Acceptable Use Policy

1. Scope

This Acceptable Use Policy (the “AUP”) forms part of the Terms of Service and applies to everyone who uses onTerms: the website at onterms.org, onSign passkey signing (including multi-party counter-signing), agent execution under verifiable mandates, the MCP and agent endpoints, the Verify-API, the public transparency log and the dispute-resolution tools. It is issued by Rated Counsel Limited, trading as onTerms (registered in England and Wales, company number 11812572), and is governed by the law of England and Wales. If you use onTerms on behalf of an organisation, you are responsible for ensuring that your users and your agents comply with this AUP.

2. Business use only

onTerms is a business-to-business service. You must not use it to form, sign, execute or manage contracts with consumers, or in any consumer-facing transaction. Consumer use is out of scope of the corpus and the platform, and doing so breaches the B2B warranty you give in the Terms of Service.

3. Lawful contracting

You must not use onTerms to:

• form, sign or record contracts that are unlawful, fraudulent or deceptive, or that document or facilitate an unlawful transaction;
• misrepresent your identity, your authority to bind a party, or the identity or consent of a counterparty (including in counter-sign invitations sent by email);
• contract with, or on behalf of, persons where doing so would breach applicable sanctions, export-control or anti-money-laundering law.

4. Content and dispute evidence

Content you submit, including order details and any evidence uploaded to the dispute tools, must be lawful and yours to share. You must not upload material that infringes intellectual-property rights, that discloses confidential or personal information you have no right to disclose, or that is otherwise unlawful. How we handle personal data in signed orders is described in the Privacy Notice.

5. Integrity of records

The value of onTerms rests on the integrity of its records. You must not attempt to:

• forge, alter or replay an order, a signature (passkey or party-held Ed25519), a verifiable mandate, or an award or settlement record;
• tamper with, poison or corrupt the append-only transparency log, its signed tree heads or its inclusion proofs;
• present an agent mandate (OAuth 2.1 client or did:web identity) as authorised when the principal has not in fact granted that authority.

6. Plan limits, metering and gated features

You must not circumvent or attempt to circumvent:

• seat limits on Team and Business plans;
• usage metering, quotas or billing controls;
• rate limits on any endpoint;
• feature gates, including the gate on Tier 2B binding arbitration, which is not currently enabled and must not be invoked or simulated as if it were operational.

Metering applies to all authorised use: circumventing a control does not remove your obligation to pay for usage that occurred.

7. Agents, MCP and the Verify-API

When using the programmatic surfaces of onTerms, you must not:

• share, sell or pool API keys, Verify-API keys, OAuth credentials or sessions across organisations or beyond your plan;
• scrape or bulk-harvest the Verify-API or public endpoints beyond your quota or in breach of rate limits;
• run automated abuse against signing, verification or dispute endpoints, including flooding counter-sign invitations or machine-generated dispute filings made in bad faith.

8. Verification status and the badge

You must not misrepresent onTerms verification: do not claim that an order is verified or included in the transparency log when it is not, display the onTerms badge for content that does not carry a valid inclusion proof, alter the badge, or suggest that onTerms endorses you, your agent or your terms. Anyone can check status for free using the public verify endpoint, which returns inclusion proofs and status, not order content.

9. Security testing and responsible disclosure

Do not carry out penetration testing, vulnerability scanning, load testing or any other security testing of onTerms without prior written authorisation. If you believe you have found a vulnerability, report it privately to hello@ratedcounsel.com and give us a reasonable opportunity to fix it before any disclosure.

10. Consequences of breach

If you breach this AUP we may suspend or terminate your access as set out in the Terms of Service, remove or disable offending content (stored plaintext can be deleted; hashes already committed to the append-only transparency log remain, as explained in the Privacy Notice), and report unlawful activity to authorities where we are required or entitled to do so. Charges for metered usage that was authorised remain payable.

11. Questions

Questions about this policy: hello@ratedcounsel.com.