This End-User License Agreement (the "Agreement") is a legal contract between Bastios AI LLC, a Texas limited liability company ("Bastios," "we," "us," or "our"), and the business that licenses the Software (the "Client," "you," or "your"). Read it carefully. By clicking "I Agree" at first run or activation, or by installing, accessing, or using the Software, you agree to be bound by this Agreement. If you do not agree, do not install or use the Software. If you are accepting on behalf of a company, you represent that you have authority to bind that company.
The parties to this Agreement are Bastios AI LLC, a Texas limited liability company, and the Client.
Acceptance. The Client accepts this Agreement upon the earliest to occur of: (a) an Authorized User clicking "I Agree" (or an equivalent affirmative control) presented at first run, activation, or installation of the Software; (b) the Client's authorized representative executing an Order Form or Master Services Agreement that references this Agreement; or (c) installing, accessing, or using the Software. Bastios records the version of this Agreement accepted and the date of acceptance. Where this Agreement and a signed Order Form or Master Services Agreement between the parties conflict, the order of precedence in Section 22 governs.
Subject to this Agreement and payment of the applicable one-time delivery fee, Bastios grants the Client a perpetual, non-exclusive, non-transferable, non-sublicensable license to install and run one (1) instance of the purchased Edition or Tier on the single Client-owned Device, for the Client's internal business operations only. The Software runs as one isolated instance per Client.
The one-time delivery fee conveys ownership of the licensed copy of the Software for the Tier purchased: you own and keep what you bought, with no access gate. The Software is licensed, not sold; Bastios retains all rights in the Software itself as set out in Section 6. The perpetual license survives cancellation of any Subscription (see Sections 5 and 18).
Software licensed, not sold; hardware is separate. Where Bastios delivers the Software pre-installed on storage media or on a Client-owned or Bastios-provisioned Device, any sale or transfer of that hardware is separate from, and does not convey any ownership of or any additional license to, the Software. Title to the Software and all copies remains with Bastios at all times. The license is personal to the Client and may not be resold, rented, transferred, or assigned except as expressly permitted in Section 22.
Bastios delivers the Software by white-glove provisioning onto Client-owned hardware. The Client owns the Device and the local master folder in which Client-facing files reside. The Software runs on the Box, single-tenant: one instance per Client, never shared with, shown to, or accessible by any other Client.
The local web user interface binds to the loopback interface (127.0.0.1) by default and is not reachable from the network by default. Optional LAN or VPN access is an explicit operator opt-in that sits behind session authentication and is refused until an owner account exists on the Box. Operational state (registry, event log, search index, caches, locks) is stored locally on the Box and outside any synced folder.
The Client and its Authorized Users may use the Software only as expressly licensed. The Client shall not, and shall not permit any third party to:
The optional monthly Subscription provides two things: (a) pushed improvements to the modules the Client purchased, and (b) reliability — health checks, monitoring, patches, post-update health checks, and automatic rollback to keep the Box healthy.
Updates are pull, not push: the Box phones home and applies signed Update payloads only while the Subscription is active. No Client Data is ever pushed to or pulled from the Client by Bastios as part of an Update.
The Subscription is not an access gate. If the Client cancels, the Client keeps what it bought, pinned in place and fully usable as-delivered; only the Subscription benefits (new improvements and the reliability service) stop.
Model-availability caveat. The Software relies on a third-party AI model accessed through the Client's own provider account. Active Subscribers are migrated to supported model versions as they change. A Client who is not subscribed keeps its pinned model version only until the underlying model or API changes: if the AI provider retires or alters the pinned model, a pinned, non-subscribed Box may stop functioning. Bastios does not represent that the Software will work forever or indefinitely without regard to third-party model availability.
Bastios sells a product (the Box, Updates, and uptime) and does not sell a human-services or oversight layer.
The one-time delivery fee for the licensed Edition or Tier, together with any applicable recurring Subscription fees, are set forth in the applicable Order Form. Unless otherwise specified in the Order Form, all fees are stated in U.S. dollars and are exclusive of applicable taxes. The Client is responsible for all applicable sales, use, value-added (VAT), goods and services (GST), or similar taxes, duties, and governmental charges arising from the purchase or use of the Services, excluding taxes based on Bastios's net income.
The Client is solely responsible for obtaining, paying for, and maintaining its own third-party services and accounts, including, by way of example, accounting software, email services, banking or financial-institution connections, electronic-signature services, payment processors, and AI or large-language-model provider accounts. Any fees, usage charges, or other amounts charged by such third-party providers are the Client's responsibility and are not included in Bastios's fees.
Payment terms, invoicing, accepted payment methods, and any consequences of late or non-payment are set forth in the applicable Order Form. Except as expressly provided in this Agreement or required by applicable law, all fees paid to Bastios are non-refundable.
Bastios retains all right, title, and interest in and to the Software, the Documentation, the modules, the Bastios brand and marks, and all related intellectual property. No rights are granted except the license expressly set out in Section 2.
As between the parties, the Client owns its Client Data, the files in the master folder, and the Outputs the Software produces from Client Data. The Client grants Bastios no rights in Client Data except those reasonably necessary to provide the Software and any Subscription the Client elects.
If the Client provides feedback or suggestions, the Client grants Bastios a perpetual, royalty-free, worldwide license to use that feedback to improve its products, with no obligation to the Client. "Bastios" and related marks are the property of Bastios; nothing here grants the Client a license to use them.
Client Data stays on the Client's Device. The Client's books, records, and financial data remain on the Client-owned Box. Bastios does not host, collect, store, back up, or retain the Client's books or records on Bastios servers. Bastios is not a cloud service that ingests Client Data for its own hosting.
Single-tenant isolation. The Software runs as one isolated instance per Client. A Client's data is never shown to, shared with, or accessible by any other Client.
No Client finance data or PII to the Portal — ever. The Client's financial data and personal information (PII) never flow from the Box to the Bastios Portal (portal.bastios.ai) or to any other Bastios-operated service, under any configuration. Communication between the Box and the Portal is limited to outbound requests for Updates, Skills, and verified data (such as the AI-model list and API pricing) and, only if the Client elects managed billing, non-content billing metadata. The Client's books, records, transactions, documents, and linked-account content are not part of that traffic.
Multiple users on one Box. At the Client's option and under the Client's control, the Software supports multiple Authorized Users on the single Box, each in an isolated User Workspace (private storage, messaging identity, linked Client Accounts, and scheduled jobs). One Authorized User's private workspace, credentials, and personal connections are not shown to, shared with, or accessible by another Authorized User except through the shared company knowledge base the Client designates. Every action remains attributed to the acting user in the Audit Log. Enabling, disabling, and configuring multi-user operation is the Client's decision on the Client's own Box; Bastios does not toggle it remotely.
The Box maintains an append-only Audit Log of every Broker decision (allowed, denied, pending, blocked), attributed to the acting user. Secrets — provider API keys and connector credentials — are stored in the macOS Keychain (or a 0600-permission file fallback), never in the synced folder and never in logs.
Important caveat about cloud processing: when the Client connects an AI model key, the conversation and the included business context are sent to the AI provider to generate replies, governed by the active privacy mode described in Section 9. The promise here is that Bastios does not retain Client Data on Bastios servers and that data stays single-tenant on the Box — not that data never leaves the Box. Bastios's handling of personal information is further described in the separate Bastios Privacy Policy, which is incorporated by reference.
The Software can link to Connected Services, including QuickBooks Online (Intuit), Gmail or Microsoft 365, a read-only bank feed (SimpleFIN, with Plaid as a per-Client option), the Client's field-service system, e-sign, and Stripe payments. Each Connected Service runs on the Client's own account, white-glove provisioned in the Client's name. The Client pays for and is responsible for each Client Account and its usage, including the Client's own AI/API usage.
Each Connected Service is governed by that provider's own terms of service and privacy policy. Bastios is not responsible for any Connected Service's availability, changes, suspension, termination, security, or fees, and a Connected Service may be changed or discontinued by its provider at any time.
Intuit / QuickBooks Online (independent data controllers). Where the Client links QuickBooks Online, Intuit and Bastios act as independent data controllers, not joint controllers; each is responsible for its own privacy compliance. Bastios does not process User Data on Intuit's behalf, does not sell User Data, obtains and maintains required end-user consents, flows protections down to any subprocessor, and securely deletes Intuit-sourced data on revocation of consent. The Client authorizes the Software to access the Client's QuickBooks data solely to perform tasks the Client requests. Connectors read only what a task needs through sanctioned APIs — there is no bulk extraction, warehousing, scraping, or cross-client aggregation of Connected-Service data.
The Software is model-agnostic: it operates with the third-party AI model or large language model the Client connects, running on the Client's own AI provider account. Bastios does not select or govern the AI provider or what that provider does with data the Software sends to it — the Client's use of any AI model is governed by the separate agreement between the Client and that provider. Within the Software, the AI model is used for narration, classification, and routing only, while deterministic code performs the bookkeeping judgment.
Outputs are probabilistic. They are not guaranteed to be accurate, complete, current, or error-free. The Client must review and verify Outputs before relying on them (see Section 10).
No training on Client Data by Bastios. Bastios does not use Client Data to train any AI model. Because the Software runs on the Client's own AI provider account, whether the AI provider retains or uses data the Software sends to it — including for training — is governed by the agreement between the Client and that provider. Bastios's role is limited to controlling what the Software sends outbound: stored credentials are designed not to enter a model prompt, and the default privacy mode pseudonymizes names and redacts secrets before any outbound call (see below).
Privacy modes. Every cloud call passes through a single outbound boundary that writes a metadata-only Audit event and applies a user-selectable privacy mode, default Pseudonymized: known customer and vendor names are tokenized and recognized secret formats are redacted before sending, then restored in the reply, with a fail-closed re-scan. Other modes are No-redaction (the user's explicit choice) and Keep finance/PII local. An unknown policy value resolves to Pseudonymized (fail-closed). With no key connected, a keyless mock is used and nothing is sent to a cloud model.
The Software is aligned to the NIST AI Risk Management Framework. For any outbound automated call placed through the Software, the Client is responsible for AI-disclosure compliance, including disclosure that the recipient is interacting with an automated system as required by applicable law.
The Software assists; a human reviews and signs off. The Client's AI Coordinator owns day-to-day oversight, approvals, and exceptions, and the Client's own bookkeeper or CPA verifies the books. The systems are powerful but are not unattended.
Three action classes always require a local human Approval: moving money, placing an outbound call, and Egress (sending data to a third party). An inbound message can never self-approve a gated action. Reads from linked apps and writes inside approved on-box folders run without per-action Approval under the free write-in-box class and are audit-logged. Any write that leaves the Box to a Connected Service — for example, posting an entry to QuickBooks Online, sending an email, or moving money — is instead treated as an Egress or money action: it is staged for a local human Approval and never auto-posts. Finance- or PII-tagged data is hard-blocked from Egress at the code level even with a human Approval, unless that specific capability is explicitly opted in.
Not professional advice. Bastios does not provide accounting, tax, legal, bookkeeping sign-off, or financial advice. The Software is a tool. The Client is solely responsible for reviewing and verifying Outputs before relying on them and for all business decisions made using the Software.
Bastios is not a money transmitter, money-services business, payment processor, bank, lender, broker-dealer, or fiduciary, and it never takes possession, custody, or control of Client funds. All payment rails and bank feeds (for example, Stripe and the bank-transaction feed) are the Client's own accounts. Every money action is staged for a local human Approval and audit-logged; the Software does not move funds on its own.
The Software is built on a default-deny, human-in-the-loop security model. Sensitive actions are gated behind human approval, secrets are held in protected storage, network exposure is restricted by default, and activity is recorded in an append-only audit log. The system is designed to fail closed — it defaults to deny and degrades to deny on any error.
Sandboxed command execution. The Software may execute system commands on the Device — for example, to operate on-box AI agent tooling (such as a headless AI coding agent) under the Client's own AI subscription or API account. Any such execution runs inside a sandboxed environment governed by the same default-deny controls: outbound network access from the sandbox is denied by default, money, communication, and Egress actions still require human Approval, and Client Financial Data and PII remain hard-blocked from Egress. Command execution is confined to the Device and does not extend Bastios any access to Client Data beyond the terms of this Agreement.
Secure development practices. Bastios employs secure software-development and testing practices designed to identify and mitigate risks, including unauthorized access, credential exposure, prompt injection, privilege escalation, and unauthorized data disclosure. Each release is reviewed for security issues before delivery. Bastios may update or modify its internal security controls, review processes, and testing methodologies from time to time to improve the security of the Software.
Honest status. Bastios does not currently hold SOC 2, ISO 27001, or any other security or compliance certification or attestation. Any formal certification is planned or in progress only, and is not represented as held. Bastios describes its real security posture honestly and does not overstate it. Security reviews to date are internal reviews, not an accredited external audit or formal penetration test.
Security-incident notification. Bastios will notify the Client of a security incident affecting Client Data without undue delay and, where feasible, no later than seventy-two (72) hours after Bastios confirms the incident. The Client acknowledges that its own downstream obligations may impose shorter timelines — for example, a security incident affecting Intuit-sourced data must be reported to Intuit within twenty-four (24) hours of discovery under Intuit's developer terms — and the parties will cooperate to meet such obligations.
Each party (the "Receiving Party") may receive non-public information of the other (the "Disclosing Party") that is marked or reasonably understood to be confidential ("Confidential Information"). The Receiving Party will use Confidential Information only to perform under this Agreement and will protect it with at least reasonable care. Confidential Information does not include information that is or becomes public without breach, was rightfully known before disclosure, is independently developed, or is rightfully received from a third party. A party may disclose Confidential Information if legally compelled, with reasonable notice where permitted. These obligations survive termination for three (3) years, and indefinitely for trade secrets.
Limited warranty. Bastios warrants that, for a period of ninety (90) days following delivery, the Software will perform in all material respects in accordance with the applicable Documentation when used as authorized under this Agreement. If the Software does not conform to this limited warranty and the Client promptly notifies Bastios during the warranty period, Bastios will, at its option, use commercially reasonable efforts to repair or replace the non-conforming Software. If Bastios determines that it cannot do so within a reasonable time, the Client's exclusive remedy, and Bastios' sole liability, shall be a refund of the one-time delivery or license fee paid for the non-conforming Software, upon return or certified destruction of the affected Software if requested by Bastios.
EXCEPT FOR THE LIMITED WARRANTY ABOVE, THE SOFTWARE IS PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, BASTIOS DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND THE WARRANTIES OF TITLE AND NON-INFRINGEMENT, AND ANY WARRANTY THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, OR THAT AI OUTPUTS WILL BE ACCURATE, COMPLETE, OR RELIABLE. BASTIOS DOES NOT WARRANT AGAINST BREAKAGE CAUSED BY CHANGES TO THIRD-PARTY DEPENDENCIES OR THE RETIREMENT OR ALTERATION OF AN AI MODEL BY ITS PROVIDER (SEE SECTION 5).
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THE POSSIBILITY AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. THESE LIMITATIONS APPLY REGARDLESS OF THE THEORY OF LIABILITY AND APPLY TO CLAIMS ARISING FROM OR RELATING TO A PARTY'S OWN NEGLIGENCE.
EXCEPT FOR THE CLIENT'S PAYMENT OBLIGATIONS AND THE CLIENT'S INDEMNIFICATION OBLIGATIONS IN SECTION 17, EACH PARTY'S AGGREGATE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE TOTAL FEES THE CLIENT PAID TO BASTIOS IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THE CLIENT ACKNOWLEDGES THAT AI OUTPUTS ARE PROBABILISTIC AND THAT ALL BUSINESS DECISIONS MADE IN RELIANCE ON OUTPUTS ARE AT THE CLIENT'S OWN RISK.
The Client further acknowledges that third-party products and Connected Services are governed by the applicable provider's terms and conditions. Bastios is not responsible for the acts, omissions, availability, security, or performance of any third-party provider, nor for any damages arising from the Client's use of such third-party services, except to the extent caused by Bastios' breach of this Agreement. Nothing in this Agreement limits or excludes liability for fraud, fraudulent misrepresentation, willful misconduct, gross negligence where such limitation is prohibited by law, death or personal injury caused by negligence where applicable, or any other liability that cannot be limited or excluded under applicable law.
THE CLIENT WILL DEFEND, INDEMNIFY, AND HOLD HARMLESS BASTIOS AND ITS MEMBERS, OFFICERS, AND EMPLOYEES FROM ANY THIRD-PARTY CLAIM ARISING OUT OF (A) THE CLIENT'S MISUSE OR UNLAWFUL USE OF THE SOFTWARE, (B) THE CLIENT DATA, (C) THE CLIENT'S CONNECTED-SERVICE ACCOUNTS OR ITS USE OF ANY CONNECTED SERVICE, OR (D) THE CLIENT'S BREACH OF THIS AGREEMENT.
The license granted in Section 2 is perpetual and continues unless terminated for material breach as set out below. Any Subscription runs month-to-month and the Client may cancel it at any time; cancellation of the Subscription does not terminate the perpetual license — the Client keeps what it bought, pinned in place, and only Subscription benefits (Updates and the reliability service) stop.
Either party may terminate this Agreement for the other's material breach not cured within thirty (30) days of written notice. On termination of the license for the Client's breach, the Client must stop using and remove the Software from the Device; the Client keeps its own Client Data, files, and Connected-Service accounts, which remain on the Client-owned Device. Sections 4, 6, 7, 10, 11, 14, 15, 16, 17, 20, and 22, and any payment obligations, survive termination.
The Client will comply with all applicable U.S. export-control, sanctions, and anti-corruption laws, and represents that it is not located in, or a resident of, an embargoed country and is not on any U.S. government restricted-party list. The Client will not use or export the Software in violation of those laws.
This Agreement is governed by the laws of the State of Texas, without regard to conflict-of-laws rules.
Informal resolution first. Before initiating arbitration, a party will send the other written notice of the dispute, and the parties will negotiate in good faith for at least thirty (30) days to resolve it informally.
BINDING ARBITRATION; CLASS-ACTION WAIVER. Except for the Excluded Claims below, any dispute, claim, or controversy arising out of or relating to this Agreement or the Software that is not resolved informally will be resolved by final and binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. This arbitration agreement is governed by the Federal Arbitration Act (9 U.S.C. §§ 1–16) and, alternatively, the Texas Arbitration Act (Tex. Civ. Prac. & Rem. Code ch. 171). The arbitration will be seated in Harris County, Texas, before a single arbitrator, and judgment on the award may be entered in any court of competent jurisdiction. EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN THE CLAIMS OF MORE THAN ONE PARTY AND MAY NOT PRESIDE OVER ANY CLASS OR REPRESENTATIVE PROCEEDING.
Excluded Claims; forum. The following are "Excluded Claims" and are not subject to mandatory arbitration: (a) a claim for injunctive or other equitable relief to protect a party's intellectual property or Confidential Information; and (b) a claim that qualifies for resolution in a small-claims court. For Excluded Claims, and for any action to enforce an arbitration award, the parties irrevocably submit to the exclusive jurisdiction of the state and federal courts located in Harris County, Texas.
JURY-TRIAL WAIVER. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY KNOWINGLY AND VOLUNTARILY WAIVES ANY RIGHT TO A TRIAL BY JURY IN ANY ACTION OR PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT.
Bastios may update this Agreement or the Software, including to address legal or regulatory change, on at least thirty (30) days' notice to the Client (for example, by email or in-product notice). Continued use of the Software after the notice period constitutes acceptance of the updated terms. Material changes that reduce the Client's rights will not apply retroactively to the perpetual license already granted, except as required by law.
The parties are independent contractors; nothing here creates an agency, partnership, joint venture, or employment relationship. The Client may not assign this Agreement without Bastios's prior written consent; Bastios may assign to an affiliate or in connection with a merger or sale of assets. If any provision is held unenforceable, the rest remains in effect and the provision is reformed to the minimum extent necessary. No waiver is effective unless in writing. Neither party is liable for delay or failure due to causes beyond its reasonable control (force majeure). This Agreement, together with any Order Form, Master Services Agreement, the Bastios Privacy Policy, and the Documentation, is the entire agreement between the parties and supersedes prior understandings on its subject matter; in case of conflict, the order of precedence is: a signed Order Form or Master Services Agreement, then this Agreement, then the Documentation. Notices must be in writing and sent to the contacts in Section 23.
General: hello@bastios.ai
Legal notices: legal@bastios.ai
Data / privacy: privacy@bastios.ai
Websites: bastios.ai, bastios.net
Legal entity: Bastios AI LLC, a Texas limited liability company. Governing law: State of Texas.