment. The Company provides no warranty, uptime guarantee, or support for self-hosted deployments unless you have a separate support agreement.

5.2 Protocol Invariants. The AEOS Protocol enforces certain cryptographic invariants, including but not limited to: (a) Authority Bounds containment — a child Agent's bounds must be strictly contained within its parent's; (b) non-repudiation — all Agent actions are Ed25519-signed; (c) escrow safety — committed funds cannot be released without fulfillment proof. You acknowledge that the correctness of these invariants depends on the integrity of the underlying cryptographic implementations and your correct configuration of the protocol.

5.3 BFT Consensus. The protocol's PBFT consensus layer tolerates Byzantine faults up to f nodes in a 3f+1 configuration. You acknowledge that consensus safety and liveness guarantees hold only under the stated Byzantine fault tolerance thresholds and reliable network assumptions documented in the protocol specification.

5.4 Known Limitations. The Security Audit Report v0.1 documents findings including non-constant-time Shamir reconstruction (H-2), simplified Python ZK range proofs (M-1), in-memory escrow persistence limitations (M-3), and other items. You acknowledge these known limitations and agree that the protocol is provided on an as-is basis with respect to such limitations.

6.1 Controller Responsibility. Every Agent must have a controller DID linking to a responsible human or legal entity. The controller is ultimately responsible for all actions taken by the Agent and all Agents in its Delegation Chain. Registering an Agent without a valid controller constitutes a material breach of these Terms.

6.2 Delegation. When you delegate authority from a parent Agent to a child Agent, you warrant that (a) the delegation is within the parent's Authority Bounds; (b) you have the legal capacity to grant the delegated capabilities; and (c) you will monitor and, if necessary, revoke delegations to prevent unauthorized activity.

6.3 Liability for Agent Actions. You accept full liability for all economic, legal, and regulatory consequences arising from the actions of Agents you control or to which you have delegated authority, including any contracts entered, disputes raised, transactions settled, and funds escrowed or released.

7.1 Binding Nature. AEOS contracts are deterministic, machine-verifiable specifications of obligations between Agents. When an Agent controlled by you signs a contract using its Ed25519 key, that signature constitutes your binding commitment to the contract's terms. You acknowledge that AEOS contract signatures are cryptographically non-repudiable.

7.2 Escrow. Funds committed to escrow via Pedersen commitments are locked until the protocol's fulfillment-verification or dispute-resolution mechanisms release them. The Company does not hold custody of escrowed funds in self-hosted deployments. In Cloud and Enterprise deployments, the Company may facilitate escrow through Stripe or USDC smart contracts, but does not exercise discretionary control over escrowed funds.

7.3 Dispute Resolution. Contract disputes are resolved through the protocol's three-tier system: automatic resolution, VRF-based arbitrator selection with confidence-weighted voting, and appeal. You agree to be bound by the outcome of protocol-level dispute resolution for disputes arising from AEOS contracts, subject to Section 17.

7.4 No Legal Advice. The AEOS Protocol provides economic infrastructure. It does not provide legal advice, and AEOS contracts do not constitute legal contracts under any particular jurisdiction unless you separately ensure compliance with applicable contract law. You should consult qualified legal counsel regarding the enforceability of AEOS-mediated agreements in your jurisdiction.

8.1 Stripe Settlement. The AEOS Protocol integrates with Stripe for fiat settlement using the authorize-then-capture pattern (PaymentIntents with capture_method='manual'). Your use of Stripe is subject to the Stripe Services Agreement. You acknowledge that Stripe authorizations expire after 7 days (up to 31 days with extended authorization) and that contracts exceeding this window require authorization refresh.

8.2 USDC Settlement. The protocol supports USDC (ERC-20) escrow on Ethereum, Base, Arbitrum, and Polygon. USDC settlement on mainnet is available only on Cloud and Enterprise tiers. You are solely responsible for ensuring that your use of digital asset settlement complies with all applicable laws, including money transmission, securities, and tax regulations in your jurisdiction.

8.3 Taxes. You are solely responsible for determining and paying all taxes, duties, and assessments arising from your use of the Services and settlement of transactions, including income tax, sales tax, value-added tax, withholding tax, and any digital asset reporting obligations. The Company does not provide tax advice.

8.4 No Money Transmission. The Company does not hold, transmit, or control customer funds. In self-hosted deployments, settlement occurs directly between the parties. In managed deployments, the Company facilitates access to third-party payment processors (Stripe) and blockchain networks but does not itself act as a money transmitter, money services business, or virtual asset service provider.

9.1 Primitives. The AEOS Protocol employs the following cryptographic primitives: Ed25519 (RFC 8032) digital signatures, X25519 key agreement, SHA-256 Pedersen-style commitments, Ristretto255 Bulletproofs (Rust FFI), HKDF-SHA256 key derivation, AES-256-GCM authenticated encryption, Ed25519-based verifiable random functions, Merkle trees with domain separation, Shamir secret sharing over GF(L), and PBFT consensus with Ed25519 quorum certificates.

9.2 No Guarantee of Cryptographic Security. While the protocol employs industry-standard cryptographic constructions and has undergone a security audit (v0.1), the Company does not guarantee that any cryptographic implementation is free from vulnerabilities. Cryptanalytic advances, implementation defects, or side-channel attacks may compromise security properties. You use the cryptographic components at your own risk.

9.3 Python Fallback. The Python ZK range proof implementation uses bit-decomposition that reveals the bit-length of committed values. This is a known limitation documented in the Security Audit (M-1). For production deployments requiring true zero-knowledge properties, you must use the Rust Bulletproofs FFI path.

10.1 Ledger Immutability. All protocol operations are recorded on the append-only Ledger. Once an event is committed, it cannot be deleted or modified. You acknowledge this immutability and understand that transaction data, Agent identities, contract terms, dispute records, and behavioral profiles recorded on the Ledger are permanent.

10.2 Selective Disclosure. The protocol supports selective disclosure via Pedersen commitments and Merkle membership proofs, enabling Agents to prove specific attributes without revealing their full identity or transaction history. However, you are responsible for configuring selective disclosure appropriately for your compliance needs.

10.3 Data Processing. For Cloud and Enterprise deployments, data processing is governed by our Privacy Policy. For self-hosted deployments, you are the sole data controller and processor; the Company has no access to your data.

11.1 Company IP. The "Phanes" and "AEOS" names, logos, the phanes.app website design, Cloud Service infrastructure, and Enterprise tooling are the intellectual property of the Company or its licensors. These Terms do not grant you any right to use the Company's trademarks, service marks, or trade dress except as expressly provided herein.

11.2 Your Content. You retain ownership of all data, Agent configurations, contracts, and other content you create or submit through the Services. By using the Cloud Service, you grant the Company a limited license to host, process, and transmit your content solely as necessary to provide the Services.

11.3 Feedback. If you provide suggestions, ideas, or other feedback regarding the Services, you grant the Company an unrestricted, perpetual, irrevocable, royalty-free license to use such feedback for any purpose without compensation to you.

12.1 Service Levels. Cloud Service availability is subject to the Service Level Agreement (SLA) applicable to your subscription tier: 99.99% for Cloud and up to 99.999% for Enterprise. SLA credits are calculated as specified in the applicable Order Form or published SLA documentation.

12.2 Subscription & Billing. Cloud subscriptions are billed on a usage-based model starting at $99/month. Enterprise pricing is determined by individual agreement. All fees are exclusive of taxes. Unpaid invoices accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law.

12.3 Data Portability. Upon termination, the Company will make your data available for export for a period of thirty (30) days. After this period, the Company may delete your data in accordance with its data retention policies.

You agree not to use the Services to: (a) violate any applicable law, regulation, or third-party right; (b) deploy Agents for money laundering, terrorist financing, sanctions evasion, or any financial crime; (c) facilitate fraud, unauthorized financial transactions, or circumvention of regulatory requirements; (d) deploy Agents that exceed their Authority Bounds or circumvent protocol-enforced limits; (e) attempt to poison the ML behavioral profiling system through gradual drift or other adversarial techniques; (f) exploit known cryptographic limitations (including timing side channels in Shamir reconstruction or PRNG prediction in the Isolation Forest) to subvert protocol security; (g) disrupt, overload, or interfere with the BFT consensus layer, including message flooding or view change manipulation; (h) create Sybil identities to manipulate trust scores, reputation, or arbitrator selection; (i) reverse-engineer proprietary components of the Cloud or Enterprise Services beyond what is permitted by applicable law; or (j) use the Services in a manner that is deceptive, harmful, or infringes on the rights of others.

14.1 AS-IS. THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

14.2 No Guarantee of Correctness. THE COMPANY DOES NOT WARRANT THAT (A) THE PROTOCOL'S CRYPTOGRAPHIC INVARIANTS WILL HOLD UNDER ALL CONDITIONS; (B) THE BFT CONSENSUS LAYER WILL ACHIEVE SAFETY OR LIVENESS IN ALL NETWORK CONDITIONS; (C) THE RISK ENGINE OR ML ANOMALY DETECTION WILL IDENTIFY ALL THREATS; (D) THE DISPUTE RESOLUTION MECHANISM WILL PRODUCE FAIR OUTCOMES IN ALL CASES; OR (E) THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.

14.3 Regulatory Uncertainty. THE LEGAL AND REGULATORY FRAMEWORK FOR AUTONOMOUS AI AGENTS, DIGITAL ASSETS, AND DECENTRALIZED PROTOCOLS IS EVOLVING. THE COMPANY DOES NOT REPRESENT THAT THE SERVICES COMPLY WITH ALL APPLICABLE LAWS IN ALL JURISDICTIONS. YOU ASSUME ALL REGULATORY RISK ASSOCIATED WITH YOUR USE OF THE SERVICES.

15.1 Cap. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY'S TOTAL AGGREGATE LIABILITY ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICES EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO THE COMPANY IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100).

15.2 Exclusions. IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, BUSINESS OPPORTUNITY, OR ANTICIPATED SAVINGS, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

15.3 Protocol-Specific Exclusions. WITHOUT LIMITING THE FOREGOING, THE COMPANY SHALL NOT BE LIABLE FOR: (A) LOSS OF FUNDS DUE TO COMPROMISED PRIVATE KEYS, INCORRECT ESCROW CONFIGURATION, OR FAILURE TO IMPLEMENT AUTHORIZATION REFRESH FOR LONG-RUNNING STRIPE SETTLEMENTS; (B) DAMAGES RESULTING FROM BYZANTINE FAULTS EXCEEDING THE PROTOCOL'S STATED TOLERANCE THRESHOLDS; (C) LOSSES FROM ML MODEL EVASION, ADVERSARIAL BEHAVIORAL PROFILE MANIPULATION, OR RISK ENGINE FALSE NEGATIVES; (D) LOSSES ARISING FROM USE OF THE PYTHON ZK RANGE PROOF FALLBACK IN PRODUCTION; OR (E) LOSSES FROM DISPUTE RESOLUTION OUTCOMES.

You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the Services; (b) your breach of these Terms; (c) actions taken by Agents you control or to which you have delegated authority; (d) your violation of any applicable law or regulation; (e) your settlement of transactions through Stripe or USDC; or (f) any content you submit through the Services.

17.1 Informal Resolution. Before filing any claim, you agree to attempt to resolve disputes by contacting us at hossainmdtofael1@gmail.com. We will attempt to resolve the dispute informally within thirty (30) days.

17.2 Binding Arbitration. If informal resolution fails, any dispute, controversy, or claim arising out of or relating to these Terms shall be finally settled by binding arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator in the English language. The seat of arbitration shall be the State of Delaware. Judgment on the arbitral award may be entered in any court of competent jurisdiction.

17.3 Class Action Waiver. YOU AND THE COMPANY EACH AGREE THAT ANY CLAIMS SHALL BE BROUGHT IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT PRESIDE OVER ANY FORM OF CLASS OR REPRESENTATIVE PROCEEDING.

17.4 Exceptions. Either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement of intellectual property rights.

17.5 Distinction from Protocol Disputes. This Section 17 governs disputes between you and the Company regarding these Terms and the Services. It is distinct from the protocol-level dispute resolution mechanism described in Section 7.3, which governs disputes between Agents arising from AEOS contracts.

18.1 Export Compliance. The AEOS Protocol incorporates cryptographic components (including Ed25519, AES-256-GCM, Ristretto255 Bulletproofs, and Shamir secret sharing) that may be subject to export controls under the U.S. Export Administration Regulations ("EAR"), 15 C.F.R. Parts 730-774, including ECCN 5D002. You represent and warrant that you will comply with all applicable export control laws and regulations.

18.2 Sanctions. You represent that you are not (a) located in, organized under the laws of, or a resident of any country or territory subject to comprehensive U.S. sanctions (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine); (b) designated on the Specially Designated Nationals and Blocked Persons List (SDN List) maintained by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), the Entity List, or any other applicable restricted party list; or (c) owned or controlled by any such person or entity.

18.3 Software Export. You remain responsible for your own export compliance assessment when deploying the AEOS Protocol.

19.1 Right to Modify. The Company reserves the right to modify these Terms at any time. Material changes will be communicated by posting the updated Terms on phanes.app with a revised "Effective" date and, where practicable, by email notification.

19.2 Acceptance of Changes. Your continued use of the Services after the effective date of any modification constitutes your acceptance of the modified Terms. If you do not agree with any modification, your sole remedy is to discontinue use of the Services.

20.1 By You. You may terminate these Terms at any time by ceasing all use of the Services and, if applicable, closing your account.

20.2 By the Company. The Company may suspend or terminate your access to the Services at any time, with or without cause, upon notice. Grounds for termination include, without limitation, violation of these Terms, non-payment, legal or regulatory requirements, or conduct that poses a risk to the security or integrity of the Services.

20.3 Effect of Termination. Upon termination: (a) your right to access the Services ceases immediately; (b) you must cease all use of the AEOS Protocol and destroy any copies; (c) Sections 6.3 (Agent Liability), 10.1 (Ledger Immutability), 11 (IP), 14 (Disclaimers), 15 (Liability), 16 (Indemnification), 17 (Dispute Resolution), and 21 (General) survive.

21.1 Governing Law. These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict-of-law principles.

21.2 Severability. If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

21.3 Entire Agreement. These Terms, together with the Privacy Policy and any applicable Order Forms or SLAs, constitute the entire agreement between you and the Company regarding the Services and supersede all prior agreements.

21.4 Waiver. The failure of the Company to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.

21.5 Assignment. You may not assign or transfer these Terms without the Company's prior written consent. The Company may assign these Terms without restriction.

21.6 Force Majeure. The Company shall not be liable for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to natural disasters, acts of government, blockchain network congestion, consensus failures, third-party payment processor outages, or internet disruption.

21.7 Notices. Notices to the Company should be sent to hossainmdtofael1@gmail.com. Notices to you will be sent to the email address associated with your account or posted on phanes.app.

If you have questions about these Terms, please contact us: