These Terms of Service (“Terms”) govern your use of the STACK platform, including the website at getstack.run, the API at api.getstack.run, the MCP server at mcp.getstack.run, the SDKs, the CLI, and any related services (collectively, the “Service”). By creating an account or otherwise using the Service, you agree to these Terms. If you don't agree, don't use the Service.

1. Account & access

You must be at least 16 (EU/UK/EEA) or 13 (US, COPPA) to use the Service. If you're using STACK on behalf of an organisation, you confirm you have authority to bind that organisation.
You're responsible for keeping your magic-link email + API keys secure. STACK uses no passwords; losing access to your email or to your API key means losing access to your account.
You're responsible for all activity under your account, including agents you create, passports you issue, and credentials you connect.

2. Acceptable use

You agree not to:

Use the Service for anything illegal, fraudulent, or that violates third-party rights.
Connect credentials you don't have authority to use (e.g. a Stripe key from someone else's account, an OAuth token from an unauthorised source).
Use STACK to attack, probe, or attempt to gain unauthorised access to any system — yours or anyone else's. Penetration testing of your own infrastructure is allowed if you have authorisation.
Use STACK to send spam, distribute malware, harvest personal data without consent, or run any operation prohibited by law in your jurisdiction or in Sweden / the EU.
Reverse engineer, decompile, or attempt to extract source code beyond what's explicitly published (the SDKs are open source; the platform itself isn't).
Resell, sublicense, or rebrand the Service without a written agreement. Building on top of the Service for your customers is fine — that's the product.
Circumvent rate limits, tier caps, or usage-metering mechanisms (multi-account abuse, billing fraud, etc.).
Train competing AI/agent infrastructure products on data you obtain through the Service.

We can suspend or terminate your account if you violate these rules. Where the violation is time-sensitive (active attack, ongoing fraud), we may suspend immediately and notify you after.

3. Your content & data

You own the data you put into STACK — your agents, your passports, your skills, your audit log entries, your credentials. We don't claim ownership and we don't sell or share it for advertising. We process your data only to provide the Service (Privacy Policy explains how).

You grant us a limited license to process your data as necessary to operate the Service: store, transmit, display in your dashboard, route through proxies you configure, encrypt at rest, back up, and retain for the period stated in the Privacy Policy. This license terminates when you delete your account, except for audit-log retention required by law.

We do not train AI/ML models on your account data, your credentials, your passport contents, or your audit log. Detector signals (prompt-injection, scope-drift, etc.) are evaluated per-request and not used for cross-account training.

4. Agents you operate

STACK is infrastructure for AI agents you control. The agents themselves — what they say, what they do with the credentials and passports you grant them — are your responsibility. STACK provides the proxy, the audit trail, the detectors, the kill switch. We don't supervise your agents' output or actions. If your agent does something illegal or harmful, that's on you, not on STACK.

Behavioural detectors emit signals (e.g. credential_burst, scope_drift) but those signals are advisory. We do not automatically deny service, suspend accounts, or take legal action based on detector output — those are signals for your own review and your own decisions.

5. STACK's intellectual property

STACK (the platform, brand, design, documentation, and proprietary backend code) is ours. The SDKs and CLI we publish to npm + PyPI are licensed under their stated open-source licenses (see the package repositories). Nothing in these Terms transfers ownership of STACK's IP to you; nothing transfers ownership of your data to us.

You may use the STACK name, logo, and screenshots to describe your integration with STACK (e.g. “built on STACK”, blog posts, customer presentations) without prior permission. You may not imply STACK endorses your product, and you may not use our brand in a way that's likely to mislead.

6. Subscriptions, billing, refunds

Pricing tiers + per-unit overage prices are listed at /pricing and may change with 30 days' notice for paying customers.
The Free tier remains available subject to the limits stated on /pricing. We reserve the right to adjust the Free tier's limits (this has happened in dev-tools history; we'll communicate before doing so).
Payment is processed by Stripe (and by Stripe Connect for publisher payouts). You agree to Stripe's terms when you submit payment information.
Subscriptions auto-renew until cancelled. You can cancel from your account settings; cancellation takes effect at the end of the current billing period.
Refunds: wallet top-ups + recent (≤30 days) subscription charges refundable on request, less any usage already consumed. Past usage and per-skill invocations are non-refundable. Contact hello@getstack.run.

7. Beta features

STACK ships features marked “beta” or “preview” from time to time. These features may change, break, or be removed without notice. Use them with that understanding. Beta features carry no SLA, no uptime guarantee, and no support commitment beyond best-effort.

8. Third-party services

STACK connects to third-party services (Stripe, OpenAI, Anthropic, OAuth providers, BankID, etc.) at your direction. When you connect a credential, we follow that third party's terms when calling their API on your behalf. We're not responsible for those third parties' uptime, pricing, or behaviour. If they break, your STACK integration with them breaks.

9. Disclaimers

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE SERVICE WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE. STACK'S DETECTORS AND AUDIT MECHANISMS ARE DESIGNED TO HELP YOU OVERSEE AGENTS BUT DO NOT GUARANTEE PREVENTION OF ALL HARMFUL AGENT BEHAVIOUR.

STACK is not legal advice. The EU AI Act compliance mapping at /compliance/eu-ai-act describes how STACK's primitives address specific clauses; it does not replace your own legal review or your conformity assessment.

10. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, STACK'S TOTAL AGGREGATE LIABILITY FOR ANY CLAIM ARISING FROM OR RELATING TO THE SERVICE IS LIMITED TO THE GREATER OF (A) THE FEES YOU PAID US IN THE TWELVE MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED EUROS (€100). STACK IS NOT LIABLE FOR INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION. THESE LIMITS APPLY EVEN IF WE'VE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Some jurisdictions don't allow these limitations, in which case the limits apply to the maximum extent permitted there. Nothing in these Terms limits liability for things that can't be limited by law (e.g. gross negligence, wilful misconduct, statutory consumer rights).

11. Indemnity

You agree to defend and indemnify STACK from claims arising from (a) your use of the Service in violation of these Terms, (b) your agents' behaviour, (c) the credentials you connected and the actions taken with them, and (d) any third-party rights you violated. We'll notify you of claims promptly and you can choose counsel reasonably acceptable to us.

12. Termination

You can delete your account from /account at any time. We can suspend or terminate your account if you violate these Terms, if your account has been inactive for more than 12 months on the Free tier, if required by law, or if continuing to provide the Service to you would expose us or our users to material risk.

On termination: account data is deleted per the retention schedule in the Privacy Policy. Audit logs persist for legal-retention periods. API keys and passports are revoked. Outstanding subscription fees for the current period remain due.

13. Governing law & disputes

These Terms are governed by Swedish law. Disputes arising under these Terms are subject to the exclusive jurisdiction of the courts of Stockholm, Sweden, except that consumer-rights claims may be brought in the courts of the consumer's habitual residence per the EU consumer-protection rules.

We prefer to resolve disputes by talking first. If you have an issue, email hello@getstack.run and we'll respond. Most things get sorted that way.

14. Changes to these Terms

We may update these Terms when our practices change or when law requires it. Material changes are announced 30 days in advance to active operators by email and via the “Last updated” date at the top. Minor edits (typos, clarifications, link updates) happen without notice. Continuing to use the Service after the effective date of an update means you accept the updated Terms.

15. Miscellaneous

Severability: if a clause is held unenforceable, the rest stays in effect.
No waiver: failing to enforce a right doesn't waive it.
Assignment: you can't assign these Terms without our consent. We can assign them in a merger, acquisition, or sale of substantially all assets, with notice to you.
Entire agreement: these Terms + the Privacy Policy + any specific subscription order form are the full agreement between us. No prior promises survive.

16. Contact

Questions about these Terms: hello@getstack.run.