Terms of Service

1.What AliasKit is

AliasKit provides developer infrastructure for AI agent identities. Through our API and SDK, you can provision email inboxes, phone numbers, virtual card proxies, TOTP secrets, JWT tokens, and reputation scoring for your AI agents.

AliasKit is not a payment processor, bank, money transmitter, or financial institution of any kind. We do not hold funds, issue cards, process payments, or maintain financial accounts on your behalf.

By using AliasKit, you agree to these terms. If you do not agree, do not use the service.

2.Accounts and access

You must provide accurate information when creating an account. You are responsible for maintaining the security of your account credentials, API keys, and any encryption keys generated by the service.

Each account belongs to an organisation. All resources (identities, emails, phone numbers, cards) are scoped to your organisation and isolated from other organisations.

You may not share API keys with unauthorised parties or use another user's account without their permission. You are responsible for all activity that occurs under your account.

3.Virtual cards (Bring Your Own Card)

This section is critical. Please read it carefully.

3.1 How it works

AliasKit uses a BYOC (Bring Your Own Card) model. You voluntarily provide card details from your own bank. Your card number, CVC, expiry, and brand are encrypted on your device using AES-256-GCM before being sent to our servers. AliasKit stores only the encrypted blob plus the last 4 digits of your card number, which are stored in plaintext so you can identify which card is attached to each identity in your dashboard.

AliasKit cannot access, read, or recover your full card number, CVC, expiry, or brand. We store only the last 4 digits in plaintext for identification purposes.

3.2 Your card encryption key

When you add a card, a unique encryption key is generated (prefixed ak_ck_...). This key exists only on your side. AliasKit does not store it, transmit it, or have any copy of it.

If you lose your card encryption key, AliasKit cannot recover it. Your encrypted card data becomes permanently inaccessible. You would need to cancel the card in AliasKit and add a new one.

3.3 Your responsibility

• ⚠You are solely responsible for all purchases made using card details stored in AliasKit, whether initiated by you, your agents, or any third party who obtains access to your card key.
• ⚠AliasKit is not liable for any unauthorised purchases, overspending, chargebacks, or financial losses of any kind.
• ⚠You are responsible for securely storing your card encryption key (ak_ck_...).

3.4 Budget tracking limitations

• ⚠Budget tracking is based on declared spending— what your agent reports it will spend, not actual bank transactions.
• ⚠Subscriptions, recurring charges, and refunds are not tracked by AliasKit.
• ⚠Budget enforcement is advisory, not absolute. It is not a substitute for real spending controls.

3.5 Use a virtual card from your bank

3.6 Card cancellation

When you cancel a card in AliasKit, the encrypted card data is permanently deleted from our database. This action is irreversible. We recommend also freezing or deleting the virtual card in your bank app.

4.Acceptable use

You agree not to use AliasKit to:

• •Commit fraud, money laundering, or any illegal activity
• •Create fake identities for deceptive purposes (impersonation, phishing, scams)
• •Abuse or circumvent the security controls of third-party services
• •Send spam, unsolicited messages, or harassing communications
• •Violate the terms of service of any third-party platform your agents interact with
• •Store or transmit malware, or use AliasKit infrastructure for attacks
• •Resell AliasKit services without authorisation
• •Circumvent rate limits, budget controls, or other usage restrictions

You are responsible for ensuring that your AI agents comply with these rules. “My agent did it” is not a defence. You control your agents; you are accountable for their actions.

5.Account termination

We may suspend or terminate your account immediately and without prior notice if we reasonably believe you have violated these terms, engaged in fraudulent activity, or are using the service in a way that could harm AliasKit, our infrastructure, or other users.

You may close your account at any time from your dashboard. Upon account closure, all your data (identities, emails, phone numbers, encrypted card data) will be permanently deleted within 30 days, except that security audit logs may be retained for up to 12 months as described in our Privacy Policy.

Termination does not relieve you of obligations incurred before termination, including any liability for charges made using cards stored in AliasKit.

6.Service availability and warranty disclaimer

AliasKit is provided “as is” and “as available” without warranties of any kind, whether express, implied, or statutory. We do not warrant that the service will be uninterrupted, error-free, or secure at all times.

We do not warrant that budget tracking will accurately reflect real-world spending, that card encryption will prevent all possible data exposure, or that our API will be available 100% of the time.

We make reasonable efforts to maintain uptime and security, but we disclaim all implied warranties including merchantability, fitness for a particular purpose, and non-infringement to the maximum extent permitted by law.

In the event AliasKit's servers are compromised and encrypted card blobs are exposed, AliasKit's liability remains subject to the limitation in Section 7. The client-side encryption architecture means encrypted blobs cannot be used without your card encryption key, which is never held by AliasKit.

7.Limitation of liability

In no event shall AliasKit's total cumulative liability to you, for any and all claims under or related to these terms, whether in contract, tort, or otherwise, exceed the greater of (a) the total fees paid by you in the 12 months preceding the claim, or (b) $100.

To the maximum extent permitted by applicable law, AliasKit (including its officers, directors, employees, and affiliates) shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

• •Financial losses from purchases made using cards stored in AliasKit
• •Unauthorised access to your card data due to loss of your encryption key
• •Loss of data, revenue, or profits
• •Service interruptions or downtime
• •Actions taken by your AI agents using AliasKit-provisioned identities
• •Any damages resulting from third-party services your agents interact with

This limitation applies regardless of the legal theory (contract, tort, negligence, strict liability, or otherwise).

8.Indemnification

You agree to indemnify, defend, and hold harmless AliasKit and its officers, directors, employees, and affiliates from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to: (a) your use of the service, (b) your violation of these terms, (c) your violation of any third-party rights, (d) any purchases or transactions made using cards stored in AliasKit, or (e) the actions of any AI agents operating under your account.

9.Data handling and privacy

Your data is handled in accordance with our Privacy Policy. Key points relevant to these terms:

• •Card details are encrypted on your device and stored as an encrypted blob we cannot read
• •Card encryption keys are never sent to or stored on our servers
• •All resources are isolated per organisation with row-level security
• •API keys are hashed at rest
• •We log card reveal attempts including IP address, user agent, timestamp, and declared amounts
• •We do not sell your data to third parties
• •Data is deleted within 30 days of account closure

10.Payment and billing

Paid plans are billed monthly. You can upgrade, downgrade, or cancel your plan at any time from your dashboard. Downgrades take effect at the end of the current billing period.

We reserve the right to change pricing with 30 days' notice. Existing subscriptions will continue at their current rate until the next renewal after the notice period.

11.Intellectual property

AliasKit owns all rights to the service, API, documentation, and brand. You retain ownership of your data and any code you build using our API.

We grant you a limited, non-exclusive, non-transferable licence to use the service in accordance with these terms and your plan. You may not reverse engineer, decompile, or attempt to extract the source code of the service.

12.Changes to these terms

We may update these terms from time to time. When we make material changes, we will notify you by email or through a notice in the dashboard at least 14 days before the changes take effect.

Continued use of AliasKit after the effective date of updated terms constitutes acceptance of those terms. If you do not agree with the changes, you may close your account before the effective date.

13.Governing law and disputes

These terms are governed by the laws of England and Wales. Until AliasKit's operating entity is registered, any disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.

Any disputes arising from these terms or your use of the service shall be resolved through good-faith negotiation first. If negotiation fails, disputes shall be submitted to the courts of England and Wales.

14.Severability and entire agreement

If any provision of these terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

These terms, together with the Privacy Policy, constitute the entire agreement between you and AliasKit regarding the service.

15.Force majeure

AliasKit is not liable for any failure or delay in performing its obligations caused by circumstances beyond its reasonable control, including but not limited to cloud provider outages, infrastructure failures, natural disasters, government orders, or network disruptions.

16.Contact

If you have questions about these terms, contact us at legal@aliaskit.com.

TL;DR on card liability

• ⚠AliasKit is infrastructure, not a bank. We never see your card details.
• ⚠You own your card key. Lose it and we cannot help.
• ⚠You are responsible for everything your agents buy.
• ⚠Budget tracking is advisory. Use your bank's spending limits as the real control.
• ⚠Use a virtual card with a spending cap. This is the single best thing you can do to limit risk.