← Back

Kameas Fleet Subscription Agreement

Version 1.0 · Last revised: 2026-05-24 · Effective: 2026-05-24

This Subscription Agreement (this “Agreement”) consists of three parts:

This Agreement is in addition to (and does not replace) the Kameas AI Website Terms of Use at kameas.ai/terms and the Privacy Policy at kameas.ai/privacy.

Part 1 — Master Subscription Agreement (MSA)

1. Acceptance and parties

This Agreement is entered into between:

The “Effective Date” of this Agreement is the date on which Customer clicks “I agree” (the “Acceptance”). By clicking “I agree” you represent and warrant that (a) you are at least 18 years of age, (b) you have full power and authority to bind the Customer to this Agreement, and (c) Customer is not barred from receiving the Service under the laws of the United States or any other applicable jurisdiction.

This Agreement is in addition to, and does not replace, the Kameas AI Website Terms of Use at kameas.ai/terms and the Kameas AI Privacy Policy at kameas.ai/privacy, each of which is incorporated by reference. In the event of conflict between this Agreement and the Website Terms of Use or Privacy Policy as applied to the Service, this Agreement controls.

Kameas AI, Inc. is incorporated in the State of Delaware with its principal mailing address at the Virginia address set out above.

2. Definitions

In this Agreement, the following capitalized terms have the meanings set out below. Other capitalized terms are defined where they first appear.

3. The Service

3.1 Description

Kameas Fleet is a multi-tenant SaaS control plane that ingests telemetry from, distributes policy bundles to, and provides observability and governance for fleets of AI agents and the runtime endpoints they talk to. The companion open-source endpoints — the Kenaz Harness and the Kenaz Workbench (also distributed under the name Kenaz Sandbox) — are published by Kameas under the Apache License, Version 2.0 (the LICENSE file in each repository at github.com/kameas-ai is the controlling text), are distributed separately, and are not part of the Service. The open-source endpoints may interoperate with the Service, but Customer’s rights to use them are governed exclusively by the Apache 2.0 license under which they are published; nothing in this Agreement enlarges or restricts those rights.

3.2 Documentation

Documentation for the Service is available at docs.kameas.ai. The Documentation describes the Service’s functionality, configuration, and supported integrations. The Service is delivered substantially as described in the Documentation; minor discrepancies between the Documentation and the Service do not constitute a breach of this Agreement.

3.3 Updates

Kameas may issue Updates to the Service at any time during the Subscription Term. Updates are included in Customer’s subscription at no additional charge. Kameas may add, modify, or remove features in the ordinary course of product development; material deprecations affecting APIs or features Customer relies on will be announced at least 90 days in advance via the Documentation, the dashboard, or email to Customer’s billing contact.

3.4 Plans and feature matrix

The Service is offered in tiered plans (Pro, Team, and Enterprise). The features included in each plan, including any feature gates and usage caps, are described on the pricing page at kameas.ai/pricing. The pricing page is incorporated by reference; Kameas may update the feature matrix consistent with §3.3 and the pricing-change notice in §4.5.

4. Subscriptions, Fees, and Billing

4.1 Plans available for self-serve purchase

Self-serve subscriptions are available for the Pro plan (single user or small team) and the Team plan (multi-user with role-based access control and audit). The Enterprise plan is available only under a separately executed Master Subscription Agreement and Order Form; this Agreement does not govern Enterprise subscriptions.

4.2 Billing cycle

Subscriptions are billed in advance through Stripe on the cycle Customer selects at checkout (monthly or annual). Customer’s payment method on file is charged automatically at the start of each billing cycle. All Fees are stated and payable in U.S. dollars unless otherwise specified on the order page.

4.3 Per-seat billing and the Team minimum

The Team plan is billed on a per-seat basis. The Team plan has a minimum of ten (10) seats, which Kameas refers to as MinTeamSeats. Customer will be billed for at least ten seats per billing cycle on the Team plan, even if Customer has invited fewer than ten Authorized Users to the account. Customer may invite additional Authorized Users above the minimum; each additional seat increases the per-cycle Fee at the then-current per-seat rate.

Seat counts are evaluated at the start of each billing cycle. Seats added mid-cycle are prorated; seats removed mid-cycle do not generate a refund or credit but reduce the seat count at the next cycle.

4.4 Plan changes

Customer may upgrade or downgrade plans at any time through the Stripe Customer Portal accessible from the Fleet dashboard. Plan changes take effect at the start of the next billing cycle. Customer’s current billing cycle continues at the previously selected plan and price.

4.5 Pricing changes

Kameas may change the Fees for any plan from time to time. Kameas will provide at least thirty (30) days’ notice of any Fee increase by email to Customer’s billing contact. Fee increases take effect at the next Renewal Term and do not apply mid-Subscription Term. If Customer does not wish to accept a Fee increase, Customer may cancel the subscription before the next Renewal Date as described in §4.7.

4.6 Auto-renewal

Each Subscription Term renews automatically for a Renewal Term equal in length to the immediately preceding Subscription Term (e.g., monthly subscriptions renew for an additional one-month Renewal Term; annual subscriptions renew for an additional one-year Renewal Term), at the then-current price for Customer’s plan, unless Customer cancels at least one (1) day before the Renewal Date.

4.7 California Automatic Renewal Law disclosure

THE SUBSCRIPTION TERM AUTOMATICALLY RENEWS. CUSTOMER’S PAYMENT METHOD WILL BE CHARGED AUTOMATICALLY AT THE START OF EACH RENEWAL TERM UNLESS CUSTOMER CANCELS BEFORE THE RENEWAL DATE.

This disclosure is provided in compliance with the California Automatic Renewal Law, Cal. Bus. & Prof. Code §§ 17600–17606.

4.8 Cancellation method availability

The cancellation method described in §4.7 is available to Customer at all times during the Subscription Term, 24 hours a day, 7 days a week, through the Fleet dashboard. Kameas does not require Customer to speak with a representative, send written notice, or take any other action beyond the in-product cancellation flow to cancel.

4.9 Free trial; no refunds

New paid subscriptions begin with a fourteen (14) day free trial. Customer’s payment method is collected at signup but is not charged during the trial. Customer may cancel at any time during the trial through the Fleet dashboard (per §4.7) and will not be charged. If Customer does not cancel before the end of the trial, the Subscription Term begins automatically and the first invoice is charged to the payment method on file at the published Fees for the selected plan and billing period.

After the trial ends, all Fees are non-refundable, including in the event of cancellation, termination by Customer, downgrade, or non-use of the Service, except (a) where a refund is required by applicable law, (b) where Kameas elects to issue a refund in its sole discretion as a service gesture, or (c) as expressly provided in §9.1 (warranty remedy), §10.1 (infringement remedy), or §3.4 of the DPA (subprocessor objection).

Service credits. Service credits earned under the SLA (Part 3 §3) are Customer’s sole monetary remedy for failure to meet uptime commitments; they are issued as credits against future invoices and are not refundable for cash.

4.10 Taxes

Fees are exclusive of all taxes, levies, duties, and similar governmental assessments of any kind (“Taxes”). Customer is responsible for paying all Taxes associated with Customer’s purchases, except for Taxes based on Kameas’s net income, property, or employees. If Kameas is required to collect or pay any Taxes for which Customer is responsible, Kameas will invoice Customer and Customer will pay the invoiced amount unless Customer provides Kameas with a valid tax exemption certificate.

4.11 Late payment

If Customer’s payment method fails, Kameas may retry the charge in accordance with Stripe’s standard dunning configuration. Past-due amounts bear interest at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, calculated from the original due date until paid in full. If any invoice remains unpaid for more than fifteen (15) days after its due date, Kameas may suspend the Service until payment is received, in addition to any other remedies available at law or under this Agreement.

4.12 Annual billing discount

Customer may elect annual billing at signup or at any plan change. Annual billing is offered at a discount to the monthly price for the same plan, as published on the Kameas pricing page (currently kameas.ai/pricing.html) and confirmed at checkout. The full annual amount is charged at the start of the Initial Term and at the start of each Renewal Term. Annual Subscription Terms are non-refundable in accordance with §4.9, and the discount is forfeited if Customer downgrades from annual to monthly billing before the end of the then-current Subscription Term. Kameas may change the discount applicable to new or renewing annual subscriptions in accordance with §4.5.

5. Subscription Term and Termination

5.1 Initial Term and Renewal Terms

The Initial Term is the Subscription Term selected by Customer at checkout (monthly or annual). Each Renewal Term is equal in length to the Initial Term. The Subscription Term auto-renews as described in §4.6 and §4.7.

5.2 Termination by Customer

Customer may terminate this Agreement for convenience at the end of the then-current Subscription Term by cancelling through the Stripe Customer Portal as described in §4.7. Cancellation prior to the Renewal Date prevents the next Renewal Term from beginning; Customer retains access to the Service through the end of the current Subscription Term.

Customer may not terminate for convenience mid-Subscription Term. Cancellation during the free trial described in §4.9 is governed by that section.

5.3 Termination for cause

Either party may terminate this Agreement for cause by giving the other party thirty (30) days’ written notice of a material breach of this Agreement and a reasonable opportunity to cure. If the breach is not cured within thirty (30) days of receipt of the notice, the non-breaching party may terminate this Agreement effective at the end of the cure period by sending a second written notice.

Kameas may suspend or terminate the Service immediately, without cure period, if Customer (a) fails to pay any undisputed Fees more than thirty (30) days after the due date, (b) materially breaches the Acceptable Use Policy (§7), or (c) creates an imminent security risk to Kameas, its other customers, or third parties.

5.4 Effect of termination

Upon termination or expiration of this Agreement:

Termination of this Agreement does not relieve Customer of the obligation to pay Fees accrued or payable before the effective date of termination.

6. Customer Data and Intellectual Property

6.1 Customer Data ownership

As between the parties, Customer owns and retains all right, title, and interest in and to Customer Data, including all intellectual property rights therein. Kameas claims no ownership of Customer Data.

6.2 License to Kameas

Customer grants Kameas a non-exclusive, worldwide, royalty-free license to host, store, transmit, display, perform, reproduce, modify (for formatting only), and otherwise process Customer Data solely to the extent necessary to provide, support, and improve the Service for Customer in accordance with this Agreement. This license terminates when Customer Data is deleted in accordance with §5.4 and the DPA in Part 2 §9.

6.3 Kameas IP

Kameas owns and retains all right, title, and interest in and to the Service, the Documentation, Updates, the Fleet dashboard, the Fleet API, all Kameas-distributed SDKs and tooling, all OPA policy bundles authored by Kameas, all models, weights, prompts, and templates developed by Kameas independent of Customer Data, and all related intellectual property rights. No rights are granted to Customer except those expressly set out in this Agreement; all other rights are reserved.

For the avoidance of doubt, the IP rights reserved in this §6.3 do not include the open-source endpoints identified in §3.1 (the Kenaz Harness and the Kenaz Workbench / Kenaz Sandbox), which are governed exclusively by the Apache License, Version 2.0 under which Kameas publishes them. Kameas retains, however, its trademark, service-mark, trade-name, and trade-dress rights (including in “KAMEAS”, “KAMEAS AI”, “KENAZ”, “KENAZ HARNESS”, “KENAZ WORKBENCH”, “KENAZ SANDBOX”, “KAMEAS FLEET”, and the Kameas lattice logo), which are not granted by Apache 2.0 (see § 6 of that license) and are governed by the Kameas Trademark Policy at kameas.ai/trademarks. Open-source attributions for third-party components incorporated into the Service are published at kameas.ai/oss-attributions.

6.4 Aggregated / de-identified analytics

Kameas may collect, generate, and use aggregated and de-identified data derived from Customer’s use of the Service (“Aggregated Data”) for product improvement, benchmarking, security research, capacity planning, and other internal business purposes, and may publish or share Aggregated Data with third parties.

Aggregated Data meets the “de-identified” standard in Cal. Civ. Code § 1798.140(m) and equivalent provisions of other applicable Data Protection Laws. Specifically, Kameas:

  1. applies technical safeguards designed to prevent re-identification of Aggregated Data with any individual, household, Authorized User, or device;
  2. maintains business processes that specifically prohibit re-identification of Aggregated Data;
  3. publicly commits, through this Agreement and the Kameas Privacy Policy, to maintain and use Aggregated Data only in de-identified form and not to attempt to re-identify it; and
  4. contractually obligates any recipient of Aggregated Data to comply with each of the foregoing.

The opt-in telemetry flow introduced in Fleet v0.4.0 governs which usage signals contribute to Aggregated Data; Customer may adjust its telemetry settings at any time in the Fleet dashboard at Settings → Telemetry.

6.5 Feedback

If Customer provides Kameas with suggestions, ideas, enhancement requests, recommendations, or other feedback regarding the Service (“Feedback”), Customer grants Kameas a perpetual, irrevocable, royalty-free, worldwide license to use and exploit such Feedback in any manner Kameas chooses, without obligation or restriction. Feedback is not Customer’s Confidential Information.

7. Acceptable Use Policy

Customer will not, and will not permit any Authorized User or any third party to:

  1. reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or underlying ideas of the Service, except to the extent such restriction is prohibited by law;
  2. license, sell, rent, lease, sublicense, distribute, time-share, or otherwise commercially exploit the Service to or for the benefit of any third party other than Customer’s Authorized Users;
  3. use the Service to develop, market, or sell any product or service that is substantially similar to and intended as a competitive substitute for the Service, or use the Service for competitive benchmarking without Kameas’s prior written consent;
  4. introduce into the Service any virus, worm, time bomb, Trojan horse, ransomware, or other malicious or harmful code;
  5. circumvent or attempt to circumvent any security mechanism, rate limit, usage cap, authentication, or access control of the Service;
  6. use the Service to send unsolicited communications in violation of any applicable law (including CAN-SPAM, TCPA, or analogous laws);
  7. use the Service in any manner that violates applicable law or infringes the rights of any third party;
  8. use the Service in any of the following applications for which the Service is not designed or warranted: autonomous vehicles or other autonomous transportation systems; medical devices subject to pre-market approval by the U.S. FDA or an equivalent regulator; weapons systems or military targeting; nuclear facility operation; aviation flight control; or operation of critical infrastructure as defined in 42 U.S.C. § 5195c(e);
  9. use the Service to process data subject to specific regulatory regimes (HIPAA-protected health information, PCI cardholder data, ITAR-controlled data, or comparable regimes) unless Customer and Kameas have separately agreed in writing that the Service may be used for that purpose; or
  10. use the Service to redistribute, re-host, mirror, or fork the open-source companion endpoints (including the Kenaz Harness and the Kenaz Workbench / Kenaz Sandbox) in a manner inconsistent with the Apache License, Version 2.0 under which Kameas publishes them, or to remove or obscure the open-source attribution, copyright, or trademark notices accompanying those projects.

The Acceptable Use Policy in §3.3 of the Website Terms of Use is incorporated by reference; in the event of conflict, this §7 controls for use of the Service.

7.1 AI-specific allocation (EU AI Act and analogous laws)

The Service is a control plane for AI agents and runtime endpoints. It is not itself a general-purpose AI model and Kameas is not the “provider” (within the meaning of Regulation (EU) 2024/1689, the “EU AI Act”) of any third-party foundation model or large language model that Customer orchestrates through the Service. As between the parties:

8. Support

8.1 Support tiers

Support is provided based on Customer’s plan as follows:

8.2 Support hours

Business hours for purposes of Support are Monday through Friday, 9:00 a.m. to 6:00 p.m. U.S. Eastern Time, excluding U.S. federal holidays.

8.3 Scope

Support covers questions and incidents directly related to the Service. Support does not cover:

9. Warranties and Disclaimers

9.1 Express warranty

Kameas warrants that, during the Subscription Term, the Service will perform substantially in accordance with the Documentation. Kameas’s sole obligation and Customer’s sole and exclusive remedy for any breach of this warranty is, at Kameas’s option, (a) to use commercially reasonable efforts to correct the non-conformity, or (b) if Kameas determines that correction is not commercially feasible, to terminate the affected Subscription Term, in which case Customer’s access to the Service will end at the effective date of termination and no further Fees will accrue. Consistent with §4.9, Fees paid for the terminated portion of the Subscription Term are non-refundable.

9.2 Disclaimer

EXCEPT FOR THE EXPRESS WARRANTY IN §9.1, THE SERVICE, THE DOCUMENTATION, AND ALL RELATED MATERIALS ARE PROVIDED “AS IS” AND “AS AVAILABLE”. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, KAMEAS AND ITS LICENSORS AND SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, ACCURACY, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. KAMEAS DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, SECURE, ERROR-FREE, OR FREE OF HARMFUL CODE, OR THAT ANY DEFECTS WILL BE CORRECTED. KAMEAS MAKES NO WARRANTY REGARDING THE OUTPUTS OF ANY MODEL ACCESSED OR ORCHESTRATED THROUGH THE SERVICE, WHICH MAY BE INACCURATE, INCOMPLETE, OR OFFENSIVE; CUSTOMER IS SOLELY RESPONSIBLE FOR EVALUATING THE FITNESS OF SUCH OUTPUTS FOR CUSTOMER’S PURPOSES.

10. Indemnification

10.1 Kameas indemnity

Kameas will defend Customer against any third-party claim alleging that the Service, as provided by Kameas and used in accordance with this Agreement and the Documentation, infringes such third party’s patent, copyright, trademark, or trade secret rights under the laws of the United States, Canada, the United Kingdom, a member state of the European Economic Area, Switzerland, or Australia (“Infringement Claim”), and will indemnify Customer against damages and costs (including reasonable attorneys’ fees) finally awarded against Customer or paid in settlement of an Infringement Claim.

The foregoing obligation does not apply to any Infringement Claim arising from (a) Customer Data, (b) any modification to the Service not made by Kameas, (c) any combination of the Service with other software, hardware, data, or services not provided or recommended by Kameas, (d) Customer’s use of the Service in violation of this Agreement, or (e) Customer’s continued use of an allegedly infringing version of the Service after Kameas has notified Customer to discontinue use.

If the Service is held, or in Kameas’s reasonable opinion is likely to be held, to infringe, Kameas may at its option (i) modify the Service to be non-infringing, (ii) procure for Customer the right to continue using the Service, or (iii) terminate the affected Subscription Term and refund Customer a pro-rated portion of the Fees paid for the unused portion. This §10.1 states Kameas’s sole liability and Customer’s sole remedy for infringement claims.

10.2 Customer indemnity

Customer will defend Kameas against any third-party claim arising from (a) Customer Data, including any claim that Customer Data infringes a third party’s intellectual property rights or violates applicable law, (b) Customer’s or any Authorized User’s use of the Service in violation of this Agreement or applicable law, or (c) Customer’s breach of the Acceptable Use Policy, and will indemnify Kameas against damages and costs (including reasonable attorneys’ fees) finally awarded against Kameas or paid in settlement of such a claim.

10.3 Procedure

The indemnified party will (a) promptly notify the indemnifying party in writing of the claim (provided that failure to give prompt notice will only reduce the indemnifying party’s obligation to the extent of the prejudice caused by the delay), (b) give the indemnifying party sole control of the defense and settlement of the claim (provided that the indemnifying party may not settle any claim in a manner that imposes liability or admission on the indemnified party without the indemnified party’s prior written consent), and (c) provide reasonable cooperation in the defense, at the indemnifying party’s expense.

11. Limitation of Liability

11.1 Exclusion of indirect damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOST PROFITS, LOST REVENUE, LOST BUSINESS, LOST DATA, OR COSTS OF PROCUREMENT OF SUBSTITUTE SERVICES, ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Cap on direct damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT WILL NOT EXCEED THE GREATER OF (A) TWENTY-FIVE THOUSAND U.S. DOLLARS (US $25,000), OR (B) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO KAMEAS UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE LIABILITY.

11.3 Exclusions from the cap and from the indirect-damages bar

Neither the exclusion of indirect damages in §11.1 nor the cap in §11.2 applies to:

  1. Customer’s obligation to pay Fees;
  2. either party’s indemnification obligations under §10 (including amounts paid in defense or settlement of an Infringement Claim or a Customer Data claim);
  3. either party’s breach of its confidentiality obligations under §12;
  4. either party’s gross negligence, willful misconduct, or fraud; or
  5. any liability that cannot be limited under applicable law.

11.4 Basis of the bargain

The parties acknowledge that the limitations of liability in this §11 are an essential part of the bargain and that the Fees would be substantially higher absent these limitations.

12. Confidentiality

12.1 Obligations

The Receiving Party will (a) use the Disclosing Party’s Confidential Information only to exercise its rights and perform its obligations under this Agreement, (b) protect the Disclosing Party’s Confidential Information with the same degree of care it uses to protect its own confidential information of similar nature and importance, but in no event less than reasonable care, and (c) limit access to the Disclosing Party’s Confidential Information to its employees, contractors, and agents who have a need to know and who are bound by confidentiality obligations at least as protective as those in this §12.

12.2 Exceptions

The obligations in §12.1 do not apply to information that the Receiving Party can demonstrate (a) is or becomes publicly known through no breach of this Agreement by the Receiving Party, (b) was rightfully known to the Receiving Party without restriction before disclosure by the Disclosing Party, (c) was rightfully obtained by the Receiving Party from a third party without restriction, or (d) was independently developed by the Receiving Party without reference to or use of the Disclosing Party’s Confidential Information.

12.3 Compelled disclosure

If the Receiving Party is required by law or by an order of a court or regulatory body to disclose Confidential Information, the Receiving Party will (where legally permitted) give the Disclosing Party prompt written notice and reasonable cooperation, at the Disclosing Party’s expense, to enable the Disclosing Party to seek a protective order or other remedy.

12.4 Survival

The obligations in this §12 survive termination of this Agreement for three (3) years, except that obligations with respect to trade secrets survive for so long as such information remains a trade secret under applicable law.

13. General

13.1 Governing law

This Agreement is governed by the laws of the Commonwealth of Virginia, without regard to its conflict-of-law rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

13.2 Dispute resolution

Any dispute, claim, or controversy arising out of or relating to this Agreement (a “Dispute”) is subject to the informal dispute resolution conference, mandatory binding arbitration, class-action waiver, and 30-day opt-out provisions set out in Section 10.2 of the Kameas AI Website Terms of Use at kameas.ai/terms, which are incorporated into this Agreement by reference and made part of it. The arbitral forum, governing arbitration rules, batch arbitration procedure, and venue carve-outs described in those provisions apply to Disputes under this Agreement on the same terms and to the same extent as they apply to disputes under the Website Terms of Use.

Notwithstanding the foregoing, either party may bring an action in the state or federal courts located in Richmond, Virginia, for (a) equitable relief to protect intellectual property rights or Confidential Information, or (b) collection of undisputed Fees, and each party consents to personal jurisdiction and venue in those courts for those purposes. For Customers that are natural persons and not entities, the foregoing venue selection applies only to the extent permitted by the consumer-protection laws of Customer’s jurisdiction of residence.

The parties acknowledge that the arbitration provisions of Section 10.2 of the Website Terms of Use are incorporated into this Agreement by reference with the same force and effect as if set forth in full, and that each provision of Section 10.2 (including the informal-dispute-resolution conference, class- and representative-action waiver, batch-arbitration mechanism, 30-day opt-out, JAMS forum and rules selection, and severability) applies to Disputes under this Agreement on the same terms as it applies to disputes under the Website Terms of Use.

13.3 Force majeure

Neither party is liable for any delay or failure to perform (other than payment obligations) caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, governmental action, labor disputes, internet or telecommunications failures, power outages, and failures of third-party services on which the Service depends.

13.4 Assignment

Customer may not assign this Agreement, in whole or in part, without Kameas’s prior written consent, except that Customer may assign this Agreement, on notice but without consent, in connection with a merger, reorganization, acquisition, or sale of all or substantially all of its assets, provided that the assignee is not a competitor of Kameas and assumes all of Customer’s obligations under this Agreement. Kameas may assign this Agreement freely. Any purported assignment in violation of this §13.4 is void.

13.5 Entire agreement; order of precedence

This Agreement (including Parts 1, 2, and 3 and any Order Form), together with the Kameas AI Website Terms of Use and Privacy Policy, constitutes the entire agreement between the parties regarding the Service and supersedes all prior or contemporaneous agreements, proposals, or representations on the same subject matter. In the event of conflict, the order of precedence is: (i) an executed Order Form; (ii) this Agreement; (iii) the Website Terms of Use; (iv) the Privacy Policy.

13.6 Notices

Notices to Kameas under this Agreement must be sent to legal@kameas.ai with a copy to Kameas AI, Inc., 701 E Franklin Street, Suite 105 1597, Richmond, Virginia 23219. Notices to Customer will be sent to the email address Customer provided at signup as the administrative or billing contact. Notices sent by email are effective five (5) Business Days after the email is sent (or on confirmed delivery by the recipient, if earlier). Notices sent by overnight courier or certified mail are effective on confirmed delivery. For purposes of this Agreement, “Business Day” means a day other than a Saturday, Sunday, or U.S. federal holiday.

13.7 Severability

If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions remain in full force and effect, and the invalid or unenforceable provision will be deemed modified to the minimum extent necessary to be valid and enforceable.

13.8 No waiver

A party’s failure to enforce a provision of this Agreement is not a waiver of that provision or of the right to enforce it in the future.

13.9 Independent contractors

The parties are independent contractors. This Agreement does not create any agency, partnership, joint venture, or employment relationship between the parties.

13.10 Changes to this Agreement

Kameas may update this Agreement from time to time. Material changes will be announced at least thirty (30) days in advance by email to Customer’s administrative contact and by an in-dashboard notice. If Customer continues using the Service after the effective date of a material change, Customer accepts the updated Agreement. Customer may reject a material change by cancelling the subscription before the effective date as described in §4.7.

13.11 U.S. export

Customer represents that it is not located in, and is not a national or resident of, any country to which the United States has embargoed goods or services, and that it is not on any U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) list of prohibited or restricted parties.

13.12 Counterparts; electronic acceptance

This Agreement may be executed in counterparts and accepted electronically. Customer’s click-through Acceptance constitutes a legally binding electronic signature.

Part 2 — Data Processing Addendum (DPA)

This Data Processing Addendum (this “DPA”) forms part of the Subscription Agreement and applies to Kameas’s processing of personal data on Customer’s behalf in connection with the Service. In the event of conflict between this DPA and Part 1 (MSA) with respect to the processing of personal data, this DPA controls.

Capitalized terms not defined in this DPA have the meanings given in Part 1. The terms “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing” (and its variants), and “Personal Data Breach” have the meanings given in the General Data Protection Regulation (EU) 2016/679 (“GDPR”); analogous terms under the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable data protection laws (collectively, “Data Protection Laws”) have equivalent meanings.

1. Roles and scope

For Personal Data contained in Customer Data:

This DPA covers Personal Data Processed by Kameas in providing the Service. It does not cover Personal Data for which Kameas is itself the Controller (such as account administrator contact details, billing contact details, and Kameas’s own marketing communications), which is governed by the Kameas AI Privacy Policy at kameas.ai/privacy.

A description of the Processing (subject matter, duration, nature and purpose, types of Personal Data, and categories of Data Subjects) is set out in Annex A — Schedule of Processing below.

2. Customer instructions

Kameas will Process Customer Personal Data only on Customer’s documented instructions, including with respect to international transfers, except where Processing is required by applicable law (in which case Kameas will, to the extent permitted by law, inform Customer of that legal requirement before Processing). Customer’s documented instructions consist of (a) this Agreement (including this DPA), (b) Customer’s use and configuration of the Service through its intended interfaces, and (c) any further written instructions agreed between the parties.

If Kameas believes a Customer instruction infringes Data Protection Laws, Kameas will promptly inform Customer.

3. Subprocessors

3.1 Authorization

Customer grants Kameas a general authorization to engage subprocessors to Process Customer Personal Data, subject to the requirements of this §3.

3.2 Current subprocessors

Kameas’s current subprocessors are listed in the following table. Kameas will maintain an up-to-date list at kameas.ai/subprocessors (the “Subprocessor List”).

SubprocessorPurposeProcessing location
Amazon Web Services, Inc. (AWS)Cloud hosting, storage, compute, networking for the ServiceUnited States (us-east-2); EU region (eu-central-1 or eu-west-1) planned per roadmap v0.8.0
Stripe, Inc.Payment processing, subscription management, Customer PortalUnited States
Zitadel, Inc. (Zitadel Cloud)Identity provider, authentication, single sign-onUnited States and European Union (per Zitadel tenant)
AWS End User Messaging (formerly Pinpoint SMS)SMS notificationsUnited States
Amazon Simple Email Service (SES)Transactional and operational emailUnited States
Functional Software, Inc. (Sentry)Application error monitoring, performance tracing, and release health for the ServiceUnited States

3.3 Notice of new subprocessors

Kameas will provide at least thirty (30) days’ advance notice of the addition or replacement of any subprocessor by (a) updating the Subprocessor List, and (b) emailing Customer’s administrative contact at the email address on file. Customer may additionally subscribe to a machine-readable change feed for the Subprocessor List (RSS or equivalent) and may configure subprocessor change notifications in the Fleet dashboard. A post on the Kameas blog or other passive publication does not, by itself, satisfy the notice obligation in this section.

3.4 Objection right

If Customer has a reasonable, documented objection (based on Data Protection Laws) to a new subprocessor, Customer may notify Kameas in writing within thirty (30) days of the notice. The parties will work together in good faith to resolve the objection. If the parties cannot resolve the objection within thirty (30) days, Customer may terminate the affected portion of the Subscription Term and receive a pro-rated refund of Fees paid for the unused portion. This is Customer’s sole remedy for an objection to a new subprocessor.

3.5 Subprocessor obligations

Kameas will enter into a written agreement with each subprocessor that imposes data protection obligations no less protective than those in this DPA. Kameas remains liable to Customer for the acts and omissions of its subprocessors with respect to Customer Personal Data.

4. Security

Kameas will implement and maintain appropriate technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access, consistent with industry standards for SaaS providers of comparable scale and sensitivity, including:

Kameas does not currently hold a SOC 2 Type II report and is not currently in a SOC 2 Type II observation period. Kameas intends to pursue SOC 2 Type II attestation in the future under the AICPA Trust Services Criteria for security, availability, and confidentiality. When (and if) a SOC 2 Type II report is issued, Kameas will make the most recent report available to Customer under NDA on reasonable request (no more than once per twelve (12) months), and the parties may amend this Agreement to reflect that updated status. The status of Kameas’s compliance program is published at kameas.ai/trust.

5. Data Subject rights

Kameas will, taking into account the nature of the Processing, provide reasonable assistance to Customer (at Customer’s expense, except where the law requires Kameas to bear the cost) in responding to requests from Data Subjects to exercise their rights under Data Protection Laws, including rights of access, rectification, erasure, restriction of Processing, data portability, and objection.

Customer can:

For Data Subject Requests that cannot be fulfilled through the self-service endpoints above (including programmatic erasure, rectification, and restriction across all Personal Data stores in scope of this DPA), Kameas will fulfill the request on Customer’s behalf upon written request to privacy@kameas.ai, within the timeframes required by applicable Data Protection Laws (and in any event no later than thirty (30) days from receipt of a valid request, subject to one extension of an additional sixty (60) days where the request is complex or numerous and Customer is notified of the extension). Kameas will expand the programmatic Data Subject Request endpoints over time and will update the Documentation as endpoints become generally available.

If Kameas receives a request from a Data Subject directly, Kameas will not respond to the request other than to acknowledge receipt and direct the Data Subject to Customer, unless required by law to respond otherwise.

6. Personal Data Breach

Kameas will notify Customer without undue delay, and in any event within seventy-two (72) hours after Kameas becomes aware of a Personal Data Breach affecting Customer Personal Data. The notification will include, to the extent known:

Customer is responsible for notifying its own Data Subjects and supervisory authorities as required by Data Protection Laws. Kameas’s notification to Customer is not an admission of fault or liability.

7. International transfers

Customer Personal Data is currently Processed in the United States (AWS region us-east-2). EU customer data residency in the EU region is planned per roadmap v0.8.0.

For transfers of Customer Personal Data from the European Economic Area (“EEA”), the United Kingdom, or Switzerland to any country not the subject of an applicable adequacy decision, the parties incorporate by reference the European Commission’s Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021, “SCCs”), with the module selected by reference to the parties’ roles under §1 of this DPA:

The following selections apply to whichever module is incorporated:

For transfers from the United Kingdom, the parties incorporate the UK International Data Transfer Addendum to the EU SCCs (issued by the UK Information Commissioner’s Office) by reference. For transfers from Switzerland, the SCCs apply with references to the GDPR construed as references to the Swiss Federal Act on Data Protection.

Kameas is not, as of the Effective Date, self-certified under the EU–U.S. Data Privacy Framework, the UK Extension to the EU–U.S. Data Privacy Framework, or the Swiss–U.S. Data Privacy Framework. The SCCs incorporated above are the exclusive transfer mechanism on which the parties rely for transfers from the EEA, the United Kingdom, and Switzerland to the United States. If Kameas later self-certifies to any of those frameworks, the certification will be listed on the Subprocessor List and the parties may amend this DPA to add framework-based transfers as an alternative mechanism.

8. Audits

Kameas will make available to Customer all information reasonably necessary to demonstrate compliance with this DPA. If and when Kameas issues a SOC 2 Type II report, Customer is entitled to receive a copy of the most recent report under NDA, no more than once per twelve (12) months.

If applicable Data Protection Laws require an on-site audit, Customer or its mandated auditor may conduct an on-site audit of Kameas’s processing activities, subject to: (a) at least thirty (30) days’ advance written notice, (b) execution of an audit-specific NDA, (c) conduct during Kameas’s normal business hours with minimal disruption to Kameas’s operations, (d) limitation to once per twelve (12) months (except where required following a confirmed Personal Data Breach affecting Customer), and (e) scope limited to controls relevant to Kameas’s processing of Customer Personal Data. The auditor may not be a competitor of Kameas. Customer is responsible for the costs of the audit; Kameas is responsible for its own personnel costs in supporting the audit.

9. Return and deletion of Customer Personal Data

Upon termination or expiration of the Subscription Term, Kameas will, at Customer’s choice (expressed during the export window described in §5.4 of Part 1):

Backup copies of Customer Personal Data are retained according to Kameas’s standard backup retention schedule and are encrypted at rest until they expire on the schedule, after which they are deleted in the ordinary course. Kameas may retain Customer Personal Data to the extent and for so long as (a) required by applicable law, (b) required to comply with a court order, subpoena, or other legally binding process, or (c) required by a written legal-hold notice from Customer specifically identifying the Personal Data subject to the hold, in each case for the period of the legal obligation only, after which the Personal Data will be deleted in accordance with this §9. Personal Data retained under this paragraph remains subject to the confidentiality and security obligations of this DPA.

Annex A — Schedule of Processing

Subject matter of the Processing. Provision of the Kameas Fleet software-as-a-service, including ingestion of telemetry from AI agents and runtime endpoints, distribution of policy bundles, observability, governance reporting, and related Support.

Duration of the Processing. For the Subscription Term and the return/deletion period described in §9 of this DPA.

Nature and purpose of the Processing. Collection, storage, organization, retrieval, consultation, use, transmission, restriction, erasure, and destruction of Customer Personal Data as necessary to provide the Service and meet Kameas’s obligations under the Agreement.

Types of Personal Data.

Categories of Data Subjects. Customer’s Authorized Users; Customer’s end users or other data subjects whose information Customer chooses to submit to the Service as part of Customer Data (including, where Customer acts as a Processor for its own customers, the data subjects of those underlying customers).

Retention. As described in §9 of this DPA and §5.4 of Part 1.

Part 3 — Service Level Agreement (SLA)

This Service Level Agreement (this “SLA”) forms part of the Subscription Agreement and sets the uptime and support response commitments Kameas makes for the Service, and the service-credit remedies available to Customer if Kameas fails to meet those commitments.

1. Uptime commitment

1.1 Targets by plan

PlanMonthly uptime commitment
ProNo contractual SLA (best-effort, community-supported)
Team99.5% monthly uptime
Enterprise99.9% monthly uptime (as further specified in the negotiated MSA)

The Enterprise commitment is illustrative only; the binding commitment for Enterprise customers is set in the negotiated Master Subscription Agreement and Order Form, which supersedes this Agreement for Enterprise customers.

1.2 Measurement

Monthly uptime” means, for a given calendar month, the percentage of total minutes in the month during which the public Service endpoints (the Fleet API at api.kameas.ai and the Fleet dashboard) were available, as measured by Kameas’s own monitoring (which uses synthetic probes from at least two AWS regions). Per-endpoint and per-region calculations are aggregated; the lowest endpoint’s uptime is the reported uptime for the month.

Kameas’s SLO definitions, including the synthetic-probe configuration and the definition of “available”, are published in the Documentation at docs/slos.md (Fleet roadmap v0.7.0).

1.3 Exclusions from uptime

Unavailability arising from the following does not count against the uptime commitment:

2. Support response time

2.1 Targets by plan

The following first-response time targets apply during Kameas business hours (see Part 1 §8.2):

Plan P1 — Service unavailable P2 — Significant degradation P3 — General questions
ProCommunity support onlyCommunity support onlyCommunity support only
Team4 business hours1 business day3 business days
EnterprisePer negotiated MSAPer negotiated MSAPer negotiated MSA

2.2 Severity definitions

2.3 Support contact

Customer’s authorized administrators may open a Support ticket at support@kameas.ai. The ticket must include severity, a description of the issue, and any relevant context (account ID, organization slug, timestamps, reproduction steps).

3. Service credits

3.1 Eligibility and calculation

If, in any calendar month, monthly uptime falls below Customer’s plan-level commitment, Customer is entitled to a service credit (“Service Credit”) according to the following schedule (Team plan only; Pro has no SLA):

Monthly uptimeService Credit (% of that month’s Fees)
99.0% ≤ uptime < 99.5%5%
95.0% ≤ uptime < 99.0%10%
uptime < 95.0%25%

Service Credits in any 30-day period are capped at the equivalent of one (1) month’s Fees for the affected subscription.

3.2 Procedure

To claim a Service Credit, Customer must submit a written request to support@kameas.ai within thirty (30) days after the end of the calendar month in which the SLA miss occurred. The request must include Customer’s account ID, the calendar month at issue, and Customer’s calculation of the credit. Kameas will validate the request against its own monitoring records; if validated, the Service Credit will be applied to the next monthly invoice as a credit note (consistent with Stripe’s credit-note workflow).

3.3 Exclusive remedy

Service Credits are Customer’s sole and exclusive monetary remedy for any failure of the Service to meet the uptime commitment. Service Credits are not refundable for cash and may not be transferred between accounts or applied to Enterprise invoices.

4. Exclusions

For clarity, the following are not eligible for Service Credits or counted against the uptime commitment:

Contact Information

PurposeEmail
General questions, Support tickets, SLA Service Credit requestssupport@kameas.ai
Legal notices under this Agreementlegal@kameas.ai
Privacy, DPA matters, Data Protection Officerdpo@kameas.ai
Data Subject Rights requestsprivacy@kameas.ai

Mailing address for legal notices:

Kameas AI, Inc.
Attn: Legal
701 E Franklin Street
Suite 105 1597
Richmond, Virginia 23219
United States of America

End of Subscription Agreement (v1.0).