AIOrouter Terms of Service

Version: 1.2.0 Effective Date: 2026-05-13 French Version: Conditions d'utilisation (FR)

1. Acceptance of Terms

By accessing or using the AIOrouter API proxy service ("the Service"), operated by AIOCANA Technologies Inc. ("AIOrouter", "we", "us", "our"), you ("you", "User") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

These Terms incorporate by reference:

• Our Privacy Policy — how we handle your data
• Our Data Processing Agreement (DPA) — for enterprise customers processing personal data

2. Service Description

AIOrouter is an API proxy and intelligent routing service that provides developers with unified, OpenAI-compatible access to multiple AI model providers through a single endpoint. Key features include:

• Multi-provider aggregation — access DeepSeek, Qwen, Kimi, GLM, and other AI models through one API
• PIPEDA compliance — automatic PII scrubbing, zero prompt retention, Canada data residency
• Intelligent routing — automatic provider selection based on availability, cost, and task type
• Automatic fallback — if your primary provider is unavailable, requests are automatically routed to the next best alternative

The Service is provided on a best-effort basis during the public beta phase. Post-beta, we target 99% uptime (SLA terms to be published separately).

3. Account Registration & Security

3.1 Registration

You must provide accurate, complete registration information and keep it updated. You are responsible for all activity under your account.

3.2 API Key Security

You will receive an API key (format: aiorouter_ + 32-character hex string) upon registration. You are solely responsible for:

• Maintaining the confidentiality of your API keys
• All API requests made with your keys (whether authorized by you or not)
• Notifying us immediately of any unauthorized use at support@aiorouter.ca

You must NOT:

• Share your API keys publicly (e.g., in GitHub repositories, blog posts, or client-side code)
• Embed API keys in mobile apps, browser extensions, or other client-distributed software
• Use API keys for any purpose other than accessing the Service

If you suspect your API key has been compromised, rotate it immediately via the Dashboard. AIOrouter scans public code repositories for leaked keys and may proactively revoke compromised keys.

3.3 Dashboard Authentication

Dashboard access is secured by AIOrouter's Canada-resident Auth Enclave with passkey/WebAuthn-first authentication, TOTP fallback, recovery codes, and session controls. You are responsible for maintaining the security of your authentication credentials, passkeys, MFA devices, and recovery codes.

Optional OAuth or enterprise SSO may be offered in the future only as an opt-in identity provider integration with separate disclosure and approval. API keys do not authenticate Dashboard sessions.

4. Subscription & Billing

All prices are in Canadian Dollars (CAD). GST/HST is added for Canadian customers as required by law.

4.1 Prepaid Credit Packs

Prepaid credit packs are available in multiple tiers (Starter, Builder, Maker, Scaler, Pro). Credits:

• Never expire
• Are deducted from your balance as you use the Service at the then-current per-token rate
• Are non-refundable except as required by applicable law
• Can be viewed at any time in your Dashboard

4.2 Monthly Subscriptions

Monthly subscriptions (Explorer, Developer, Professional, Business tiers) include:

• A provider-cost indexed monthly allowance, calculated at the locked allowance price for the billing period, which resets on the 1st of each calendar month
• Unused allowance does NOT roll over to the next month
• Overage usage exceeding your allowance is automatically deducted from your prepaid credit balance at the overage rate for your tier, unless your tier or dashboard settings enforce a hard cap
• Subscriptions auto-renew each month until cancelled

4.3 Pricing Changes

We may adjust retail pricing with 30 days notice. Wholesale price changes from AI providers may cause automatic retail price adjustments (increases take effect immediately; decreases apply after a 24-hour verification delay).

4.4 Payment Processing

Payments are processed securely by Stripe. We do not store your full credit card number. By providing payment information, you authorize Stripe to process payments on our behalf per Stripe's terms.

4.5 Taxes

You are responsible for all applicable taxes. GST/HST (5-15% depending on province) is added to invoices for Canadian customers per Canada Revenue Agency (CRA) requirements. Tax-exempt organizations must provide valid exemption certificates.

4.6 Refunds

• Prepaid credits: Non-refundable except as required by applicable law
• Monthly subscriptions: Non-refundable for the current billing period. You may cancel at any time — cancellation takes effect at the end of the current billing period
• Refund requests: Reviewed case-by-case. Contact billing@aiorouter.ca

4.7 Failed Payments

If a subscription payment fails, we will notify you and retry. Continued non-payment may result in service suspension. Prepaid credit balances remain accessible.

4.8 Unauthorized Usage

You are solely responsible for all charges incurred through your API keys, including charges from unauthorized use resulting from your failure to secure your credentials. AIOrouter is under no obligation to refund or credit charges from unauthorized API key usage. You should monitor your usage regularly via the Dashboard and rotate compromised keys immediately. If you suspect your API key has been compromised, see §3.2 for key rotation procedures.

5. Acceptable Use Policy

You agree NOT to use the Service for any purpose that violates these Terms or applicable law.

5.1 Prohibited Content

You may not use the Service to generate, distribute, or facilitate:

• Illegal content under Canadian federal or provincial law
• Content promoting violence, terrorism, or hate speech against individuals or groups based on race, ethnicity, religion, gender, sexual orientation, disability, or other protected characteristics
• Malicious content — malware, phishing schemes, social engineering attacks, or content designed to harm or deceive
• Prompt injection attacks — attempts to bypass AIOrouter's AI Firewall, extract system prompts, or manipulate the Service in unintended ways
• Jailbreak content — attempts to circumvent safety guidelines of underlying AI models
• Intellectual property violations — content that infringes on copyrights, trademarks, trade secrets, or patents
• Harassment or stalking — content intended to intimidate, threaten, or harass individuals
• Sexually explicit content involving minors — zero tolerance, immediate account termination, and reporting to law enforcement
• Non-consensual intimate imagery — zero tolerance, immediate termination

5.2 Prohibited Conduct

You may not:

• Scrape, crawl, or systematically extract data from the Service
• Reverse engineer, decompile, or attempt to extract model weights, algorithms, or proprietary Service components
• Resell or redistribute AIOrouter access without written authorization
• Circumvent rate limits through multiple accounts, API keys, or automated means
• Attempt to bypass PII scrubbing, AI Firewall, or any security measure
• Use the Service for any activity that violates PIPEDA, Quebec Law 25, or applicable privacy regulations
• Impersonate AIOrouter or misrepresent your affiliation with us

5.3 Enforcement

AIOrouter reserves the right, at its sole discretion, to:

• Block specific prompts or requests that violate this AUP (automatically via AI Firewall)
• Suspend or terminate accounts for AUP violations
• Report illegal activity to law enforcement authorities
• Cooperate with legal investigations and disclose information as required by law

We will make reasonable efforts to notify you before suspension or termination, except in cases of ongoing harm, legal requirement, or technical emergency.

6. API Usage & Rate Limits

6.1 Rate Limits

Rate limits apply per API key based on your subscription tier:

• Standard limits displayed in API response headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset)
• Higher limits available on higher subscription tiers
• Rate limit status viewable in your Dashboard

6.2 Excessive Usage

We may throttle or contact you if your usage deviates significantly from normal patterns. Excessive automated usage that impacts Service availability for other users may result in temporary throttling.

6.3 API Versioning

The Service supports API versioning via the API-Version header (e.g., API-Version: 2026-06-01). Each version is maintained with backward compatibility for at least 12 months. Deprecation notices are communicated via the Sunset response header and email notification.

7. Intellectual Property

7.1 AIOrouter IP

The AIOrouter Service, software, branding, and documentation are owned by AIOCANA Technologies Inc. and protected by Canadian and international intellectual property laws. These Terms do not grant you any right, title, or interest in AIOrouter's intellectual property beyond the limited right to use the Service.

7.2 Your Content

• You retain ownership of your prompts and the AI-generated responses you receive through the Service
• AIOrouter does NOT claim any ownership over your prompts or generated content
• AIOrouter does NOT use your prompts to train, fine-tune, or improve AI models

7.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, royalty-free license to use that feedback for any purpose.

8. Service Availability & Disclaimers

8.1 Beta Phase

During the public beta phase, the Service is provided "AS IS" and "AS AVAILABLE" without any service level agreement (SLA). We will make reasonable efforts to maintain availability but do not guarantee uninterrupted service.

8.2 Third-Party Dependencies

The Service depends on third-party AI providers (DeepSeek, Qwen, Kimi, GLM, and others). AIOrouter is not responsible for:

• Provider outages, service degradations, or API changes
• Changes to provider pricing, model availability, or terms of service
• Quality, accuracy, or appropriateness of AI model outputs

8.3 Automatic Fallback

The Model Router automatically fails over to alternative providers when your primary provider is unavailable. Fallback may result in different model behavior, capabilities, or response quality.

8.4 AI Model Output Disclaimer

AI-GENERATED CONTENT MAY CONTAIN ERRORS, INACCURACIES, BIASES, OR INAPPROPRIATE MATERIAL. You are solely responsible for:

• Reviewing and validating all AI outputs before use
• Ensuring AI-generated content complies with applicable laws and regulations
• Any decisions or actions taken based on AI-generated content

AIOrouter makes no warranties regarding the accuracy, completeness, or fitness-for-purpose of AI model outputs.

8.5 No Security Guarantee; Shared Responsibility

AIOrouter employs industry-standard security measures including but not limited to TLS 1.3 encryption, AI Firewall, GCP DLP PII scrubbing, Cloud Armor WAF, bcrypt key hashing, non-root containers, and Canada-resident infrastructure. These measures represent commercially reasonable efforts consistent with current best practices.

HOWEVER, YOU ACKNOWLEDGE AND AGREE THAT:

(a) No computer system is immune from intrusion. AIOrouter does not and cannot guarantee that our security measures will prevent all unauthorized access, data breaches, or cyberattacks.

(b) The threat landscape evolves continuously. Novel attack vectors, zero-day vulnerabilities, AI-specific adversarial techniques, and supply chain compromises may defeat any security system.

(c) Security is a shared responsibility. You must secure your API keys, authentication credentials, MFA devices, and recovery codes. AIOrouter is not responsible for breaches originating from your failure to maintain adequate security on your end.

(d) To the maximum extent permitted by law, AIOrouter disclaims all liability for security incidents except where directly and solely caused by our gross negligence or willful misconduct.

8.6 PII Scrubbing Limitations

AIOrouter's PII scrubbing system uses Google Cloud DLP with Canadian infoType detectors (SIN, credit card numbers, health card numbers, email addresses, phone numbers, person names, street addresses) plus a regex fallback layer. This system is designed to prevent Personally Identifiable Information from being transmitted to AI model providers outside Canada.

YOU ACKNOWLEDGE THAT:

(a) PII detection is inherently probabilistic. Novel PII formats, obfuscated data, mixed-language text, and edge cases may not be detected by our current detection rules.

(b) AIOrouter makes no warranty that ALL PII will be intercepted before leaving Canadian jurisdiction.

(c) You are responsible for ensuring that you do not submit PII in prompts if zero PII export is required for your use case.

(d) AIOrouter continuously improves its PII detection capabilities but cannot guarantee detection of future or unknown PII formats.

9. Limitation of Liability

9.1 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, AIOCANA TECHNOLOGIES INC.'S TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICE IS LIMITED TO THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

9.2 Exclusion of Damages

IN NO EVENT SHALL AIOCANA TECHNOLOGIES INC. BE LIABLE FOR:

• Indirect, incidental, special, consequential, or punitive damages
• Loss of profits, revenue, data, business opportunity, or goodwill
• Damages arising from unauthorized use of your API keys, whether caused by your failure to secure credentials, third-party attacks, or any other circumstance beyond our direct and exclusive control
• Damages arising from PII that escapes our scrubbing layer, including where our automated scanning fails to detect novel or obfuscated PII patterns. You acknowledge that no automated security system is infallible and accept this residual risk
• Provider outages, model unavailability, or API changes beyond our control
• AI model output quality, accuracy, bias, hallucinations, or inappropriateness — AI-generated content is inherently non-deterministic and may contain errors. You are solely responsible for human review of all AI outputs before use
• Cybersecurity incidents including DDoS attacks, zero-day exploits, supply chain compromises, or any attack that defeats our security controls despite our commercially reasonable efforts
• Unauthorized access to your account resulting from your failure to secure your API keys or authentication credentials

9.3 Basis of Bargain

You acknowledge that the limitations of liability, disclaimers of warranty, and security limitations set forth in these Terms (including but not limited to §8.5 No Security Guarantee, §8.6 PII Scrubbing Limitations, and §9.2 Exclusion of Damages) are a fundamental basis of the bargain and that AIOrouter would not provide the Service without them.

9.4 Statutory Rights

Some jurisdictions do not allow the exclusion or limitation of certain warranties or liabilities. These Terms do not affect your statutory rights that cannot be waived or limited by contract.

10. Indemnification

You agree to indemnify, defend, and hold harmless AIOCANA Technologies Inc., its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising from or related to:

• Your use of the Service
• Your violation of these Terms
• Your violation of third-party rights (including intellectual property or privacy rights)
• Content you generate or distribute using the Service
• Your failure to secure your API keys or authentication credentials, including any resulting unauthorized access, data exposure, or financial charges
• Any PII you submit in prompts that bypasses our scrubbing layer, including where such PII is transmitted to third-party AI providers
• Any security incident originating from your systems, applications, or credentials
• Your failure to comply with applicable privacy laws (PIPEDA, Quebec Law 25, GDPR, or other applicable regulations) in your own use of AI outputs or handling of personal data

11. Termination

11.1 By You

You may stop using the Service at any time. To close your account, contact support@aiorouter.ca or use the Dashboard account deletion flow. Account deletion includes:

• 30-day grace period (deletion can be cancelled during this period)
• Immediate API key revocation upon submission
• Subscription cancellation (no further charges)
• Permanent data deletion after the grace period (except billing records per CRA requirements)

11.2 By Us

We may suspend or terminate your account:

• For violation of these Terms (with notice where feasible)
• For extended non-payment
• If required by law or legal process
• If you cease business operations or enter bankruptcy proceedings

11.3 Effect of Termination

Upon termination:

• API key access is immediately revoked
• Dashboard access is revoked
• Prepaid credit balances: non-refundable if terminated for ToS violation; pro-rata refund available if terminated by us without cause
• Data is handled per our Privacy Policy retention schedule
• Provisions that by their nature should survive termination (Intellectual Property, Limitation of Liability, Indemnification, Governing Law) continue in effect

12. Governing Law & Dispute Resolution

12.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the Province of Quebec and the federal laws of Canada, without regard to conflict of law principles.

12.2 Dispute Resolution Process

Step 1 — Informal Resolution (30 days): Before filing any formal claim, you agree to contact us at privacy@aiorouter.ca and attempt to resolve the dispute informally. We will do the same. Both parties agree to negotiate in good faith for at least 30 days.

Step 2 — Binding Arbitration: If informal resolution fails, disputes shall be resolved by binding arbitration administered by the Canadian Arbitration Association in accordance with its Commercial Arbitration Rules. The arbitration shall take place in Montreal, Quebec, Canada, and be conducted in English (or French, at your election).

12.3 Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY LAW, YOU AGREE THAT ALL DISPUTES SHALL BE RESOLVED ON AN INDIVIDUAL BASIS ONLY. YOU WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR REPRESENTATIVE PROCEEDING.

12.4 Small Claims Exception

Notwithstanding the arbitration agreement, either party may bring an individual claim in small claims court in Montreal, Quebec, provided the claim falls within the court's jurisdictional limits.

12.5 Time Limit

Any claim must be filed within one (1) year of the event giving rise to the claim, or it is permanently barred.

13. Changes to Terms

We may update these Terms from time to time. For material changes:

• We will notify you via email at least 30 days before the changes take effect
• We will display a notice in your Dashboard
• For material changes (not clarifications or formatting), you will be prompted to re-accept the Terms at your next Dashboard login
• Continued use of the Service after the effective date constitutes acceptance of the updated Terms

If you do not agree to the updated Terms, you must stop using the Service and may close your account per Section 11.1.

14. General Provisions

14.1 Entire Agreement

These Terms, together with the Privacy Policy and any applicable DPA, constitute the entire agreement between you and AIOCANA Technologies Inc. regarding the Service and supersede all prior agreements.

14.2 Severability

If any provision of these Terms is found unenforceable, that provision shall be limited to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

14.3 No Waiver

Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision.

14.4 Assignment

You may not assign these Terms or your rights without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

14.5 Force Majeure

We are not liable for delays or failures in performance resulting from causes beyond our reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, government action, internet or power outages, and third-party service failures.

14.6 Relationship of Parties

These Terms do not create a partnership, joint venture, employment, or agency relationship between you and AIOCANA Technologies Inc.

14.7 Contact

Related Documents:

• Privacy Policy — How we handle your personal information
• Data Processing Agreement (DPA) — For enterprise customers processing personal data