The agreement between you and Kanonik for use of our platform.
In these Terms:
By creating an account, signing an order form, or otherwise using the Service, you confirm that (a) you are at least 18 years old or the legal age of majority in your jurisdiction, (b) you have the authority to bind the Customer entity to these Terms, and (c) you accept these Terms together with the Privacy Policy and, where applicable, the Data Processing Addendum.
If you do not agree, do not use the Service.
Kanonik provides an MCP-native intelligence layer that connects your AI assistant (Anthropic Claude, OpenAI, AWS Bedrock, Google Gemini, Azure OpenAI, or any MCP-compatible model - you provide and operate the account) to your governance, risk, and compliance (GRC) tooling. The Service includes a non-bypassable Verifier, a human-approval gate, a hash-chained audit log, and the Auditor Export bundle.
The Service is provided on a subscription basis. Available connectors, frameworks, capacity caps, and approval channels depend on your Subscription tier and are described on the Pricing page.
We may update, enhance, or modify features over time. We will not materially reduce the core functionality of your Subscription tier without notice. Where a change is material, we will give you reasonable prior notice via email or in-app notification.
You are responsible for the security of your account credentials and for all activity under your account. You agree to:
You are responsible for ensuring your authorised users comply with these Terms. Acts and omissions of your authorised users are deemed your acts and omissions.
You agree not to, and not to permit anyone to:
We may suspend or terminate access for material breach of this section, with notice where reasonable and immediately where the breach poses an imminent risk to the Service, other customers, or third parties.
Subscription tiers, prices, included usage caps, and feature differences are described on the Pricing page. Prices are in U.S. dollars unless otherwise stated and do not include applicable taxes, which will be added at checkout where required.
Subscriptions are billed in advance on a monthly or annual basis depending on your selection. Payment is processed through our payment provider, who acts as Merchant of Record for global tax compliance. By providing a payment method, you authorise us (and our payment provider) to charge that method for the applicable fees, including renewals.
You may upgrade your Subscription at any time through the dashboard; upgrades take effect immediately and are pro-rated. Downgrades take effect at the start of your next billing cycle. Tier limits (frameworks, users, daily capacity caps) apply from the effective date of the change.
We may suspend access to the Service if a payment is more than fifteen (15) days overdue. We will give you reasonable notice before suspending and will reinstate access promptly upon receipt of payment.
We absorb the cost of internal Verifier model calls in your tier price. We do not bill you for tokens consumed by the Verifier. You separately pay your model provider for your own model usage; the Service does not resell, meter, or mark up that usage.
Self-serve cancellation. You may cancel your Subscription at any time from the dashboard or by emailing hello@kanonik.ai. Cancellation takes effect at the end of your current billing cycle. You will retain access through that date.
30-day money-back. If the Service does not meet your team's needs in the first thirty (30) days of a new paid Subscription, email us within that window for a full refund. This applies once per Customer entity.
No refund for partial periods. Outside the 30-day window, fees paid for the current billing period are non-refundable. We may make exceptions in cases of confirmed Service unavailability or our own material breach.
Your data is yours. As between the parties, you retain all right, title, and interest in and to Customer Data. We claim no ownership of Customer Data.
Licence to operate. You grant us a limited, non-exclusive, royalty-free licence to host, store, process, transmit, and display Customer Data solely as necessary to provide and improve the Service for you.
No training on Customer Data. We do not use Customer Data to train, fine-tune, or evaluate any general-purpose model. Server-side Verifier calls process Customer Data in-the-moment for verification and reasoning purposes only and are not retained beyond the operational windows described in our Privacy Policy.
Customer responsibilities. You are responsible for the legality of Customer Data and for ensuring you have all necessary rights, consents, and authorisations to submit it to the Service. You are responsible for complying with applicable laws (including data-protection law) when configuring the Service for your use.
Data export and deletion. You may export Customer Data at any time via the Auditor Export bundle and (where available on your tier) the REST API. On termination, we provide a 30-day grace period for export, after which we destroy the per-tenant encryption keys, rendering Customer Data inaccessible. Append-only audit log entries are retained for the period stated in the Privacy Policy.
Each party will protect the other's Confidential Information using the same degree of care it uses for its own confidential information of a similar nature, and at minimum reasonable care. Confidential Information includes Customer Data, the non-public parts of the Service, and any other information designated confidential or that a reasonable person would understand to be confidential.
Confidential Information may be disclosed only to a party's personnel and contractors with a need to know and who are bound by confidentiality obligations no less protective than those set out here. The receiving party must promptly notify the disclosing party of any actual or suspected unauthorised disclosure.
Confidentiality obligations do not apply to information that (a) is or becomes publicly known without breach, (b) was rightfully known to the receiving party before disclosure, (c) is rightfully obtained from a third party without confidentiality restrictions, or (d) is independently developed without use of the disclosing party's Confidential Information.
We warrant that the Service will perform materially in accordance with its published Documentation under normal use. As your sole and exclusive remedy for breach of this warranty, we will use reasonable efforts to correct the defect or, if we cannot do so within a reasonable period, refund the fees paid for the affected period.
EXCEPT FOR THE EXPRESS WARRANTY ABOVE, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE". WE DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.
WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR THAT THE OUTPUTS OF AI-GENERATED OPERATIONS WILL BE CORRECT. The Verifier and approval gate are designed to reduce the risk of incorrect operations reaching your GRC tool, but you are responsible for reviewing outputs before approving them.
EXCLUSION OF INDIRECT DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUES, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CAP ON DIRECT DAMAGES. EACH PARTY'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED THE FEES PAID BY THE CUSTOMER TO THE PROVIDER FOR THE SERVICE IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY.
EXCEPTIONS. The exclusions and cap above do not apply to (a) either party's indemnification obligations under Section 12, (b) breach of confidentiality, (c) fees owed by Customer, or (d) liability that cannot be excluded or limited by applicable law (such as for fraud, gross negligence, or wilful misconduct).
By Provider. We will defend you against any third-party claim alleging that the Service, when used in accordance with these Terms and the Documentation, infringes such third party's intellectual property rights, and we will pay damages or settlement amounts finally awarded against you in such a claim. We will have no obligation under this Section to the extent the claim arises from (a) your use of the Service in violation of these Terms, (b) Customer Data, (c) combination of the Service with anything not provided by us, or (d) modifications to the Service not made by us.
By Customer. You will defend us against any third-party claim arising from (a) Customer Data, (b) your use of the Service in violation of these Terms or any applicable law, or (c) the configurations or instructions you provide to the Service that cause it to interact with your GRC tool. You will pay damages or settlement amounts finally awarded in such a claim.
Process. The indemnified party must promptly notify the indemnifying party of the claim, give it sole control of the defence and settlement, and provide reasonable cooperation. The indemnifying party may not settle a claim that imposes obligations on the indemnified party without its prior written consent.
These Terms apply from the date you first accept them and continue while you have an active Subscription or use the Service.
Either party may terminate for material breach if the breach is not cured within thirty (30) days of written notice. We may suspend or terminate immediately for cause where the breach poses an imminent risk to the Service or other customers, or for non-payment past the cure window in Section 6.4.
Upon termination: (a) your right to use the Service ends; (b) you remain liable for fees accrued through the termination date; (c) we provide a 30-day grace period for data export; (d) at the end of the grace period, we destroy your tenant's encryption keys, rendering Customer Data inaccessible; (e) audit-log entries are retained for the period in the Privacy Policy; (f) Sections 8 (Customer data and ownership), 9 (Confidentiality), 10 (Warranties), 11 (Liability), 12 (Indemnification), 15 (Governing law), and 16 (Contact) survive.
We may update these Terms from time to time. We will post the updated version at this URL with a new "Last updated" date. For material changes that affect your rights, we will give you reasonable advance notice (at least thirty days for adverse material changes) by email or in-app notification. Continued use of the Service after the effective date constitutes acceptance.
These Terms are governed by the laws of the State of Wyoming, United States of America, without regard to its conflict-of-laws rules. The exclusive venue for any dispute arising out of or related to these Terms or the Service is the state and federal courts located in Cheyenne, Wyoming, and the parties consent to the personal jurisdiction of those courts.
Where applicable consumer-protection law gives a Customer the right to bring proceedings in the Customer's place of residence, this clause does not limit that right.
The United Nations Convention on Contracts for the International Sale of Goods does not apply.
Questions about these Terms? Email hello@kanonik.ai.
Security or vulnerability reports: security@kanonik.ai.
Privacy / data-protection requests: privacy@kanonik.ai.
Postal address: available on request via hello@kanonik.ai.