Terms of Service

Last updated: March 15, 2026

These Terms of Service (“Terms”) govern your access to and use of the Navil Cloud Service, APIs, and related services provided by Navil (“we,” “our,” or “Navil”). By creating an account or using the Service, you agree to be bound by these Terms. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

The open-source Navil Gateway, licensed under Apache 2.0, is not governed by these Terms. The Gateway runs on your infrastructure under its own license. These Terms apply solely to the proprietary Cloud Service, APIs, and Threat Intelligence Feed.

1. Definitions

“Service” means the Navil Cloud Service, including the cloud dashboard, backend API, Threat Intelligence Feed, and all related hosted functionality available at www.navil.ai.

“Gateway” means the open-source Navil security proxy, scanner, anomaly detectors, and CLI tools, licensed under Apache License 2.0 and deployed on your own infrastructure.

“Cloud Service” means the proprietary hosted components of Navil, including the dashboard, backend API, authentication system, and cloud-hosted threat intelligence processing.

“User” means any individual who accesses the Service under an Organization account.

“Organization” means the entity (company, team, or individual) that registers for the Service and manages billing, members, and configuration.

“Agent” means an AI agent, automated system, or software client that connects to MCP Servers through the Gateway or Service.

“API Key” means the authentication credential issued by Navil to authorize access to the Service.

“MCP Server” means any server implementing the Model Context Protocol that provides tools, resources, or data to AI Agents.

“Threat Intelligence Feed” means the aggregated, anonymized threat data distributed by Navil to participating users, derived from community contributions and Navil's own research.

“Customer Data” means any data you transmit to or process through the Service, including telemetry events, configuration data, and audit logs. Customer Data does not include account registration information or anonymized threat intelligence contributions.

2. Service Description

Navil provides a security gateway for the Model Context Protocol (MCP). The Service consists of two distinct components:

The Gateway (open-source, Apache 2.0) is a reverse proxy, configuration scanner, policy engine, and anomaly detection system that runs on your infrastructure. It operates independently of the Cloud Service. Your use of the Gateway is governed by the Apache License 2.0, not these Terms.

The Cloud Service (proprietary) provides a hosted dashboard, backend API, authentication, Threat Intelligence Feed, LLM-powered analysis, and cloud telemetry processing. The Cloud Service is governed by these Terms.

The Gateway can function fully without the Cloud Service. The Cloud Service enhances the Gateway with centralized management, threat intelligence, and advanced analytics but is not required for core security functionality.

3. Account Registration & Organization

You must register an account to use the Cloud Service. You agree to provide accurate registration information and keep it current. Authentication is handled through our identity provider (Clerk).

Each account belongs to an Organization. Organizations support two roles:

• Admin: manages billing, members, Organization settings, API keys, and policies. The account creator is the initial Admin.
• Developer: has operational access to the dashboard, telemetry, alerts, and Gateway configuration. Developers cannot modify billing or manage members.

You are responsible for all activity under your Organization's account, including activity by Users you invite. You must promptly notify us at legal@navil.ai if you become aware of unauthorized access.

4. Acceptable Use Policy

You agree not to:

• Use the Service to attack, probe, or disrupt systems you are not authorized to test. The Gateway's penetration testing features (e.g., navil pentest) are designed to test your own defenses — not third-party systems.
• Reverse-engineer, decompile, or disassemble the Cloud Service. This restriction applies to the proprietary Cloud Service only. The Gateway is open-source and you may inspect, modify, and redistribute it under its Apache 2.0 license.
• Circumvent rate limits, tier restrictions, or usage quotas through any technical means, including but not limited to creating multiple free-tier accounts to aggregate limits.
• Share, publish, or transfer API Keys or credentials to unauthorized third parties. API Keys are issued to your Organization and must not be embedded in publicly accessible code, repositories, or configurations.
• Use the Service to process data in violation of applicable law, including but not limited to data protection regulations, export controls, and sanctions.
• Submit false, misleading, or intentionally corrupted data to the Threat Intelligence Feed.

We may suspend or terminate your access for violations of this policy. Where feasible, we will provide notice and an opportunity to cure before termination, except where immediate action is necessary to protect the Service or other users.

5. Fees & Billing

Current pricing for Service tiers is published at www.navil.ai/pricing and may be updated from time to time. Material price increases will be communicated with at least sixty (60) days' notice via email to Organization Admins.

Paid tiers are billed in advance on a monthly or annual cycle. All fees are in US dollars and exclude applicable taxes.

Upgrades take effect immediately. You will be charged a pro-rated amount for the remainder of the current billing cycle. Downgrades take effect at the start of the next billing cycle. No refunds are issued for unused time within a billing cycle.

We rate-limit rather than terminate. If you exceed your tier's rate limit, API requests will be throttled (HTTP 429) until the rate window resets. We will not suspend or terminate your account solely for exceeding rate limits. If you consistently exceed your tier limits, we may recommend an upgrade but will not force one.

6. Threat Intelligence & Give-to-Get Model

6.1 Community Tier Contributions

Community tier users participate in the give-to-get model. By using the Community tier, you consent to contributing anonymized threat data to the Threat Intelligence Feed. This data is aggregated with contributions from other participants and redistributed as the community threat feed.

6.2 What IS Contributed

Community tier contributions include only: anomaly type classifications, tool sequence hashes (one-way, irreversible), severity scores, detection timestamps, and categorical metadata (e.g., “RECONNAISSANCE,” “DATA_EXFILTRATION”). All agent identities are replaced with one-way HMAC-SHA256 hashes using a per-deployment secret before transmission.

6.3 What is NEVER Contributed

The following are never included in threat intelligence contributions: payload content, request or response bodies, API keys or credentials, email addresses, IP addresses, file paths, server URLs, tool arguments, prompt content, or any personally identifiable information (PII). A runtime allowlist enforces these restrictions, and a ValueError is raised if a banned field is detected before transmission. You can audit the exact data transmitted by inspecting navil/cloud/telemetry_sync.py in the open-source Gateway.

6.4 Opting Out

You may opt out of threat intelligence contributions by upgrading to the Pro tier or above. Community tier users who disable cloud sync (NAVIL_DISABLE_CLOUD_SYNC=true) will lose access to the Threat Intelligence Feed. The give-to-get model requires participation: you contribute anonymized signals to receive community-sourced threat intelligence in return.

6.5 No Sale of Raw Telemetry

Navil does not sell raw telemetry data. Threat intelligence is derived from aggregated, anonymized contributions and is distributed solely to participating Navil users and paid subscribers.

7. Intellectual Property

The Gateway is licensed under the Apache License 2.0. You may use, modify, and redistribute the Gateway under the terms of that license. These Terms do not modify or restrict your rights under the Apache 2.0 license.

The Cloud Service, including its source code, dashboard, APIs, backend systems, threat intelligence processing, and documentation, is the proprietary property of Navil. All rights not expressly granted in these Terms are reserved.

Your Data remains yours. You retain all ownership rights in your Customer Data. You grant Navil a limited, non-exclusive license to process your Customer Data solely for: (a) operating and improving the Service, (b) generating anonymized, aggregated threat intelligence (for Community tier users as described in Section 6), and (c) complying with applicable law.

8. Service Level

Community, Pro, and Team tiers are provided on a best-effort basis. We target 99.9% uptime for the Cloud Service but do not guarantee it for these tiers.

Enterprise tier customers receive a Service Level Agreement (SLA) with defined uptime commitments, response times, and remedies as specified in a separate Master Service Agreement (MSA).

Scheduled maintenance will be announced at least 48 hours in advance via the Service dashboard and status page at status.navil.ai. We will make reasonable efforts to schedule maintenance during low-traffic windows.

The Gateway is self-hosted and operates independently. Cloud Service downtime does not affect the Gateway's core security functionality (proxy, policy enforcement, anomaly detection, scanning).

9. Data Processing

We process data in accordance with our Privacy Policy (see www.navil.ai/privacy). With respect to Customer Data, Navil acts as a data processor on your behalf. You remain the data controller.

Data Processing Agreements (DPAs) are available on request for Team and Enterprise tier customers. DPAs cover the scope of processing, sub-processor management, data deletion obligations, audit rights, and breach notification. Contact legal@navil.ai to request a DPA.

International data transfers are handled via the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as fallback. See our Privacy Policy for details on data locations and sub-processors.

10. Limitation of Liability

To the maximum extent permitted by applicable law:

Our total aggregate liability for any claims arising from or related to the Service shall not exceed the total fees you paid to Navil in the twelve (12) months immediately preceding the event giving rise to the claim. For Community tier users who have not paid fees, our aggregate liability shall not exceed fifty US dollars ($50).

Neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill, regardless of the theory of liability and even if advised of the possibility of such damages.

Exceptions: The above limitations do not apply to (a) either party's indemnification obligations under Section 11, (b) liability arising from willful misconduct or gross negligence, (c) data breaches caused by Navil's gross negligence in implementing reasonable security measures, or (d) your obligations to pay fees owed.

11. Indemnification

You agree to indemnify Navil against third-party claims, damages, and expenses (including reasonable attorneys' fees) arising from: (a) your violation of these Terms, (b) your use of the Service in a manner that violates applicable law, or (c) your Customer Data.

Navil agrees to indemnify you against third-party claims that the Cloud Service (excluding the open-source Gateway) infringes a valid patent, copyright, or trademark. This obligation does not apply if the claim arises from (a) your modifications to the Service, (b) use of the Service in combination with third-party products not provided by Navil, or (c) your continued use of a version of the Service after being notified of a non-infringing alternative.

The indemnified party must (a) promptly notify the indemnifying party of any claim, (b) grant the indemnifying party sole control of the defense and settlement, and (c) provide reasonable cooperation at the indemnifying party's expense.

12. Termination

Either party may terminate these Terms with thirty (30) days' written notice for any reason.

Immediate termination: Either party may terminate immediately upon written notice if the other party materially breaches these Terms and fails to cure the breach within fifteen (15) days of receiving notice.

Upon termination:

• You will have a 30-day data export window to retrieve your Customer Data through the dashboard or API.
• After the export window, we will permanently delete your Customer Data within thirty (30) days, except as required by law or as part of existing anonymized threat intelligence (which cannot be attributed to you).
• Your access to the Cloud Service will cease. The open-source Gateway will continue to function independently on your infrastructure — termination of these Terms has no effect on your Apache 2.0 license.

Sections 7 (Intellectual Property), 10 (Limitation of Liability), 11 (Indemnification), and 14 (Governing Law) survive termination.

13. Modifications to Terms

We may modify these Terms from time to time. Material changes will be communicated with at least thirty (30) days' notice via email and a dashboard notification.

Continued use of the Service after the notice period constitutes acceptance of the modified Terms. If you do not agree to the changes, you may terminate your account before the changes take effect.

14. Governing Law & Dispute Resolution

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles.

Disputes under $250,000: Any dispute arising from these Terms shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted in English, and the arbitrator's decision shall be final and enforceable in any court of competent jurisdiction.

Disputes over $250,000: Either party may bring suit in the federal or state courts located in Delaware, and both parties consent to the exclusive jurisdiction of those courts.

Exception: Either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or confidential information.

15. General Provisions

Severability: If any provision of these Terms is found unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full effect.

Waiver: Failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

Entire Agreement: These Terms, together with the Privacy Policy and any applicable DPA or MSA, constitute the entire agreement between you and Navil regarding the Service and supersede all prior agreements, understandings, and representations.

Assignment: You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of substantially all of our assets, provided the assignee agrees to be bound by these Terms.

Force Majeure: Neither party shall be liable for delays or failures in performance resulting from events beyond its reasonable control, including natural disasters, acts of government, pandemics, internet outages, or denial-of-service attacks.

16. Contact

For questions about these Terms:

• Email: legal@navil.ai
• Web: www.navil.ai