1. Acceptance of terms
By creating a TokenFluid account, running the TokenFluid CLI, or using any TokenFluid service, you agree to these terms. If you do not agree, do not use the service. These terms apply to every interaction you have with the SaaS control plane and to the CLI when it talks to that control plane.
If you are using TokenFluid on behalf of an organization, you represent that you have authority to bind that organization. The organization is then responsible for the actions of its members on the platform. These terms run between you (or your organization) and TokenFluid, and they govern the relationship as long as your account exists.
2. Beta service
TokenFluid is currently in public beta. The service is provided as-is, without a service-level agreement, and may change at any time. Features may be added, removed, or modified based on what we learn during beta. We will not change the privacy model in a way that weakens it without explicit notice.
Beta is free. We are not charging for the service during this period. There is no commitment, explicit or implied, that any specific feature will remain available. There is also no commitment that beta access will continue indefinitely — though we will give you notice before ending it.
We may pause or end the beta at any time. If we do, we will give you a way to export your cloud metadata and a reasonable window to wind down active sessions. Your local index and working sets will keep working — they live on your machine and do not depend on the service continuing.
3. Your responsibilities
You own your code. You approve every patch the agent proposes. You are responsible for what your agent does inside the sandbox and for what gets applied to your working tree once you approve. TokenFluid surfaces diffs for review — it does not decide for you.
You are responsible for keeping your account credentials and API keys secure. If a key leaks, revoke it from the dashboard immediately. We cannot recover a key once it is lost, and we cannot undo requests made with a key before revocation. Treat API keys like passwords.
You are responsible for ensuring that your use of TokenFluid complies with your organization's policies, your local laws, and the licenses of any code you index. TokenFluid does not inspect your repo for license compliance — that is your call, not ours.
4. No code storage
We do not store your source code in TokenFluid Cloud. This is a product-level commitment, not a configuration option. The cloud account stores metadata — repo hash, file paths, task type, privacy mode, token estimates, timestamps. It does not store your repo, your SQLite index, your mounted working set, or your patches.
The API validators enforce this in code: any request whose body contains a field named source, code, files, content, patch, snippet, diff, text, or body is rejected before it reaches the database. If a future client bug tried to send source, the server would refuse it. The privacy policy describes this in more detail.
If you opt into a future diagnostic mode that allows snippet transmission, that mode will be off by default, will require explicit opt-in, and will be governed by a separate addendum to these terms. As of the beta, no such mode is enabled.
5. Acceptable use
You agree not to abuse the service. Abuse includes: attempting to access another user's account or organization, reverse engineering the service or its protocols for the purpose of building a competing product, scraping our dashboard or API for data that is not yours, and using the service to store or transmit content that is illegal in your jurisdiction.
You agree not to attempt to extract another user's source code from our systems. Because we do not store source code, this should not be possible — but if you find a way, it is a vulnerability, not a feature, and reporting it through security@tokenfluid.dev is the right move.
We may suspend or terminate accounts that violate these rules. For most violations, we will reach out first and ask you to stop. For violations that put other users at risk, we may suspend immediately and notify you after. We will reinstate accounts when the issue is resolved.
6. Limitation of liability
TokenFluid is provided as-is. To the maximum extent permitted by law, we are not liable for any direct, indirect, incidental, or consequential damages arising from your use of the service. This includes damage to your code, your working tree, your repository, your build, your tests, or your deployment.
You acknowledge that the agent operates inside a sandbox that you control and that patches apply only with your approval. If a patch breaks your code, that is the cost of approving it — TokenFluid surfaced the diff, you said yes. We built the product so you can say no.
Some jurisdictions do not allow limitations of liability for certain types of damages. In those jurisdictions, the limitations above apply to the maximum extent permitted by law. Nothing in these terms limits liability that cannot be limited under applicable law.
7. Changes to terms
We may update these terms as the product evolves. When we do, we will bump the last-updated date at the top of this page and notify active users by email. Material changes will be announced at least 14 days before they take effect, giving you time to review and decide whether to keep using the service.
If you do not agree to the updated terms, your recourse is to stop using the service. Continuing to use TokenFluid after the effective date of updated terms constitutes acceptance. We will not retroactively change terms for past behavior — the version in effect at the time governs.
The privacy model is treated specially. We will not weaken the privacy commitments in these terms or in the privacy policy without explicit, prominent notice. Strengthening them does not require notice; weakening them always does.
8. Contact
Questions about these terms go through the contact form. We will answer them, and we will use recurring questions to improve this document. If you need to escalate a terms-related issue, mark the subject line clearly and we will route it to a human quickly.
For legal notices that require a formal delivery method, please email legal@tokenfluid.dev. We will acknowledge receipt within 5 business days. Routine questions do not need to go through legal@ — that address exists for formal notices only.
Contact
For questions about these terms, please use the contact form. We read every message and we will route terms questions to the right person on our side.