Terms of Service

1. Acceptance of terms

By accessing or using cytra.io or the Cytra platform, you agree to these Terms of Service. If you are using Cytra on behalf of an organization, you represent that you are authorized to bind that organization, and "you" refers to that organization.

A signed order form or master subscription agreement, where one exists, governs the commercial relationship and prevails over these terms to the extent of any conflict.

2. The service

Cytra provides an AI-governance platform built on a managed Model Context Protocol (MCP) gateway. It helps organizations reach and stay aligned with the EU AI Act, NIST AI RMF, and ISO/IEC 42001, and turns governed runtime activity into continuous, audit-ready evidence.

Cytra is the system of record and the control plane — it does not itself certify any organization, and it is not itself certified. We describe the posture it produces as aligned and audit-ready, not certified. The managed MCP gateway is currently in private beta / early access and is not generally available.

3. Access & accounts

Access is sales-led: there is no self-serve free trial. Early access is granted by request and may be subject to onboarding and eligibility review.

You are responsible for safeguarding your account credentials and for all activity that occurs under your account, and you agree to notify us promptly of any unauthorized use.

4. Acceptable use

You agree not to misuse the service: no attempts to breach tenant isolation, defeat the gateway’s policy controls or kill-switch, tamper with the audit record, reverse-engineer the platform, or use it to violate applicable law or the rights of others.

You are responsible for the lawfulness of the data and AI systems you route through the gateway and for configuring the policies, allowlists, and approval gates appropriate to your obligations.

5. Customer data & evidence

You retain all rights to the data you submit. We process it to provide the service under these terms, the Privacy Policy, and any applicable data processing addendum. We do not use the contents of your governed-action records or evidence artifacts to train shared or third-party models.

Audit-evidence records are written to a per-tenant, tamper-evident log and retained for the term set out in your order form so that an outside party can verify them.

6. Beta features & availability

Features identified as beta, early access, or preview — including the managed MCP gateway — are provided as-is, may change or be withdrawn, and are not covered by any service-level commitment unless your order form states otherwise.

7. Disclaimers & limitation of liability

The service is provided "as is" without warranties of any kind except as expressly stated in a signed agreement. Cytra does not warrant that use of the platform by itself makes you compliant with, or certified against, any law or standard; compliance remains your responsibility, informed by your own counsel.

To the maximum extent permitted by law, Cytra will not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of your use of the service.

8. Changes to these terms

We may update these terms from time to time. Material changes will be reflected by the "last updated" date below, and where required we will provide additional notice. Continued use after an update constitutes acceptance of the revised terms.

9. Contact information

Questions about these Terms of Service can be sent to our team.

Email legal@cytra.io or reach us through the contact page.