Nevermined

Nevermined AG — Terms of Service

1. General Provisions

1.1 Parties and Scope

These Terms of Service (the “Terms”) govern the use of the Nevermined platform, APIs, SDKs, dashboard, command-line tools, documentation, and any related services (collectively, the “Service”) provided by Nevermined AG, a company incorporated under the laws of Switzerland with its registered office in Zug, Switzerland (“Nevermined,” “we,” “our”).

By accessing or using the Service, you (“Customer,” “you,” “your”) agree to be bound by these Terms. If you are entering into these Terms on behalf of a legal entity, you represent and warrant that you have the authority to bind such entity and that your acceptance of these Terms constitutes acceptance on behalf of that entity.

Where an Order Form or Master Subscription Agreement has been executed between you and Nevermined (“Additional Terms”), the Additional Terms supplement these Terms. In the event of a conflict between these Terms and any Additional Terms, the Additional Terms shall prevail to the extent of the conflict.

1.2 Definitions

“Agentic Token” means a persistent, scoped authorisation credential issued through the Service that delegates specific permissions from a user to an AI agent, including spending controls, policy constraints, and revocation rights.

“API” means the application programming interfaces made available by Nevermined.

“Authorised User” means any individual whom you permit to access or use the Service under your account, including your employees, contractors, and agents.

“Beta Feature” means any feature, tool, integration, or capability that Nevermined designates as beta, preview, experimental, early access, or similar.

“Customer Data” means any data uploaded, transmitted, or generated by Customer or its Authorised Users through the Service.

“Customer Service Provider” means any third party engaged by Customer to perform functions related to the Service or to access the Service, the APIs, or any technical information on Customer’s behalf, including integration partners, AI framework operators, tool routers, and downstream developers.

“Mandate” means the set of rules, constraints, and permissions encoded into an Agentic Token that governs what actions an agent may perform on behalf of the delegating user.

“Output” means any data, results, transaction records, API responses, or other material generated by or through the Service in response to Customer’s or an Authorised User’s use of the Service, including actions executed by AI agents operating under Agentic Tokens.

“Payment Token” means a tokenised card credential used within the Service’s payment infrastructure.

“Payment Network Rules” means the bylaws, operating regulations, rules, policies, and procedures issued by payment card networks (including Visa and Mastercard), acquirers, and other payment scheme operators, as amended from time to time, that apply to the processing of payment transactions through the Service.

“Personal Data” has the meaning given in the Swiss Federal Act on Data Protection (FADP/nDSG).

“Processing” has the meaning given in the FADP.

“Service” means the Nevermined agentic commerce platform, including the dashboard, CLI tools, APIs, SDKs, webhook endpoints, documentation, and any ancillary services.

1.3 Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the substantive laws of Switzerland, excluding the conflict of laws provisions and the United Nations Convention on Contracts for the International Sale of Goods (CISG).

Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of the Canton of Zug, Switzerland, subject to any mandatory statutory venue rules.

2. Service Description

2.1 Platform Overview

Nevermined provides agentic commerce payment infrastructure that enables authorisation, delegation, metering, and settlement of payments and actions performed by AI agents on behalf of users. The Service includes:

  • Issuance and lifecycle management of Agentic Tokens

  • Policy-based delegation of payment authority from users to AI agents

  • Real-time metering and audit logging of agent-initiated transactions

  • Integration with third-party payment networks and token vaults

  • Dashboard and CLI tools for configuration and monitoring

  • Webhook and API endpoints for partner integrations

2.2 No Financial or Professional Advice

Nevermined is a technology platform. The Service does not constitute financial advice, payment services regulated under Swiss financial market law, investment advice, or any other form of professional advice. We do not hold or transmit funds directly; payment processing is handled by licensed third-party providers. You should not rely on the Service or any Output for financial, legal, tax, or other professional guidance.

2.3 Output Disclaimer

The Service facilitates actions by AI agents on your behalf based on mandates and policies you configure. Nevermined does not warrant the accuracy, completeness, suitability, or appropriateness of any action taken by an AI agent operating under an Agentic Token. Output may contain errors, may not reflect your intentions, and may result in financial transactions that cannot be reversed once settled. You acknowledge that AI agent behaviour is inherently probabilistic and that you bear sole responsibility for reviewing agent activity and configuring appropriate safeguards within the mandates you define.

2.4 Technology Partners and Third-Party Dependencies

The Service relies on third-party payment networks, card schemes, acquirers, token service providers, and other technology partners to operate. These partners maintain their own terms of service, privacy policies, and operational rules, which may change independently of Nevermined. Nevermined is not responsible for, and has no control over, the acts, omissions, rules, or decisions of these third parties, including transaction declines, settlement delays, scheme rule changes, or service interruptions originating outside Nevermined’s own systems. Where changes to Payment Network Rules or partner terms require modifications to the Service, Nevermined will implement such modifications and notify you of any material impact on your use of the Service.

In accordance with Swiss transparency principles, Nevermined identifies its technology partners below, together with links to their publicly available legal documentation and commentary on specific provisions that may be relevant from a Swiss legal perspective. This register is maintained as of the effective date of these Terms and is updated when partners are added or removed. The commentary reflects Nevermined’s assessment and does not constitute legal advice; you should review these documents independently.

Very Good Security, Inc. (VGS) — Cardholder Data Vault

Role: VGS provides the cardholder data vault and tokenisation layer. Raw payment card data is intercepted by VGS before it reaches Nevermined’s environment, reducing Nevermined’s PCI scope. Nevermined receives only tokenised references.

Terms of Service: https://www.verygoodsecurity.com/terms-and-conditions

Privacy Notice: https://www.verygoodsecurity.com/privacy-notice

Jurisdiction: United States. Certified under the Swiss-U.S. Data Privacy Framework.

Compliance strengths: VGS is PCI DSS Level 1 certified and operates a purpose-built vault architecture specifically designed to isolate sensitive cardholder data from client environments. The Swiss-U.S. DPF certification provides a recognised transfer mechanism under Swiss law, supplemented by Nevermined’s SCCs.

Provisions to note from a Swiss law perspective:

  • Liability cap: VGS caps aggregate liability at the greater of $100 or fees paid in the preceding 6 months, and broadly disclaims all warranties (Section 10). Under Swiss mandatory law (Art. 100 CO), liability for wilful misconduct or gross negligence cannot be excluded by contract. A $100 floor is exceptionally low for a financial infrastructure provider that vaults payment card data, and would likely be regarded as disproportionate by a Swiss court.

  • Limitation period: VGS imposes a one-year limitation for all claims (Section 13.1). Swiss law prescribes a 10-year limitation for contractual claims (Art. 127 CO) and one year for tort claims (Art. 60 CO). The contractual shortening may not be enforceable to the extent it conflicts with mandatory Swiss limitation periods that cannot be contractually reduced.

  • Termination without transition: VGS reserves the right to terminate service immediately and without notice in several scenarios, with no data export or transition obligation. This presents a business continuity risk: if VGS were to terminate without notice, Nevermined would need to migrate its card vaulting infrastructure to an alternative provider without a contractual transition window. Nevermined mitigates this risk by maintaining contingency planning for vault migration.

  • Privacy framework: VGS’s Privacy Notice references the U.S. Data Privacy Framework and U.S. state-level privacy laws but does not specifically address the FADP. This is common among U.S. infrastructure providers and does not indicate non-compliance — the Swiss-U.S. DPF certification and Nevermined’s SCCs serve as the transfer safeguards. Swiss data subjects wishing to exercise rights under Art. 25 FADP in relation to vaulted data should direct requests to Nevermined, which will coordinate with VGS as necessary.

Exa Labs, Inc. — AI Search API Partner

Role: Exa is a client of Nevermined that provides AI-powered web search API services. In the Nevermined-Exa integration, Nevermined handles payment and credential delegation; Exa provisions API keys and serves search queries. End-user query data flows directly from the agent to Exa and does not transit Nevermined’s systems.

Terms of Service: https://exa.ai/assets/Exa_Labs_Terms_of_Service.pdf

Privacy Policy: https://exa.ai/privacy-policy

Data Processing Agreement: https://www.exa.ai/dpa

Jurisdiction: United States (San Francisco, CA).

Compliance strengths: Exa is SOC 2 Type II certified and has built its search engine from scratch (no reliance on third-party search providers such as Google under the hood), which enables it to offer genuine Zero Data Retention (ZDR) as an enterprise option. ZDR ensures that no query data is stored by Exa or any sub-processor after the search response is delivered.

Provisions to note from a Swiss law perspective:

  • Arbitration and class action waiver: Exa’s ToS (Section 9) imposes mandatory binding arbitration with JAMS in San Francisco and a class action waiver. These provisions are standard under U.S. law but are generally unenforceable in Switzerland, where both businesses and consumers retain the right to access state courts. A Swiss court would be unlikely to give effect to these clauses in proceedings brought by a Swiss party.

  • Liability cap: Exa caps aggregate liability at the greater of $100 or fees paid in the prior 6 months (Section 8.3). The same Swiss mandatory law concerns apply as with VGS — exclusion of liability for wilful misconduct or gross negligence is impermissible under Art. 100 CO, and the $100 floor is very low relative to the potential consequences of search API failures in agentic commerce workflows.

  • AI output disclaimer: Exa’s ToS (Section 7.1.2) broadly disclaims responsibility for the accuracy, completeness, or reliability of AI-generated search results. This is common in AI service terms and is not inherently problematic, but customers who route Exa search results into automated decision-making pipelines (e.g., agents making purchasing decisions based on search output) should evaluate whether this disclaimer is consistent with their own downstream obligations and risk tolerance.

  • Query data used for model training: Exa’s Privacy Policy states that Query Data is used to improve products and technology, including training and fine-tuning models. If customers route queries through Exa that could contain personal data or commercially sensitive information, they should consider whether this default is compatible with their own purpose limitation obligations under Art. 6(3) FADP (processing must be compatible with the purpose communicated at collection). Exa offers Zero Data Retention as an enterprise option that eliminates this concern, but it is not enabled by default.

  • Suspension and termination: Exa reserves broad rights to suspend or terminate service at any time, for any reason, with or without notice. There is no cure period and no data export obligation. This presents a continuity risk for customers who depend on Exa search results within their agent workflows.

Stripe, Inc. — Payment Processing

Role: Stripe provides payment processing and settlement services via Standard Stripe Connect (OAuth). Stripe handles charge creation, fund capture, and settlement for transactions initiated through the Service.

Services Agreement: https://stripe.com/legal/ssa

Privacy Policy: https://stripe.com/privacy

Data Processing Agreement: https://stripe.com/legal/dpa

Privacy Centre: https://stripe.com/legal/privacy-center

Jurisdiction: United States (Stripe, Inc.) and Ireland (Stripe Payments Europe, Ltd). Stripe participates in the EU-U.S. Data Privacy Framework. SCCs in place.

Compliance strengths: Stripe is PCI DSS Level 1 certified, maintains a comprehensive DPA, and operates a dedicated Privacy Centre with detailed documentation of its data practices. Stripe Payments Europe, Ltd (Ireland) is a regulated Electronic Money Institution, providing an additional layer of regulatory oversight for European payment flows. Stripe’s DPF certification and SCCs provide robust transfer safeguards.

Provisions to note from a Swiss law perspective:

  • Suspension rights: Stripe’s SSA grants broad rights to suspend or terminate service if Stripe reasonably believes the user’s activity degrades security, enables illegal transactions, or increases fraud rates. The threshold of “reasonable belief” is subjective and there is no cure period for most suspension scenarios. This could result in immediate disruption of Nevermined’s payment processing capability without prior notice. Nevermined mitigates this risk through compliance with Stripe’s acceptable use policies and ongoing monitoring of transaction patterns.

  • Reserve and holdback rights: Stripe may withhold settlement funds and impose reserves against chargebacks, fines, or anticipated losses under its Connect platform terms. If Stripe imposes a reserve on Nevermined’s Connect account, this could delay settlement of funds to customers. Customers should be aware that settlement timing is subject to Stripe’s risk assessment in addition to Nevermined’s own processes.

  • Unilateral term modifications: Stripe may modify its services agreement unilaterally with notice, and continued use constitutes acceptance. In a B2B context, Swiss courts generally afford more latitude for such modification clauses than in consumer relationships. However, under Art. 8 UWG (Unfair Competition Act), modification clauses that permit material changes to price, scope, or liability without meaningful opportunity to negotiate or exit may still be challenged, particularly where the customer has limited practical alternatives.

  • Affiliate data sharing: Stripe’s Privacy Policy discloses data sharing with affiliates globally and with financial partners for purposes including fraud prevention, service provision, and regulatory compliance. This sharing is covered by DPF certification and SCCs, and is typical for global payment processors operating under card network rules. Customers should note that the scope of affiliate sharing is broader than in most non-financial SaaS relationships, reflecting the multi-party nature of payment processing.

  • FADP-specific provisions: Stripe’s DPA incorporates CCPA-specific provisions (California) and GDPR provisions but does not contain FADP-specific language. This is not uncommon — the FADP is intentionally aligned with the GDPR and the DPF certification provides the Swiss-specific transfer mechanism. Swiss data subjects exercising rights under Art. 25 FADP should direct requests through Nevermined as controller, and Nevermined will coordinate with Stripe under the DPA’s cooperation obligations.

Visa, Inc. — Token Lifecycle and Card Network

Role: Visa provides the Visa Intelligent Commerce Platform (VIC) for token lifecycle management, including DPAN provisioning, device binding, DAVV cryptogram generation, and passkey-based authentication. Visa operates as an independent controller for data it processes under its own network obligations and as a processor for mandate-specific data flows.

Global Privacy Notice: https://www.visa.com/privacy

Developer Terms: https://developer.visa.com/terms

Jurisdiction: United States (Visa, Inc.) and EU (Visa Europe Ltd). Visa holds EU-U.S. DPF certification. EU adequacy decision applies for Visa Europe operations.

Compliance strengths: Visa is one of the most heavily regulated financial infrastructure providers globally, subject to oversight by multiple financial regulators across jurisdictions. Visa’s DPF certification, comprehensive network security standards (including PCI DSS and Visa’s own security framework), and well-established dispute resolution mechanisms provide a mature compliance foundation.

Provisions to note from a Swiss law perspective:

  • Independent controller status: Visa processes certain transaction data as an independent controller under its own Global Privacy Notice, for its own purposes including fraud prevention, network integrity, and regulatory compliance. This processing occurs independently of Nevermined’s instructions, meaning Visa’s own legal bases and data practices govern that data. Swiss data subjects should be aware that Visa’s handling of their network-level transaction data is not controlled by Nevermined’s Data Policy. This dual-controller arrangement is inherent to all businesses that participate in card payment networks and is not unique to Nevermined.

  • Unilateral rule changes: Visa’s network rules (Visa Core Rules and Visa Product and Service Rules) are binding on all participants and may be amended unilaterally. Changes may affect how Agentic Tokens operate, what data must be included in transactions, and what fraud controls are required. These changes flow through to Nevermined’s customers via the Payment Network Rule change provisions in Section 6.6 of these Terms. Nevermined will provide notice of any Visa rule changes that materially affect the Service.

  • DAVV single-use constraint: Visa’s DAVV (Device Authentication Verification Value) is a one-time-use cryptogram locked to a specific merchant URL and transaction amount. Each agent-initiated transaction requires a fresh DAVV, which means that transaction authorisation involves a real-time cryptogram generation step. Customers should be aware that this introduces a dependency on Visa’s cryptogram service availability and may affect transaction latency in high-frequency agent workflows. If the DAVV service is unavailable, agent transactions that require fresh cryptograms will fail until the service is restored.

  • Global data transfers: Visa’s Global Privacy Notice discloses broad international data transfers across Visa’s worldwide network, including sharing with issuing banks, acquirers, and other network participants in multiple jurisdictions. DPF certification and intra-group transfer agreements are in place. The scope of data sharing within the Visa network is wider than typical processor relationships, reflecting the multi-party architecture of global card payment systems rather than any deficiency in Visa’s data protection practices.

This register covers the primary technology partners integrated into the Service as of the effective date. Additional partners may be engaged from time to time. Where new partners process Personal Data, they will also be reflected in Annex B (Sub-Processors) of the Data Policy, and the notification and objection procedures in the Data Processing Terms will apply.

2.5 Dashboard Monitoring

Activity on the Nevermined dashboard, APIs, and CLI tools is logged for security, audit, and compliance purposes. This includes authentication events, configuration changes, Agentic Token lifecycle operations, and administrative actions. You are responsible for informing your Authorised Users and Customer Service Providers that their activity on the Service is monitored and recorded.

3. Account and Access

3.1 Registration and Verification

You must register for an account to use the Service. You agree to provide accurate, current, and complete information during registration and to update such information as necessary. You are responsible for safeguarding your account credentials and for all activity that occurs under your account.

Nevermined reserves the right to conduct verification procedures before provisioning or continuing your access to the Service. These procedures may include requesting additional identifying information, requiring confirmation from your organisation that you are authorised to act on its behalf, verifying your email address or telephone number, or checking the information you provide against third-party databases or publicly available sources. Nevermined may suspend or refuse to provision an account where verification cannot be satisfactorily completed or where the information provided is materially inaccurate or incomplete.

3.2 Authorised Users and Customer Service Providers

You may permit Authorised Users to access the Service under your account. Each Authorised User must have their own credentials and may not share access with others. You are fully responsible for: (a) ensuring that only Authorised Users access the Service under your account; (b) each Authorised User’s compliance with these Terms; and (c) any actions taken by your Authorised Users, including the creation and configuration of Agentic Tokens, API calls, and transactions initiated through the Service.

You may engage Customer Service Providers to perform functions related to the Service on your behalf, including building integrations, operating agent frameworks, or accessing the APIs. You are solely responsible for: (a) obtaining all necessary authorisations, licences, and consents for Customer Service Providers to interface with the Service; (b) the acts and omissions of each Customer Service Provider as if they were your own acts and omissions under these Terms; and (c) ensuring that each Customer Service Provider complies with these Terms, the documentation, and all applicable laws. Nevermined is not a party to any agreement between you and your Customer Service Providers and has no liability for their conduct.

3.3 API Keys and Credentials

API keys, tokens, and other credentials issued to you are confidential. You must not share, publish, or embed credentials in client-side code, public repositories, or any other location accessible to unauthorised parties. You are liable for all activity conducted under your credentials, regardless of whether you authorised such activity.

3.4 Acceptable Use

You agree not to, and shall ensure that your Authorised Users do not:

  • Use the Service for any unlawful purpose or in violation of any applicable law or regulation

  • Attempt to gain unauthorised access to the Service, other accounts, or any underlying infrastructure

  • Reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or architecture of any part of the Service

  • Interfere with or disrupt the integrity, performance, or availability of the Service

  • Use the Service to facilitate fraud, money laundering, terrorist financing, sanctions evasion, or any other financial crime

  • Exceed rate limits or use the Service in a manner that imposes an unreasonable or disproportionate load on our infrastructure

  • Use the Service, any Output, or any data obtained through the Service to build, train, or improve a product or service that directly competes with the Service’s agentic token issuance, delegation, and authorisation functions

  • Resell, sublicense, or redistribute access to the Service without prior written consent from Nevermined

  • Introduce viruses, malware, or other harmful code into the Service or attempt to compromise the security of the Service or any connected systems

  • Use the Service in any manner not expressly permitted by these Terms or the applicable documentation

  • Use the Service in violation of any applicable Payment Network Rules or in a manner that would cause Nevermined or its infrastructure partners to breach such rules

3.5 Sandbox and Test Environments

Nevermined may make sandbox or test environments available to you for evaluation, development, and integration testing purposes. Sandbox environments are provided on a strictly “as is” basis. No service level commitments, uptime guarantees, data retention obligations, or confidentiality assurances apply to sandbox environments. You must not submit production data, real cardholder data, or any other sensitive personal information to a sandbox environment. Nevermined may purge sandbox data at any time without notice.

3.6 Security Notification Obligation

You must notify Nevermined without undue delay if you become aware of, or reasonably suspect, any of the following: (a) unauthorised access to or use of your account, credentials, or Agentic Tokens; (b) a security breach affecting any system that connects to or exchanges data with the Service; or (c) any other circumstance that could compromise the security, integrity, or availability of the Service or of data processed through it. Notification should be directed to the contact specified in the documentation or the dashboard. Failure to notify Nevermined promptly does not relieve you of liability for activity conducted under your account, but timely notification enables Nevermined to take protective measures that may limit the scope of any resulting harm.

3.7 Prohibited Use Categories

Nevermined maintains a list of prohibited and restricted use categories for the Service. You must not use the Service, or permit Agentic Tokens to be used, in connection with any activity on the prohibited list. Activities on the restricted list require prior written approval from Nevermined, which may be granted or withheld at Nevermined’s discretion and may be revoked at any time. The prohibited and restricted categories include, but are not limited to:

  • Transactions involving jurisdictions subject to comprehensive sanctions by Switzerland, the European Union, or the United States

  • Gambling, gaming, or lottery operations unless specifically approved in writing

  • Adult content, firearms, weapons, or controlled substances

  • Activities that violate applicable Payment Network Rules or that would expose Nevermined to fines, penalties, or assessments from payment networks or regulators

  • Ponzi schemes, pyramid schemes, or any activity constituting fraud

Nevermined may update the prohibited and restricted categories from time to time to reflect changes in law, Payment Network Rules, risk posture, or regulatory guidance. Updates will be communicated via the dashboard or email. Where an update affects a significant portion of your existing use of the Service, you may terminate these Terms by giving thirty (30) days’ written notice.

3.8 Ongoing Due Diligence

Your continued access to the Service is conditional upon your ongoing compliance with Nevermined’s due diligence and know-your-customer requirements, as well as those imposed by our payment network partners and regulators. Nevermined may, at reasonable intervals or upon a triggering event, request updated information about your business, ownership structure, financial condition, or compliance status. You agree to provide such information promptly and in the format reasonably requested. Nevermined may suspend or terminate the Service if you fail to satisfy due diligence requirements or if your risk profile changes materially. You must notify Nevermined as soon as reasonably practicable of any material change to your ownership, financial condition, or regulatory status.

3.9 Transaction Record Retention

You must maintain your own records of all transactions, agent-initiated actions, and related correspondence for a minimum of two (2) years from the date of the transaction, or such longer period as required by applicable law, Payment Network Rules, or your agreements with end users. Nevermined’s audit logs supplement but do not replace your independent record-keeping obligations. In the event of a chargeback, dispute, or regulatory inquiry, you are responsible for producing documentation from your own records to support the legitimacy of the transaction.

3.10 Account Inactivity

Nevermined may deactivate your account if it has been inactive (no API calls, no dashboard logins, no active Agentic Tokens) for a continuous period of twelve (12) months. Before deactivation, Nevermined will send a notice to the email address associated with your account at least thirty (30) days in advance, giving you the opportunity to reactivate. Upon deactivation, your credentials will be revoked and any remaining Customer Data will be handled in accordance with the Data Policy. Deactivation does not relieve you of any outstanding payment obligations.

4. Agentic Tokens and Delegated Authority

4.1 Nature of Agentic Tokens

Agentic Tokens are authorisation primitives that encode user-defined mandates governing what actions an AI agent may take. Unlike short-lived payment tokens, Agentic Tokens are designed to persist across sessions (days to months) and carry programmable policy constraints including spending limits, merchant restrictions, temporal boundaries, and agent identity bindings.

4.2 Customer Responsibility

You are solely responsible for:

  • Defining appropriate mandates and spending limits for each Agentic Token you create

  • Monitoring agent activity through the dashboard, audit logs, and webhook notifications

  • Revoking Agentic Tokens promptly when they are no longer needed or when suspicious activity is detected

  • Ensuring that your use of delegated authority complies with all applicable laws and the terms of your agreements with end users

  • The consequences of any transaction, action, or commitment made by an AI agent operating under Agentic Tokens you have issued, whether or not the outcome matched your expectations

4.3 Revocation

You may revoke any Agentic Token at any time through the dashboard or API. Revocation takes effect immediately upon processing. Nevermined shall not be liable for any transactions authorised or initiated before a revocation instruction has been fully processed by the relevant payment network or infrastructure partner.

4.4 Auditability

All actions performed under an Agentic Token are logged and auditable. You agree that Nevermined may retain audit logs for compliance, dispute resolution, and security purposes in accordance with our Data Policy.

5. Beta Features

Nevermined may from time to time make Beta Features available to you. Participation in any Beta Feature is voluntary. Beta Features are provided on a strictly “as is” and “as available” basis, without any warranty of any kind. Nevermined makes no commitment regarding the availability, reliability, functionality, or performance of any Beta Feature, and may modify, suspend, or discontinue any Beta Feature at any time without notice or liability.

The following additional conditions apply to Beta Features:

  • No service level commitments, uptime guarantees, or support obligations apply to Beta Features

  • Beta Features may contain defects, produce unexpected results, or cause data loss

  • You use Beta Features at your own risk, and the limitation of liability in Section 12 applies to all use of Beta Features

  • Where Nevermined designates a Beta Feature as confidential, you agree not to disclose its existence, functionality, or any related information to any third party without Nevermined’s prior written consent

  • Nevermined may collect additional usage data relating to Beta Features for the purpose of evaluation and product development

6. Fees and Payment

6.1 Pricing

Fees for the Service are set out on the Nevermined pricing page or in an applicable Order Form. All fees are stated in the currency specified and are exclusive of applicable taxes unless stated otherwise.

6.2 Invoicing and Payment

Unless otherwise specified in an Order Form, fees are invoiced monthly in arrears based on usage metrics (e.g., API calls, Agentic Tokens issued, transaction volume). Payment is due within thirty (30) days of invoice date. Nevermined reserves the right to charge interest on overdue amounts at the rate of 8% per annum, or such lower rate as may be required by Swiss mandatory law.

6.3 Subscriptions and Auto-Renewal

If you purchase a subscription plan, your subscription will automatically renew at the end of each billing period at the then-current rate unless you cancel before the renewal date. Cancellation must be submitted through the dashboard or by written notice to Nevermined. Cancellation takes effect at the end of the current billing period; no pro-rata refunds are issued for the remaining portion of a billing period that has already commenced. Any committed-volume or minimum-spend obligations set out in an Order Form remain due regardless of cancellation.

6.4 Taxes

You are responsible for all applicable taxes, including Swiss VAT, arising from your use of the Service. If Nevermined is required to collect or remit taxes on your behalf, such amounts will be added to your invoice.

6.5 Third-Party Fees

Certain Service features rely on third-party payment infrastructure (e.g., Stripe, Braintree). Third-party transaction fees are passed through to you at cost or as detailed in the applicable Order Form. Nevermined is not responsible for fee changes imposed by third-party providers; we will give you reasonable notice of any such changes that are passed through.

6.6 Payment Network Rule Changes

Payment network operators may from time to time impose new fees, modify existing fee structures, or introduce new requirements that affect the cost or operation of the Service. Where such changes result in additional costs that Nevermined is required to bear, Nevermined may pass through those costs to you with at least thirty (30) days’ prior written notice. Where changes to Payment Network Rules require modifications to the functionality of the Service, Nevermined will implement such modifications and will notify you of any material impact on your use. If a Payment Network Rule change fundamentally alters the economic terms of your use of the Service and you do not consent to the change, you may terminate the affected portion of the Service upon thirty (30) days’ written notice.

7. Intellectual Property

7.1 Nevermined IP

All rights, title, and interest in the Service, including software, APIs, documentation, algorithms, models, data structures, trademarks, and trade secrets, remain with Nevermined and its licensors. These Terms grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to use the Service solely for your internal business purposes during the term of these Terms and in accordance with the documentation.

7.2 Customer Data Ownership

Your data remains yours. Nevermined does not acquire any ownership interest in Customer Data by virtue of providing the Service. You retain all rights, title, and interest in and to your Customer Data at all times. You grant Nevermined a limited, non-exclusive licence to process, store, and transmit Customer Data solely to the extent necessary to provide the Service and as described in our Data Policy. This licence terminates upon deletion of the relevant Customer Data from the Service.

7.3 Feedback

If you provide feedback, suggestions, or ideas regarding the Service (“Feedback”), you grant Nevermined a perpetual, irrevocable, worldwide, royalty-free, fully sublicensable licence to use, modify, incorporate, and otherwise exploit such Feedback for any purpose, including the improvement and development of the Service, without any obligation, compensation, or attribution to you.

7.4 Restrictions

Except as expressly permitted by these Terms, you may not: (a) copy, modify, or create derivative works based on the Service; (b) distribute, transfer, or grant any rights in the Service to any third party; (c) remove, obscure, or alter any proprietary notices or branding in the Service; or (d) use the Service, any Output, or any technical information obtained through the Service to develop, enhance, or operate a product or service that competes with the Service.

8. Confidentiality

Each party agrees to treat as confidential any non-public technical, business, financial, or operational information disclosed by the other party in connection with these Terms (“Confidential Information”) and to use it only for the purposes of performing its obligations or exercising its rights under these Terms.

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure without restriction; (c) is independently developed by the receiving party without reference to the disclosing party’s Confidential Information; or (d) is lawfully received from a third party without restriction on disclosure.

A receiving party may disclose Confidential Information to the extent required by law, regulation, or a valid court order, provided it gives the disclosing party reasonable advance notice (where legally permitted) and cooperates with any efforts to limit or protect the scope of such disclosure.

Confidentiality obligations under this section survive termination of these Terms for a period of three (3) years, or, in the case of trade secrets, for as long as the information retains its trade secret status.

9. Data Protection

The processing of Personal Data in connection with the Service is governed by our Data Policy, which forms an integral part of these Terms. The Data Policy addresses:

  • Categories of Personal Data processed and purposes of processing

  • Roles and responsibilities under the FADP (controller/processor)

  • Technical and organisational measures for data security

  • Cross-border data transfers and applicable safeguards

  • Data subject rights and how to exercise them

  • Data retention and deletion policies

Where the nature of the processing requires it, the parties shall enter into a separate Data Processing Agreement (“DPA”) that complies with the FADP and, where applicable, the EU General Data Protection Regulation (GDPR). Nevermined’s standard DPA is available upon request and sets out the detailed processing instructions, sub-processor management obligations, audit rights, and data transfer mechanisms.

10. Service Levels and Support

10.1 Availability

Nevermined shall use commercially reasonable efforts to maintain Service availability of 99.9% measured monthly, excluding: (a) scheduled maintenance windows communicated at least 48 hours in advance via the status page or email; and (b) downtime attributable to circumstances beyond Nevermined’s reasonable control. Beta Features are excluded from all availability commitments.

10.2 Support

Technical support is provided via email and the dashboard. Response times and support tiers are set out in the applicable Order Form or on the support page. Support obligations do not extend to Beta Features unless expressly stated.

11. Warranties and Disclaimers

11.1 Limited Warranty

Nevermined warrants that the Service (excluding Beta Features) will perform materially in accordance with the applicable documentation during the term of these Terms. Your sole and exclusive remedy for breach of this warranty is re-performance of the affected Service or, at Nevermined’s election, a pro-rata refund of fees paid for the affected period.

11.2 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN SECTION 11.1, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE.” NEVERMINED DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. NEVERMINED DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, OR THAT ANY DEFECTS WILL BE CORRECTED.

11.3 AI and Agent Disclaimer

WITHOUT LIMITING SECTION 11.2, NEVERMINED SPECIFICALLY DISCLAIMS ALL WARRANTIES REGARDING THE BEHAVIOUR, ACCURACY, OR OUTCOMES OF AI AGENTS OPERATING UNDER AGENTIC TOKENS. AI AGENT BEHAVIOUR IS PROBABILISTIC AND MAY PRODUCE UNEXPECTED RESULTS, INCLUDING TRANSACTIONS THAT DO NOT ALIGN WITH YOUR INTENTIONS. NEVERMINED IS NOT RESPONSIBLE FOR ANY FINANCIAL LOSS, MISSED OPPORTUNITY, OR OTHER CONSEQUENCE ARISING FROM ACTIONS TAKEN OR NOT TAKEN BY AI AGENTS, REGARDLESS OF HOW THE UNDERLYING MANDATE WAS CONFIGURED.

12. Limitation of Liability

12.1 Cap

To the maximum extent permitted by Swiss law, Nevermined’s aggregate liability under or in connection with these Terms, whether arising in contract, tort (including negligence), misrepresentation, or otherwise, shall not exceed the total fees paid by you to Nevermined in the twelve (12) months immediately preceding the event giving rise to the claim.

12.2 Exclusions

In no event shall Nevermined be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, goodwill, or business opportunities, whether or not Nevermined was advised of the possibility of such damages and regardless of the legal theory upon which the claim is based.

12.3 Third-Party Acts and Omissions

Nevermined is responsible only for its own acts and omissions in providing the Service. Nevermined shall not be liable for the acts, omissions, decisions, delays, or failures of third parties, including payment network operators, card schemes, acquirers, issuing banks, token service providers, or any other financial infrastructure partner, except to the extent that such third-party failure was directly and proximately caused by Nevermined’s own gross negligence or wilful misconduct. This exclusion applies to, among other things, transaction declines, settlement delays, network outages, scheme rule changes, and decisions by payment networks to suspend or restrict payment methods.

12.4 Mandatory Exceptions

Nothing in these Terms excludes or limits liability for: (a) wilful misconduct or gross negligence; (b) death or personal injury caused by negligence; (c) fraud or fraudulent misrepresentation; or (d) any other liability that cannot be excluded or limited under Swiss mandatory law.

13. Indemnification

13.1 Customer Indemnification

You agree to indemnify, defend, and hold harmless Nevermined, its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of or in connection with:

  • Your, your Authorised Users’, or your Customer Service Providers’ use of the Service in violation of these Terms, applicable law, or Payment Network Rules

  • Your violation of any third-party rights, including intellectual property rights

  • Mandates, policies, or delegation configurations you, your Authorised Users, or your Customer Service Providers set up through the Service

  • Actions taken by AI agents operating under Agentic Tokens issued under your account, whether or not the outcome matched your expectations

  • Any claim by a third party (including your end users, merchants, or payment network operators) arising from an agent-initiated transaction or action authorised through the Service under your account

  • Any fines, penalties, assessments, or other amounts imposed by payment networks, acquirers, regulators, or scheme operators in connection with your use of the Service

Your indemnification obligations under this Section 13.1 shall not apply to the extent that a claim arises from Nevermined’s material breach of these Terms, gross negligence, or wilful misconduct.

13.2 Nevermined Indemnification

Nevermined agrees to indemnify, defend, and hold harmless Customer, its officers, directors, and employees from and against any third-party claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of or in connection with:

  • Nevermined’s material breach of these Terms

  • Nevermined’s gross negligence or wilful misconduct in performing its obligations under these Terms

  • A claim that the Service, as provided by Nevermined and used in accordance with these Terms, infringes the intellectual property rights of a third party

Nevermined’s indemnification obligations shall not apply to the extent that a claim arises from: (a) modifications to the Service not made by or on behalf of Nevermined; (b) your use of the Service in combination with products, services, or systems not provided by Nevermined; (c) your use of the Service in violation of these Terms or the documentation; or (d) Nevermined’s compliance with your instructions, configurations, or Customer Data.

13.3 Indemnification Procedure

The party seeking indemnification (“Indemnified Party”) shall promptly notify the indemnifying party (“Indemnifying Party”) in writing of any claim, providing reasonable detail and copies of relevant correspondence. Failure to provide prompt notice does not relieve the Indemnifying Party of its obligations except to the extent such failure materially prejudices the defence of the claim. The Indemnifying Party shall have the right to control the defence and settlement of any claim, at its own expense and with counsel of its choosing. The Indemnified Party shall cooperate reasonably with the defence and may participate with counsel of its own choosing at its own expense. The Indemnifying Party shall not settle any claim in a manner that imposes obligations on, or admits fault by, the Indemnified Party without the Indemnified Party’s prior written consent, which shall not be unreasonably withheld.

14. Term and Termination

14.1 Term

These Terms commence when you first access or register for the Service and continue until terminated in accordance with this section.

14.2 Termination for Convenience

Either party may terminate these Terms at any time by providing thirty (30) days’ written notice to the other party.

14.3 Termination for Cause

Either party may terminate these Terms immediately upon written notice if the other party: (a) materially breaches these Terms and fails to cure such breach within fifteen (15) days of receiving written notice; or (b) becomes insolvent, files for bankruptcy, or enters into liquidation or administration.

14.4 Suspension

Nevermined may suspend your access to the Service immediately and without prior notice if: (a) we reasonably believe your use of the Service poses a security risk to the Service or any third party; (b) we reasonably believe you are in material breach of these Terms; (c) your account is overdue for payment by more than fifteen (15) days; or (d) suspension is required to comply with applicable law or a regulatory directive. We will restore access promptly once the grounds for suspension have been resolved.

14.5 Effect of Termination

Upon termination: (a) your right to access the Service, and that of all your Authorised Users and Customer Service Providers, ceases immediately; (b) all outstanding fees become immediately due and payable; (c) each party shall return or destroy Confidential Information of the other party upon request; (d) upon written request submitted within thirty (30) days of termination, Nevermined shall export your Customer Data in a standard, machine-readable format, after which Nevermined may delete it in accordance with the Data Policy, subject to any statutory retention obligations set out in Section 6 of the Data Policy.

14.6 Transition Assistance

Except where Nevermined terminates for cause or at the direction of a payment network or regulator, Nevermined will provide reasonable transition assistance to help you migrate to a successor service provider, upon written request and subject to payment of Nevermined’s then-current professional services rates. Transition assistance will be available for a period of up to ninety (90) days following the effective date of termination. The Service will continue on its existing commercial terms during any agreed transition period.

14.7 Survival

Sections 6 (Fees), 7 (Intellectual Property), 8 (Confidentiality), 9 (Data Protection), 11 (Disclaimers), 12 (Limitation of Liability), 13 (Indemnification), and 15 (General) shall survive termination of these Terms.

15. General Provisions

15.1 Amendments

Nevermined may update these Terms from time to time. Material changes will be communicated at least thirty (30) days before they take effect via email or a prominent notice on the dashboard. Continued use of the Service after the effective date of any update constitutes acceptance. No amendment shall apply retroactively to any dispute that arose before the amendment took effect.

15.2 Assignment

You may not assign or transfer these Terms, or any rights or obligations hereunder, without Nevermined’s prior written consent. Nevermined may assign these Terms in connection with a merger, acquisition, corporate reorganisation, or sale of substantially all of its assets, provided the assignee assumes Nevermined’s obligations under these Terms.

15.3 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from events beyond its reasonable control, including natural disasters, war, terrorism, pandemic, government actions, sanctions, embargoes, power or telecommunications failures, or failures of third-party infrastructure providers. The affected party shall use reasonable efforts to mitigate the impact of such events and shall resume performance promptly once the event has ceased.

15.4 Export Compliance

You agree to comply with all applicable export control and sanctions laws and regulations, including those of Switzerland, the European Union, and (to the extent applicable to your use) the United States. You represent that you are not located in, and will not use the Service from, any country or territory subject to comprehensive sanctions, and that you are not designated on any applicable restricted-party list.

15.5 Limitation Period for Claims

To the maximum extent permitted by Swiss mandatory law, any claim arising out of or in connection with these Terms must be brought within three (3) years of the date on which the claimant became aware, or ought reasonably to have become aware, of the facts giving rise to the claim. This limitation applies to all claims regardless of legal theory, but does not override any longer mandatory limitation period prescribed by Swiss law (including Art. 127 and Art. 128 of the Swiss Code of Obligations) to the extent such mandatory provisions cannot be contractually shortened.

15.6 Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced by a valid provision that most closely reflects the original commercial intent.

15.7 Entire Agreement

These Terms, together with any applicable Order Form, Additional Terms, and the Data Policy, constitute the entire agreement between you and Nevermined with respect to the Service and supersede all prior or contemporaneous agreements, representations, and understandings, whether written or oral.

15.8 Notices

Notices under these Terms shall be in writing. Notices to Nevermined shall be sent to the address specified in the applicable Order Form or to: Nevermined AG, Zug, Switzerland. Notices to you shall be sent to the email address associated with your account. Email notices are permissible for routine operational communications. Formal legal notices (e.g., termination, breach) must be sent by registered mail or equivalent.

15.9 Waiver

The failure of either party to enforce any provision of these Terms shall not constitute a waiver of that provision or of the right to enforce it at a later time. No waiver shall be effective unless made in writing and signed by the waiving party.

15.10 Independent Contractors

The relationship between Nevermined and Customer is that of independent contractors. Nothing in these Terms shall be construed to create a partnership, joint venture, agency, or employment relationship between the parties.