Terms of Service

“Authio”, “we”, and “us” refer to Authio, Inc., a Delaware corporation. “Service” means the Authio authentication platform, including the dashboard, hosted UI, SDKs, CLI, APIs, documentation, and any related software or infrastructure we provide. “Customer”, “you”, and “your” refer to the legal entity (or individual, where no legal entity exists) accessing the Service. “End User” means an individual whose identity is managed via the Service on your behalf. “Customer Data” means data you or your End Users submit to the Service.

By creating an account, accessing the Service, or otherwise indicating assent (including clicking “I agree” or using the Service after these terms are posted), you agree to these Terms of Service. If you are entering into this agreement on behalf of a company or other legal entity, you represent that you have authority to bind that entity. If you do not agree, do not use the Service.

To use the Service you must register a project under an account held by an individual with legal capacity to enter into a contract. You agree to provide accurate, current, and complete information and to keep it updated. You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account, except where caused by our breach of these terms.

Authio provides an authentication and authorization platform including passkey/WebAuthn ceremonies, magic-link delivery, social and enterprise OAuth/OIDC, SAML 2.0 SSO, SCIM 2.0 directory sync, session management, audit logging, webhooks, fine-grained authorization, custom domains, and related developer tooling. Specific capabilities included in your plan are listed on the Pricing page and your order form.

We may update, enhance, or modify features. Material adverse changes to a paid tier’s included features will be announced at least 30 days in advance via email to the project owner of record. Bug fixes, security patches, and additive features do not require advance notice.

Subject to your compliance with these terms, we grant you a non-exclusive, non-transferable, non-sublicensable, revocable license during the term to (a) access and use the Service for your internal business purposes and to operate your end-user authentication on behalf of your End Users, and (b) install and use the Authio SDKs and CLI in software you build, subject to their respective open-source licenses where applicable.

All right, title, and interest in and to the Service (including all intellectual property rights) remain with Authio. No rights are granted to you other than those expressly set forth here.

You own all Customer Data. We claim no ownership of, and assert no license over, Customer Data except a limited license to process it solely to provide and improve the Service to you, consistent with our Privacy Policy and any Data Processing Addendum we have executed with you.

For purposes of GDPR, UK GDPR, and similar regimes, you are the data controller of Customer Data and Authio is the processor. Our Data Processing Addendum (available on request and executable from the dashboard) sets out our processor obligations, sub-processor list, international transfer mechanisms, and security commitments. The DPA is incorporated by reference and prevails over these terms in the event of conflict regarding data protection.

You will not (and will not permit any End User or third party to): (a) use the Service to engage in unlawful, fraudulent, deceptive, or harmful conduct; (b) interfere with the integrity, security, or performance of the Service; (c) reverse engineer the Service except as expressly permitted by applicable law; (d) attempt to access another customer’s data; (e) use the Service to send unsolicited communications in violation of CAN-SPAM, CASL, or similar laws; (f) build a competing product using the Service as a reference; or (g) allow third parties to use your account credentials.

We may suspend access to the Service immediately if we reasonably believe continued access poses a material security, integrity, or legal risk, with notice as soon as reasonably practicable.

Paid plans are billed in advance, in U.S. dollars, on a monthly or annual cadence as elected at signup. Usage-based charges (e.g. MAU overages) are billed in arrears at the end of each billing period. Fees are exclusive of taxes; you are responsible for applicable sales, use, VAT, GST, or similar taxes, except for taxes on Authio’s income.

Invoices are due on receipt unless your order form specifies otherwise (Enterprise: Net 30). Past-due amounts accrue interest at the lesser of 1.5% per month or the maximum legal rate. We may suspend the Service for accounts more than 30 days past due after written notice.

These terms apply from the date you first accept them until terminated. Either party may terminate for material breach by the other party that is not cured within 30 days after written notice. You may terminate for any reason at any time by closing your account from the dashboard.

On termination: (a) your right to access the Service ends; (b) we will make Customer Data available for export for 30 days, after which we will delete it from production systems within 90 days (backups within 12 months); (c) accrued fees through the termination date remain due; (d) sections that by their nature should survive (including IP ownership, indemnities, limitation of liability, and confidentiality) will survive.

Each party may disclose Confidential Information (information marked confidential or that a reasonable person would understand to be confidential). The receiving party will: (a) use Confidential Information only to perform under these terms; (b) protect it with at least the degree of care it uses for its own confidential information of like sensitivity, and in no event less than reasonable care; and (c) not disclose it to third parties except to employees, contractors, and advisors bound by similar obligations.

Exclusions: information that is or becomes public through no fault of the receiving party, was rightfully in its possession before disclosure, is independently developed without reference to the disclosing party’s Confidential Information, or must be disclosed by law.

We warrant that we will provide the Service with reasonable care and skill consistent with industry standards for a SaaS authentication platform. EXCEPT FOR THE FOREGOING, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE.

Specific uptime commitments and remedies, if any, are set out in your order form or applicable service-level agreement.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATED TO THESE TERMS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS IS LIMITED TO THE AMOUNT OF FEES PAID OR PAYABLE BY CUSTOMER TO AUTHIO UNDER THESE TERMS IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

The foregoing limitations do not apply to: (a) breach of confidentiality obligations; (b) a party’s indemnity obligations; (c) Customer’s payment obligations; or (d) liability that cannot be limited or excluded by applicable law (e.g. gross negligence, willful misconduct, fraud).

By Authio. We will defend you against any third-party claim that the Service, when used in accordance with these terms, infringes that third party’s intellectual property rights, and will pay damages or settlement amounts finally awarded by a court of competent jurisdiction. We may, at our option, procure the right for you to continue using the Service, modify it to be non-infringing, or terminate the affected portion and refund the unused prepaid fees.

By Customer. You will defend Authio against any third-party claim arising out of (a) your or your End Users’ use of the Service in violation of these terms or applicable law, (b) Customer Data, or (c) your products, services, or business operations.

Indemnification is conditioned on prompt written notice of the claim, sole control of defense and settlement, and reasonable cooperation.

We may update these terms from time to time. Material changes will be announced at least 30 days in advance via email to the project owner of record and via the dashboard. Your continued use of the Service after the effective date constitutes acceptance. If you do not agree to the change, your remedy is to terminate per Section 10.

These terms are governed by the laws of the State of Delaware, U.S.A., without regard to its conflict-of-laws principles. The parties consent to the exclusive jurisdiction of the state and federal courts located in New Castle County, Delaware for any dispute arising out of or related to these terms, except that either party may seek injunctive relief in any court of competent jurisdiction. The UN Convention on Contracts for the International Sale of Goods does not apply.

These terms (together with any order form, DPA, and applicable SOWs) constitute the entire agreement between the parties. Neither party may assign these terms without the other’s written consent, except in connection with a merger, acquisition, or sale of substantially all assets. Failure to enforce any provision is not a waiver. If any provision is held unenforceable, the remaining provisions remain in full force.

Legal notices to Authio: legal@authio.com. Notices will be deemed given upon written acknowledgement, or 72 hours after dispatch if sent to the address on the project of record.