Terms of Service

These Terms of Service (“Terms”) constitute a legally binding agreement between you and Black-Diamond, Inc., a corporation (“Z-Gateway,” “we,” “our,” or “us”), governing your access to and use of the z-gateway platform and related services available at z-gateway.com (collectively, the “Service”).

By clicking “I agree,” by creating an account, or by accessing or using the Service in any manner, you agree to be bound by these Terms and our Privacy Policy, which is incorporated herein by reference. If you do not agree to these Terms, you must not access or use the Service.

If you are accessing or using the Service on behalf of a company, organization, or other legal entity (“your Organization”), you represent and warrant that you have the legal authority to bind that Organization to these Terms, and all references to “you” in these Terms shall refer to both you individually and your Organization. If you do not have such authority, you must not use the Service on behalf of that Organization.

You must be at least eighteen (18) years of age, or the age of legal majority in your jurisdiction (whichever is greater), and have the legal capacity to enter into a binding contract to use the Service.

Z-Gateway operates a hosted, multi-tenant runtime authorization platform for AI agents. The Service functions as a gateway — built on the Model Context Protocol (MCP) — that sits between a customer’s AI agents and the external tools those agents invoke (such as GitHub, Jira, Stripe, and database connectors). Every tool call made by an AI agent is intercepted by the Service, evaluated against customer-defined policies, and either permitted or blocked before the request reaches the underlying tool. Every policy decision is logged and made available for customer review through the dashboard and API.

The Service is provided on a subscription basis and includes features such as: workspace and agent management, policy configuration and enforcement, real-time audit logging, GitHub and database connector management, and a human-in-the-loop approval workflow for high-sensitivity tool calls. Feature availability varies by subscription tier as described in the pricing documentation.

The Service is provided “as is” as further described in Section 12. We reserve the right to modify, suspend, or discontinue any feature or aspect of the Service at any time, with reasonable advance notice where feasible. We will endeavor to provide at least thirty (30) days’ advance notice before discontinuing a material feature or the Service as a whole, except where emergency security actions necessitate immediate changes.

To use the Service, you must register for an account by providing accurate, current, and complete information. You agree to update your account information promptly if it changes. Providing false or misleading registration information is grounds for immediate termination of your account.

Each account is associated with one or more “workspaces,” which are the primary organizational unit within the Service. You are solely responsible for all activity that occurs under your account and within your workspaces, including the actions of AI agents you deploy, team members you invite, and integrations you connect.

You are responsible for maintaining the confidentiality of your account credentials, workspace API keys, and agent tokens. You must not share agent tokens or workspace API keys with unauthorized parties or store them in publicly accessible locations such as public source code repositories. You agree to notify us promptly — and in any event within twenty-four (24) hours — at security@z-gateway.com if you know or suspect that your account has been compromised or that any credentials have been disclosed to an unauthorized party.

We reserve the right to suspend or terminate accounts that we reasonably believe are being used in a manner that poses a security risk to the Service, to other customers, or to third parties, or that otherwise violate these Terms.

You agree to use the Service only for lawful purposes and in accordance with these Terms. Without limiting the generality of the foregoing, you agree that you will not use the Service to:

• Circumvent, disable, bypass, or otherwise interfere with the security features, policy enforcement mechanisms, access controls, or authentication systems of the Service or any system it connects to;
• Access, query, or attempt to access data belonging to any other customer’s workspace, agent, or account;
• Use the Service as a mechanism to facilitate unauthorized access to any third-party system, database, API, or service, including through the actions of AI agents you deploy through the Service;
• Reverse-engineer, decompile, disassemble, or attempt to derive the source code, algorithms, or trade secrets underlying the Service;
• Resell, sublicense, rent, lease, or otherwise make the Service available to any third party without our prior written consent;
• Use the Service for any purpose that violates applicable laws or regulations, including laws governing privacy, data protection, export controls, or anti-money laundering;
• Violate the intellectual property rights, privacy rights, or other legal rights of any third party through agents operating via the Service;
• Introduce, transmit, or distribute malware, viruses, worms, ransomware, or any other code designed to cause harm through or in connection with the Service;
• Use automated scripts, bots, or other mechanisms to abuse the Service’s API in a manner that exceeds normal operational use or that degrades performance for other customers, beyond the intended operation of authorized AI agents; or
• Conduct or facilitate distributed denial-of-service attacks, excessive API flooding, or any other action designed to overload or disrupt the infrastructure of the Service or systems it connects to.

Violation of these acceptable use obligations is grounds for immediate suspension or termination of your account and may subject you to civil or criminal liability.

To report suspected platform abuse or misuse, contact abuse@z-gateway.com.

The Service issues short-lived JSON Web Tokens (JWTs) to authenticate AI agents at runtime. When you create an agent credential within the Service, a secret value is generated and displayed to you exactly once. We store only a salted cryptographic hash of that secret — the plaintext value is not retrievable by us after the initial display. You are solely responsible for securely recording and storing this secret at the time of creation.

You acknowledge and agree that:

• You are fully responsible for the security of all agent credentials and issued tokens within your workspace;
• Bearer tokens issued to agents are short-lived and must not be forged, extended, modified, or reissued by any mechanism other than the Service;
• We may revoke any token or credential at any time without prior notice where we reasonably believe revocation is necessary to protect the security of the Service, your workspace, or third-party systems;
• We are not liable for any loss, damage, unauthorized access, or other harm resulting from the compromise, loss, or unauthorized disclosure of agent credentials or tokens that occurs on your side of the system boundary — including credentials exposed in source code, logs, environment files, or through social engineering of your personnel.

The Service offers a GitHub integration that allows your AI agents to call GitHub APIs through the Service’s authorization layer. To enable this integration, you must install our GitHub App into your GitHub account or organization. By doing so, you grant the Service the permissions specified during installation, and you represent and warrant that you have authority to install the App and grant those permissions.

You are solely responsible for determining which repositories and organizations you grant the GitHub App access to. You should apply the principle of least privilege and grant only the repository access necessary for your agents’ intended workflows. We will not expand the scope of GitHub permissions beyond what you have granted.

When your agents make tool calls targeting GitHub, the Service mints a short-lived GitHub installation access token using the GitHub App private key, executes the specific API call on your behalf, and discards the token immediately upon completion. These tokens are never persisted to the database. You acknowledge that GitHub’s terms of service and API usage policies govern the use of GitHub APIs, and you agree to use the GitHub integration in a manner consistent with those policies.

You may disconnect the GitHub integration at any time through the workspace connector settings. Disconnection revokes the Service’s ability to make new GitHub API calls on your behalf but does not delete existing audit log records of prior tool calls.

Access to certain features of the Service requires a paid subscription. Current plans, pricing, and feature entitlements are described on the pricing page at z-gateway.com/pricing, which is incorporated by reference. Pricing is subject to change with advance notice as described in this section.

All subscription fees are denominated in United States Dollars (USD) and are billed in advance on a monthly or annual basis, as selected at the time of purchase. Payment is processed by Stripe, Inc. By providing payment information and initiating a subscription, you agree to Stripe’s terms of service and authorize Stripe to charge the payment method on file for all applicable fees.

Subscriptions renew automatically at the end of each billing period (monthly or annual, as applicable) unless you cancel before the renewal date. To cancel, use the billing portal within the dashboard or contact us at billing@z-gateway.com. Upon cancellation, your subscription remains active until the end of the paid period, after which your workspace reverts to the applicable Free tier limits.

We do not provide refunds or credits for partial billing periods except where required by applicable law or as expressly agreed in writing. If you believe you have been charged in error, contact billing@z-gateway.com within thirty (30) days of the charge.

We may suspend access to the Service for accounts that have outstanding unpaid balances after providing reasonable notice. Price changes will be communicated at least thirty (30) days in advance of the next billing cycle in which they take effect, via email to the billing contact on file. Continued use of the Service after the effective date of a price change constitutes acceptance of the new pricing.

We offer a Free tier that provides limited access to the Service at no charge for evaluation and non-commercial use. The Free tier is currently subject to the following limitations: one workspace per account, one AI agent per workspace, monitor mode operation only (policy enforcement is observe-only, with no blocking of tool calls), and a three-day rolling retention window for tool call logs. Additional limitations may apply as described in the current pricing documentation.

Free tier users may not use the Service for commercial production deployments beyond reasonable evaluation purposes. We reserve the right to modify the features, limits, or availability of the Free tier, or to discontinue the Free tier entirely, with at least thirty (30) days’ advance notice. If the Free tier is discontinued, we will offer affected users the opportunity to transition to a paid plan or to export their data prior to discontinuation.

The Service, including all software, algorithms, designs, trademarks, service marks, trade names, logos, user interfaces, documentation, and all other content made available through the Service (collectively, “Platform IP”), is owned by or licensed to Black-Diamond, Inc. and is protected by applicable intellectual property laws. All rights not expressly granted in these Terms are reserved by Z-Gateway.

You retain all ownership rights in and to your data, including agent configurations, policy rule sets, workspace settings, and tool call log data generated within your workspace (collectively, “Customer Data”). By using the Service, you grant Z-Gateway a limited, non-exclusive, royalty-free license to process, store, and transmit Customer Data as necessary to provide the Service in accordance with these Terms and our Privacy Policy.

If you submit feedback, suggestions, bug reports, or ideas relating to the Service (“Feedback”), you agree that such Feedback is provided on a non-confidential basis and that Z-Gateway may use, disclose, and exploit such Feedback in any manner and for any purpose without restriction, compensation, or attribution to you.

Each party (each a “Receiving Party”) may receive or have access to non-public proprietary or confidential information of the other party (the “Disclosing Party,” and such information, “Confidential Information”) in connection with these Terms. Confidential Information includes, without limitation: Customer Data (which is deemed your Confidential Information); our pricing, roadmap, and technical architecture (which are our Confidential Information); and any information designated as confidential at the time of disclosure or that a reasonable party would recognize as confidential given the nature of the information and circumstances of disclosure. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was known to the Receiving Party prior to disclosure; (c) is independently developed by the Receiving Party without reference to the Confidential Information; or (d) is rightfully received from a third party without restriction.

Each Receiving Party agrees to: hold the Disclosing Party’s Confidential Information in strict confidence using at least the same degree of care it uses for its own confidential information (but no less than reasonable care); not use Confidential Information for any purpose other than performing its obligations or exercising its rights under these Terms; and not disclose Confidential Information to any third party except to employees, contractors, or service providers with a legitimate need to know who are bound by confidentiality obligations at least as protective as those in these Terms.

A Receiving Party may disclose Confidential Information to the extent required by applicable law or valid legal process, provided that it gives the Disclosing Party prompt prior written notice (to the extent legally permitted) sufficient to allow the Disclosing Party to seek a protective order or other appropriate relief. The confidentiality obligations in this section survive termination of these Terms for a period of three (3) years from the date of termination.

To the extent that your use of the Service involves the processing of personal data subject to applicable data protection laws (including the GDPR or CCPA), the parties acknowledge that you act as the data controller and Z-Gateway acts as a data processor processing personal data on your behalf. Our Privacy Policy describes the categories of data we process, the purposes of processing, and the technical and organizational measures we employ to protect personal data.

You are responsible for ensuring that: (a) you have a valid lawful basis under applicable law to deploy AI agents that call external tools through the Service; (b) your agents and policies comply with applicable data protection laws; and (c) where required, you have provided appropriate notices to, and obtained appropriate consents from, individuals whose data may be processed through agent tool calls routed through the Service.

Customers who require a formal Data Processing Agreement (DPA) reflecting GDPR or other legal requirements may request one by contacting legal@z-gateway.com. We will work in good faith to execute a mutually acceptable DPA with customers who have a legitimate need for one.

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.

To the maximum extent permitted by applicable law, Z-Gateway expressly disclaims all warranties, including: (a) any implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement; (b) any warranty that the Service will be uninterrupted, error-free, secure, or free from bugs, viruses, or other harmful components; (c) any warranty that tool call policy enforcement will detect or block all unauthorized, harmful, or unintended agent actions; (d) any warranty that the use of monitor mode or enforce mode will satisfy any particular legal, regulatory, or compliance requirement; and (e) any warranty regarding the accuracy, reliability, or completeness of audit logs generated by the Service.

You are solely responsible for configuring, validating, and testing policies within the Service to meet your own operational and compliance needs. Z-Gateway does not warrant that any specific policy configuration will achieve any particular security outcome, and you should not rely solely on the Service as your only mechanism for controlling AI agent behavior in regulated or safety-critical environments.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL Z-GATEWAY, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES.

This exclusion applies regardless of the theory of liability (whether in contract, tort, negligence, strict liability, or otherwise) and regardless of whether Z-Gateway has been advised of the possibility of such damages. Excluded damages include, without limitation: loss of revenue, profits, data, business, goodwill, or anticipated savings; costs of substitute goods or services; any damages resulting from unauthorized actions taken by your AI agents through or in spite of the Service; any damages resulting from third-party API failures or outages; any damages resulting from security incidents or unauthorized access to credentials on your side of the system boundary; and any damages resulting from your reliance on audit log data for compliance purposes.

In all cases, the total aggregate liability of Z-Gateway to you for any and all claims arising out of or related to these Terms or the Service shall not exceed the greater of: (a) the total fees actually paid by you to Z-Gateway in the twelve (12) calendar months immediately preceding the claim giving rise to liability, or (b) one hundred United States dollars ($100 USD).

Some jurisdictions do not permit the exclusion of certain warranties or the limitation of certain damages. To the extent such exclusions or limitations are not permitted under applicable law, they shall be limited to the maximum extent allowed. The limitations in this section reflect the allocation of risk between the parties and are an essential basis of the agreement between you and Z-Gateway.

You agree to indemnify, defend, and hold harmless Black-Diamond, Inc. and its officers, directors, employees, agents, successors, and assigns (collectively, “Indemnified Parties”) from and against any and all claims, demands, suits, proceedings, liabilities, losses, damages, penalties, fines, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to: (a) your access to or use of the Service in violation of these Terms; (b) the actions of AI agents deployed by you or your Organization through the Service, including any unauthorized access to, modification of, or harm to third-party systems caused by such agents; (c) your violation of any applicable law, regulation, or third-party right, including privacy rights, intellectual property rights, and data protection obligations; (d) Customer Data you submit to or process through the Service; or (e) any breach of your representations, warranties, or obligations under these Terms.

Z-Gateway reserves the right, at its own expense, to assume exclusive defense and control of any matter otherwise subject to indemnification by you, in which case you agree to cooperate fully with Z-Gateway in asserting any available defenses. You agree not to settle any such matter without Z-Gateway’s prior written consent.

You may cancel your account and terminate these Terms at any time by using the account deletion functionality in the dashboard settings or by contacting us at legal@z-gateway.com. Cancellation of a paid subscription does not terminate these Terms or your account until the end of the paid billing period; thereafter, your account reverts to Free tier terms or is closed as requested.

We may suspend or terminate your access to the Service, in whole or in part, at any time and without prior notice if: (a) you materially breach these Terms and (where the breach is remediable) fail to cure the breach within ten (10) days of notice; (b) you fail to pay any fees when due after reasonable notice; (c) we reasonably determine that your use of the Service poses an immediate security risk to the Service, other customers, or third parties; (d) we are required to do so by applicable law or regulatory mandate; or (e) you become the subject of bankruptcy, insolvency, or similar proceedings.

Upon termination for any reason: your right to access the Service immediately ceases; all agent tokens and workspace API keys are revoked; your Customer Data is retained for the periods described in the Privacy Policy and then permanently deleted; and any outstanding fees for the current billing period become immediately due. The following sections survive termination: Section 9 (Intellectual Property), Section 10 (Confidentiality), Section 11 (Data Processing), Section 12 (Disclaimer of Warranties), Section 13 (Limitation of Liability), Section 14 (Indemnification), Section 16 (Governing Law and Dispute Resolution), and Section 17 (General Provisions).

These Terms and any dispute arising out of or relating to these Terms or the Service shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.

Before initiating formal proceedings, the parties agree to attempt to resolve any dispute informally. The party asserting a dispute must provide written notice to the other at legal@z-gateway.com (for disputes directed to us) describing the nature and basis of the claim and the relief sought. The parties will attempt in good faith to resolve the dispute within sixty (60) calendar days of receipt of such notice.

If the dispute is not resolved within sixty (60) days, it shall be finally resolved by binding arbitration administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules then in effect. The arbitration shall be conducted by a single arbitrator. The seat of arbitration shall be Delaware, and the proceedings shall be conducted in English. The arbitrator’s award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

CLASS ACTION WAIVER.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, YOU AND Z-GATEWAY AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIMS AND MAY NOT PRESIDE OVER ANY FORM OF REPRESENTATIVE OR CLASS PROCEEDING.

Notwithstanding the agreement to arbitrate, either party may seek emergency injunctive or other equitable relief from a court of competent jurisdiction to protect intellectual property rights or enforce confidentiality obligations pending resolution of a dispute by arbitration. For such purposes, the parties consent to the exclusive jurisdiction of the courts located in Delaware.

• Entire Agreement: These Terms, together with the Privacy Policy and any order forms, addenda, or Data Processing Agreements executed by the parties, constitute the entire agreement between you and Z-Gateway with respect to the Service and supersede all prior and contemporaneous negotiations, representations, warranties, agreements, and understandings with respect to their subject matter.
• Severability: If any provision of these Terms is held by a court or arbitrator of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions of these Terms shall continue in full force and effect.
• Waiver: No failure or delay by either party in exercising any right, power, or remedy under these Terms shall operate as a waiver of that right. A waiver of any particular breach or default does not constitute a waiver of any subsequent breach or default.
• Assignment: You may not assign or transfer these Terms or any of your rights or obligations hereunder, whether by operation of law or otherwise, without our prior written consent, which shall not be unreasonably withheld for an assignment in connection with a merger or acquisition of your Organization. Z-Gateway may freely assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets.
• Notices: Legal notices to Z-Gateway must be sent by email to legal@z-gateway.com and, where required by law, by first-class mail or courier to our then-current registered address. We may send notices to you by email to the address associated with your account, and you agree that email notices are effective as of the date sent.
• Force Majeure:Neither party will be liable for any failure or delay in performance caused by circumstances beyond that party’s reasonable control, including natural disasters, acts of war or terrorism, labor disputes, governmental actions, internet service disruptions, third-party infrastructure failures (including cloud provider outages), or any other cause beyond the affected party’s reasonable control, provided that the affected party gives prompt notice and uses reasonable efforts to mitigate the impact.
• Relationship of the Parties: The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, employment, or fiduciary relationship between you and Z-Gateway.
• No Third-Party Beneficiaries: These Terms are for the sole benefit of the parties hereto and their respective successors and permitted assigns. Nothing in these Terms creates any third-party beneficiary rights.

We reserve the right to modify these Terms at any time. For non-material changes (such as typographic corrections or clarifications that do not alter your rights or obligations), we will update the “Last updated” date at the top of this page and the changes will be effective immediately.

For material changes — including changes that reduce your rights, increase your obligations, affect the arbitration or class action waiver provisions, or materially alter the description or limitations of the Service — we will provide at least thirty (30) days’ advance notice via email to the address associated with your account and via a prominent in-dashboard notification. Material changes will be specifically highlighted in the notice so that you can identify what has changed. If you do not agree to the modified Terms, you must stop using the Service and cancel your account before the new effective date. Your continued use of the Service after the effective date of any modification constitutes your acceptance of the modified Terms.

Questions about these Terms, requests for a Data Processing Agreement, or other legal inquiries should be directed to:

We endeavor to respond to all legal inquiries within thirty (30) business days of receipt.