These Terms govern your use of the GrayPass identity-trust service provided by Aditya Ranjan and Arav Mathur. By creating an API key or using any GrayPass endpoint, you agree to these Terms.
1. The service
GrayPass continuously verifies user identity from passive behavioural signals (keystroke dynamics, pointer kinematics, scroll cadence, optional gaze). Customers integrate the SDK or middleware and receive trust scores and signed authorization tokens.
- Test mode (
pk_test_*/sk_test_*): free, rate-limited, suitable for development and production under the Free plan SLA. - Live mode (
pk_live_*/sk_live_*): issued on request, subject to the chosen plan.
2. Acceptable use
You will not:
- Reverse engineer the SDK or API except as permitted by law.
- Use GrayPass to discriminate against protected classes.
- Make solely-automated legal/significant decisions without human review where required (GDPR Art. 22).
- Submit children's data under 16 without verifiable parental consent.
- Track end-users without required notice/consent (EU, California, Illinois BIPA, etc.).
- Abuse the service (SSRF, injection, rate-limit evasion). Repeated abuse may result in immediate revocation.
3. Customer obligations
- Keep API keys and signing secrets confidential.
- Notify end-users that behavioural data is collected.
- Provide an accessible alternative auth path for users who cannot use behavioural biometrics.
- Pay invoices when due.
4. Privacy and data processing
Personal data handling is governed by our Privacy Policy and the Data Processing Agreement (DPA) for customers subject to GDPR, UK GDPR, Swiss FADP, or CCPA.
5. Intellectual property
GrayPass, ML models, source code, documentation, and trademarks remain the property of the founders. You retain ownership of data you submit; we process it on your behalf as described in the DPA.
6. Fees, billing, and termination
- Paid plans bill monthly in arrears. Test-mode tenants are free.
- Either party may terminate for convenience with 30 days' written notice.
- We may terminate for uncured material breach.
- Upon termination, Customer Personal Data is deleted within 30 days unless retention is required by law.
7. Warranties and disclaimers
We warrant the service will operate substantially in accordance with documentation and applicable laws. Behavioural biometric matching is statistical, not deterministic. We do not warrant detection of every compromise or admission of every legitimate user.
8. Limitation of liability
To the maximum extent permitted by law, neither party is liable for indirect or consequential damages. Our aggregate liability is capped at the greater of US$1,000 or fees paid in the preceding 12 months, except for payment obligations, confidentiality breaches, DPA violations, or liabilities that cannot be limited by law.
9. Indemnification
We indemnify customers against third-party IP infringement claims subject to prompt notice and cooperation. Customers indemnify GrayPass against claims arising from misuse or violation of these Terms.
10. Governing law
These Terms are governed by Delaware law. For EU/EEA, UK, or Swiss customers, mandatory consumer-protection laws apply where required.
11. Changes
Material changes are announced ≥30 days in advance via email to billing contacts. Continued use after the effective date constitutes acceptance.
12. Contact
- Sales / contracts:
founders@graypass.org - Billing:
billing@graypass.org - Legal:
legal@graypass.org - Security:
public@graypass.org
These Terms, together with the Privacy Policy, DPA, SLA, and security documentation, constitute the entire agreement regarding the GrayPass service.