Terms of Use

By accessing or using any Vaultex software, website, API, or associated services (collectively, the "Services"), you agree to be bound by these Terms of Use ("Terms"). If you do not agree, do not use the Services. These Terms constitute a binding legal agreement between you (individually or on behalf of the entity you represent, "User") and Vaultex ("we", "us", "our"). Use of the Services constitutes acceptance of any future revisions to these Terms, which will be posted at vaultex.space/terms.

Vaultex provides a self-hosted AI privacy gateway that intercepts outbound prompts, tokenizes detected personally identifiable information (PII) using Microsoft Presidio NER, and forwards sanitized prompts to third-party large language model (LLM) providers. Responses are de-tokenized on the return path in accordance with role-based access control (RBAC) rules configured by the User. The Services are available in two forms: • Open-Source (MIT license): The core tokenization engine, published at github.com/sammy995/vaultex-core. Governed by the MIT License in addition to these Terms. • Hosted / Commercial: The web UI hosted at vaultex.space, managed SaaS tiers, and enterprise feature sets. Governed solely by these Terms and any applicable Order Form.

THE SERVICES ARE PROVIDED AS A TECHNICAL TOOL ONLY. VAULTEX DOES NOT PROVIDE LEGAL, COMPLIANCE, REGULATORY, OR PROFESSIONAL ADVICE OF ANY KIND. While Vaultex is architected to support compliance with regulations including GLBA, GDPR, HIPAA, and CCPA, use of the Services does not, by itself, ensure or guarantee regulatory compliance. Final compliance determinations are your sole responsibility and should be made in consultation with qualified legal counsel, a Data Protection Officer (DPO), or other compliance professionals. Vaultex makes no representations or warranties that the Services satisfy any specific regulatory requirement in any jurisdiction.

You are solely responsible for: a) Securing your local infrastructure, including the Docker host, Redis instance, API keys, and any secrets stored in environment variables. b) Configuring RBAC policies, retention policies, and access controls appropriate to your organization's regulatory obligations. c) Ensuring that any third-party LLM provider you connect (Anthropic, OpenAI, Ollama, or otherwise) is approved for use under your data governance policies. d) Validating that the Presidio NER engine correctly identifies all PII categories relevant to your use case. Presidio is a probabilistic system; misclassifications may occur. e) Obtaining all necessary consents from data subjects before processing their personal data through the Services. f) Maintaining an audit trail and evidence pack sufficient for your jurisdiction's regulatory requirements.

You agree not to use the Services to: • Process data in violation of any applicable law, regulation, or third-party rights; • Reverse-engineer, decompile, or attempt to extract the source code of any closed-source component; • Resell, sublicense, or white-label the Services without express written permission; • Attempt to circumvent security controls, rate limits, or access controls; • Upload malware, harmful code, or data that infringes any intellectual property rights; • Use the Services in any manner that could reasonably expose Vaultex or its users to legal liability.

Self-Hosted (Starter / Open-Source): All data remains on your infrastructure. Vaultex has no access to, and does not collect, any prompt data, PII, or tokenization vault contents. Hosted / SaaS: If you use hosted tiers, please refer to our Privacy Policy (vaultex.space/privacy) for details on what data we process, how it is stored, and your rights as a data subject. Third-Party LLMs: When you route prompts to Anthropic, OpenAI, or other cloud LLM providers, those providers process the tokenized prompts under their own terms of service and privacy policies. Raw PII is not transmitted; however, you remain responsible for compliance with any data transfer restrictions in your jurisdiction.

Open-Source Components: The vaultex-core repository is released under the MIT License. You may use, copy, modify, and distribute it subject to the license terms. Proprietary Components: The Vaultex brand, UI, closed-source gateway extensions, compliance tooling, and associated documentation are the exclusive intellectual property of Vaultex. No license to these materials is granted beyond what is necessary to use the Services as described herein.

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, OR UNINTERRUPTED OPERATION. We do not warrant that: (a) the Services will meet your specific compliance requirements; (b) the PII detection engine will identify all sensitive data in all contexts; (c) the Services will be error-free or available without interruption.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VAULTEX AND ITS AFFILIATES, DIRECTORS, EMPLOYEES, OR AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, GOODWILL, OR BUSINESS INTERRUPTION, ARISING FROM YOUR USE OF OR INABILITY TO USE THE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL VAULTEX'S TOTAL AGGREGATE LIABILITY EXCEED THE GREATER OF (A) THE AMOUNTS PAID BY YOU TO VAULTEX IN THE TWELVE MONTHS PRECEDING THE CLAIM, OR (B) USD $100.

You agree to indemnify, defend, and hold harmless Vaultex and its affiliates from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising from: (a) your use of the Services; (b) your violation of these Terms; (c) any data breach or regulatory action arising from your infrastructure or policies; (d) any third-party claim relating to your processing of personal data.

We reserve the right to modify these Terms at any time. Changes will be posted at vaultex.space/terms with an updated "Last Updated" date. Continued use of the Services following any modification constitutes your acceptance of the revised Terms. If a modification is material, we will make reasonable efforts to notify registered users at least 14 days in advance.

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which Vaultex is incorporated, without regard to conflict of law principles. Any disputes arising from these Terms shall first be submitted to good-faith negotiation. If unresolved, disputes shall be subject to binding arbitration or the exclusive jurisdiction of courts in that jurisdiction, as applicable.

For questions about these Terms, please contact us at: hello@vaultex.space