Skip to content

UAPK Product Terms (non-enabling)

These terms apply to use of UAPK in demos, pilots, and production where agreed.

1) Scope & Nature of Offering

  • UAPK provides a signed, content-addressed manifest that governs AI workflows end-to-end (policy, capabilities, provenance, audit).
  • Deliverables include non-enabling documentation and configuration exemplars. Any operational keys, credentials, or enabling secrets are delivered out-of-band and are not stored on public websites.
  • The manifest may reference external services (connectors, vaults, stores) operated by you or your vendors.

2) Access & License

  • License: non-exclusive, non-transferable, revocable license to evaluate or operate UAPK in accordance with these terms and any Order/SOW.
  • Restrictions: no reverse engineering of proprietary components; no use to build competing governance frameworks except as permitted by applicable OSS licenses (if any).

3) Data Handling & Privacy

  • No-PII by default: by policy, UAPK configurations default to no retention of personal data unless explicitly enabled.
  • Runtime artifacts (e.g., request metadata, decision logs) may be written as content-addressed records (CID) for auditability. You are the controller for any personal data processed through your environment.
  • Provide appropriate notices and lawful basis for any personal data you ingest via UAPK-governed pipelines.

4) Security & Secrets

  • Manifests and audit anchors are designed to be tamper-evident (e.g., Merkle commitments) with post-quantum-ready signatures where supported. Keys/credentials must be kept in your secure vaults and are never placed in public repos or this site.
  • You are responsible for identity, access controls, and network boundaries of your environment.

5) Logs, Provenance & Audit

  • Each call may record a content hash (CID), timestamp, policy version, and capability context to enable forensic reconstruction.
  • You agree not to store secrets or payloads within public logs; use vaulted references.

6) Acceptable Use

  • Prohibited: unlawful processing, attempts to bypass policy guardrails, or use that violates third-party rights.
  • Safety: where guardrails trigger, execution may pause and require human-in-the-loop review.

7) IP & Feedback

  • UAPK specifications, runtime components, and brand assets remain the IP of their respective owners. Feedback you provide may be used to improve the offering.

8) Warranty & Liability

  • Provided “as is” during evaluation; for paid deployments, the SOW controls. No implied warranties.
  • Liability is limited and capped as specified in the applicable SOW or master terms; no indirect/special damages.

9) Compliance & Export

  • You are responsible for sectoral compliance (e.g., finance/health). Do not export or deploy contrary to applicable laws and sanctions.

10) Termination

  • Either party may terminate for material breach uncured within 30 days. Upon termination, cease use and delete non-public artifacts (excluding immutable records you must retain by law).

Notes for implementers: keep production configs in private repos, use vaulted secrets, and ensure policy defaults (no-PII, minimal retention) are documented in your DPIA/records of processing.