Terms of Service

By registering for an account, accessing the API, or using any BehalfID service, you agree to be bound by these Terms of Service and our Privacy Policy. If you are using BehalfID on behalf of an organization, you represent that you have authority to bind that organization to these terms.

If you do not agree to these terms, you must not create an account or use any BehalfID service.

BehalfID is a developer-facing permission infrastructure platform. It provides tooling to define agent permissions, verify actions before AI agents execute them, record audit logs of decisions, and deliver signed webhook events for those decisions.

BehalfID is currently offered as a prototype and early-access developer tool. The service includes:

• A developer portal for managing agents, permissions, API keys, and webhooks.
• A REST verification API (POST /api/verify) for pre-action enforcement.
• An Action Gateway for executing controlled, permission-gated operations.
• An SDK (@behalfid/sdk) for integration into your application or platform.
• Public permission passports for manual scope sharing with AI assistants.
• Webhook delivery with HMAC-SHA256 signing for downstream consumers.
• Audit logs scoped to your account and agents.

You must be at least 18 years old and capable of forming a binding contract to use BehalfID. You are responsible for:

• Providing accurate registration information (email address and password).
• Maintaining the confidentiality of your account credentials.
• All activity that occurs under your account.
• Immediately notifying us of any unauthorized access to or use of your account.

BehalfID reserves the right to refuse service, terminate accounts, or remove content at its sole discretion.

API keys, passport tokens, and webhook signing secrets are your responsibility once issued. You must:

• Store API keys securely and never expose them in client-side code or public repositories.
• Rotate compromised keys immediately using the developer portal.
• Treat passport tokens as secrets — anyone holding a passport token can read the active permission scopes for that agent.
• Verify webhook signatures with verifyWebhookSignature before processing events.

BehalfID stores only hashed representations of API keys, passport tokens, and webhook secrets. Lost keys cannot be recovered and must be rotated to obtain new ones. We are not liable for any damages arising from compromised or improperly stored credentials.

You agree not to use BehalfID to:

• Violate any applicable law, regulation, or third-party rights.
• Send abusive, illegal, or fraudulent requests through the verification API or Action Gateway.
• Reverse-engineer, decompile, or attempt to extract source code from the service.
• Use the service to enable AI agents to take actions that are harmful, deceptive, or unauthorized by the users those agents serve.
• Bypass or circumvent the permission enforcement mechanisms provided by BehalfID.
• Resell, sublicense, or otherwise make the BehalfID API available to third parties as a standalone product without prior written consent.
• Introduce malicious code, overload infrastructure, or interfere with other users of the service.
• Use the Action Gateway to access private networks, internal systems, or any resource you do not have authorization to access.

You, as the developer integrating BehalfID, are solely responsible for:

• Your integration. BehalfID cannot enforce any decision unless your code calls the verify endpoint before executing an agent action and fails closed on denial. The platform only enforces what you build around it.
• Your agents and their actions. You are responsible for the behavior of any AI agents you register, their integrations, and any actions they take, permitted or otherwise.
• End-user data. If your integration passes end-user personal data as metadata in verification calls, you are responsible for ensuring you have the appropriate legal basis to do so.
• Manual mode limitations. Passport links and agent memory blocks are best-effort guidance tools. BehalfID cannot control the behavior of third-party AI providers. Manual mode is not an enforcement boundary.
• Webhook receivers. You are responsible for securing and correctly processing webhook events, including deduplication by eventId.

BehalfID and its logo, design, API structure, SDK, and documentation are the intellectual property of BehalfID and its owners. These terms do not grant you any right, title, or interest in any BehalfID intellectual property.

You retain ownership of any permission configurations, agent descriptions, and data you create within the platform. By using BehalfID, you grant us a limited license to store and process that data solely to provide the service.

BehalfID is provided on an as-is, as-available basis. We do not guarantee uninterrupted or error-free operation of the service. We reserve the right to:

• Modify, suspend, or discontinue any part of the service at any time with or without notice.
• Update or change these Terms of Service. Continued use of the service after changes constitutes acceptance of the new terms.
• Change pricing (if and when pricing is introduced), with reasonable advance notice.

Because BehalfID is currently a prototype, the service may have outages, breaking API changes, or data loss. Do not rely on BehalfID as the sole enforcement or authorization mechanism for production systems handling sensitive data or irreversible financial transactions.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, BEHALFID AND ITS OWNERS, OFFICERS, AND AGENTS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

We do not warrant that: (a) the service will meet your specific requirements; (b) the service will be uninterrupted, timely, secure, or error-free; (c) any results obtained from use of the service will be accurate or reliable; (d) any errors in the service will be corrected.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL BEHALFID, ITS OWNERS, OFFICERS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, GOODWILL, OR BUSINESS INTERRUPTION, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR YOUR USE OF OR INABILITY TO USE THE SERVICE, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, EVEN IF BEHALFID HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

In no event shall BehalfID's total cumulative liability to you for all claims arising out of or relating to these terms or the service exceed the greater of (a) the amounts you have paid to BehalfID in the twelve months prior to the claim, or (b) one hundred US dollars ($100).

Some jurisdictions do not allow the exclusion of certain warranties or the limitation of liability for certain types of damages, so some of the above limitations may not apply to you.

You agree to indemnify, defend, and hold harmless BehalfID and its owners, officers, employees, and agents from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from:

• Your use of or access to the service.
• Your violation of these Terms of Service.
• Your violation of any third-party right, including any intellectual property or privacy right.
• Any actions taken by AI agents you register, integrate, or operate through BehalfID.
• Any claim that your use of the service caused damage to a third party.

Either party may terminate this agreement at any time. You may delete your account through the developer portal or by contacting us. BehalfID may suspend or terminate your account at any time, with or without cause, and with or without notice.

Upon termination: (a) your access to the service will cease immediately; (b) your API keys and passport tokens will be invalidated; (c) we may retain your data for a reasonable period as required by applicable law or our internal policies, after which it will be deleted.

Sections 9 (Disclaimer of Warranties), 10 (Limitation of Liability), 11 (Indemnification), and 13 (Governing Law) survive termination.

These Terms of Service are governed by and construed in accordance with the laws of the United States, without regard to its conflict-of-law provisions. Any dispute arising under or relating to these terms shall be resolved through binding arbitration or in the courts of competent jurisdiction, at BehalfID's sole election.

You waive any right to participate in a class action lawsuit or class-wide arbitration against BehalfID.