Terms of Service

These Terms of Service ("Terms") constitute a legally binding agreement between you and NeverTrust.ai ("NeverTrust.ai", "we", "us", or "our") governing your access to and use of the website located at nevertrust.ai (the "Site"), the NeverTrust.ai network agent software (the "Agent"), the web portal (the "Portal"), and any related services (collectively, the "Services").

By accessing or using the Site, installing the Agent, creating an account, registering for the waitlist, or otherwise engaging with our Services, you confirm that you have read, understood, and agree to be bound by these Terms and our Privacy Policy, which is incorporated into these Terms by reference.

If you are using the Services on behalf of an organisation, you represent and warrant that you have authority to bind that organisation to these Terms, and references to "you" include that organisation.

NeverTrust.ai is a network-layer security platform that helps organisations monitor and control AI-related outbound HTTPS traffic from enterprise devices. The Services include:

• Network Agent: a lightweight software agent installed on endpoint devices that intercepts, inspects, and classifies outbound HTTPS traffic to AI services using machine learning. The Agent operates via TLS interception with a locally-generated certificate authority.
• Web Portal: an online dashboard for managing devices, configuring security policies, reviewing audit events, managing team members, and downloading agent installers.
• Public Scanner: a free web-based tool that allows anyone to scan text for prompt injection, data exfiltration, and agentic behaviour patterns.
• Waitlist: a registration service for individuals expressing interest in NeverTrust.ai prior to receiving an account.
• Informational content: marketing pages and blog posts about AI agent security.

To use the Services, you must:

• Be at least 18 years of age
• Have the legal capacity to enter into a binding contract in your jurisdiction
• Not be prohibited from receiving services under applicable law, including Australian sanctions law

By using the Services, you represent and warrant that you meet these eligibility requirements.

4.1 Account Creation

To access the Portal and Agent features, you must create an account and associate it with an organisation. You agree to provide accurate and complete information during registration and to keep your account information current.

4.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must notify us immediately at [email protected] if you become aware of any unauthorised use of your account.

4.3 Organisation Administrators

Organisation administrators have the ability to manage team members, configure security policies, view audit events, and manage enrolled devices. Administrators are responsible for ensuring that their organisation's use of the Services complies with these Terms and applicable law.

5.1 Licence Grant

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable licence to install and use the Agent on devices owned or controlled by your organisation for the purpose of securing AI-related network traffic in accordance with your organisation's security policies.

5.2 How the Agent Works

The Agent operates at the network layer by creating a local TLS certificate authority and intercepting outbound HTTPS connections to AI services. It inspects request and response content using an embedded machine learning model to detect prompt injection, data exfiltration, and agentic behaviour. The Agent:

• Generates a device-local certificate authority (CA) — the CA private key never leaves the device
• Intercepts and classifies traffic to AI provider endpoints
• Sends security event metadata (classification scores, threat signals, URLs) to the Portal for audit purposes — response body content is never transmitted to the Portal
• Enforces organisation-defined security policies (block, caution, or allow)
• May automatically update its ML model from the Portal when a newer version is available

5.3 Fail-Open Design

5.4 Installation and Removal

The Agent is installed via platform-specific installers (macOS, Linux, Windows). You may uninstall the Agent at any time using the standard uninstallation procedure for your platform or via the Portal. Upon uninstallation, the Agent ceases all network interception and removes its local certificate authority.

5.5 Employee Notification

If you are an organisation deploying the Agent on employee devices, you are solely responsible for providing adequate notice to your employees about the Agent's installation and operation, including its TLS interception capabilities. We recommend that you obtain appropriate consent in accordance with applicable employment and privacy laws in your jurisdiction.

6.1 Plans

The Services are available under the following plan tiers: Pilot, Starter, Pro, and Enterprise. Feature availability, device limits, and pricing vary by plan. Current plan details are available on the Site or by contacting us.

6.2 Pilot Programme

Pilot plans provide free early access to the Services in exchange for feedback. Pilot access is granted at our discretion and may be subject to additional terms.

6.3 Payment

For paid plans, you agree to pay all fees associated with your selected plan. Fees are non-refundable except as required by applicable law, including the Australian Consumer Law. We reserve the right to change pricing with 30 days' prior notice.

6.4 Waitlist Registration

Waitlist registration is free of charge. Registering for the waitlist does not guarantee access to the Services. Waitlist positions are indicative only and we reserve the right to determine the order and timing of access at our absolute discretion.

You agree not to use the Site or Services to:

• Violate any applicable law, regulation, or third-party right, including intellectual property rights and privacy rights
• Deploy the Agent on devices without appropriate authorisation from the device owner
• Use the Agent for surveillance, espionage, or any purpose unrelated to AI security
• Submit false, misleading, or fraudulent information through any form or API
• Reverse engineer, decompile, or disassemble the Agent software, except as permitted by applicable law
• Interfere with, disrupt, or damage the Site, Portal, or their infrastructure, including through denial-of-service attacks, malware, or unauthorised access attempts
• Attempt to circumvent rate limits, authentication mechanisms, or security controls
• Scrape, crawl, or extract data from the Site or Portal in bulk without our express written consent
• Attempt to probe, scan, or test the vulnerability of the Site or any related system without our written authorisation
• Use automated means (including bots or scripts) to register multiple accounts or waitlist entries
• Impersonate any person or entity or misrepresent your affiliation with any person or entity
• Use the Public Scanner to submit content that is illegal, harassing, or that infringes third-party rights

We reserve the right to suspend or terminate your access to the Services if we reasonably believe you have engaged in any of the conduct described above.

The ML model classifies traffic into four categories: benign, prompt injection, data exfiltration, and agentic behaviour. Classification scores are indicative and subject to the model's training data and limitations. We continuously work to improve accuracy but make no guarantee that the model will detect all threats or that all detections will be accurate.

Similarly, the Public Scanner provides indicative analysis only and should not be relied upon as a definitive assessment of content safety.

The Public Scanner is a free tool available without an account. By submitting content to the Public Scanner, you acknowledge and agree that:

• Submitted text may be stored and used to improve our machine learning models
• Feedback you provide (agree/disagree votes and comments) may be used for model training
• You must not submit content that contains personal information, confidential data, or trade secrets belonging to others
• Scanner results are indicative only and do not constitute security advice

10.1 Our Intellectual Property

The Site, Portal, Agent, and all of their content, including but not limited to text, graphics, logos, interface design, code, ML models, product names, trademarks, and service marks, are owned by or licensed to NeverTrust.ai and are protected by Australian and international intellectual property laws.

Nothing in these Terms grants you any right, title, or interest in our intellectual property beyond the limited licences expressly granted herein.

10.2 Your Data

You retain ownership of any data you submit through the Services, including organisation configuration, security policies, and team information. You grant us a limited licence to process this data solely for the purpose of providing and improving the Services.

10.3 Feedback

If you provide us with any feedback, suggestions, or ideas regarding the Services ("Feedback"), you grant us a worldwide, royalty-free, irrevocable, perpetual licence to use, reproduce, and incorporate that Feedback into our products and services without obligation or restriction. You waive any moral rights you may have in such Feedback to the extent permitted by law.

The Site and Services are provided on an "as is" and "as available" basis. To the maximum extent permitted by law, we make no representations or warranties, express or implied, regarding the Site or Services, including but not limited to:

• That the Services will be uninterrupted, error-free, or free of viruses or other harmful components
• That the Agent will detect or block all security threats
• That ML classifications will be accurate, complete, or reliable
• That the Services will meet your specific security requirements
• That the Agent will not interfere with legitimate network traffic or applications

To the maximum extent permitted by applicable law, and subject to any non-excludable guarantees under the Australian Consumer Law, NeverTrust.ai and its officers, directors, employees, and agents will not be liable to you for:

• Any indirect, incidental, special, consequential, or punitive damages
• Loss of profits, revenue, data, goodwill, or other intangible losses
• Security incidents, data breaches, or AI-related threats that the Agent failed to detect or prevent
• Legitimate traffic that was incorrectly blocked or disrupted by the Agent
• Damages arising from the Agent's fail-open behaviour when the Portal is unreachable
• Damages arising from your reliance on ML classifications or security assessments
• Damages arising from unauthorised access to or alteration of your data or transmissions
• Damages arising from the conduct of any third party in relation to the Services

Where our liability cannot be excluded, it is limited to the maximum extent permitted by law, and in any event to the greater of: (a) the fees paid by you in the 12 months preceding the claim; or (b) AUD $100.

You agree to indemnify, defend, and hold harmless NeverTrust.ai and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising from or relating to:

• Your breach of these Terms
• Your violation of any applicable law or third-party right
• Your deployment of the Agent on devices without appropriate authorisation or employee notification
• Any data or content you submit through the Services
• Your reliance on the Agent's classifications or security assessments for compliance or regulatory purposes

To the extent that we process personal data on your behalf in connection with the Services, we do so as a data processor under your instructions as the data controller. Our processing activities are limited to what is necessary to provide the Services and as described in our Privacy Policy.

You acknowledge that the Agent collects and transmits security event metadata to the Portal, including device identifiers, hostnames, URLs, ML classification scores, and threat signals. Response body content is never transmitted. You are responsible for ensuring that your use of the Services, including any data processed by the Agent, complies with applicable data protection laws.

The Site may contain links to or integrations with third-party websites or services that are not owned or controlled by NeverTrust.ai. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

Our collection and use of personal information is governed by our Privacy Policy. By using the Services, you consent to the collection and use of your personal information as described in that policy.

We reserve the right to terminate or suspend your access to the Services at any time, without notice, if we reasonably believe you have violated these Terms or for any other reason at our discretion.

You may close your account at any time through the Portal account settings. Organisation deletion is subject to a 30-day grace period during which data is retained in case of accidental deletion. You may also withdraw from the waitlist by contacting us at [email protected].

Upon termination: (a) your right to use the Services ceases immediately; (b) you must uninstall the Agent from all devices; (c) we may delete your account data after the retention period. Provisions of these Terms that by their nature should survive termination will continue to apply, including intellectual property rights, disclaimers, indemnification, and limitations of liability.

We may update these Terms at any time. When we do, we will update the effective date at the top of this page. Continued use of the Services after any changes constitutes your acceptance of the revised Terms.

If we make material changes, we will take reasonable steps to notify you, which may include sending an email to the address associated with your account or displaying a notice in the Portal.

These Terms are governed by the laws of New South Wales, Australia, without regard to its conflict of law principles. You irrevocably submit to the exclusive jurisdiction of the courts of New South Wales and the Federal Court of Australia for the resolution of any dispute arising under or in connection with these Terms.

Before commencing any legal proceedings, the parties agree to first attempt to resolve any dispute through good-faith negotiation for a period of at least 30 days following written notice of the dispute.

20.1 Entire Agreement

These Terms, together with our Privacy Policy and any plan-specific terms, constitute the entire agreement between you and NeverTrust.ai with respect to the Services, and supersede all prior communications and agreements.

20.2 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, or severed if modification is not possible. The remaining provisions will continue in full force and effect.

20.3 No Waiver

Our failure to enforce any provision of these Terms on one occasion will not constitute a waiver of our right to enforce it on any subsequent occasion.

20.4 Assignment

You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations without restriction.

20.5 Force Majeure

We will not be liable for any delay or failure to perform our obligations under these Terms where such delay or failure arises from causes beyond our reasonable control.

If you have any questions about these Terms, please contact us: