You must be at least 18 years old to use the Service. You may sign up with any valid email address. You are responsible for keeping your credentials confidential and for every action taken under your account.

Children. The Service is not directed to, and is not intended for use by, persons under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, contact contact@agentyx.dev and we will delete it promptly.

You retain ownership of all binaries, source code, and supporting files you upload (Your Content). You grant us a limited, non-exclusive, royalty-free license to store, copy, and process Your Content solely to provide the Service to you. This license ends when you delete Your Content or terminate your account.

You represent and warrant that:

• You have the legal right to upload and analyze the files you upload.
• Your uploads do not infringe any third party's intellectual property, trade-secret, privacy, or other rights.
• You will not upload malware or exploits intended to be deployed against systems you do not own or are not authorized to test.

The analysis, code, patches, reports, decompiled source, or other material produced by the Service (Output) is provided for informational purposes only. You are solely responsible for how you use the Output, including:

• Verifying correctness before running generated code in any environment.
• Complying with applicable laws in your jurisdiction (export control, reverse engineering restrictions, DMCA, local statutes, data protection).
• Ensuring you have the legal right to analyze the binary you upload.
• Not using Output to attack, exploit, or compromise any system you do not own or lack authorization to test.

We do not verify the accuracy of Output. AI-generated analysis may be incomplete, incorrect, or misleading. Do not rely on Output for safety-critical, legally binding, or high-stakes decisions without independent expert verification.

• Upload content you do not have the legal right to analyze.
• Use the Service to develop or deploy malware, exploits, or attack tooling against third parties.
• Reverse engineer, resell, rebrand, or proxy the Service to others.
• Scrape, rate-abuse, or intentionally overload the Service.
• Attempt to access other users' accounts, sessions, or data.

We may suspend or terminate accounts that violate this section without prior notice.

What we collect

• Account data — your email address and, if you sign in with password, a secure one-way hash of it (we never see the password itself).
• Uploaded files — binaries and supporting files you send to the Service.
• Chat history — messages you send and responses we return.
• Usage metadata — timestamps, session identifiers, service-usage counts.
• Payment data — if you top up your balance, Stripe processes the transaction. We do not store your card number.

What we do with it

• Provide the analysis you requested.
• Enforce the free-trial quota and billing.
• Investigate abuse, security incidents, or support requests.
• Improve the Service in aggregated, non-personally-identifiable form.

What we do NOT do

• We do not sell, rent, or share your uploaded files with any third party.
• We do not share your uploaded files with advertisers or data brokers.
• We do not use your uploaded files, chat messages, or Output to train any AI models — not our own, not our subprocessors', and not any third party's.

Subprocessors we use

To operate the Service we rely on the following infrastructure providers. Each handles only the minimum data required for their function, under their own policies:

• Supabase — authentication and database (stores account metadata and session rows).
• Cloudflare — hosting, DNS, and edge network (serves the website).
• Stripe — payment processing.
• Anthropic — AI model provider used to process analysis prompts.

We do not send your uploaded files beyond what is strictly required to complete the analysis you asked for.

Cookies, local storage & similar technologies

We use only the browser-storage mechanisms strictly necessary to operate the Service:

• Supabase auth cookies (sb-*) — keep you signed in across page loads.
• Browser localStorage — stores your Supabase session token (JWT) on your device so you do not have to re-enter your password each visit. Cleared when you sign out.
• Cloudflare bot-management cookie (__cf_bm) — short-lived, distinguishes humans from automated traffic.
• Session restore parameter (?session= in the URL) — used only when you open a session link from the Account page.

We do not set advertising, analytics, or cross-site tracking cookies, and we do not use fingerprinting, session replay, or behavioral profiling.

Security measures

We apply industry-standard safeguards, including:

• TLS/HTTPS encryption in transit for every connection.
• Authentication via Supabase; passwords are stored as salted, one-way cryptographic hashes — never in plaintext and never visible to Company personnel.
• Row-level security so each user can only read and modify their own sessions and profile.
• Access to production infrastructure restricted to authorized Company personnel on a least-privilege basis.
• Periodic review of subprocessor security posture.

No system is perfectly secure. You share information with the Service at your own risk and should not upload material you cannot afford to expose in the event of an incident.

Breach notification

If we become aware of a personal data breach that is likely to result in significant harm, we will notify you and the relevant supervisory authority without undue delay and in accordance with applicable law — including within three (3) days where required under Singapore PDPA, and within seventy-two (72) hours where required under the EU/UK GDPR.

International data transfers

The Company is based in Singapore. Our subprocessors are located in Singapore, the United States, and the European Union. When personal data moves between these regions, we rely on the transfer mechanisms made available by each subprocessor — for example, EU Standard Contractual Clauses or the applicable adequacy decisions — and we only transfer the minimum data needed to provide the Service.

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Delete your account and the personal data associated with it.
• Export your chat history and session metadata in a portable format.
• Object to processing and withdraw consent at any time.

Email contact@agentyx.dev to exercise any of these rights. We will respond within a reasonable time and no later than thirty (30) days of a verified request.

Singapore residents (PDPA)

Under Singapore's Personal Data Protection Act 2012, you may withdraw consent, ask us to correct your data, or ask for a copy of the data we hold about you. Our Data Protection Officer can be reached at dpo@agentyx.dev. If you are not satisfied with our response, you may complain to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

EU / UK residents (GDPR)

We process your personal data on the following lawful bases:

• Contract — to provide the Service you requested (Art. 6(1)(b)).
• Legitimate interests — to secure and improve the Service, prevent abuse, and enforce these Terms (Art. 6(1)(f)).
• Legal obligation — to comply with tax, accounting, and lawful government requests (Art. 6(1)(c)).
• Consent — where specifically requested (Art. 6(1)(a)), which you may withdraw at any time.

You have the right to lodge a complaint with your local supervisory authority.

California residents (CCPA/CPRA)

We do not sell or share your personal information. You have the right to know what we collect, request deletion, and not be discriminated against for exercising these rights. Email contact@agentyx.dev to make a request.

The service is provided “as is” and “as available” without warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, or uninterrupted availability. AI-generated output may contain errors, hallucinations, or security-relevant inaccuracies.

To the maximum extent permitted by applicable law, we are not liable for any indirect, incidental, special, consequential, exemplary, or punitive damages arising from your use of the service or the output — including, without limitation, lost profits, lost data, business interruption, or security incidents in systems you analyze or modify based on the output.

Our total aggregate liability to you for any claim arising from this agreement will not exceed the amount you paid us for the service in the six (6) months preceding the claim, or USD $100, whichever is greater.

Some jurisdictions do not permit certain exclusions or limitations; in those, the limits above apply to the fullest extent permitted by local law.

The Service is operated from Singapore by Lions Agentix Pte. Ltd. You are responsible for ensuring your use of the Service complies with your local laws, including export controls, reverse engineering statutes, and data protection regulations.

These Terms are governed by the laws of the Republic of Singapore, without regard to its conflict-of-laws rules. Any disputes arising out of or in connection with this Agreement will be subject to the exclusive jurisdiction of the courts of Singapore, unless otherwise required by mandatory consumer protection law in your country of residence.

Because the Service analyzes, decompiles, and transforms binary software, it may be subject to export control laws, including those of Singapore, the United States (EAR/ITAR), the European Union, and the United Kingdom. You represent and agree that:

• You are not located in, a resident of, or acting on behalf of a party in any country or region subject to a comprehensive trade embargo by the United Nations, Singapore, the United States, the EU, or the UK.
• You are not listed on any applicable sanctions list, including the U.S. Treasury OFAC Specially Designated Nationals list, the EU Consolidated Financial Sanctions List, the UK HM Treasury Consolidated List, and Singapore sanctions administered under the United Nations Act or MAS Notices.
• You will not use the Service to develop, produce, or transfer items subject to export restrictions without required authorizations.
• You will not re-export Output in violation of applicable export-control laws.

• Entire agreement. This Agreement is the entire understanding between you and the Company regarding the Service and supersedes any prior agreements or communications.
• Severability. If any provision is found unenforceable, the rest remains in effect, and the unenforceable provision is replaced with the nearest enforceable equivalent.
• Assignment. You may not assign this Agreement without our written consent. We may assign it freely to a successor in a merger, acquisition, or sale of substantially all assets.
• No waiver. Our failure to enforce any provision is not a waiver of our right to enforce it later.
• No agency. Nothing in this Agreement creates a partnership, joint venture, employment, or agency relationship between the parties.
• Notices. We may send notices by email to the address on your account or by posting on the Service. Notices to us must be sent to the contact address in section 20.
• Headings. Section headings are for convenience only and do not affect interpretation.
• Language. The English version of this Agreement controls over any translation.

• Company: Lions Agentix Pte. Ltd.
• Registered address: 10 Marina Boulevard, Singapore 018983
• General: contact@agentyx.dev
• Data Protection Officer: dpo@agentyx.dev
• Website: https://agentyx.dev