These terms govern access to gbrain.io, operated by The Overton Window Company, Inc. (“we,” “us,” “Overton”). They apply to anyone who creates an account or uses the service (“you,” “Customer,” “your organization”).
Customers who need a signed MSA, a DPA, or other contractual language can reach us at legal@overton.xyz.
1. The service
gbrain.io provides hosted brains: a managed deployment of gbrain, the open-source knowledge layer for AI agents. A brain holds your notes, supports search and retrieval over them, and is reachable from a browser chat UI and from any client that speaks the Model Context Protocol. Each brain runs on its own dedicated compute that we provision and operate. The architecture is described in Security; what we process is described in Privacy.
We may add, change, or remove features. We won’t degrade core functionality you’re paying for without notice; we will iterate on what’s around it.
2. Accounts and authentication
Sign-in is via Google OAuth or an email magic link. Each user account is identified by the email address used to sign in. You’re responsible for the security of the email account (and the Google account, if you sign in with one) tied to your gbrain.io account.
A workspace (also called an “organization”) is the billing and membership unit. One user is the payor for each workspace; that user’s billing relationship covers the workspace’s brains. Other users join the workspace as admins or members. Admins can create and delete brains; members can use them. Removing a member from a workspace doesn’t delete brains the workspace owns.
You’re responsible for who you invite into your workspace and what they do there. We don’t review invites.
3. Acceptable use
Don’t use the service, and don’t direct a brain, to:
- Violate the law of any jurisdiction that applies to you or to us.
- Break into, scan, or interfere with systems you don’t have permission to access.
- Crawl sources whose terms of service prohibit automated access.
- Harass, defame, or harm other people.
- Install or run software on your brain in a way that violates that software’s license (see section 4).
- Train a competing AI model on outputs the service generates.
- Resell access to the service to third parties without our written agreement.
If we have reason to believe a brain is being used for any of the above (notably anything illegal), we will shut it down. We’ll tell you why and give you a chance to respond when we can. When we can’t (the activity is causing or is about to cause harm, or law requires immediate action), we’ll shut it down first and tell you after.
4. Your workload
A brain is compute we operate for you. We install and maintain the platform layer: the operating environment, the network isolation, the encrypted storage, the gbrain knowledge layer, and the agent runtime that drives it. Everything that runs on top of that (the prompts your brain follows, the skills or tools you install, the models or model configurations you choose, the credentials you provide, the data you put in) is your workload, and you are responsible for it.
Specifically, you are responsible for:
- Licensing. Any software, model weights, datasets, fonts, or other proprietary material your brain uses must be properly licensed by you for the purpose you’re using it. We don’t audit your workload’s license footprint and we make no representation that anything you install has the rights you need.
- Behavior. Whatever your brain does (the requests it makes, the documents it writes, the integrations it triggers) is your conduct under section 3. We’re not a party to your prompts.
- Credentials. API keys, OAuth tokens, passwords, and any other secrets you install on your brain are yours to manage and rotate. If they leak or are abused, the response is yours.
- Compliance. If your workload processes data subject to a specific legal regime (HIPAA, FERPA, GLBA, GDPR special categories, export-controlled material), meeting that regime’s requirements is on you. The platform we provide is not pre-certified for any of those uses (see Security section 11).
The relationship is: we manage the server, you own what runs on it.
5. Customer data
Customer data means anything written to your workspace’s brains (by you, by another member, or by an AI client you’ve connected), anything your brains write in response, and the configuration you provide.
Your customer data is yours. It sits on the dedicated compute we run for your brain, and it stays there until you delete it. We don’t claim a license to it beyond what we need to run the service for you (hosting it on your brain’s compute, transmitting it between components inside the service, sending it to the AI provider that processes it on your behalf, returning it to you). We don’t train models on it. We don’t share it with anyone outside the subprocessor list in Privacy. We don’t read it for product purposes.
When you delete a brain, the customer data on it is destroyed on the timeline described in Privacy.
6. Subscription, billing, and term
Plans, prices, and what each plan includes are listed in the workspace’s billing area. We use Stripe for payment processing. Each plan tier runs on its own size of dedicated compute and includes an allotment of AI capacity intended to cover the workload that tier is sized for.
- Subscriptions renew automatically until you cancel.
- Cancellation takes effect at the end of the current billing period; we don’t pro-rate refunds for unused time.
- Material price changes for an existing plan get at least 30 days’ email notice.
- Failed payments may result in suspension; we’ll email you before suspending and again at the suspension itself.
- If a brain’s workload consistently exceeds what its plan is sized for (sustained traffic well above the included AI allotment, for example), we’ll reach out about moving you to a higher tier. We won’t quietly bill overage charges.
If your workspace owes us money and you stop paying, we may eventually delete the brains in that workspace after reasonable notice.
7. Service availability
The service does not include a contractual uptime SLA today. Until one is in place:
- We notify customers of unplanned downtime by email when it exceeds a few minutes.
- We do best-effort restoration. We do not credit accounts for downtime today.
- We publish a written post-mortem after any incident that affects customer data or causes downtime longer than 30 minutes.
If your use case requires a contractual SLA, contact legal@overton.xyz.
8. Events outside our control
Neither party is liable for failures to perform caused by events outside its reasonable control. That includes natural disasters, fires, pandemics, war and acts of terrorism, civil unrest, government action, internet or upstream-network outages, hostile cyberattacks against the service or its providers, and outages or failures at any subprocessor we depend on (see Privacy). In each case the affected party will resume performance as soon as it reasonably can.
If a security incident affecting customer data occurs despite the safeguards described in Security, our obligations are limited to the breach-notification, investigation, and remediation commitments in Privacy section 10, the limitation of liability in section 13 of these terms, and any non-waivable obligations under law. We do not warrant that the service is invulnerable.
9. Confidentiality
What you tell us about your business while we’re working together (roadmap conversations, support tickets that include sensitive details, sales calls) is confidential. We use it to support you and to improve the product, not to share with third parties or to brag about who our customers are without permission.
Material we publish or that anyone can derive from public use of the service isn’t confidential.
10. Intellectual property
We own the platform: the code, the design, the documentation, the trademarks. Using the service doesn’t transfer any of that to you.
You own your customer data, as described above. You also own anything you create that’s specific to your use of the service (brain configurations, custom workflows, exported data).
If you give us feedback, we can use it to improve the service. We won’t claim it as our invention or attribute it to you publicly without permission.
11. Third-party services
The service integrates with third-party services. Some are infrastructure we depend on (the AI provider that processes prompts on your behalf, our payment processor, our sign-in provider, our compute provider), all named in the subprocessor table in Privacy. Others are external services you choose to connect to your brain. Your use of any third-party service is also governed by that service’s own terms.
We don’t control those services. If one of them changes its API, raises its prices, or goes down, we deal with it as best we can but can’t guarantee uninterrupted access through us.
12. Disclaimers
The service is provided “as is” and “as available.” What your brain produces (retrievals, generated text, agent actions, anything else) can be incomplete, wrong, or unexpected. Treat your brain’s output as a starting point for your own judgment, not as authoritative.
Software you install on your brain (section 4) is also provided as-is by us. Any warranties on that software, if any exist, come from whoever you got the software from, not from us. We do not warrant that anything you install on your brain will work, will be safe, or will be free of defects.
To the extent the law allows, we disclaim implied warranties of merchantability, fitness for a particular purpose, non-infringement, and quiet enjoyment.
13. Limitation of liability
To the extent the law allows, neither party is liable to the other for indirect, incidental, special, consequential, or punitive damages arising out of or relating to this agreement.
Each party’s total cumulative liability arising out of or relating to this agreement is capped at the fees you paid us in the twelve months immediately before the event giving rise to the claim.
These limits don’t apply to fraud, willful misconduct, or anything else that’s non-waivable as a matter of law.
14. Indemnification
You’ll defend and indemnify us against third-party claims arising from your customer data being unlawful, your workload’s behavior or licensing (section 4), your violation of section 3 (acceptable use), or your violation of someone else’s intellectual property rights.
We’ll defend and indemnify you against third-party claims that the service, used as we describe, infringes that third party’s intellectual property rights. If we believe the service may become subject to such a claim, we may modify it or, if we can’t reasonably do so, refund any prepaid unused fees and terminate the affected workspace.
15. Termination
You can cancel anytime through the workspace’s billing area. We can terminate for material breach (including non-payment) after notice and a reasonable opportunity to cure. We can terminate immediately, without prior notice, if a brain is being used for activity covered by section 3 (including anything illegal) or if your conduct creates legal or operational risk to us or to other customers.
On termination, your access ends, your brains are destroyed on the timeline in Privacy, and any prepaid unused fees are non-refundable except as required by law.
16. Changes to these terms
We may revise these terms. Material revisions get notified by email at least 30 days before they take effect, and the Updated date at the top of this page changes. Continued use of the service after a material change takes effect counts as acceptance.
We maintain a public change history for this page.
17. Governing law
These terms are governed by the laws of the State of California, without regard to its conflict-of-laws principles. The parties consent to exclusive jurisdiction in the state and federal courts located in San Francisco County, California, except that either party may seek injunctive relief in any court of competent jurisdiction to protect its intellectual property or confidential information.
18. Contact
For legal notices: legal@overton.xyz. For everything else: reply to any email from us.