This document was drafted by the Signatrust team and tailored to Sign a Trust (KvK 83656480, VAT NL003855446B93), a company organised under the laws of the Netherlands. The document should be reviewed by qualified Dutch legal counsel before it is relied upon in a contractual dispute. It is published in good faith but is not a substitute for legal advice.
1. Parties & definitions
These Terms of Service ("Terms") are a binding agreement between you ("Customer", "you") and Signatrust — operated by Sign a Trust, a company organised under the laws of the Netherlands, with its registered office at Haverstraat 43, 7413 XR Deventer, the Netherlands, registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under number 83656480, VAT identification number NL003855446B93 ("we", "us", "Signatrust").
Capitalised terms used in these Terms have the meanings set out below:
- Service — the Signatrust platform, including the website at
signatrust.net, the receipt-signing API, the verification API, the Trust Passport, compliance reports, risk profiles, the Sandbox dashboard, and any related products we make available. - Receipt or Decision Receipt — a signed, hash-chained JSON record describing a decision taken by an agent, model or workflow, in the form defined by the open Receipt Specification (v1.0).
- Agent — an identity registered on the Service that issues Receipts.
- Customer Content — the metadata you submit when you call the API, including agent names, decision types, risk levels, policy identifiers and the cryptographic hashes (fingerprints) of inputs and outputs. The Service does not receive your raw prompts, model outputs, documents or personal data of your end users; see section 8 and our Privacy Policy.
- Sandbox — the public playground at
/dashboardwhere any visitor may register an Agent and seal Receipts against the open ledger for evaluation purposes.
2. Scope of the Service
The Service issues cryptographic Receipts for decisions taken by your AI agents and automated systems, lets third parties verify those Receipts independently, and derives downstream signals (Trust Score, Trust Passport, compliance report, risk profile) from the verified history.
The Service is a technical infrastructure. It does not provide legal advice, financial advice, regulatory approval, certification, audit opinions, or insurance coverage. Compliance reports map evidence to common frameworks (EU AI Act, GDPR, NIST AI RMF, ISO/IEC 42001); they are tools to support your compliance programme, not a substitute for it.
3. Account, API keys & security
- To use the API beyond the open Sandbox, you must register an account with a working email address and accept these Terms and the Privacy Policy.
- You must be at least 16 years old, or the digital-age-of-consent equivalent in your jurisdiction, and have the authority to bind any organisation you act for.
- API keys are secrets. They are shown to you once at the moment of issuance. You are responsible for storing them securely and for all activity performed under them. If a key is lost or exposed, you can self-reset via the email-verified flow at
/forgot. - You must notify us at security@signatrust.net without undue delay (and in any case within 72 hours) of any actual or reasonably suspected compromise of your credentials, your account, or any signing key you operate against the Service.
- You must enable available account-security features (e.g. two-factor authentication, when offered) and keep contact details current.
4. Acceptable use
You agree not to use the Service to:
- seal Receipts that misrepresent the agent, the model, the decision, the policies in force or any other material fact — fabricated evidence is a fundamental breach of these Terms;
- impersonate a third party, or seal Receipts on behalf of an entity without authorisation;
- upload, fingerprint, transmit or process content that is unlawful, defamatory, infringing, sanctioned, exploitative of minors, or otherwise prohibited under EU or applicable national law;
- circumvent rate limits, attempt to forge Receipts, attempt to retrieve receipts you do not own, exploit verification endpoints to enumerate other customers' data, or otherwise compromise the integrity, availability or confidentiality of the Service;
- use the Service to take or evidence decisions in any domain where you do not hold the licences, regulatory authorisations or human oversight required by law (for example: regulated financial advice, medical diagnosis, legally binding judicial determinations) — the existence of a Receipt does not confer such authority on you;
- resell, sublicense, white-label or commercially redistribute the Service or its outputs except under a written agreement with us;
- scrape, mass-download, copy or reverse-engineer the Service beyond what is permitted by mandatory EU law (in particular Art. 5–6 of Directive 2009/24/EC for software interoperability).
We may publish reasonable Acceptable Use Guidelines from time to time; they are incorporated into these Terms by reference.
5. Free tier & paid plans
Issuing Receipts is free at the Community tier within published fair-use limits. Paid plans (Enterprise Private, Air-Gapped, and any future commercial tier) are governed by an Order Form or separate written agreement that will reference these Terms. In the event of conflict between an Order Form and these Terms, the Order Form prevails for the parties named in it.
Fair-use limits, current pricing and tier inclusions are published on signatrust.net/#pricing and may change with reasonable notice. Changes will not retroactively affect prepaid periods.
6. Open Receipt Specification
The Receipt Specification v1.0 (the "Spec") is published openly and intended to become a community standard. You may implement, verify and ship products that produce and consume Receipts conforming to the Spec without paying us, and without our permission. The Spec is and will remain governed by an open licence; the brand "Signatrust" and our software implementation are not.
7. Evidentiary value of receipts
A Decision Receipt is a cryptographic record. Its technical authenticity (signature validity, hash integrity, chain linkage) can be verified by anyone, including offline, without trusting Signatrust. Its admissibility as legal evidence depends on the jurisdiction, the case, the rules of procedure, and how you have configured signing keys and human oversight.
Signatrust does not warrant that a Receipt will be accepted as evidence by any specific court, regulator or counterparty. In the European Union, Receipts may qualify as an "advanced" or "qualified" electronic signature under Regulation (EU) No 910/2014 (eIDAS) only if the underlying signing keys and identity verification meet the relevant eIDAS requirements; the default Community tier is not configured for "qualified" status. You are responsible for choosing the deployment edition and key-management posture appropriate to your evidentiary needs.
8. Customer data & privacy
Signatrust is designed for zero data access: prompts, model outputs, documents and end-user personal data are hashed in your environment and only the resulting fingerprints reach us. We do not need, request or want your raw content. Full details of what we do and do not process, on what lawful basis, and your rights as a data subject are set out in our Privacy Policy, which forms part of these Terms.
Where you act as a controller under Regulation (EU) 2016/679 (GDPR) in respect of personal data of your end users and we act as a processor on your behalf for any metadata derived from such data, the parties will execute a Data Processing Agreement on request at privacy@signatrust.net.
9. Intellectual property
- Our IP. Signatrust, the website, the API, the software, the brand and the documentation are owned by us or our licensors and protected by intellectual-property law. Nothing in these Terms transfers ownership.
- Your licence to use the Service. Subject to these Terms and payment of any applicable fees, we grant you a worldwide, non-exclusive, non-transferable, revocable licence to access and use the Service for your internal business purposes during the term.
- Your data. You retain all rights in the metadata you submit. You grant us a worldwide, non-exclusive, royalty-free licence to host, copy, transmit, display and process that metadata strictly as necessary to provide the Service and as described in the Privacy Policy.
- Aggregate & anonymous statistics. Provided the result cannot be linked back to you or any identifiable person, we may compile, publish and use aggregate, k-anonymised statistics derived from Service usage.
- Feedback. Suggestions and feedback you send us are non-confidential and may be used by us without restriction or compensation.
10. Availability, support, fair use
We aim for high availability but the Community tier is provided "as is" without a service-level commitment. Enterprise plans may carry a contractual SLA in their Order Form. We may schedule maintenance windows and will make reasonable efforts to announce them in advance via the status channel.
Fair-use limits exist to keep the Service available for everyone. We may throttle, rate-limit or temporarily suspend traffic that exceeds documented limits or that we reasonably believe is abusive or likely to degrade the Service for others.
11. Warranties & disclaimers
Except as expressly stated in these Terms or in an Order Form, the Service is provided "as is" and "as available". To the maximum extent permitted by applicable law, we disclaim all other warranties, whether express, implied or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, uninterrupted operation, security or freedom from error.
Nothing in these Terms excludes or limits any liability that cannot lawfully be excluded or limited, including liability for death, personal injury caused by negligence, or fraud.
12. Limitation of liability
Subject to the preceding paragraph and to any mandatory consumer-law protections:
- Neither party will be liable to the other for any indirect, incidental, special, consequential or punitive damages, or for loss of profits, revenue, goodwill, business opportunities or data, even if advised of the possibility.
- Each party's total aggregate liability arising out of or in connection with these Terms is capped at the greater of (a) the fees actually paid by the Customer to Signatrust for the Service in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) one hundred euros (€100). For Customers using only the free Community tier, this cap is €100.
- Each party must take reasonable steps to mitigate any loss it suffers.
You acknowledge that the price of the Service (including free use) reflects this allocation of risk and that, without it, we would not be in a position to offer the Service on the current terms.
13. Indemnification
You will defend, indemnify and hold harmless Signatrust, its affiliates and their respective personnel against any third-party claim, action or proceeding, and any associated damages, fines and reasonable legal costs, arising out of or relating to: (a) your breach of these Terms or of applicable law; (b) Customer Content or any decision recorded under your account; (c) your use of the Service in a regulated activity without the required authorisations; or (d) any allegation that a Receipt you caused to be issued is fraudulent, misleading or unlawful.
We will promptly notify you of any such claim, give you reasonable control of the defence (without prejudice to our right to participate at our own cost), and provide reasonable cooperation. You may not settle any claim in a manner that imposes obligations on us without our prior written consent.
14. Suspension & termination
We may suspend or terminate your access to the Service, in whole or in part, with or without notice, if: (a) you materially breach these Terms and have not cured the breach within a reasonable period after our notice; (b) we are required to do so by law, by a regulator or by a court order; (c) we reasonably believe your use poses a security, integrity or reputational risk to the Service or to other customers; or (d) we discontinue the relevant feature with reasonable notice. You may terminate your account at any time via the Sign-in area or by writing to hello@signatrust.net.
Termination does not cancel Receipts that have already been sealed. For the reasons explained in section 7, the integrity of the ledger requires that sealed Receipts remain verifiable. Personal data linked to a closed account is handled in accordance with the Privacy Policy.
15. Changes to the Service or these Terms
We may update these Terms to reflect changes to the Service, to applicable law, or to our business. We will publish the new version at signatrust.net/terms, update the "Last updated" date, and — for material changes adverse to you — give reasonable advance notice by email to the contact registered on your account or by an in-product notice. Continued use of the Service after the effective date of the change constitutes acceptance. If you do not accept a material change, you may terminate as set out in section 14.
16. Consumer rights (EU/EEA)
If you use the Service as a consumer resident in the EU or EEA, you keep the protection of the mandatory provisions of the law of your country of habitual residence. Nothing in these Terms restricts your statutory right to information, your right of withdrawal under Directive 2011/83/EU where it applies, or your access to alternative dispute resolution under Regulation (EU) No 524/2013, including the European Commission's ODR platform.
17. Governing law & venue
These Terms are governed by the substantive laws of the Netherlands, without regard to its conflict-of-laws rules and without prejudice to the consumer protections in section 16. The courts of the Rechtbank Overijssel (District Court of Overijssel) have exclusive jurisdiction over any dispute arising out of or in connection with these Terms, subject to any non-waivable right of a consumer to sue or be sued in the courts of their place of residence.
18. Contact
- General: hello@signatrust.net
- Privacy & data protection: privacy@signatrust.net
- Security disclosures: security@signatrust.net
- Legal / contract: legal@signatrust.net
If you believe a Receipt issued through the Service is fraudulent, misleading or unlawful, please write to abuse@signatrust.net with the Receipt identifier and a description of the issue. We investigate every well-formed report.