Terms of Service

Effective 2026-04-13. Placeholder content pending legal review before launch.

Terms of Service

Apostillum, Inc. Effective Date: [DATE] Last Updated: [DATE]

1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "you," or "your") and Apostillum, Inc., a Delaware C Corporation ("Apostillum," "Company," "we," "us," or "our"). By accessing or using the Apostillum platform, desktop application, browser extension, API, verification portal (apostil.ly), website (apostillum.com), or any related services (collectively, the "Service"), you agree to be bound by these Terms.

If you are using the Service on behalf of an organization, you represent and warrant that you have authority to bind that organization to these Terms, and "you" refers to both you individually and that organization.

If you do not agree to these Terms, do not use the Service.

2. Service Description

2.1 What Apostillum Does

Apostillum provides a zero-knowledge blind notary and evidence preservation service for AI interactions. Specifically, the Service:

  • Captures your interactions with AI systems (such as Claude, ChatGPT, and other large language model providers) through a local proxy or client application running on your device.
  • Encrypts all interaction content client-side using XChaCha20-Poly1305 authenticated encryption before any data leaves your device.
  • Hashes the original content using SHA-256 and transmits only the hash to our systems.
  • Timestamps the hash using three independent mechanisms: Hedera Consensus Service, Bitcoin OpenTimestamps, and RFC 3161 timestamps from DigiCert.
  • Stores the encrypted attestation blob in a WORM (Write Once, Read Many) vault for long-term preservation.
  • Enables you to split your encryption key using Shamir's Secret Sharing (3-of-5). All five key shares are generated on your device and downloaded by you. Apostillum never sees, stores, or transmits any key share.

2.2 What Apostillum Does NOT Do

Apostillum is a blind notary. We attest to the existence and integrity of your AI interactions at a specific point in time. We do not:

  • Read, analyze, review, moderate, or filter the content of your AI interactions
  • Provide legal advice, legal representation, or legal opinions
  • Serve as a substitute for the judgment of a licensed attorney
  • Guarantee the admissibility of any record in any court or tribunal (admissibility depends on jurisdiction, rules of evidence, and judicial discretion)
  • Evaluate the accuracy, legality, or appropriateness of AI-generated content
  • Provide AI services directly — we record interactions with third-party AI providers

2.3 Zero-Knowledge Implications

Because Apostillum operates as a zero-knowledge service:

  • We cannot verify, validate, or vouch for the content of any interaction you store with us.
  • We cannot search, filter, or analyze your stored data.
  • We cannot selectively produce, modify, or delete individual records from encrypted attestation blobs.
  • We cannot comply with third-party requests for plaintext content because we do not possess decryption capability.

You understand and accept that these are architectural properties of the system, not policy choices, and that they are fundamental to the privacy and security guarantees the Service provides.

3. Identity Certification and Account Holder Obligations

3.1 Identity Certification

By using the Service, you certify that:

(a) You are the account holder and the individual or entity identified in your account registration.

(b) All AI interactions captured under your account were initiated by you or by individuals you have expressly authorized to use your account.

(c) You have obtained all necessary consents from authorized users whose interactions are captured under your account, including informing them that their AI interactions will be recorded and preserved.

(d) The information you provide during account registration is accurate, current, and complete, and you will maintain its accuracy throughout your use of the Service.

3.2 Account Security

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Safeguarding your encryption keys, key shares, and any recovery materials
  • All activity that occurs under your account, whether or not authorized by you
  • Notifying Apostillum immediately at security@apostillum.com if you become aware of any unauthorized use of your account

Key responsibility. All encryption keys and Shamir key shares (if enabled) are generated and stored exclusively on your device. Apostillum never possesses any key share. If you lose your encryption keys or key shares, Apostillum cannot recover them on your behalf. Lost keys may result in permanent inability to decrypt your attestation records. Apostillum bears no liability for data that becomes inaccessible due to lost keys or key shares.

3.3 Account Eligibility

You must be at least 18 years of age and have the legal capacity to enter into a binding contract to use the Service. The Service is designed for professional and enterprise use and is not directed at consumers under the age of 18.

4. User Obligations

4.1 Authorized Use

You agree to use the Service only for lawful purposes and in accordance with these Terms. You shall not:

(a) Use the Service in violation of any applicable law, regulation, or order.

(b) Attempt to reverse-engineer, decompile, disassemble, or otherwise derive the source code of the Service, except to the extent expressly permitted by applicable law.

(c) Interfere with or disrupt the integrity or performance of the Service.

(d) Attempt to gain unauthorized access to the Service or its related systems or networks.

(e) Use the Service to store, transmit, or preserve attestation records for the purpose of facilitating, concealing, or providing evidence of any criminal activity that you have knowledge of at the time of recording.

(f) Circumvent or disable any security, encryption, or access control mechanisms of the Service.

(g) Resell, sublicense, or redistribute the Service without Apostillum's prior written consent.

(h) Use the Service in any manner that could damage, disable, overburden, or impair the Service.

4.2 Your AI Usage

You are solely responsible for your use of third-party AI systems. Apostillum does not provide, operate, or control any AI system whose interactions are captured by the Service. You agree that:

  • You are responsible for complying with the terms of service of any AI provider you use.
  • You are responsible for the legality and appropriateness of your AI usage under applicable law.
  • Apostillum has no obligation to monitor or evaluate your AI usage.
  • The existence of an Apostillum attestation record does not validate, endorse, or legitimize the underlying AI interaction or its content.

5. Illegal Content — Zero-Knowledge Obligations

5.1 Apostillum's Position

Because Apostillum operates a zero-knowledge architecture, we are technically unable to inspect, review, or moderate the content of encrypted attestation blobs. We do not know and cannot know whether any individual attestation record contains content that is illegal, harmful, objectionable, or otherwise problematic.

5.2 Your Obligations

You represent and warrant that you will not knowingly use the Service to create attestation records of AI interactions that:

(a) Constitute, facilitate, or memorialize illegal activity under applicable law, including but not limited to child sexual abuse material (CSAM), terrorism-related content, or content generated in furtherance of fraud, money laundering, or other criminal enterprises.

(b) Violate the intellectual property rights of any third party.

(c) Violate the privacy rights of any third party.

5.3 Apostillum's Obligations and Limitations

Apostillum will:

(a) Cooperate with law enforcement by providing any information within our possession and capability when served with valid legal process. This includes account information, interaction metadata (timestamps, AI provider identifiers, token counts), and encrypted attestation blobs. Apostillum does not hold any Shamir key shares or encryption keys and therefore cannot provide any decryption capability.

(b) Not obstruct lawful investigations by destroying or concealing metadata or encrypted blobs.

(c) Terminate accounts upon receipt of a valid court order directing us to do so, or where we have reasonable, articulable grounds to believe an account is being used in connection with serious criminal activity, based on information available to us (metadata patterns, law enforcement notifications, or user-provided information).

Apostillum cannot and will not:

(a) Proactively scan or monitor encrypted content for illegal material — this is a technical impossibility, not a policy choice.

(b) Decrypt, produce, or make readable the plaintext content of any attestation record in response to any request, including from law enforcement — we possess zero key shares and no encryption keys.

(c) Selectively delete or modify individual attestation records from WORM storage before the retention period expires.

5.4 Safe Harbor

Apostillum's role is analogous to a safety deposit box provider or a blind notary. We provide secure storage infrastructure without knowledge of its contents and without holding any keys to the stored data. To the extent applicable, Apostillum claims the protections afforded to providers of storage services under 47 U.S.C. Section 230, 17 U.S.C. Section 512, and analogous provisions under applicable law.

5.5 Account Termination for Suspected Misuse

If Apostillum determines, based on available metadata or external information (e.g., law enforcement notification), that an account is likely being used in furtherance of criminal activity, Apostillum reserves the right to:

  • Suspend or terminate the account
  • Preserve all encrypted data and metadata for law enforcement
  • Refuse to provide the user with any technical assistance in decrypting attestation data
  • Report the matter to appropriate authorities

Such action does not constitute an admission that Apostillum has knowledge of the content of encrypted attestation blobs.

6. Data Ownership and Intellectual Property

6.1 Your Data

You retain all right, title, and interest in and to any data you submit to or generate through the Service, including the plaintext content of your AI interactions (which never leaves your device in readable form), your encryption keys, and your Shamir key shares (if enabled).

You grant Apostillum a limited, non-exclusive, royalty-free license to store, process, transmit, and preserve your encrypted attestation blobs and associated metadata solely for the purpose of providing the Service.

6.2 Apostillum's Intellectual Property

The Service, including its architecture, software, algorithms, user interface, documentation, trademarks, and trade secrets, is the exclusive property of Apostillum, Inc. and is protected by intellectual property laws. These Terms do not grant you any right, title, or interest in the Service beyond the limited right to use it in accordance with these Terms.

6.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant Apostillum an unrestricted, irrevocable, perpetual, royalty-free license to use such feedback for any purpose without obligation to you.

7. Retention Guarantee

7.1 Commitment

Apostillum commits to preserving your encrypted attestation blobs for the full duration of your elected retention period (minimum seven (7) years, up to twenty (20) years), subject to your account remaining in good standing or the provisions of Section 7.2 below.

7.2 Bankruptcy and Business Continuity Provisions

In the event that Apostillum ceases operations, enters bankruptcy, or undergoes dissolution:

(a) Data escrow. Apostillum maintains (or will establish prior to general availability) a data escrow arrangement with an independent third-party storage custodian. In the event of cessation of operations, the storage custodian will assume responsibility for maintaining encrypted attestation blobs for the remainder of each applicable retention period. This custodian holds only encrypted data and possesses no encryption keys or Shamir key shares.

(b) WORM immutability. Because attestation blobs are stored in AWS S3 Object Lock Compliance mode, they cannot be deleted — even by Apostillum or AWS — until the retention period expires. This protection persists regardless of Apostillum's operational status, provided the underlying AWS account remains funded.

(c) Prepaid storage. Apostillum maintains (or will establish prior to general availability) a reserve fund or prepaid storage arrangement sufficient to cover storage costs for all active retention periods in the event of business discontinuation.

(d) Blockchain permanence. Hash-based timestamps anchored to public blockchains (Hedera, Bitcoin) are permanent and independent of Apostillum's operational status. Your proof of existence is verifiable regardless of whether Apostillum continues to operate.

(e) User notification. In the event of planned cessation of operations, Apostillum will provide at least ninety (90) days' notice to all active users, along with instructions for exporting data and verifying attestation records independently.

7.3 Limitations

The retention guarantee is contingent upon:

  • Your account remaining in good standing (no outstanding unpaid invoices for more than ninety (90) days)
  • The continued availability of underlying infrastructure providers (AWS, Hedera, Bitcoin network)
  • No court order or valid legal process directing destruction of specific records

8. Fees and Payment

8.1 Subscription Fees

The Service is offered on an annual subscription basis. Current pricing is published at apostillum.com/pricing. Apostillum reserves the right to change pricing upon sixty (60) days' notice. Price changes will not apply to your current subscription term.

8.2 Payment Terms

All fees are due in advance on an annual basis. Fees are non-refundable except as expressly provided in Section 8.3.

8.3 Refunds

If you cancel within the first thirty (30) days of your initial subscription and have stored fewer than one hundred (100) attestation records, you may request a full refund. After thirty (30) days, no refunds are available. Storage costs for attestation blobs already committed to WORM storage are non-refundable under any circumstances because such costs are irrecoverable by Apostillum.

8.4 Taxes

Fees are exclusive of applicable taxes. You are responsible for all taxes, duties, and levies imposed by applicable taxing authorities.

9. Disclaimers

THE SERVICE IS NOT A LEGAL SERVICE AND DOES NOT CONSTITUTE LEGAL ADVICE. Apostillum is a technology company providing evidence preservation infrastructure. The Service is not a substitute for the advice, judgment, or services of a licensed attorney. You should consult a qualified attorney regarding the legal implications of your AI usage, the admissibility of attestation records in your jurisdiction, and compliance with applicable laws and regulations.

9.2 No Guarantee of Admissibility

Apostillum does not guarantee that attestation records created through the Service will be admissible as evidence in any court, tribunal, arbitration, or administrative proceeding. Admissibility depends on applicable rules of evidence, judicial discretion, foundation testimony, and other factors outside Apostillum's control.

9.3 No Guarantee of AI Accuracy

Apostillum attests to the existence and integrity of AI interactions — not to the accuracy, truthfulness, or reliability of AI-generated content. An Apostillum attestation record proves that a specific AI interaction occurred at a specific time; it does not validate the content of that interaction.

9.4 Service "As Is"

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

Apostillum does not warrant that the Service will be uninterrupted, error-free, secure, or free of viruses or other harmful components.

10. Limitation of Liability

10.1 Exclusion of Certain Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL APOSTILLUM, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, OR COST OF SUBSTITUTE SERVICES, ARISING OUT OF OR RELATED TO THESE TERMS OR THE USE OR INABILITY TO USE THE SERVICE, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF APOSTILLUM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.2 Cap on Liability

APOSTILLUM'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY YOU TO APOSTILLUM IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY; OR (B) ONE HUNDRED U.S. DOLLARS ($100).

10.3 Specific Exclusions

Without limiting the foregoing, Apostillum shall not be liable for:

(a) Loss of access to encrypted data resulting from lost encryption keys or key shares, regardless of cause.

(b) Inability to decrypt attestation blobs for any reason, including the inherent design of the zero-knowledge architecture.

(c) The content, accuracy, legality, or consequences of any AI interaction recorded through the Service.

(d) Decisions made by courts, tribunals, or other bodies regarding the admissibility or weight of attestation records.

(e) Actions of third-party AI providers, blockchain networks, timestamping authorities, or cloud infrastructure providers.

(f) Failure of underlying infrastructure beyond Apostillum's reasonable control.

10.4 Essential Purpose

You acknowledge that the limitations of liability in this Section 10 are a fundamental element of the bargain between you and Apostillum, and that Apostillum would not provide the Service without such limitations.

11. Indemnification

11.1 Your Indemnification Obligation

You agree to indemnify, defend, and hold harmless Apostillum, its directors, officers, employees, agents, affiliates, and licensors from and against any and all claims, demands, suits, actions, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

(a) Your use of the Service or any activity under your account.

(b) The content of any AI interaction recorded through the Service (even though Apostillum cannot access such content).

(c) Your violation of these Terms.

(d) Your violation of any applicable law, regulation, or third-party right.

(e) Any claim that your use of the Service in combination with third-party AI services infringes the rights of a third party.

(f) Any dispute between you and a third party (including AI providers, employers, clients, or regulators) related to attestation records created through the Service.

11.2 Indemnification Procedure

Apostillum will: (a) promptly notify you of any claim subject to indemnification; (b) provide reasonable cooperation in the defense of such claim at your expense; and (c) grant you sole control of the defense and settlement, provided you do not settle any claim in a manner that imposes obligations on Apostillum or admits fault on behalf of Apostillum without prior written consent.

12. Term and Termination

12.1 Term

These Terms are effective upon your first use of the Service and continue until terminated by either party.

12.2 Termination by You

You may terminate your account at any time by contacting support@apostillum.com. Upon termination:

  • Your access to the Service will be revoked.
  • Your account data and metadata will be deleted within thirty (30) days.
  • Encrypted attestation blobs will NOT be deleted. They will be retained in WORM storage for the full applicable retention period, as they cannot be removed before expiration. After the retention period, they will be automatically purged.
  • Apostillum holds no encryption keys or Shamir key shares. Encrypted attestation blobs are already permanently inaccessible to Apostillum by design. You may achieve crypto-shredding by destroying your own encryption keys.

12.3 Termination by Apostillum

Apostillum may suspend or terminate your account if:

(a) You breach these Terms and fail to cure the breach within thirty (30) days of written notice.

(b) Your account has an unpaid balance outstanding for more than ninety (90) days.

(c) We are required to do so by law or court order.

(d) We reasonably determine, based on available information, that your account is being used in furtherance of criminal activity (see Section 5.5).

(e) Continuing to provide the Service to you would expose Apostillum to material legal liability.

12.4 Effect of Termination

Termination does not affect: (a) any rights or obligations that accrued prior to termination; (b) the retention of encrypted attestation blobs in WORM storage; or (c) the survival provisions in Section 15.

13. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.

14. Dispute Resolution

14.1 Informal Resolution

Before initiating any formal dispute resolution proceeding, you agree to contact Apostillum at legal@apostillum.com and attempt to resolve the dispute informally for at least thirty (30) days.

14.2 Arbitration

Any dispute, claim, or controversy arising out of or relating to these Terms or the Service that cannot be resolved informally shall be resolved by binding arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules. The arbitration shall be conducted in Wilmington, Delaware, by a single arbitrator with expertise in technology law.

14.3 Class Action Waiver

YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. If a court or arbitrator determines that this class action waiver is void or unenforceable, then this entire arbitration provision shall be null and void.

14.4 Exceptions to Arbitration

Notwithstanding the above, either party may: (a) seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of intellectual property rights; or (b) bring claims in small claims court if the claims qualify.

14.5 Exclusive Jurisdiction

For any matters not subject to arbitration, you consent to the exclusive jurisdiction and venue of the state and federal courts located in New Castle County, Delaware.

15. Survival

The following provisions survive termination of these Terms: Sections 5 (Illegal Content), 6 (Data Ownership and Intellectual Property), 7 (Retention Guarantee), 9 (Disclaimers), 10 (Limitation of Liability), 11 (Indemnification), 13 (Governing Law), 14 (Dispute Resolution), and this Section 15.

16. General Provisions

16.1 Entire Agreement

These Terms, together with the Privacy Policy and any Data Protection Agreement, constitute the entire agreement between you and Apostillum regarding the Service and supersede all prior or contemporaneous agreements, representations, and understandings.

16.2 Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.

16.3 Waiver

The failure of Apostillum to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. A waiver of any provision is effective only if in writing and signed by Apostillum.

16.4 Assignment

You may not assign or transfer these Terms or any rights hereunder without Apostillum's prior written consent. Apostillum may assign these Terms in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets.

16.5 Force Majeure

Apostillum shall not be liable for any failure or delay in performance resulting from causes beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, war, terrorism, government actions, power outages, internet disruptions, or failure of third-party infrastructure providers.

16.6 Notices

All notices under these Terms shall be in writing and deemed given when: (a) delivered personally; (b) sent by confirmed email; (c) sent by nationally recognized overnight courier; or (d) sent by certified mail, return receipt requested. Notices to Apostillum should be sent to legal@apostillum.com.

16.7 Relationship of the Parties

Apostillum and you are independent contractors. Nothing in these Terms creates a partnership, joint venture, employment, franchise, or agency relationship.

16.8 Third-Party Beneficiaries

These Terms do not create any third-party beneficiary rights.

16.9 Export Compliance

You agree to comply with all applicable export control and trade sanctions laws and regulations, including those of the United States, in connection with your use of the Service.

16.10 Amendments

Apostillum may modify these Terms at any time by posting the modified Terms on our website and notifying you via email. Changes become effective thirty (30) days after posting, unless the change is required by law, in which case it may become effective immediately. Your continued use of the Service after the effective date constitutes acceptance of the modified Terms. If you do not agree to the modified Terms, you must stop using the Service.

17. Contact Information

Apostillum, Inc. [Address] Wilmington, DE [ZIP]

  • General inquiries: hello@apostillum.com
  • Legal matters: legal@apostillum.com
  • Support: support@apostillum.com
  • Security: security@apostillum.com
  • Website: https://apostillum.com

These Terms of Service are provided for informational purposes and constitute the contractual obligations between you and Apostillum, Inc. They do not create any attorney-client relationship and do not constitute legal advice. You are encouraged to consult with a licensed attorney regarding the legal implications of these Terms and your use of the Service.