Terms of Service

Last updated: March 17, 2026

1. Acceptance of Terms

By accessing or using Decoy (“the Service”), you agree to be bound by these Terms of Service. If you do not agree, do not use the Service.

2. Description of Service

Decoy provides security monitoring for AI agent pipelines through honeypot MCP tools (“tripwires”). The Service detects prompt injection attacks by logging when AI agents call decoy tools. Decoy is a detection tool — it does not block, filter, or prevent attacks in real time.

3. Accounts

You must provide a valid email address to create an account. You are responsible for maintaining the security of your API tokens and session credentials. You must notify us immediately if you believe your account has been compromised.

4. Acceptable Use

You agree not to:

  • Use the Service for any illegal purpose
  • Attempt to gain unauthorized access to other users' data
  • Abuse the API through excessive requests beyond rate limits
  • Reverse engineer, decompile, or disassemble the Service
  • Resell or redistribute access to the Service without authorization

5. Plans & Billing

Decoy offers a Free plan and a paid Pro plan. Pro subscriptions are billed monthly ($9/month) or annually ($86/year) via Stripe. You can cancel at any time — Pro features remain active until the end of your billing period. No refunds are issued for partial billing periods.

6. Data & Privacy

Your use of the Service is also governed by our Privacy Policy. Trigger data is retained for 30 days (Free) or 90 days (Pro) and then automatically deleted.

7. Open Source Components

The Decoy MCP CLI (decoy-mcp) is open source under the MIT License. The backend service and dashboard are proprietary.

8. Disclaimer of Warranties

The Service is provided “as is” and “as available” without warranties of any kind, express or implied. We do not guarantee that the Service will detect all prompt injection attacks, be uninterrupted, or be error-free. Decoy is a detection layer, not a guarantee of security.

9. Limitation of Liability

To the maximum extent permitted by law, Decoy shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of data, profits, or business opportunities, arising from your use of the Service.

10. Changes to Terms

We may update these Terms from time to time. We will notify you of material changes via email or a notice on our website. Continued use of the Service after changes constitutes acceptance.

11. Termination

We may suspend or terminate your account if you violate these Terms. You may delete your account at any time by contacting us. Upon termination, your data will be deleted within 30 days.

12. Governing Law

These Terms are governed by the laws of the United States. Any disputes shall be resolved in the courts of the State of California.

13. Contact

Questions about these Terms? Email us at [email protected].