LEGAL

Terms of Service

Terms of Service

Effective date: 12 May 2026
Version: 1.0

Welcome to Adrian. These Terms of Service ("Terms") govern your use of Adrian, our security monitoring product for AI agents. By creating an account or using Adrian, you agree to these Terms. If you do not agree, do not use Adrian.

If you have questions, email legals@secureagentics.ai.

1. The agreement

1.1 These Terms form a legally binding contract between Secure Agentics Ltd (company number 16108754, registered at 128 City Road, London, EC1V 2NX, United Kingdom; "Secure Agentics", "we", "us", "our") and you ("Customer", "you").

1.2 If you are using Adrian on behalf of an organisation, you confirm you have authority to bind that organisation to these Terms, and "you" refers to that organisation.

1.3 You must be at least 18 years old to enter into these Terms.

1.4 These Terms incorporate by reference our Privacy Notice at https://secureagentics.ai/privacy-policy and Schedule 1 (Data Processing Agreement) below.

2. The Adrian service

2.1 Adrian is a security monitoring product for AI agents. It consists of:

  • A software development kit (the "SDK") that you install in your AI agent code.
  • A hosted backend that ingests telemetry from the SDK, classifies it, and returns verdicts (the "Service").
  • A web-based control plane for account management, configuration, dashboards, and alerts (the "Dashboard").

2.2 The SDK is open source and licensed separately under the Apache Licence 2.0 (see Section 9). These Terms govern your use of the hosted Service and Dashboard, not your use of the SDK source code itself.

2.3 We may add, remove, or change features of the Service at any time. We will give reasonable notice of material changes through the product or by email.

2.4 Adrian is currently a launch product. Some features are still in development and the Service may change frequently.

3. Your account

3.1 You sign up for Adrian using a supported single sign-on (SSO) provider. We do not store passwords.

3.2 You are responsible for maintaining the security of the SSO account you use to access Adrian, and for all activity that takes place under your account.

3.3 You agree to provide accurate information at signup and to keep it up to date.

3.4 We may refuse to create an account or suspend an existing one where we reasonably believe doing so is necessary to protect the Service, other users, or to comply with the law.

4. Acceptable use

4.1 You may only use Adrian for its intended purpose, which is to monitor and control AI agents that you build, run, or are responsible for.

4.2 You must not:

  • Use Adrian to monitor agents you do not have permission to monitor.
  • Use Adrian in a way that breaches the law or any third-party rights.
  • Reverse engineer, decompile, or attempt to extract our backend models or proprietary detection logic, except to the extent the law expressly permits.
  • Probe, scan, or test the vulnerability of the Service, or breach or circumvent our security or usage controls, except under a written security testing agreement with us.
  • Use Adrian to build a competing product, or to train models that compete with our detection models.
  • Submit content to the Service that you know is malware, ransomware, or otherwise designed to harm us or other users (other than as legitimate test data your agent has already encountered).
  • Use Adrian to monitor or process data about people under 16 unless you have contacted us first and we have agreed in writing.
  • Use Adrian to monitor or process special category data (as defined in UK GDPR Art 9) unless you have contacted us first and we have agreed in writing.
  • Exceed the usage limits set out in Section 6 or attempt to circumvent them.

4.3 We may investigate suspected breaches of this Section, and we may suspend or terminate your account in line with Sections 15 and 16 if we find one.

5. Your responsibility for your agent and your data

5.1 Adrian helps you monitor and control your AI agent. You remain fully responsible for:

  • The design, behaviour, and outputs of your agent.
  • The data your agent processes, including obtaining any consents and lawful bases needed under data protection law.
  • Any decisions, actions, or omissions that result from using Adrian, including any choice you make to enable or disable BLOCK mode.
  • Compliance with the law in the places you and your end users are located.

5.2 Adrian is a monitoring tool, not a guarantee of security or safety. Even when working as intended, Adrian may:

  • Miss harmful or out-of-policy behaviour by your agent (false negatives).
  • Flag or block legitimate behaviour by your agent (false positives).
  • Be unavailable for periods of time (see Section 6).

You accept these inherent limitations as part of using the Service.

5.3 If you enable BLOCK mode, you accept that Adrian's intervention may interrupt your agent's execution. You are responsible for ensuring this is appropriate for your use case and for any downstream effects.

6. Service availability and usage limits

6.1 We aim to keep the Service available but we do not commit to any specific uptime at this stage. We may need to take the Service offline for maintenance, updates, or to respond to security issues. We will give notice where practical.

6.2 The Service operates token-based usage limits. Current limits are 100,000 tokens per hour, 500,000 per day, and 2,500,000 per calendar month per account, measured against the output tokens of our backend models. We may change these limits, and we will give reasonable notice if we lower or increase them.

6.3 If you exceed the limits, the Service may stop classifying your events until the next window. Your agent will continue to run; Adrian will simply not receiving traffic, classifying, or monitoring your agent.

6.4 We may rate-limit, throttle, or temporarily suspend your account if we reasonably believe usage is excessive, abusive, or risks affecting other users.

7. Fees

7.1 At launch, Adrian is provided free of charge. There are no fees, subscriptions, or charges for use of the Service.

7.2 We may introduce paid tiers in the future. If we do, we will give you reasonable notice and you will be able to choose whether to subscribe to a paid tier or stop using the Service.

7.3 Nothing in these Terms obliges us to offer the Service free of charge in the future.

8. Intellectual property

8.1 Our IP. As between you and us, we own the Service, the Dashboard, our detection models, our backend code, our brand, and any improvements to any of them. We grant you a non-exclusive, non-transferable, revocable licence to use the Service and Dashboard in line with these Terms while these Terms are in force.

8.2 Your IP. You retain all rights in your AI agent code, your agent configuration, the prompts and data your agent processes, and any other content you submit to the Service ("Customer Content"). You grant us a non-exclusive, worldwide, royalty-free licence to host, copy, transmit, display, and process Customer Content solely as needed to provide the Service to you and to comply with our legal obligations.

8.3 Aggregated and anonymised data. We may generate aggregated and anonymised statistics about how the Service is used (for example, total event volumes, false positive rates, model performance metrics). This data does not identify you or any individual. We may use it freely, including after these Terms end. We will not improve or train detection models on raw event data without your consent (see Section 10.4).

8.4 Feedback. If you give us feedback, suggestions, or ideas about the Service, you agree we may use them without restriction or obligation.

9. Open source SDK

9.1 The Adrian SDK source code is open source and licensed under the Apache Licence, Version 2.0, the full text of which is included with the source distribution and is available at https://www.apache.org/licenses/LICENSE-2.0.

9.2 You may use the SDK source code under the terms of the Apache Licence 2.0, including for self-hosted deployments where you do not connect to our hosted Service.

9.3 If you use the SDK to connect to our hosted Service, the Service itself is governed by these Terms.

10. Privacy and data protection

10.1 Our Privacy Notice at https://secureagentics.ai/privacy-policy explains how we collect, use, and protect personal data. By using Adrian you confirm you have read it.

10.2 Where you and we are jointly involved in processing personal data about identifiable third parties (for example, the end users of your agent), Schedule 1 (Data Processing Agreement) applies. In that scenario you are the controller and we are the processor under UK GDPR Art 28.

10.3 You are responsible for ensuring you have a valid lawful basis under data protection law for any personal data your agent processes and that we receive through the SDK.

10.4 At launch, we do not train our detection models on your raw event data. If we introduce model training in a future version, we will update this Section and our Privacy Notice, give you notice, and offer an opt-out.

11. Confidentiality

11.1 Each party may receive non-public information from the other ("Confidential Information"). Each party will protect the other's Confidential Information with at least the same care it uses for its own confidential information, and at least reasonable care.

11.2 This Section does not restrict either party from disclosing Confidential Information that:

  • Becomes publicly available through no fault of the receiving party.
  • Was already known to the receiving party without obligation of confidence.
  • Is independently developed without use of the other's Confidential Information.
  • Must be disclosed by law (in which case the receiving party will, where lawful, give prior notice).

11.3 This Section survives termination for three years.

12. Warranties and disclaimers

12.1 We provide Adrian on an "as is" and "as available" basis.

12.2 To the maximum extent permitted by law, we exclude all warranties, conditions, and representations, whether express or implied, including any implied warranties of satisfactory quality, fitness for a particular purpose, accuracy, or non-infringement.

12.3 We do not warrant that:

  • Adrian will detect or prevent any specific malicious, misaligned, or out-of-policy behaviour.
  • Adrian will be free of false positives or false negatives.
  • The Service will be uninterrupted, error-free, or completely secure.
  • Any defect will be corrected within a particular time.

12.4 Nothing in these Terms excludes any warranty or condition that cannot be excluded under law.

13. Limitation of liability

13.1 Nothing in these Terms limits or excludes either party's liability for:

  • Death or personal injury caused by negligence.
  • Fraud or fraudulent misrepresentation.
  • Any other liability that cannot be limited or excluded under law.

13.2 Subject to Section 13.1:

  • Neither party is liable for indirect, special, or consequential losses, loss of profit, loss of revenue, loss of business, loss of goodwill, loss of data, or wasted management time, even if foreseeable.
  • Our total aggregate liability to you under or in connection with these Terms in any 12-month period is capped at the total amount you paid us in fees during that 12-month period. For free use, that amount is zero, so our liability for free use is limited to zero except where Section 13.1 applies.

13.3 You acknowledge that the cap in Section 13.2 reflects the fact that the Service is provided free of charge and that we have priced the risk accordingly.

14. Your indemnity

14.1 You will indemnify and hold us harmless from and against any third-party claim, and any direct losses, damages, costs, and expenses (including reasonable legal fees) we incur, arising from:

  • Your breach of these Terms.
  • Your breach of the law in connection with your use of Adrian.
  • Your AI agent's actions, outputs, or decisions, including where Adrian failed to detect or prevent them.
  • Any claim by an end user of your agent in connection with your use of Adrian.

14.2 We will give you prompt notice of any claim under this Section, give you reasonable cooperation, and not settle without your consent (which you will not unreasonably withhold).

15. Term and termination

15.1 These Terms start when you create your account and continue until terminated.

15.2 You may terminate at any time by closing your account in the Dashboard or by emailing us at support@secureagentics.ai. Termination takes effect immediately.

15.3 We may terminate these Terms or your account:

  • For convenience, on at least 30 days' written notice.
  • Immediately, if you materially breach these Terms and (where the breach is capable of remedy) do not remedy it within 14 days of notice.
  • Immediately, if we reasonably believe immediate termination is necessary to protect the Service, other users, or to comply with the law.
  • Immediately, if we discontinue the Service.

15.4 On termination:

  • Your right to use the Service ends.
  • Sections 5.1, 8, 11, 12, 13, 14, 17, 18, and 19 survive.
  • We will delete your Customer Content in line with the retention periods in our Privacy Notice unless we are required to keep it for a longer period by law.

16. Suspension

16.1 We may suspend your access to the Service immediately and without prior notice if we reasonably believe:

  • You are in material breach of these Terms.
  • Your use of the Service threatens the security or integrity of the Service or other users.
  • We are required to suspend access by law or by a competent authority.

16.2 We will tell you why we have suspended your access as soon as reasonably practical, and we will lift the suspension once the underlying issue is resolved, unless we have terminated under Section 15.

17. Changes to these Terms

17.1 We may change these Terms from time to time. The current version is at https://secureagentics.ai/terms.

17.2 If we make a material change, we will give you reasonable notice (typically by email or through the Dashboard) before it takes effect.

17.3 If you do not accept a material change, your remedy is to stop using the Service. Continued use after a change takes effect means you accept the change.

18. Governing law and jurisdiction

18.1 These Terms, and any dispute or claim arising out of them or their subject matter, are governed by the laws of England and Wales.

18.2 The courts of England and Wales have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms.

19. General

19.1 Entire agreement. These Terms (including the Privacy Notice and Schedule 1) are the entire agreement between you and us about the Service. They supersede any prior agreement or understanding.

19.2 No partnership or agency. Nothing in these Terms creates a partnership, agency, or employment relationship.

19.3 Assignment. You may not assign or transfer these Terms without our written consent. We may assign these Terms in connection with a corporate reorganisation, merger, or sale of substantially all of our assets, on notice to you.

19.4 Severability. If any part of these Terms is found unenforceable, the rest remains in force.

19.5 No waiver. Failing to enforce a right under these Terms does not waive it.

19.6 Notices. We will give you notices by email to the address on your account, or by posting in the Dashboard. You will give us notices by emailing legals@secureagentics.ai.

19.7 Third parties. No one other than you and us has any rights under these Terms (the Contracts (Rights of Third Parties) Act 1999 does not apply).

19.8 Force majeure. Neither party is liable for failure to perform caused by events outside its reasonable control.

Schedule 1 - Data Processing Agreement

This Schedule applies whenever you use Adrian to process personal data about identifiable third parties (for example, end users of your agent who are not you). It does not apply where the only personal data we process about you is your own data as the data subject (covered by our Privacy Notice).

Terms used in this Schedule have the meaning given to them in UK GDPR.

S1.1 Roles

S1.1.1 You are the Controller of personal data about third parties that your agent processes and that we receive through the SDK.

S1.1.2 We are the Processor of that personal data, acting on your documented instructions.

S1.1.3 Each party will comply with its obligations under applicable data protection law.

S1.2 Scope of processing

The detail of the processing is set out in Annex A (Processing Details).

S1.3 Your instructions

S1.3.1 We will process Customer Content only on your documented instructions, including for international transfers, unless we are required to process it by UK or EU law (in which case we will tell you about that requirement before processing, unless that law prohibits us from doing so).

S1.3.2 Your instructions are: (a) the configuration choices you make in the Dashboard, (b) these Terms and this Schedule, and (c) any further written instructions you give us by email.

S1.3.3 We will tell you if we believe an instruction breaches data protection law.

S1.4 Confidentiality

We will ensure that our staff who access Customer Content are bound by appropriate confidentiality obligations.

S1.5 Security

S1.5.1 We will maintain appropriate technical and organisational measures to protect Customer Content, in line with UK GDPR Art 32. The current measures are summarised in Annex C.

S1.5.2 We may update Annex C from time to time, provided the protection of Customer Content is not materially diminished.

S1.6 Sub-processors

S1.6.1 You give us a general authorisation to engage sub-processors. The current sub-processors are listed in Annex B.

S1.6.2 We will tell you of any new sub-processor at least 14 days before they begin processing Customer Content. You may object on reasonable data protection grounds, in which case we will work with you to find a workable alternative or, if we cannot, you may terminate the affected part of the Service.

S1.6.3 We will impose data protection obligations on each sub-processor that are materially equivalent to those in this Schedule.

S1.7 International transfers

S1.7.1 Where Customer Content is transferred outside the UK or EEA, we will rely on a transfer mechanism recognised under UK GDPR or EU GDPR (as applicable). The current mechanisms are set out in our Privacy Notice.

S1.7.2 You authorise us to enter into the UK International Data Transfer Agreement, EU Standard Contractual Clauses, and any equivalent mechanism on your behalf and as your agent for the purposes of any sub-processor transfer.

S1.8 Data subject rights

S1.8.1 We will assist you in responding to data subject requests under UK GDPR Articles 15 to 22, taking into account the nature of the processing.

S1.8.2 If a data subject contacts us directly, we will redirect them to you (unless we are required by law to respond directly).

S1.9 Personal data breach

S1.9.1 We will tell you without undue delay after becoming aware of a personal data breach affecting Customer Content, and in any event within 48 hours.

S1.9.2 We will provide you with the information you reasonably need to comply with your obligations under UK GDPR Articles 33 and 34, to the extent that information is in our control.

S1.10 DPIAs and prior consultation

We will provide reasonable assistance with any data protection impact assessment or prior consultation that you are required to carry out under UK GDPR Articles 35 and 36, taking into account the nature of the processing and the information available to us.

S1.11 Audit

S1.11.1 We will make available to you the information reasonably necessary to demonstrate our compliance with this Schedule.

S1.11.2 You may audit our compliance with this Schedule no more than once per year, on at least 30 days' written notice, during business hours, at your cost, provided you do not unreasonably disrupt our operations and you sign a reasonable confidentiality undertaking. We may satisfy this obligation by providing recent third-party audit reports (such as ISO 27001 or SOC 2) if available.

S1.12 Return or deletion

S1.12.1 On termination of the Service, we will delete or return Customer Content in line with the retention periods set out in our Privacy Notice. You can request earlier deletion by emailing privacy@secureagentics.ai.

S1.12.2 We may keep Customer Content for longer if we are required to by law, in which case we will continue to apply the protections in this Schedule for as long as we hold it.

S1.13 Liability

The liability provisions in Section 13 of the Terms apply to this Schedule.

Annex A - Processing Details

Subject matter of processing: Provision of the Adrian security monitoring Service to the Customer.

Duration of processing: For the term of the Terms, plus the retention periods set out in our Privacy Notice.

Nature and purpose of processing: Ingesting telemetry from the Customer's AI agent through the SDK, classifying events, returning verdicts, and providing the Dashboard, alerts, and audit logs.

Types of personal data: Personal data that the Customer's AI agent encounters and that is captured by the SDK. This may include any category of personal data the agent processes. The SDK applies best-effort filtering to remove obvious personal data before transmission, but this is not a legal safeguard.

Categories of data subjects: Any individuals about whom the Customer's AI agent processes data. Typically this is the Customer's own users, customers, or counterparties.

Special category data: The Customer must not knowingly use Adrian to process special category data without prior written agreement with Secure Agentics.

Annex B - Sub-processors

The current sub-processors are listed in our Privacy Notice at https://secureagentics.ai/sub-processors. The list at the date of these Terms includes:

  • Amazon Web Services (cloud hosting, inference, storage; UK and US regions).
  • Microsoft (Microsoft 365 email, Teams, SharePoint).
  • Webflow (website hosting and analytics).
  • Our cookie consent management platform (consent record storage on the website).
  • Slack and Discord (alert delivery for users who configure these integrations).

Annex C - Technical and Organisational Measures

The following is a summary of the measures we apply to protect Customer Content. The full set is described in our Information Security Policy, available on request to enterprise customers and to regulators.

  • Encryption of Customer Content in transit (TLS) and at rest (production data stores).
  • Role-based access control for staff, with multi-factor authentication on systems holding Customer Content.
  • Access logging on customer data stores.
  • Tenant isolation tested in our deployment pipeline.
  • Vendor due diligence and data processing agreement before any sub-processor receives Customer Content.
  • Documented incident response procedure with a 72-hour ICO notification clock and customer notification under Section S1.9 of this Schedule.
  • Regular security testing and dependency scanning.