Legal
Terms of Service
These Terms govern use of Nolixan by organizations that connect production AI agents to real systems through scoped credentials, policy gates, approval workflows, and audit traces.
Effective date: June 2, 2026
1. Acceptance of Terms
These Terms of Service govern access to and use of Nolixan by software organizations, enterprise developers, security teams, operations teams, administrators, and other authorized users. By creating an account, signing in through an approved identity provider, connecting an agent, tool, API, MCP server, database, SaaS application, webhook, or private connector, or otherwise using Nolixan, you agree to these Terms on behalf of yourself and, where applicable, your organization.
If you use Nolixan for a company or other legal entity, you represent that you have authority to bind that entity. If you do not agree to these Terms or lack authority to accept them, you may not use the service.
2. The Nolixan Service
Nolixan provides a governed execution control plane for production AI agents. The service routes agent tool calls through a tool registry, auth broker, MCP gateway, policy engine, approval workflow, execution runtime, and audit trace so agents can act across business systems with scoped credentials and recorded decisions.
The service may broker OAuth grants and API keys, expose tools through MCP and SDKs, validate JSON Schemas, classify actions, enforce allow, deny, or require-approval policies, pause risky actions for human approval, execute authorized calls, and record an append-only audit log that includes actor, tool, credential reference, policy decision, arguments hash, and outcome.
Nolixan is a governance, automation, and decision-support platform. Customers remain responsible for reviewing workflows, configuring policies, validating production impact, maintaining secure engineering and operations practices, and deciding which actions their agents may perform.
3. Acceptable Use and Restrictions
You may use Nolixan only for lawful internal business purposes and only with agents, tools, applications, APIs, MCP servers, databases, identity providers, SaaS systems, repositories, webhooks, private connectors, and infrastructure that you are authorized to access and govern. You must comply with applicable laws, third-party provider terms, export controls, privacy obligations, and your organization's security policies.
You may not use Nolixan to attack systems, access assets without authorization, bypass access controls, exfiltrate data, interfere with platform operations, route prohibited data into tools, misrepresent audit results, or cause agents to perform actions that you or your organization are not permitted to perform directly.
- You may invoke governed tools, run MCP tools.list and tools.call workflows, use SDK and REST APIs, configure OAuth or API-key brokering, create private connectors, evaluate policies, request approvals, and review audit history within plan limits and documented rate limits.
- You may not reverse-engineer, decompile, scrape, benchmark for replication, or attempt to extract Nolixan's policy engine, security detection models, risk classifiers, scoring methods, rulesets, connector logic, approval orchestration, or proprietary execution runtime except where non-waivable law permits.
- You may not use automated scrapers, synthetic agents, excessive parallel execution, continuous loops, artificial workload generation, or repeated MCP/API calls to evade fair-use limits, overload scanning or execution engines, degrade service performance, or obtain capacity beyond your subscription tier.
- You may not continuously execute TSC, lint, pipeline audit, tool-discovery, or tool-invocation workloads in a way that functions as a denial-of-service pattern, capacity resale, unauthorized stress test, or substitute for a higher usage plan.
- You may not submit secrets, regulated personal data, production credentials, payment data, health data, or highly sensitive customer data unless the applicable plan, configuration, deployment boundary, and written agreement expressly support that use.
- You may not configure agents to perform destructive operations, financial transfers, refunds, database changes, administrative deletions, or customer-impacting actions without appropriate customer-side authorization, testing, and approval policies.
4. User Responsibilities and Session Token Governance
You are responsible for maintaining accurate account information, protecting user credentials, protecting agent tokens, configuring SSO and OAuth access appropriately, limiting tool scopes, and promptly revoking access for users, agents, service accounts, and integrations that no longer require the service. You are responsible for all activity under your organization's accounts, tokens, credentials, agents, and integrations unless caused by Nolixan's breach of these Terms.
Nolixan relies on valid JWT security assertions, session cookies, agent tokens, OAuth grants, identity-provider claims, workspace context, environment context, and configured organization permissions to enforce access. You must not forge, replay, tamper with, share, expose, or bypass session tokens, agent tokens, authentication headers, cookie controls, approval URLs, OAuth grants, or authorization checks.
Customers are responsible for session cookie policies, identity provider configuration, domain controls, agent-token storage, credential rotation, approval policy design, and access lifecycles in systems they administer. Nolixan is not liable for customer-side session exposure, weak cookie settings, excessive OAuth scopes, leaked agent tokens, over-scoped tool permissions, or continued access granted through customer-managed identity systems.
5. Customer Data and Permissions
You retain ownership of agent configurations, tool manifests, connector metadata, repository metadata, workflow context, approval records, audit inputs, logs, and other data you submit or authorize Nolixan to process. You grant Nolixan a limited right to process that data as needed to provide, secure, support, and improve the service, comply with law, and enforce these Terms.
You must ensure that you have all necessary rights and permissions to connect third-party services, source control systems, databases, internal APIs, SaaS applications, MCP servers, webhooks, private connectors, identity providers, and users to your organization.
6. Subscriptions, Plans, and Fair Use
Access to certain features may require a paid subscription, enterprise agreement, or usage-based entitlement. Plan limits may include agent count, tool count, connector count, retained logs, approval volume, connected integrations, team seats, API calls, MCP requests, SDK calls, webhook deliveries, policy evaluations, execution runtime usage, and support level.
Nolixan may throttle, queue, suspend, or limit workloads that exceed plan limits, create reliability risk, or appear abusive. We may change features or limits from time to time, but material subscription changes will be handled according to the applicable order form or customer agreement.
7. Confidentiality and Security
Each party may receive confidential information from the other. The receiving party must protect confidential information using reasonable care and use it only for purposes permitted by these Terms or an applicable written agreement.
Nolixan maintains security controls designed for B2B cloud software operations, including tenant-scoped execution, encrypted secret storage for supported credentials, policy checks before execution, and audit logging after execution. You are responsible for configuring your own environments securely, reviewing connected permissions, limiting agent scopes, and following least-privilege practices for users, service accounts, repositories, databases, SaaS systems, and CI systems.
8. Disclaimers
Nolixan is provided on an as-is and as-available basis except as expressly stated in a separate written agreement. Automated frontend audits, security scorecards, policy classifications, compliance review outputs, static analysis results, approval recommendations, and audit traces may be incomplete, inaccurate, delayed, or dependent on customer configuration, available data, third-party systems, model behavior, and agent instructions.
Nolixan does not guarantee that your agents, software, infrastructure, repositories, tools, authentication flows, payments, databases, business systems, or compliance posture are secure, error-free, compliant with every law or standard, or free from vulnerabilities. Nolixan's outputs are advisory and operational in nature and do not constitute legal advice, formal regulatory certification, or a guarantee of compliance.
You remain responsible for independent review, testing, approvals, deployment controls, rollback procedures, human oversight, and professional judgment before allowing agents to perform production actions.
9. Limitation of Liability
To the maximum extent permitted by law, Nolixan will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, business interruption, failed agent actions, unauthorized customer-side agent instructions, third-party provider outages, security incidents caused by customer systems, or loss of goodwill.
Except for amounts that cannot be limited by law or obligations stated in a separate written agreement, Nolixan's aggregate liability arising from or relating to the service will not exceed the amounts paid by the customer for the service during the twelve months before the event giving rise to the claim.
10. Suspension and Termination
Nolixan may suspend or terminate access if we reasonably believe that use of the service violates these Terms, creates security or reliability risk, infringes third-party rights, exceeds authorized use, or is required to comply with law. Customers may stop using the service at any time and may request account closure subject to applicable retention, billing, and legal requirements.
11. Changes to Terms
We may update these Terms from time to time. Material changes will be communicated through the service, website, email, or another reasonable channel. Continued use of Nolixan after the effective date of updated Terms means you accept the updated Terms.
12. Contact
Questions about these Terms may be sent to legal@nolixan.dev. Security reports should be sent to security@nolixan.dev.