Terms of Service
Effective date: June 1, 2026
Last updated: June 1, 2026
Operator: toolweave (sole proprietor: Andrii Sparysh, Ukraine)
Contact: admin@toolweave.dev
Important. toolweave is currently in closed beta. These Terms describe a free, invite-only service offered "as is" while we test the product. They are not a final commercial agreement. We will issue an updated version before introducing paid plans, and existing users will be notified.
1. Acceptance
By creating an account, generating an MCP token, or otherwise accessing toolweave.dev ("the Service"), you ("you", "user") agree to these Terms. If you do not agree, do not use the Service.
toolweave is a multi-tenant gateway that exposes a single Model Context Protocol (MCP) endpoint backed by tools from multiple third-party providers (e.g. Anthropic, OpenAI, Google, Firecrawl, GitHub). The Service:
- Routes your MCP requests to those providers using either:
- Your own API keys (BYO — "bring your own"), or
- toolweave's pooled keys (when your package permits)
- Allows you to define Custom Connectors to additional REST APIs via AI-assisted discovery
- Tracks usage in tokens and provides analytics
toolweave does not train AI models. We pass your requests through to providers and return the result.
3. Eligibility
You must:
- Be at least 18 years old, or have legal capacity to enter contracts in your jurisdiction
- Not be located in a country subject to a comprehensive US or EU embargo
- Not be on any government denied-party / sanctions list
4. Your account
- Access is invite-only. We may issue or revoke invites at our discretion during beta.
- You are responsible for keeping your MCP tokens secret. Anyone holding a token can make requests charged to your account.
- You are responsible for the security of API keys you upload to toolweave (e.g. your OpenAI key). We encrypt them at rest (Fernet AES-128-CBC) but cannot guarantee perfect security — see Section 11.
- Notify us immediately at admin@toolweave.dev if a token or key is compromised.
- One person, one account. Sharing accounts violates these Terms.
5. Your data
- Conversations / prompts: we do not store the content of your MCP requests after they're routed to providers. Provider responses pass through and are returned to you. Per-request metadata (provider, action, tokens used, success/error) is logged for billing and analytics.
- API keys you upload (BYO): stored encrypted at rest. Used only to authenticate your requests to the relevant provider.
- Account data: email, package, usage history, invite history.
- Custom Connectors: the schemas you create (endpoint URLs, parameter names) are stored unencrypted; the API key you attach to each connector is stored encrypted.
We do not sell user data. We do not share it with third parties except:
- Routing to providers as needed for the Service
- When legally required (subpoena, court order)
- To service providers we use to operate (Railway hosting, email delivery)
6. Third-party providers
toolweave is a gateway. When you use a provider through toolweave:
- The provider's terms also apply to that interaction
- The provider receives your prompt content and any data you submit
- We are not responsible for provider availability, accuracy, or data handling
- Provider rate limits, outages, or policy changes may affect your use
A non-exhaustive list of providers we route to: Anthropic, OpenAI, Google (Gemini, Veo), fal.ai, Suno, Firecrawl, GitHub, Railway, Vercel, Alpha Vantage, Finnhub, Twelve Data, SEC EDGAR, Kraken.
7. Usage limits
- Each package has a monthly token budget and connector limit. Exceeding them blocks further requests until the next billing cycle.
- Custom Connector discovery has a lifetime cap (default: 10 attempts per account). Admin can raise it on request.
- We may throttle or suspend accounts showing abuse patterns: scraping behavior, automated mass-discovery, attempts to exfiltrate other users' data, etc.
8. Acceptable use
You may not use the Service to:
- Generate or distribute content that is illegal in your jurisdiction or in Ukraine
- Generate CSAM, non-consensual intimate imagery, or content depicting real minors in sexual or violent contexts
- Generate content intended for harassment, doxxing, or to incite violence
- Attempt to access other users' accounts, tokens, or data
- Reverse-engineer the Service to extract proprietary code (note: our backend is closed-source; the landing page and dashboard HTML are inherently public)
- Resell access to the Service or expose it as your own product without written consent
- Probe or attack toolweave.dev infrastructure (security research with prior coordination is welcomed — email admin@toolweave.dev)
- Configure Custom Connectors that target internal networks (RFC 1918, 169.254/16, localhost) — we block these at the connector layer but you must not attempt to bypass
Violation may result in account suspension or termination without refund (when paid plans exist).
9. AI-generated content
When you use AI tools through toolweave:
- You are responsible for verifying the accuracy of model outputs before relying on them
- Outputs may be incorrect, biased, or contain fabricated information ("hallucinations")
- Outputs are not professional advice (legal, financial, medical, etc.)
- Some providers retain rights to certain training-related uses of inputs — check their terms (notably OpenAI, Google, Anthropic each have different policies on enterprise vs free tier data usage)
- You retain ownership of your inputs to the extent the underlying provider allows
- You assume the risk of using AI outputs in production systems
10. Custom Connectors
When you create a Custom Connector:
- You represent that you have the right to access the target API per its terms
- You are responsible for the API key you attach
- toolweave's AI-assisted discovery is best-effort — generated schemas may be incomplete, contain errors, or misinterpret docs
- We do not test connectors against the target API on your behalf beyond optional manual checks you initiate
- API quota / billing on the target service is between you and that service — we are not a billing intermediary
11. Security and data integrity
We take reasonable measures to protect the Service:
- Encrypted storage of API keys (Fernet)
- HTTPS everywhere
- Multi-tenant isolation by user ID in all data queries
- Railway-hosted (their security posture: SOC 2 Type II)
However:
- We are a small operation and cannot guarantee absolute security
- Breaches may occur. If they do, we will notify affected users by email within 72 hours of discovery
- You acknowledge the residual risk of using a beta SaaS product to process sensitive data
We recommend you do not use toolweave (during beta) for:
- Production workloads with regulated data (HIPAA, PCI-DSS, GDPR sensitive categories)
- Mission-critical automation where downtime causes real damage
12. Beta status, availability, and changes
- The Service is in closed beta. Features may change, be removed, or be reworked without notice.
- Uptime is best-effort. No SLA exists during beta.
- We may suspend the Service entirely for maintenance, security incident response, or operational reasons.
- We may modify these Terms at any time. Material changes will be announced via email to active users at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.
13. Pricing (future)
- During beta the Service is free to invited users.
- We will publish pricing tiers before introducing paid plans. Existing users will be notified at least 30 days before any pricing change applies.
- Token-based billing applies independently of provider costs. When a request routes to a provider via toolweave's pooled key, toolweave's tokens cover both gateway services and the provider's API charge. When using your own key (BYO), only toolweave's gateway tokens are deducted.
14. Termination
You may delete your account at any time. Email admin@toolweave.dev with the request. Within 30 days we will:
- Revoke all your MCP tokens
- Delete encrypted API keys
- Delete custom connectors
- Retain usage_log entries (anonymized to deleted-user reference) for billing reconciliation
- Retain audit logs of significant security-relevant events for up to 12 months
We may terminate your account if you breach these Terms, with notice when feasible.
15. Intellectual property
- toolweave (the brand, the codebase, the landing visual identity) belongs to Andrii Sparysh.
- You retain rights to content you create through the Service (subject to provider terms).
- The "splice the genome of intelligence" tagline, the 3-thread sigil, and the cyberpunk visual treatment are trademarks (registration pending).
- If you build something interesting with toolweave and want to credit us, "Powered by toolweave" is welcomed.
16. Disclaimer of warranties
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
We do not warrant that:
- The Service will be uninterrupted, secure, or error-free
- AI outputs will be accurate, complete, or fit for any specific purpose
- Custom Connector discovery will produce correct schemas
- Third-party providers will remain available or maintain their current terms
17. Limitation of liability
To the maximum extent permitted by law, neither toolweave nor Andrii Sparysh shall be liable for:
- Indirect, incidental, special, consequential, or punitive damages
- Loss of profits, data, business, or goodwill
- Costs of substitute services
- Provider downtime, data loss, or policy changes
- Damages exceeding $100 USD or the fees you paid in the 12 months preceding the claim (whichever is greater)
This limitation applies regardless of legal theory and even if we have been advised of the possibility of such damages.
18. Indemnification
You agree to indemnify and hold harmless toolweave and Andrii Sparysh from any claims, damages, or expenses arising from:
- Your use of the Service in violation of these Terms
- Your violation of any law or third-party right
- Content you generate or process through the Service
- Custom Connectors you create that violate the target API's terms
19. Governing law and disputes
These Terms are governed by the laws of Ukraine without regard to conflict-of-law principles.
Any dispute shall first be addressed by good-faith email negotiation with admin@toolweave.dev. If unresolved within 30 days, disputes shall be submitted to the courts of Kyiv, Ukraine, except where mandatory consumer protection law in your jurisdiction grants you additional rights.
For users in the European Union: nothing in these Terms diminishes your statutory rights under EU consumer law.
20. Miscellaneous
- Entire agreement: these Terms, together with the Privacy Policy, constitute the entire agreement between you and toolweave regarding the Service.
- Severability: if any provision is held unenforceable, the rest remains in effect.
- No waiver: failure to enforce a provision is not a waiver of future enforcement.
- Assignment: you may not assign these Terms. We may assign them in connection with a sale of the business or its assets.
21. Changes to these Terms
We may update these Terms. The "Effective date" at the top indicates the current version. Material changes are announced by email at least 14 days in advance.
A copy of the current Terms is always available at https://toolweave.dev/docs/terms and as raw markdown at https://toolweave.dev/docs/terms.md.
Questions? Email admin@toolweave.dev.
This document was prepared in good faith for a closed-beta SaaS product. It is not a substitute for legal advice. For paid commercial use, a more comprehensive agreement may be required.