Terms of Service

Effective date: [date] · Last updated: [date]

Moonlight Array B.V. — Registered at [registered address]

Chamber of Commerce: [KvK number] · VAT: [VAT number]

Contact: [[email protected]]

Draft pending legal review

This document is a starting point for legal review, not legal advice. It should be reviewed by a qualified Dutch/EU technology lawyer before publication. Bracketed items [like this] must be completed before use.

1. Introduction and Acceptance

These Terms of Service ("Terms") govern your access to and use of AIDO, including our website, dashboard, hosted instances, agent provisioning tools, integrations, APIs, automation features, support services, and related services (together, the "Service"), provided by Moonlight Array B.V., registered at [registered address], Chamber of Commerce number [KvK number] ("we", "us", "our", or "Moonlight Array B.V.").

By creating an account, ordering a subscription, deploying an instance, connecting a third-party account, or otherwise using the Service, you agree to these Terms, our Acceptable Use Policy, our Privacy Policy, and, where applicable, our Data Processing Agreement (together, the "Agreement"). If you use the Service on behalf of an organisation, you represent and warrant that you have authority to bind that organisation, and "you" refers to that organisation. If you do not agree to these Terms, you must not use the Service.

These Terms are available in English. In the event of any inconsistency between translations, the English version prevails.

2. Definitions

  • "Agent" means any AI agent, automation, workflow, script, model-connected process, browser automation, API-connected process, scheduled task, or tool-using system deployed, configured, instructed, or operated through the Service.
  • "Hosted Instance" means any server, container, runtime, virtual machine, cloud environment, workspace, database, queue, storage volume, or other infrastructure provisioned or managed by us for your use.
  • "User Content" means prompts, instructions, files, data, credentials, API keys, workflows, outputs, logs, messages, code, configurations, or other materials submitted to, generated through, or processed by the Service on your behalf.
  • "Third-Party Services" means services, websites, APIs, platforms, accounts, models, applications, marketplaces, communication tools, payment providers, cloud providers, or other services not operated by us.
  • "Acceptable Use Policy" or "AUP" means the policy governing prohibited uses of the Service, as amended from time to time, incorporated into these Terms by reference.
  • "Personal Data", "Controller", "Processor", and "Processing" have the meanings given in Regulation (EU) 2016/679 (the "GDPR").

3. Service Description and Role

The Service provides hosted infrastructure, provisioning, orchestration, and related tools that allow users to deploy, configure, and operate Agents and integrations. You, not Moonlight Array B.V., determine the Agent's instructions, connected accounts, permissions, data sources, tools, credentials, workflows, recipients, outputs, and actions. Except where we expressly state otherwise in writing, we do not initiate, direct, approve, verify, supervise, or control the specific actions taken by your Agent.

The Service may allow Agents to access files, use browsers, send or draft communications, call APIs, execute workflows, interact with Third-Party Services, process data, trigger webhooks, generate content, or perform other automated or semi-automated actions. You are responsible for deciding whether these features are appropriate for your use case and for configuring them correctly.

We act as a hosting service provider within the meaning of Regulation (EU) 2022/2065 (the "Digital Services Act" or "DSA"). We are not the publisher of, or otherwise responsible for, User Content or Agent actions, except as required by applicable law.

4. Eligibility and Account Registration

You must be at least 18 years old (or the age of legal majority in your jurisdiction, if higher) and legally capable of entering into a binding contract to use the Service. You must provide accurate, complete, and up-to-date account, billing, and contact information. You are responsible for maintaining the confidentiality of your login credentials and for all activity under your account, whether or not authorised by you. You must promptly notify us at [[email protected]] if you suspect unauthorised access to your account, Hosted Instance, credentials, Agent, or integrations. We reserve the right to refuse registration, suspend accounts, or require additional verification where we reasonably consider it necessary for security, legal, or compliance reasons.

5. User Responsibility for Agent Actions

You are solely responsible for all activity occurring through your account, Hosted Instance, Agent, integrations, API keys, credentials, workflows, and connected Third-Party Services. This includes all messages sent, content generated, files accessed or modified, websites visited, APIs called, transactions attempted, data collected, commands executed, workflows triggered, outputs published, and all consequences of those actions — whether performed manually, automatically, on a schedule, or by an AI model.

You must maintain appropriate human oversight, safeguards, permissions, testing, rate limits, review steps, rollback procedures, and backups. You must not enable autonomous actions where doing so would violate law, third-party rights, platform terms, professional duties, security obligations, or these Terms.

You understand and accept that Agents may produce inaccurate, incomplete, offensive, unlawful, unsafe, or unexpected outputs and may take actions that are difficult or impossible to reverse, including but not limited to deleting or modifying files, sending communications, publishing content, placing orders, changing settings, accessing third-party accounts, executing code, or triggering external workflows. You are responsible for reviewing, validating, and supervising your Agents and their actions.

This clause does not reduce any obligations we may have under mandatory law, including obligations under the DSA upon obtaining actual knowledge of illegal content or activity.

6. Permissions, Credentials, and Third-Party Accounts

You are responsible for all credentials, API keys, OAuth grants, access tokens, cookies, SSH keys, passwords, webhook secrets, database credentials, and other secrets used with the Service. You must only connect accounts, systems, files, data, APIs, websites, or services that you are authorised to access and use. You are responsible for configuring the minimum permissions needed for your Agent. You should avoid granting broad, administrative, destructive, financial, messaging, publication, or security-sensitive permissions unless they are strictly necessary and properly supervised. We are not responsible for third-party account suspension, third-party charges, data exposure, API costs, rate-limit penalties, platform enforcement, or other consequences resulting from credentials, permissions, or integrations that you provide or authorise, except to the extent caused by our breach of obligations that cannot be excluded under applicable law.

7. Third-Party Services

The Service may interoperate with Third-Party Services. We do not control Third-Party Services and are not responsible for their availability, security, legality, terms, policies, outputs, pricing, rate limits, decisions, or enforcement actions. You are responsible for complying with all third-party terms of service, API terms, platform policies, developer agreements, rate limits, robots.txt instructions where applicable, data-processing terms, account rules, and applicable laws for any Third-Party Service your Agent accesses or uses. Third-Party Services may change, restrict, suspend, or terminate access at any time. We may modify or discontinue integrations where necessary for legal, security, operational, or platform-compliance reasons, and will use reasonable efforts to provide advance notice where practicable.

8. Hosted Instances and Infrastructure

We may provision Hosted Instances for your use. Unless expressly agreed otherwise in writing, Hosted Instances are provided solely for use with the Service and may not be used as general-purpose hosting, public proxies, spam relays, unrelated bot hosting, cryptocurrency mining, malware infrastructure, or unrelated compute services. You must not interfere with, overload, scan, attack, reverse-engineer, bypass, or misuse the Service, Hosted Instances, or our infrastructure. We may apply technical controls, monitoring, rate limits, usage limits, network restrictions, storage limits, logging, abuse detection, and security measures to protect the Service, other users, third parties, and our infrastructure. We will process any data collected through such measures in accordance with our Privacy Policy.

9. Acceptable Use Policy

You must comply with our Acceptable Use Policy, which forms part of these Terms. The AUP is published separately and may be updated from time to time to address new risks, laws, platform requirements, abuse patterns, or security threats. A breach of the Acceptable Use Policy constitutes a breach of these Terms and may result in suspension or termination of your account in accordance with Article 16.

10. High-Risk, Regulated, and Professional Uses

The Service is not designed to be the sole basis for decisions or actions that may materially affect a person's rights, health, safety, finances, employment, education, housing, insurance, credit, legal status, public benefits, immigration status, access to essential services, or similar high-impact interests. You must not use the Service to provide or automate regulated professional services — including legal, medical, financial, insurance, tax, employment, housing, credit, immigration, or public-sector decision-making — unless you have all required licences, lawful bases, disclosures, human review, supervision, records, and compliance controls.

You are responsible for determining whether your use is subject to laws governing AI systems (including Regulation (EU) 2024/1689, the "EU AI Act"), automated decision-making, consumer protection, employment, financial services, healthcare, data protection, telecommunications, platform rules, or other regulated activities. In particular, if your Agent performs functions that qualify as a high-risk AI system under Annex III of the EU AI Act, you are responsible for meeting all applicable deployer obligations under Article 26, including human oversight, logging, fundamental rights impact assessments, and transparency requirements. High-risk AI system obligations under the EU AI Act apply from 2 August 2026, subject to any legislative extension.

11. Data Protection

Each party must comply with applicable data protection laws, including the GDPR, the Dutch GDPR Implementation Act (Uitvoeringswet AVG, "UAVG"), and the ePrivacy Directive as implemented in Dutch law (Telecommunicatiewet). Our processing of Personal Data for our own purposes (account management, billing, security, analytics, abuse prevention, and legal compliance) is described in our Privacy Policy. Where we process Personal Data on your behalf as a Processor, our Data Processing Agreement applies. You are responsible for determining whether you are a Controller or Processor for Personal Data processed by your Agent and for ensuring that you have a lawful basis, appropriate notices, consents where required, data-subject response procedures, retention controls, security measures, and any required data-processing agreements with your own clients or data subjects. You must not use the Service to process Personal Data unlawfully or to conduct unauthorised monitoring, profiling, scraping, enrichment, sale, disclosure, or surveillance of individuals.

12. User Content and Outputs

As between you and us, you retain ownership of your User Content, subject to the rights granted in these Terms. You grant us a non-exclusive, worldwide, royalty-free licence to host, process, transmit, store, copy, display, and use User Content as reasonably necessary to: (a) provide, secure, maintain, and improve the Service; (b) comply with applicable law; (c) enforce these Terms; (d) investigate abuse; and (e) protect the Service, our infrastructure, and third parties. This licence terminates when you delete User Content or your account, except where retention is required by law or necessary for the purposes described in this clause.

You represent and warrant that you have all rights, permissions, and lawful bases required to submit User Content to the Service and to cause your Agent to process or act on it. We do not guarantee the accuracy, legality, safety, reliability, completeness, or suitability of Agent outputs. You are responsible for reviewing, validating, and using outputs appropriately and in compliance with applicable law.

13. Security

We will use commercially reasonable technical and organisational measures designed to protect the Service, including access controls, encryption in transit, logging, monitoring, vulnerability management, and incident response. However, no system is completely secure, and we do not guarantee that the Service will be free from security vulnerabilities or breaches. You are responsible for securing your account, devices, credentials, connected accounts, local environments, configurations, and Agent permissions. You must promptly report security vulnerabilities, suspected breaches, or suspected unauthorised access to [[email protected]]. You must not test, scan, probe, attack, or attempt to bypass the security of the Service, our infrastructure, other users, or third parties without our prior written authorisation under a responsible-disclosure policy.

14. Billing, Fees, and Payment

Fees, plans, usage limits, and billing periods are described at [https://moonlightarray.nl/pricing] or in an applicable order form or agreement. You authorise us and our payment processors to charge your selected payment method for subscription fees, usage-based fees, setup fees, add-ons, applicable taxes, and other amounts due under the Agreement. Unless otherwise stated, fees are exclusive of VAT, sales tax, withholding tax, duties, and similar charges. You are responsible for all taxes except taxes based on our net income. Where reverse-charge VAT applies, you are responsible for self-assessing and remitting the applicable VAT.

Usage-based charges may include compute, storage, bandwidth, model/API usage, third-party API calls, messaging, email, browser automation, logs, and other metered resources. You are responsible for charges incurred through your account, Hosted Instance, Agent, credentials, and integrations, including charges resulting from Agent activity. If payment is overdue, we may suspend or restrict access after providing at least [7] days' notice. You remain responsible for all amounts due during suspension. We may charge statutory commercial interest (currently the ECB refinancing rate plus 8 percentage points under Dutch law for B2B contracts) on overdue invoices.

15. Trials, Cancellation, and Refunds

Trial access, if offered, may be limited in duration, features, or capacity and may be withdrawn at any time. We may require a payment method for trials and may charge you when the trial ends unless you cancel before the trial period expires. You may cancel your subscription as described at [https://moonlightarray.nl/account/cancel] or by contacting [[email protected]]. Cancellation takes effect at the end of the then-current billing period unless otherwise stated. Fees are non-refundable except where required by applicable law or expressly stated in an order form. If you are a consumer within the meaning of Article 6:230g of the Dutch Civil Code, you may have a statutory right of withdrawal of 14 days after concluding a distance contract, subject to the exceptions in Article 6:230p of the Dutch Civil Code (including where the Service has been fully performed with your prior express consent and acknowledgement of loss of the right of withdrawal, or where the Service is clearly personalised to your specifications).

16. Suspension, Restriction, and Termination

We may suspend, restrict, throttle, disable, quarantine, or terminate your account, Hosted Instance, integrations, API access, workflows, or data access immediately, with or without prior notice, if we reasonably believe that: (a) you have violated these Terms, the AUP, or applicable law; (b) your Agent, Hosted Instance, traffic, content, or integrations may harm us, other users, third parties, infrastructure, platforms, or the public; (c) your use may expose us or others to legal, security, operational, reputational, or regulatory risk; (d) your use appears fraudulent, abusive, unlawful, deceptive, or unauthorised; (e) we receive a credible complaint, takedown request, platform notice, law-enforcement request, abuse report, or security alert; (f) your payment is overdue after the notice period in Article 14; or (g) suspension is necessary to protect service integrity, investigate abuse, or comply with applicable law.

For serious, urgent, repeated, illegal, security-sensitive, or harmful conduct, we may act immediately without prior notice. Where the situation permits and where legally required (including under Article 17 DSA for hosting-service decisions), we will provide a statement of reasons and, where appropriate, an opportunity to respond or appeal.

Zero-tolerance clause. We have zero tolerance for abuse of the Service. If we reasonably believe that your account, Hosted Instance, Agent, integrations, credentials, traffic, content, or workflows are being used for unlawful, harmful, deceptive, abusive, security-threatening, infringing, privacy-invasive, or platform-abusive activity, we may immediately block, suspend, restrict, throttle, quarantine, or terminate access to the Service and any Hosted Instance. We may also disable integrations, preserve relevant records, notify affected providers or authorities where appropriate, and refuse future service. Repeated, serious, intentional, or security-related violations may result in permanent account termination without refund, to the maximum extent permitted by applicable law.

17. Data Export and Deletion After Termination

After termination or cancellation, we may delete or disable access to your account, Hosted Instances, configurations, logs, and User Content in accordance with our retention practices, unless applicable law requires or permits us to retain certain data. You are responsible for exporting data and maintaining backups before cancellation or termination. We will make commercially reasonable efforts to provide a data-export period of at least [30] days after cancellation where technically feasible, unless termination is for cause (e.g., abuse, illegal activity, or security breach). We are not responsible for loss of data after termination, except where required by applicable law.

18. Intellectual Property

We and our licensors own all rights in the Service, including software, infrastructure, interfaces, designs, documentation, trademarks, trade names, and underlying technology. These Terms do not grant you ownership of the Service or any intellectual property rights in it. You may not copy, modify, reverse-engineer, decompile, disassemble, resell, sublicence, or create derivative works from the Service except as permitted by mandatory law (including Directive 2009/24/EC on the legal protection of computer programs) or expressly authorised by us in writing.

19. Feedback

If you voluntarily provide feedback, suggestions, ideas, or recommendations about the Service, you grant us a perpetual, irrevocable, worldwide, royalty-free licence to use, modify, and incorporate them into the Service without restriction or obligation to compensate you.

20. Disclaimers

To the maximum extent permitted by applicable law, the Service is provided "as is" and "as available." We do not warrant that the Service, Hosted Instances, Agents, models, integrations, outputs, or actions will be uninterrupted, secure, error-free, accurate, complete, lawful for your intended use, or suitable for any particular purpose. We do not control or guarantee Agent outputs or actions. AI systems may behave unpredictably, make mistakes, produce inaccurate or incomplete information, misunderstand instructions, or take unintended actions. You are responsible for testing, monitoring, validating, and supervising your Agents and for independently determining whether the Service is suitable for your intended use.

Nothing in this clause excludes warranties or guarantees that cannot be excluded under applicable law, including mandatory consumer guarantees under Dutch and EU law.

21. Limitation of Liability

To the maximum extent permitted by applicable law:

  • Moonlight Array B.V. will not be liable for indirect, incidental, special, consequential, punitive, or exemplary damages, or for loss of profits, revenue, data, goodwill, business opportunities, or anticipated savings, however caused — whether in contract, tort (including negligence), strict liability, or otherwise — even if we have been advised of the possibility of such damages.
  • Our aggregate liability for all claims relating to the Service will not exceed the greater of: (i) the total amounts you paid to us for the Service in the twelve (12) months immediately preceding the event giving rise to the claim; or (ii) one hundred euros (€100).

Nothing in these Terms excludes or limits liability that cannot be excluded or limited under applicable law, including (without limitation): liability for intent (opzet) or deliberate recklessness (bewuste roekeloosheid); liability for death or personal injury caused by negligence; liability under mandatory consumer protection law (including Articles 6:236 and 6:237 of the Dutch Civil Code where applicable); or any other liability that mandatory Dutch or EU law prohibits excluding or limiting.

For consumers: Under Dutch law, certain liability exclusions and limitations may be presumed unreasonably onerous (Article 6:237 sub f of the Dutch Civil Code) and may not be enforceable. The limitations in this article apply only to the extent permitted by mandatory law and are subject to the test of reasonableness and fairness (redelijkheid en billijkheid) under Article 6:248 of the Dutch Civil Code.

22. Indemnity

To the maximum extent permitted by applicable law, you will defend, indemnify, and hold harmless Moonlight Array B.V., its affiliates, directors, employees, contractors, hosting providers, and licensors from and against any claims, damages, losses, liabilities, penalties, fines, costs, and expenses (including reasonable legal fees) arising from or related to: (a) your use of the Service; (b) your Agent's actions, outputs, or behaviour; (c) your User Content, instructions, credentials, integrations, workflows, or connected accounts; (d) your violation of these Terms or the AUP; (e) your violation of applicable law or third-party rights; (f) your breach of third-party platform terms; or (g) any dispute between you and a third party affected by your Agent or your use of the Service.

For consumers: This indemnity applies only to the extent permitted by mandatory Dutch and EU consumer protection law. Where indemnity clauses are subject to the grey list (Article 6:237 of the Dutch Civil Code), they apply only insofar as they are not unreasonably onerous.

23. Abuse Reports and Notice-and-Action (DSA Compliance)

In accordance with Article 16 of the DSA, we maintain a notice-and-action mechanism for reporting allegedly illegal content or activity on or through the Service. Reports may be submitted to [[email protected]] or via the reporting form at [abuse reporting URL]. A valid notice should include: (a) a sufficiently substantiated explanation of why the reported content or activity is alleged to be illegal; (b) a clear indication of the exact electronic location of the content or activity; (c) the name and email address of the reporter (except for reports of child sexual abuse material); and (d) a statement confirming the good-faith belief that the information and allegations in the notice are accurate and complete. We will process notices in a timely, diligent, non-arbitrary, and objective manner. Where we take action on a notice, we will provide the affected user with a statement of reasons in accordance with Article 17 DSA. Our full Abuse and Notice-and-Action Policy is published separately.

24. Changes to the Service or Terms

We may modify the Service or these Terms from time to time. If changes are material, we will provide at least [30] days' notice by email, in-product notice, website notice, or another reasonable method before the changes take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated Terms. If you do not agree, you must stop using the Service and cancel your account before the changes take effect. If you are a consumer, mandatory consumer-protection rules regarding unilateral modification of contract terms apply.

25. Governing Law and Disputes

These Terms are governed by and construed in accordance with the laws of the Netherlands, excluding conflict-of-law rules. Subject to mandatory consumer rights and mandatory jurisdiction rules under EU law (including Article 18 of Regulation (EU) No 1215/2012 — the Brussels I Recast Regulation — which allows consumers to bring proceedings in their Member State of domicile), disputes arising from or in connection with these Terms shall be submitted to the competent courts of [Amsterdam / Arnhem]. For consumers resident in the EU: You may also use the European Commission's Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr. Nothing in this clause restricts your right to bring proceedings before the courts of your Member State of domicile where mandatory law so provides.

26. Miscellaneous

  • Entire agreement. These Terms, together with the AUP, Privacy Policy, DPA (where applicable), and any order form or supplementary agreement, constitute the entire agreement between you and Moonlight Array B.V. regarding the Service and supersede all prior agreements, negotiations, and representations.
  • Severability. If any provision of these Terms is found to be invalid, illegal, or unenforceable by a competent court, the remaining provisions will continue in full force and effect. The invalid provision will be modified to the minimum extent necessary to make it valid and enforceable, or, if modification is not possible, will be deemed deleted.
  • Assignment. You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations to an affiliate or in connection with a merger, acquisition, restructuring, or sale of all or substantially all of our assets, provided the assignee assumes all obligations under these Terms.
  • Waiver. Our failure to enforce any provision of these Terms at any time does not constitute a waiver of that provision or of our right to enforce it later.
  • Force majeure. Neither party will be liable for failure or delay in performance caused by circumstances beyond its reasonable control, including acts of God, natural disasters, pandemics, war, terrorism, government actions, power failures, internet failures, or third-party service outages, provided the affected party gives prompt notice and uses reasonable efforts to mitigate the impact.
  • Notices. Notices to you may be sent to the email address associated with your account. Notices to us should be sent to [[email protected]].

27. Contact