Terms of Service
Last updated: April 29, 2026 ยท Applies to VIGIL and all COS TRINITY products
- โบUse VIGIL responsibly. Don't use it to commit crimes or harm others.
- โบWe don't promise zero downtime. It's a tool, not life-support; if your business depends on 100% uptime, run a hot standby or stay on-prem.
- โบYou own your event data. We can't see it (see the Privacy Policy for why).
- โบDon't reverse-engineer paid-tier features or scrape the dashboard at scale.
- โบEither of us can end the relationship at any time. Your data exports cleanly.
- โบNo warranty, liability capped at what you paid us in the last 12 months. Standard SaaS terms.
1. Who We Are
VIGIL is a product of COS TRINITY ("COSTRINITY", "we"). These terms govern your use of vigil.costrinity.xyz, vigil.costrinity.xyz/dashboard, the VIGIL Desktop application, and the @costrinity/vigil-sdk + @costrinity/vigil-eliza-plugin npm packages. By using any of these, you agree to these terms.
2. What VIGIL Does
VIGIL is a SIEM (Security Information and Event Management) tool for AI agents. You point your agent's events at our ingest endpoint or our local SQLite store; we render them as a searchable, real-time dashboard with threat detection, severity classification, compliance tagging, and alert routing. The cloud build runs at vigil.costrinity.xyz; the desktop build runs entirely on your machine. See the Privacy Policy for which mode stores what where.
3. Acceptable Use
4. Your Account
Cloud users: you create an account with an email + password. You're responsible for keeping the password safe. If your API key leaks, rotate it immediately from Dashboard โ Agent โ Rotate Key. We're not liable for events submitted from a compromised key โ the rotation flow is the remedy. Desktop users have no account; the API key is generated locally and lives only on your machine.
5. Pricing & Billing
Free tier is free, forever, for 1 agent and 10k events/month. Paid tiers are billed monthly or annually via Stripe. Annual is ~20% cheaper than monthly. We don't auto-upgrade you when you hit a free-tier limit; events past the limit just stop persisting (with a banner). Refunds: prorated on cancellation for unused time on annual plans; no refunds on monthly. Promotional credits expire 12 months after issue.
6. Your Data
You own your event data. The Privacy Policy explains where it lives (your device, by default) and what we can and can't see (we can't see event content). You can export everything as JSON or CSV from the dashboard at any time. You can delete your account or wipe local data with a single click. Cloud-mode users (the legacy storage path): we delete your event data within 30 days of account deletion.
7. Service Availability
We target 99.5% monthly uptime for the cloud dashboard. We don't promise 100%. If the cloud is down and your agent depends on the dashboard for live alerts, you should fall back to webhook delivery (which runs on different infrastructure). Desktop mode keeps working when the cloud is unreachable. We don't credit downtime on the free tier; Pro and above get prorated SLA credits on request for documented outages over 1 hour.
8. Termination
You can delete your account anytime from Dashboard โ Settings โ Delete Account. We can suspend or terminate your account if you violate the acceptable-use rules in ยง3, with as much warning as the situation allows (typically 14 days; for severe abuse, immediate). On termination by either party, you keep your local data (it's yours) and we delete the server-side account record within 30 days.
9. No Warranty
VIGIL is provided "as is." We don't warrant that it will be error-free, that the dashboard will always render every event in a specific order, or that threat detection will catch every malicious input. The threat-detection patterns are best-effort heuristics; they are not a substitute for a security audit, code review, or an actual SOC. Don't use VIGIL as your only line of defense against adversarial agents.
10. Limitation of Liability
Our total liability to you for any claim arising from your use of VIGIL is capped at the amount you paid us in the 12 months preceding the claim. For free-tier users, that's $0. We're not liable for indirect, incidental, special, consequential, or punitive damages โ even if we should have known they were possible. This is the standard SaaS liability cap; if you need higher liability for an enterprise deployment, contact hello@costrinity.xyz to negotiate a Master Services Agreement.
11. Indemnification
You agree to indemnify us against any third-party claim that your use of VIGIL caused them harm โ for example, if your agent harassed someone via VIGIL-mediated event payloads, or you uploaded copyrighted material as a payload. This is the developer's responsibility because we don't (and can't) inspect event content.
12. Governing Law
COS TRINITY is a Canadian company. These terms are governed by the laws of Canada and the Province of Ontario, without regard to conflict-of-law principles. Disputes that aren't resolvable by talking to us at hello@costrinity.xyz will be heard in the courts of Ontario, Canada. VIGIL is accessible worldwide: if you use it from outside Canada, you agree Canadian law governs our relationship for the purposes of these terms. If you're a consumer in a jurisdiction with mandatory consumer-protection law (EU, UK, US states, Australia, and others), nothing here overrides the rights that local law guarantees you.
13. Changes to These Terms
We can update these terms. Material changes (anything that affects your rights, like the liability cap or the data-handling commitments) will be announced at least 14 days in advance via email to your account address. Non-material changes (typo fixes, clarifications) we just edit, and the Last updated date at the top of this page reflects the change.
14. Contact
Questions about these terms, requests for an MSA, security disclosures, or anything else: hello@costrinity.xyz. We respond within 48 hours.