Terms of Service — address.bot

1.1 Agreement Overview

Welcome to address.bot (the “Service,” “Platform,” “we,” “us,” “our”), an API-first physical-address evidence channel for individuals, businesses, developers, and AI agents, operated by Golden Ratio, LLC, a Utah limited liability company doing business as “address.bot” (the “Company”). The Platform's core offering is a request-driven workflow in which you (or your authorized AI agent) submit (a) a target physical address, (b) a request type (such as address confirmation, photo capture, video walkthrough, property condition, or custom media), (c) optional recipient instructions, and (d) one or more evidence requirements; and the Company arranges for a postcard bearing a QR code and a printed short code to be printed and mailed to the address. The recipient at that address scans the QR, completes the requested evidence through a token-scoped flow at /v/[token], and you receive signed webhook events, evidence metadata, and short-lived signed download links through the dashboard and API.

By accessing or using our website, REST API, dashboard, agent-onboarding endpoints, recipient pages, MCP/agent adapters, and related services, you (“Owner,” “Customer,” “Operator,” “Member,” “you,” “your”) agree to be bound by these Terms of Service (“Terms”), the Privacy Policy at /privacy, the Patent Notice at /legal/patents, and any addendum you have separately accepted.

1.2 Key Definitions

“Owner”

The verified human individual or authorized representative of a business entity who creates an account, signs in via email magic link, controls the underlying business record, and remains accountable for all API keys, agent account intents, webhook destinations, requests, billing, and live-send approvals under that account.

“Business Account”

The internal "businesses" record automatically created (or claimed from a pending account intent) when an Owner signs in. All API keys, requests, evidence, billing, and webhooks are scoped to a Business Account.

“Agent”

Any artificial intelligence system, autonomous software agent, MCP client, OpenClaw client, A2A peer, framework integration, scripted automation, or programmatic process that creates account intents, calls the API using issued keys, or otherwise interacts with the Platform under an Owner's account.

“Account Intent”

A pending, owner-verification-required account setup request created via POST /api/v1/account-intents (typically by an Agent). An Account Intent does not create a usable Business Account until the supplied signup inbox verifies email via the /signup flow.

“Verification (or Request)”

The first concrete embodiment of a request inside the address-scoped evidence channel. A Verification ties one address, one current task version, recipient instructions, evidence requirements, fulfillment status, and uploaded evidence together. A Verification may also evolve through follow-on tasks against the same address-scoped state object.

“Address-Scoped State Object”

The durable parent object for an address, location, parcel, site, unit, asset, route, or geospatial area against which physical challenges, evidence sessions, task versions, evidence events, receipts, and downstream actions are accumulated.

“Physical Challenge”

The physical artifact or physical association that bootstraps the channel — currently a printed postcard with QR code and short code, with future support contemplated for letters, placards, NFC/RFID tags, sensor kits, package inserts, fieldworker cards, and similar artifacts.

“Token”

The high-entropy URL secret embedded in the postcard QR (https://address.bot/v/{token}) that opens the recipient evidence session. Tokens are not exposed via the public API and must not be transmitted to non-recipient parties.

“Printed Code”

The short alphanumeric code printed on the postcard and used as a second factor proving the recipient has the physical artifact.

“Recipient”

The anonymous, non-account human (or, in future channel types, the device, sensor, contractor, inspector, property manager, fieldworker, or partner system) at the target address that activates the Token and submits evidence. The Recipient is not a Member of the Platform and does not create an address.bot account.

“Evidence”

Any code confirmation, photo, video, file, note, attestation checkbox, signature, or other Recipient-submitted content collected through the recipient flow at /v/[token].

“Sandbox / Test Mode”

The non-billed simulation tier accessed with sk_test_* API keys. Sandbox requests do not enter live print fulfillment unless explicitly simulated, but they still compute pricing and exercise the full request lifecycle.

“Live Mode”

The billed production tier accessed with sk_live_* API keys. Live requests enter the print/mail fulfillment queue only after a saved preflight is confirmed, billing readiness is satisfied, owner-level live-policy controls are met, and any required manual review is resolved.

“Preflight”

A priced, validated draft of one or more Verifications produced via POST /api/v1/preflight before any live spend or fulfillment is committed.

“Live Policy”

The owner-configured controls that govern live spend, including first-live approval, per-request cap, and monthly live budget, as exposed via /api/v1/billing/live-policy.

“Manual Review”

A request placed into the review_requests queue when a Verification trips a risk heuristic (such as higher-value live cost, video/signature evidence, custom_media type, many evidence requirements, or flagged terms in instructions). Live mailing is blocked until the Owner resolves the review.

“Webhook”

An HMAC-signed HTTP POST callback (HMAC-SHA256, signed with the business webhook secret) sent to the Owner-configured destination upon occurrence of request lifecycle, recipient evidence, and billing events.

“Receipt”

A future, optional cryptographic strengthening artifact containing the canonical task snapshot, evidence hashes, webhook references, and workflow state, intended to support downstream action gating and public verification. Receipt generation, public verifier pages, and Merkle/ledger anchoring are not generally available at this time.

“Downstream Action”

Any payment release, claim/compliance advancement, vendor approval, milestone approval, model/dataset acceptance, fieldworker dispatch, sensor deployment, or other system action that you or a third-party system gates on Verification state. Address.bot does not perform Downstream Actions on your behalf except as expressly enabled.

“Acceptable Use”

The conduct rules in Section 8 governing what physical addresses, recipients, and content may be targeted by Verifications.

2.1 Service Description

You (or your authorized AI agent, MCP client, A2A peer, OpenClaw client, or REST consumer) submit (a) a target address, (b) a request type, (c) optional recipient-facing instructions, and (d) one or more evidence requirements (such as a printed-code confirmation, one or more photos, a video, a free-form note, a signature/attestation, or a checkbox). The Company arranges, through its production and fulfillment workflow, for a postcard bearing the QR Token URL and the printed short Code to be generated, printed, mailed, and tracked through fulfillment status transitions (such as queued for print, printed, mailed, delivered, and undeliverable). The Recipient at the target address scans the QR, optionally enters the printed Code, uploads any required evidence directly to private storage via short-lived signed upload URLs, and submits. You receive signed webhook events through the request lifecycle and may also retrieve evidence metadata and short-lived signed download URLs via the API and dashboard.

2.2 Public Beta Status

The Platform is operating as a public beta. The Company is actively developing additional capabilities including non-postcard activation channels (NFC, RFID, sensor check-in, geolocation, partner events, scheduled reactivation), explicit task-version history surfaces, recurring and child evidence sessions, cryptographic Receipts and Merkle/ledger anchoring, downstream action gates, automatic live Stripe capture, and additional MCP / agent adapters. Beta capabilities may be modified, suspended, withdrawn, or moved to enterprise tiers at any time. The Company makes no commitment that any beta capability will remain available on its current terms, at its current price, or on any particular timeline.

2.3 What We Provide

• REST API for verification creation, listing, retrieval, simulation, and follow-on tasks
• Preflight pricing and validation API
• Account-intent API for agent-initiated signup requests (subject to signup inbox verification)
• Owner-controlled live-policy API (first-live approval, per-request cap, monthly budget)
• Manual review queue API for risky live requests
• Hosted Stripe billing portal API and Stripe-readiness checks
• Postcard rendering with QR + printed short code, manual print fulfillment, and admin status transitions
• Token-scoped recipient page at /v/[token] with code confirmation and direct-to-storage media upload
• HMAC-signed webhook delivery with durable retry log
• Operator dashboard for create/preflight/billing/keys/logs/settings/onboarding
• OpenAPI, llms.txt, docs surfaces for developer and agent discovery
• Sandbox and live mode separation by API key prefix
• Idempotency-Key support on verification creation
• Address-scoped channel foundation (state object, physical challenge, evidence session, task definition, task input, evidence event)

2.4 What We Do NOT Provide

• Identity verification of the Recipient, occupant, owner, or any other person at the target address
• Determination of who lives at, owns, leases, controls, or is permitted to be at any address
• Real-estate brokerage, title, escrow, or property-management services
• Notarization, apostille, certified-copy, or process-service
• Legal, tax, accounting, healthcare, financial, or fiduciary advice
• Background checks, credit checks, or consumer reports under the Fair Credit Reporting Act (FCRA) or any equivalent
• Investigative, surveillance, or skip-trace services
• Insurance coverage of any kind for the Verification, the postcard in transit, or any Recipient-submitted Evidence
• Guaranteed mail delivery, guaranteed Recipient response, guaranteed Evidence quality, or guaranteed downstream-action approval
• Direct supervision or control of Agent activities (Owners are solely responsible for their Agents)
• Custody of the Recipient or any property at the target address
• Locksmithing, entry, on-site dispatch, fieldwork, sample collection, or other in-person services
• Automatic redaction or filtering of sensitive content the Recipient elects to upload
• A KYC, AML, OFAC, sanctions, or watchlist program for Recipients (KYC-style screening for Owners is fraud-prevention only — see Section 5)

2.5 Intended Use Cases

The Platform is designed to support a range of programmatic and human-driven physical-address evidence workflows, including but not limited to:

• Address confirmation: Verifying that a real human can receive mail at and respond from a physical address
• Property condition: Photo or video documentation of the exterior, interior, or specific features of a property
• Vacancy / occupancy verification for lenders, insurers, and asset managers
• Construction and field-progress documentation by independent contractors at remote sites
• Inspection evidence (utility meters, serial numbers, asset tags, environmental conditions)
• Notice-posting proof, regulatory documentation, and milestone proof
• Real-world ground-truth for AI training, model evaluation, and digital-twin validation
• Agent-driven verification of an address before a downstream action (payment, dispatch, contract advancement)
• Site-access and chain-of-custody proof for sample kits, sensor deployments, or device installations

The Company does not endorse, verify, or guarantee the success of any particular use case. You are responsible for ensuring that every Verification you create complies with all applicable law and with the rights of the Recipient and any third party at the target address.

2.6 Platform Provider Status

The Company provides software, an API, fulfillment workflow, recipient-evidence collection infrastructure, and connections to independently operated third-party providers (database, storage, email, payment, hosting, analytics, mail carriers, and similar). The Company is NOT the principal, employer, partner, joint venturer, or agent of any Owner, Recipient, Agent, or third-party provider. The Company does not direct, control, or supervise the activities of any Agent or Recipient. Owners are solely responsible for the actions, omissions, and conduct of every Agent acting under their account, and for every request, instruction, recipient message, evidence requirement, follow-on task, and downstream action made or taken under their account.

3.1 Waitlist and Public Beta Registration

The Platform is currently in public beta. Prospective Owners may create an account directly via /signup or magic-link login at /login. There is no waitlist gating for signup at this time, but the Company reserves the right to introduce a waitlist, invitation list, or allowlist at any time and to grant priority access to certain users, use cases, or partnerships.

3.2 Agent-Initiated Account Intents

AI agents and autonomous systems may initiate a pending business account by calling POST /api/v1/account-intents. An Account Intent is a non-binding account intent. It does not provision a usable Business Account and does not entitle any Agent or third party to any API keys, credit, billing arrangement, or live-send capability. A human Owner or authorized representative must verify the listed email address through the secure signup flow, complete first-run setup, and explicitly accept these Terms before any usable account, sandbox key, live key, or live spend is possible.

3.3 Launch and Production Notification

The Company may notify Owners by email, dashboard banner, webhook event, or status page when material changes are made to public beta scope, pricing, generally-available features, or production readiness. Continued use of the Platform after such notice constitutes acceptance of those changes, subject to Section 24.

4.1 Eligibility Requirements

To register as an Owner, you must:

• Be at least 18 years of age
• Have the legal capacity to enter into a binding contract
• Provide a valid email address that you control and can verify by magic link
• Provide a business profile, billing email, and (where required) operating intent during /app/get-started
• Have a lawful basis to send postcards to the addresses you target and to collect Evidence from the Recipients you target
• Not be listed on any U.S. government sanctions list, including but not limited to the OFAC Specially Designated Nationals (SDN) List
• Not have been previously terminated from the Platform for violations of these Terms

4.2 Business Entity Registration

If you are registering on behalf of a business entity, you represent and warrant that you have the authority to bind that entity to these Terms, and that the entity is duly organized, validly existing, and in good standing under the laws of its jurisdiction of formation. The Business Account is the contracting party for all Verifications, billing, and live policy under your account.

4.3 Account Security

You are responsible for maintaining the confidentiality of your account credentials, magic-link emails, API keys, webhook signing secrets, and any token returned by the Platform. You are responsible for all activity under your account, whether or not authorized by you. You must immediately notify the Company at the support address in Section 26 of any unauthorized use of your account, any compromise of an API key or webhook secret, or any other security incident affecting your use of the Platform.

5.1 Owner Verification

Before issuing live API credentials, enabling first-live sending, or processing live billing through Stripe, the Company may verify, at its discretion and as appropriate to the risk profile of the account: (a) ownership of the magic-link email address, (b) business profile fields, (c) billing email and Stripe customer readiness, (d) the live-policy posture of the account (first-live approval, per-request cap, monthly budget), and (e) any other commercially reasonable signal needed to deter fraud, abuse, and unauthorized live spend.

The Company's verification is a fraud-prevention and platform-integrity measure. It is not a regulated Customer Identification Program under the Bank Secrecy Act or any equivalent regulatory regime. The Company is not a financial institution, money services business, money transmitter, consumer reporting agency, or background-check provider.

5.2 Sanctions, Watchlist, Fraud, and Risk Screening

The Company or its payment, identity, hosting, or compliance providers may perform sanctions, watchlist, fraud, or risk screening on an Owner, the Owner's payment method, the Owner's billing email, or other Owner-provided information. Any such screening is advisory. The Company does not warrant that screening identifies every match, and the absence of a flag is not a representation that any Owner is in compliance with sanctions or other law. Where the Company learns that an Owner appears on a sanctions list or is otherwise prohibited from receiving the Service, the Company will refuse, suspend, or terminate the account and may report or cooperate with authorities to the extent required or permitted by applicable law.

5.3 Right to Refuse Service

THE COMPANY MAY REFUSE, SUSPEND, OR TERMINATE SERVICE TO ANY PERSON OR ENTITY TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, INCLUDING BUT NOT LIMITED TO REFUSAL BASED ON: FAILED VERIFICATION; SANCTIONS, OFAC, OR WATCHLIST INDICATORS; SUSPECTED FRAUD, ABUSE, OR MISUSE; OPERATIONAL, COMPLIANCE, LEGAL, PAYMENT, OR SECURITY REASONS; PRIOR ACCOUNT TERMINATION; LAW-ENFORCEMENT REQUEST; REPEATED MANUAL-REVIEW REJECTIONS; OR RISK-ASSESSMENT OUTCOMES. NOTHING IN THIS SECTION AUTHORIZES, AND THE COMPANY DOES NOT EXERCISE, REFUSAL ON ANY GROUND PROHIBITED BY APPLICABLE NON-DISCRIMINATION OR CONSUMER-PROTECTION LAW.

5.4 Ongoing Verification

The Company may, at any time and without prior notice, require Owners to re-verify their identity, provide additional documentation, or answer questions about their account activity. Failure to comply with re-verification requests within forty-eight (48) hours may result in immediate account suspension.

5.5 Verification Record Retention

The Company retains verification records (including verification results, processor session identifiers, business profile, account-intent provenance, masked payment identifiers, and live policy/manual-review history) for a minimum of five (5) years after account closure. This retention supports fraud investigation, dispute resolution, audit, sanctions inquiry response, and lawful cooperation with law enforcement.

6.1 Agent Use of the Platform

Owners may use the Platform directly through the Operator Dashboard or may grant Agents the ability to call the API, run preflight, create sandbox or live Verifications, fetch evidence, list webhook deliveries, and (where authorized) update Live Policy and resolve Manual Review requests. Agent registration is optional — every capability available to Agents is also available to a human Owner via the dashboard.

6.2 Owner Responsibility for Agents — Inherited Identity

AGENTS CANNOT SELF-PROVISION USABLE ACCOUNTS. EVERY AGENT MUST BE SPONSORED BY A VERIFIED HUMAN OWNER. AGENTS INHERIT IDENTITY FROM THEIR OWNER. AUTONOMOUS AGENTS CANNOT OBTAIN PRODUCTION CREDENTIALS INDEPENDENTLY — THEY MUST OPERATE UNDER A VERIFIED OWNER'S BUSINESS ACCOUNT, USING API KEYS ISSUED TO THAT BUSINESS.

THE OWNER IS FULLY AND SOLELY RESPONSIBLE FOR ALL ACTIONS, OMISSIONS, AND CONDUCT OF EVERY AGENT ACTING UNDER THEIR ACCOUNT. THIS INCLUDES BUT IS NOT LIMITED TO: ALL VERIFICATIONS CREATED; ALL POSTCARDS DISPATCHED; ALL CHARGES INCURRED; ALL EVIDENCE REQUIREMENTS DEFINED; ALL RECIPIENT INSTRUCTIONS; ALL FOLLOW-ON TASKS; ALL LIVE-POLICY CHANGES; ALL REVIEW DECISIONS; AND ALL DOWNSTREAM ACTIONS THAT YOUR SYSTEMS TAKE BASED ON ADDRESS.BOT-SOURCED EVIDENCE.

The Company does not monitor, supervise, or control Agent behavior. Owners must implement their own monitoring, spending limits, and approval workflows for autonomous Agents. Live spend controls (first-live approval, per-request cap, monthly live budget) and the Manual Review queue are guardrails available to you — they do not relieve you of responsibility, and the Company has no obligation to enable, configure, or monitor them on your behalf.

6.3 Account Intents

The endpoint POST /api/v1/account-intentslets an Agent or third-party tool initiate a pending signup verification request. Account Intents (a) do not provision a usable Business Account, (b) do not issue any API keys, (c) do not authorize any live spend, (d) do not bind the listed Owner email to the Platform, and (e) may be deleted, expired, refused, or rate-limited at the Company's discretion. The Owner or authorized representative must complete the secure signup flow at /signup, accept these Terms, and complete first-run setup before any sandbox or live key becomes usable.

6.4 API Keys, Webhook Secrets, and Credentials

The Platform issues several classes of credentials, including (i) sandbox API keys (sk_test_*), (ii) live API keys (sk_live_*), (iii) webhook signing secrets, and (iv) Owner session cookies for the dashboard. The secret portion of each API key is shown to you only once, at creation; the Company stores only a salted hash and cannot recover the original secret if it is lost.

YOU ARE FULLY AND SOLELY RESPONSIBLE FOR THE SECURITY OF EVERY CREDENTIAL ISSUED TO YOU OR YOUR AGENT, INCLUDING WITHOUT LIMITATION HOW THOSE CREDENTIALS ARE TRANSMITTED, STORED, EMBEDDED IN AGENT FRAMEWORKS, ROTATED, REVOKED, AND LOGGED. ANY ACTION TAKEN ON THE PLATFORM USING A VALID CREDENTIAL ASSIGNED TO YOU IS DEEMED AUTHORIZED BY YOU AND BILLABLE TO YOUR ACCOUNT, WHETHER OR NOT YOU ACTUALLY AUTHORIZED IT, UNTIL YOU HAVE NOTIFIED THE COMPANY IN WRITING OF SUSPECTED COMPROMISE AND THE COMPANY HAS COMPLETED REVOCATION.

Without limiting the foregoing, you agree to: (a) treat every API key and webhook signing secret as a high-sensitivity production secret; (b) never embed credentials in source code, public repositories, public agent profiles, marketing materials, screenshots, screen recordings, or third-party prompts; (c) prefer sandbox keys for all integration testing; (d) implement appropriate live-policy controls (first-live approval, per-request cap, monthly budget) before granting an Agent the ability to create live Verifications; (e) immediately revoke any credential you suspect has been disclosed, copied, intercepted, leaked through prompt injection, or misused; and (f) cooperate with the Company's investigation of any suspected credential incident.

The Company has no obligation to detect compromised credentials on your behalf, and the Company shall not be liable for any charges, postcards mailed, evidence collected, or other actions taken using a credential that was valid at the time of use, regardless of how the credential came into the hands of the actor that used it.

6.5 Mode Separation (Sandbox vs Live)

Sandbox keys (sk_test_*) and live keys (sk_live_*) are intentionally segregated. Sandbox requests do not enter live print fulfillment unless explicitly simulated. Live requests require a saved preflight, billing readiness, satisfied Live Policy, and resolution of any Manual Review block. You must not use live keys for testing, exploration, agent-prompt fuzzing, or any other use case that does not warrant real postcards being printed and mailed.

7.1 Postcard Production and Tender to Carrier

For each live Verification, the Company arranges, through its production workflow, for a postcard bearing the QR Token URL and the printed short Code to be generated, printed, and tendered to the United States Postal Service (or, where the Company designates, another carrier). The Company currently performs print and fulfillment internally and reserves the right to introduce third-party print-and-mail providers (such as Lob, PostGrid, or Click2Mail) at any time. The Company makes no guarantee that any particular provider, carrier, postage class, transit time, or delivery outcome will be available or will succeed for any particular Verification.

7.2 Carrier Custody Transfer — Risk Allocation

ONCE A POSTCARD HAS BEEN TENDERED TO THE CARRIER, THE PIECE LEAVES THE COMPANY'S CUSTODY AND BECOMES SUBJECT EXCLUSIVELY TO THE CARRIER'S TERMS, TARIFFS, AND HANDLING. THE COMPANY IS NOT THE CARRIER, IS NOT A POSTAL OPERATOR, AND DOES NOT GUARANTEE DELIVERY, DELIVERY TIME, IN-TRANSIT INTEGRITY, OR ANY OUTCOME WHATSOEVER FOR ANY POSTCARD AFTER TENDER.

The Company is not liable for, and you accept the risk of: (a) any delay, non-delivery, mis-delivery, partial delivery, return-to- sender, opened-in-transit, damaged, destroyed, or lost postcard once tendered; (b) any failure of the carrier to scan or deliver on any particular schedule; (c) any address-correction surcharge or postal adjustment; (d) any holiday, weather, labor-action, force-majeure, or operational delay; (e) any consequence of the carrier's loss or destruction of the postcard for any reason; (f) any tampering, vandalism, theft, or interference with the postcard at or near the destination address; and (g) any failure of the Recipient to retrieve, open, scan, read, or respond to the postcard.

7.3 No Guaranteed Recipient Response

THE COMPANY DOES NOT GUARANTEE THAT ANY RECIPIENT WILL SCAN THE POSTCARD, ENTER THE PRINTED CODE, COMPLETE ANY EVIDENCE REQUIREMENT, RESPOND ON ANY PARTICULAR TIMELINE, OR RESPOND AT ALL. THE PHYSICAL-WORLD EVIDENCE CHANNEL DEPENDS ON A NON-ACCOUNT HUMAN AT THE TARGET ADDRESS CHOOSING TO COOPERATE, AND THE COMPANY HAS NO CONTROL OVER THAT CHOICE.

You are solely responsible for setting realistic expectations with your downstream systems, customers, regulators, and counterparties about response rates, response timing, and response quality. The Company shall have no liability for any consequence of recipient non-response, partial response, late response, or response that does not satisfy your downstream criteria.

7.4 Recipient Anonymity and Identity

Recipients do not create address.bot accounts. Recipient access is scoped to a single Token and printed Code. The Company does not verify, and makes no representation about, the identity of the Recipient, the Recipient's relationship to the address, the Recipient's authority to be at the address, the Recipient's authority to release information about the address, the Recipient's age, or the Recipient's identity-document status. Possession of the postcard is the only qualifying signal, and possession is not proof of identity, occupancy, ownership, tenancy, or any other legal status.

7.5 Address Accuracy

You are solely responsible for the accuracy, completeness, and lawfulness of every recipient address you submit. The Company may offer optional address normalization, validation, and warnings during preflight, but performs no exhaustive verification, no occupancy check, and no permission check. Misaddressed, non-existent, or otherwise invalid addresses may result in return-to-sender, undeliverable status, or delivery to an unintended Recipient, all at your sole risk.

7.6 Status Transitions

Verifications progress through fulfillment status transitions including but not limited to requested, queued_for_print, printed, mailed, delivered, and undeliverable. The recipient evidence flow tracks submission status including not_started, in_progress, submitted, accepted, and rejected. These statuses are operational signals based on internal events and, where applicable, third-party provider data. They are not guarantees of any underlying physical event and may lag, be revised, or be corrected as additional information becomes available.

7.7 Postcard Tampering, Theft, and Misuse at the Address

The Company is not liable for any tampering, theft, vandalism, interception, or misuse of a postcard at or near the destination address, including without limitation interception by mail thieves, neighbors, co-tenants, building staff, prior occupants, unintended recipients, or any other person other than your intended Recipient. The Company is not liable for the consequences of an unintended person scanning the QR, entering the printed Code, or submitting Evidence through the recipient flow. You are responsible for designing your downstream workflows to tolerate this risk.

8.1 Prohibited Uses

You may not use the Platform to:

• Send postcards to addresses you have no lawful basis to target, including addresses obtained through illegal data sources, doxxing, scraping protected lists, or breaches of confidentiality
• Stalk, harass, intimidate, surveil, defame, defraud, blackmail, extort, or threaten any person at any address
• Send postcards to addresses associated with shelters, safe houses, victims of domestic violence, recipients of address-confidentiality programs, or any address whose disclosure or targeting is prohibited by law
• Send postcards intended to deceive the Recipient into believing the postcard, the QR flow, the request, or the address.bot brand is operated by, endorsed by, or affiliated with a government agency, court, attorney, healthcare provider, financial institution, or other regulated entity
• Send postcards designed to coerce, trick, pressure, or socially-engineer the Recipient into uploading sensitive personal information (government ID, financial account numbers, health information, biometric data, login credentials) that the Recipient is not legally required to provide
• Use the Platform to perform regulated background checks, consumer reports, tenant screening, or employment screening covered by the FCRA or any equivalent law without complying in full with that law's permissible-purpose, disclosure, and consent requirements (such use is solely your responsibility)
• Conduct election-related, political-pressure, or voter-targeting campaigns in violation of applicable federal, state, or local election law
• Facilitate any unlawful activity, including fraud, money laundering, drug trafficking, weapons trafficking, terrorism, child exploitation, or human trafficking
• Evade law enforcement, sanctions, embargoes, or export controls
• Misrepresent the identity of any Owner, Agent, sender, or business
• Interfere with the Platform's operations, abuse rate limits, attempt to enumerate Tokens or Codes, brute-force the recipient flow, or otherwise undermine recipient anonymity or platform integrity
• Reverse engineer, decompile, or disassemble any non-public part of the Platform, except as expressly permitted by applicable law
• Republish, resell, sublicense, or otherwise commercially redistribute the Platform, the API, the recipient flow, or any Evidence except as expressly permitted
• Use the Platform to collect, store, train models on, or otherwise process biometric identifiers in violation of any applicable biometric-information privacy law

8.2 Recipient Safety Copy and Consent

You are responsible for ensuring that your recipient instructions and recipient messages are honest, non-coercive, non-deceptive, and clearly identify the Owner business. The Platform may render standard safety, abuse-reporting, and consent copy on the recipient page; you may not remove, contradict, or undermine that copy.

8.3 Right to Inspect, Quarantine, or Refuse

The Company reserves the right, but not the obligation, to inspect, hold, refuse, quarantine, or destroy any Verification, postcard, recipient submission, or piece of Evidence if the Company has reasonable suspicion of a violation of this Section, of these Terms generally, of any Acceptable Use Policy in force, or of applicable law; if a Verification or its Evidence appears to present a safety risk; or if required by law enforcement or pursuant to a lawful order.

8.4 Consequences of Violation

Violation of this Section may result in: immediate Verification cancellation; immediate account suspension or termination without refund; deletion of Evidence and Verification records (subject to preservation obligations); reporting to law enforcement (see Section 9); and permanent ban from the Platform.

THE COMPANY MAY COOPERATE WITH LAW ENFORCEMENT AGENCIES, REGULATORY BODIES, CARRIERS, PAYMENT PROCESSORS, AND OTHER APPROPRIATE PARTIES, AND MAY REPORT SUSPECTED ILLEGAL, ABUSIVE, FRAUDULENT, OR DANGEROUS ACTIVITY, AS REQUIRED OR PERMITTED BY APPLICABLE LAW. NOTHING IN THIS SECTION CREATES AN AFFIRMATIVE OBLIGATION TO MONITOR, INVESTIGATE, OR REPORT, AND THE COMPANY DOES NOT WARRANT THAT ANY PARTICULAR ACTIVITY WILL BE DETECTED OR REPORTED.

9.1 Permissive Reporting

The Company may, in its good-faith judgment and without prior notice to you, report to an appropriate law-enforcement agency, regulator, prosecutor, carrier, payment processor, or other party any activity that the Company suspects to involve any of the following: (a) fraud, identity theft, payment-card abuse, money laundering, terrorism financing, or sanctions evasion; (b) hacking, credential theft, unauthorized access, denial-of-service, prompt-injection, scraping, or other computer-misuse offenses against the Platform or its users; (c) use of the Platform to stalk, harass, defraud, intimidate, extort, or otherwise harm a Recipient or any other person; (d) impersonation of a government agency, court, attorney, healthcare provider, or financial institution; (e) trafficking, child exploitation, non-consensual intimate imagery, or other content whose creation or transmission is criminally prohibited; (f) sanctions, OFAC, or watchlist matches; (g) attempts to evade verification, misuse another person's identity, or hijack a Recipient's identity; or (h) any other conduct that the Company, in its sole judgment, deems necessary or appropriate to report.

9.2 Law Enforcement Requests

The Company will comply with valid subpoenas, court orders, search warrants, and other lawful legal process. In response, the Company may produce records in its possession including Owner verification records, business profile, account intents, API access logs, webhook delivery logs, Verification metadata, recipient evidence and uploaded media, billing events, and other responsive information. The Company reserves the right to challenge or seek narrowing of any process it believes to be overbroad, defective, or otherwise improper before producing records.

9.3 No Obligation to Notify

The Company is NOT obligated to notify Owners or Recipients of law-enforcement requests, investigations, or reporting unless required by law. In many cases, the Company is prohibited from providing such notification. You waive any right to advance notice of law-enforcement cooperation to the extent permitted by law.

9.4 Preservation Requests

The Company will honor lawful preservation requests from law enforcement and will preserve relevant records for the period specified, or for one hundred eighty (180) days if no period is specified.

9A.1 Service Description

The postcard service produces a single-piece mailing per live Verification, bearing (a) the QR Token URL pointing to /v/[token], (b) a printed short Code that is required for recipient confirmation in some flows, (c) the Owner's business name, (d) recipient-facing instructions you provide (subject to length and rendering limits), and (e) standard safety and disclaimer copy. Rendering, paper stock, ink, postage class, and other production parameters are determined by the Company and may change without notice.

9A.2 Tracking and Status Information

Where the selected service class includes carrier-side tracking, the Company may surface carrier-provided tracking events through the dashboard, REST API, and webhooks on a best-effort basis. Tracking data is generated by the carrier, not by the Company. The Company does not warrant that tracking events will be timely, complete, accurate, or available, and the Company shall not be liable for any decision you or your Agent make in reliance on a tracking event (or the absence of one).

9A.3 No Guaranteed Mailing or Delivery Deadlines

THE COMPANY DOES NOT GUARANTEE ANY DEADLINE, DUE DATE, OR SERVICE-LEVEL FOR THE PRINTING, DISPATCH, OR DELIVERY OF ANY POSTCARD. PUBLISHED PROCESSING TIMES, SAME-DAY-CUTOFF WINDOWS, CARRIER TRANSIT-TIME ESTIMATES, AND PUBLIC-BETA TARGETS ARE COMMERCIALLY REASONABLE TARGETS, NOT BINDING SERVICE-LEVEL COMMITMENTS. THE COMPANY WILL USE COMMERCIALLY REASONABLE EFFORTS TO PRODUCE AND TENDER YOUR POSTCARD PROMPTLY, BUT SHALL HAVE NO LIABILITY OF ANY KIND IF A POSTCARD IS PRINTED, DISPATCHED, OR DELIVERED LATER THAN YOU EXPECTED, REGARDLESS OF THE LEGAL, FINANCIAL, OR PERSONAL CONSEQUENCES OF THAT DELAY TO YOU.

You acknowledge that postal mail is inherently subject to lead time, queueing, batching, weather, holidays, carrier capacity, and human handling. If you have a hard deadline that depends on a recipient response (court filing, regulatory submission, contract option, claim deadline, election deadline, etc.), you must build your own buffer, use a higher-tier service class where available, or arrange direct delivery through a different vendor. Use of the Platform for time-sensitive verifications is at your sole risk. The Company expressly disclaims any role as your “deadline backstop” and shall not be liable for missed deadlines under any theory.

9A.4 Customer Responsibility for Instructions and Recipient Data

You are solely responsible for the accuracy, completeness, and lawfulness of every recipient address, business name, recipient instruction, recipient message, evidence requirement, follow-on task instruction, and metadata you submit. The Company does not review, edit, fact-check, redact, legally-vet, or compliance-screen your inputs. You represent and warrant that each Verification you submit (i) is being sent for a lawful purpose; (ii) does not violate any law, court order, regulatory rule, or third-party right; (iii) does not contain content prohibited by Section 8; (iv) does not impersonate any government agency, court, financial institution, healthcare provider, attorney, or other regulated entity in a manner reasonably likely to deceive the Recipient; and (v) is suitable for the request type and evidence requirements you have selected.

9A.5 Customer License to the Company

You grant the Company and its service providers, fulfillment partners, print and mail partners, postage vendors, carriers, cloud and storage providers, payment processors, and other processors a worldwide, non-exclusive, royalty-free, sublicensable (solely to such service providers and partners) license to host, copy, transmit, render, format, print, address, label, photograph, audit, log, retain, and otherwise process the recipient addresses, instructions, recipient messages, evidence requirements, follow- on task inputs, metadata, and related content you submit through the Platform, solely as necessary to provide, secure, support, bill, audit, troubleshoot, and improve the Service for you. This license terminates when the Company no longer needs the content to provide or support the Service or comply with its retention obligations under Section 16.5, whichever is later.

9A.6 Customer Responsibility for Agent and Tool Use

IF YOU GRANT AN AI AGENT, AGENT FRAMEWORK (E.G., LANGCHAIN, CREWAI, LLAMAINDEX, VERCEL AI SDK, OPENAI AGENTS SDK, OR ANY OTHER), MCP CLIENT, A2A PEER, OPENCLAW INTEGRATION, OR ANY OTHER TOOL THE ABILITY TO CALL THE ADDRESS.BOT API ON YOUR BEHALF, EVERY VERIFICATION AND POSTCARD THAT TOOL CAUSES TO BE PRODUCED AND DISPATCHED IS DEEMED AUTHORIZED BY YOU AND BILLABLE TO YOU. YOU USE ALL AGENTIC AND PROGRAMMATIC INTERFACES — INCLUDING THE REST API, OPENAPI, MCP/AGENT ADAPTERS, OPENCLAW DESCRIPTORS, WEBHOOKS, AND ANY THIRD-PARTY TOOL OR FRAMEWORK INTEGRATION — AT YOUR OWN RISK.

The Platform provides preflight pricing, sandbox keys, Idempotency-Key support, first-live owner approval, per-request cap, monthly live budget, manual review queue, and dry-run paths as guardrails you may use to constrain Agent behavior. The Company strongly recommends that you enable these guardrails before granting any autonomous tool live-create capabilities. The Company has no duty to enable, configure, or monitor these guardrails on your behalf, and shall have no liability for the consequences of Agent behavior that you have not adequately constrained.

9A.7 Customer-Built Software, Scripts, and Internal Tools

YOUR RESPONSIBILITY UNDER SECTION 9A.6 EXTENDS IN EQUAL MEASURE TO YOUR OWN INTERNAL OR PROPRIETARY SOFTWARE, SCRIPTS, APPLICATIONS, AUTOMATIONS, CRON JOBS, SERVERLESS FUNCTIONS, BACKGROUND WORKERS, CUSTOM-BUILT AGENTS, MODEL ORCHESTRATION CODE, RAG PIPELINES, OR ANY OTHER SOFTWARE YOU OR YOUR PERSONNEL AUTHOR, OPERATE, OR DEPLOY THAT INTERACTS WITH THE PLATFORM UNDER YOUR CREDENTIALS — WHETHER THAT SOFTWARE INCORPORATES A LARGE LANGUAGE MODEL OR NOT.

The Company has no visibility into, and accepts no responsibility for, the design, architecture, security, testing, deployment, monitoring, or runtime behavior of your software. Without limiting the generality of the foregoing, the Company shall have no liability for: (a) any defect, bug, regression, race condition, infinite loop, runaway retry, mis-paginated batch, mis-mapped CSV, mis-templated address, or other malfunction in your software that causes unintended API calls, unintended Verifications, unintended postcards, unintended charges, or unintended disclosure of recipient data; (b) any compromise, breach, exfiltration, or unauthorized use of your credentials, secrets, environment variables, or service accounts that occurs outside the Platform's control plane; (c) any harm caused by an LLM or model you operate, including hallucinations, jailbreaks, prompt- injection cascades, tool-use mistakes, or autonomous decisions that produce unintended Platform activity; (d) any failure of your software to honor preflight, first-live approval, per-request cap, monthly budget, manual review, or other guardrails the Platform exposes; (e) any failure of your software to consume webhooks, ingest API responses, retry idempotently, or reconcile state with the Platform; or (f) any third-party harm or claim arising from a Verification your software caused to be created. Every Verification, postcard, charge, and API call originating from your software is deemed authorized by you and billable to you on the same terms as if you had executed the call yourself.

9A.8 Customer Responsibility for Tracking and Reconciliation

If your business workflow requires confirmation of dispatch, delivery, recipient response, or downstream evidence ingestion, you are responsible for monitoring the events the Platform surfaces (via webhook, REST, dashboard) and for reconciling those events with your downstream system of record. The Company does not push redundant notifications, generate compliance reports, file delivery affidavits, monitor for missed responses, or escalate stalled requests on your behalf. If your Agent fails to consume a webhook, your CRM fails to ingest a status update, or your downstream automation fails for any reason, the Company shall have no liability for the missed reconciliation.

9B.1 Not a Tax, Accounting, Legal, Healthcare, FCRA, or Government-Compliance Provider

ADDRESS.BOT IS A PHYSICAL-ADDRESS EVIDENCE CHANNEL. IT IS NOT A LAW FIRM, NOT AN ACCOUNTING FIRM, NOT A TAX PREPARER, NOT A REGISTERED AGENT SERVICE, NOT A PROCESS SERVER, NOT A NOTARY, NOT A HEALTHCARE PROVIDER, NOT A HIPAA COVERED ENTITY OR BUSINESS ASSOCIATE, NOT A FINANCIAL INSTITUTION, NOT A CONSUMER REPORTING AGENCY UNDER THE FCRA, NOT A TENANT-SCREENING SERVICE, NOT AN EMPLOYMENT-SCREENING SERVICE, NOT A REGULATED COMMUNICATIONS CARRIER, NOT A GOVERNMENT AGENCY, AND NOT AN INSTRUMENTALITY OF ANY GOVERNMENT.

The Platform does not provide, and nothing on the Platform constitutes: legal advice; tax advice; accounting advice; healthcare advice; financial planning, investment, or fiduciary advice; immigration advice; benefits administration; consumer reports; tenant or employment screening; KYC/AML services for your business; OFAC sanctions screening of your Recipients; corporate registered-agent services; service of process; certified-copy services; apostille services; or any other regulated professional service.

9B.2 No HIPAA, GLBA, PCI-DSS, FERPA, ITAR, or Other Regulatory Coverage

The Company is not a HIPAA covered entity or business associate, has not entered into and will not enter into a HIPAA Business Associate Agreement with any Owner, and is not configured for the handling of Protected Health Information (PHI). The Company is not a Gramm-Leach-Bliley Act (GLBA) financial institution. The Company is not PCI-DSS-certified for any data you submit (payment processing is handled by Stripe, which is PCI-DSS Level 1 certified, but recipient instructions, evidence, and other content you submit are not handled under PCI-DSS controls). The Company is not FERPA-compliant. The Company does not handle ITAR-controlled technical data. The Company does not provide SOC 2 Type I or Type II attestation reports for its own operations.

If the contents of any recipient instruction, evidence requirement, follow-on task, or recipient submission are subject to HIPAA, GLBA, PCI-DSS, FCRA, FERPA, ITAR, GDPR, the EU AI Act, state biometric-information privacy law, state privacy laws, or any other regulatory framework that imposes specific data- handling, retention, or security obligations, you are solely responsible for determining whether the Platform's capabilities and security posture satisfy those obligations before you create the Verification. The Company expressly disclaims responsibility for, and you indemnify the Company against, any regulatory enforcement action, agency penalty, civil fine, audit finding, breach-notification cost, or third- party claim arising out of or related to your use of the Platform to handle content subject to any such framework.

9B.3 No Responsibility for Your Deadlines, Filings, or Business Outcomes

You are solely responsible for: identifying, calendaring, and meeting any legal, regulatory, contractual, financial, governmental, court, tax, election, claim, or business deadline that depends on the timely production, dispatch, delivery, or recipient response of a Verification; building appropriate buffer into your workflow; and arranging fallback verification (e.g., field visit, in-person inspection, alternative verification vendor) where the consequence of a missed deadline is material. The Company makes no guarantee of timing and accepts no liability for missed deadlines, lost causes of action, foreclosed contractual rights, statutory penalties, late-filing fees, default judgments, missed elections, or any other consequence of late or non-response.

9B.4 Use At Your Own Risk — All Tools and Interfaces

THE PLATFORM, INCLUDING ITS REST API, OPENAPI SURFACE, MCP/AGENT ADAPTERS, OPENCLAW DESCRIPTORS, WEBHOOK SYSTEM, OPERATOR DASHBOARD, RECIPIENT PAGES, AGENT FRAMEWORKS, AND ALL OTHER TOOLS, IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. YOU AND ANY AGENT, FRAMEWORK, OR THIRD- PARTY TOOL ACTING ON YOUR BEHALF USE THE PLATFORM AT YOUR SOLE RISK. THE COMPANY DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES (SEE SECTION 13) AND BEARS NO RESPONSIBILITY FOR HOW YOU OR YOUR AGENT INTEGRATE, DEPLOY, OR OPERATE ANY TOOL.

10.1 Public-Beta Pricing

The Platform is currently offered as a public beta. Pricing for postcard production, postage, evidence storage, and other line-items is published on the Platform's website and surfaced in preflight responses. The Company may modify per-piece pricing with thirty (30) days' notice; pre-existing prepaid balances and any in-flight Verification priced before the change are honored at the original rate.

10.2 Sandbox vs Live Billing

Sandbox keys (sk_test_*) compute the same estimates as live but do not result in real charges or live print fulfillment unless explicitly simulated. Live keys (sk_live_*) result in real spend through the account's configured billing mode (currently: manual_invoice, credits, or, where Stripe is configured and ready, auto_charge). Live creation enforces preflight confirmation, billing readiness, the account's Live Policy posture, and any Manual Review block before postcards enter the print queue.

10.3 Live Policy Controls

Owners control live spend through (a) first-live approval, (b) per-request cap, (c) monthly live budget, and (d) the Manual Review queue. These controls are exposed to Agents and operator backends via /api/v1/billing/live-policy, /api/v1/billing/live-approval, /api/v1/review-requests, and the dashboard. Configuring, monitoring, and updating these controls is your responsibility.

10.4 Payment Method

Owners must maintain a valid payment configuration appropriate to their billing mode. Where Stripe is in use, debit and credit cards issued by a financial institution are accepted; prepaid cards, gift cards, virtual cards not linked to a bank account, and other anonymous or non-reloadable funding sources may be rejected. By providing a payment method, you authorize the Company to charge your payment method for all fees incurred under your account. Failed payments may result in immediate service suspension.

10.5 Late Payments

Payments not received by the due date are subject to a late fee of 1.5% per month (18% per annum) or the maximum rate permitted by law, whichever is less. Accounts with payments more than thirty (30) days past due may be suspended or terminated.

10.6 Refund Policy

Subscription and base-platform fees, where applicable, are non- refundable except as required by applicable law. Usage-based fees are non-refundable for services rendered. Postage and printing costs already incurred for live Verifications are non-refundable. If the Company terminates your account for reasons other than a violation of these Terms, you will receive a prorated refund of any prepaid subscription fees for the unused portion of the current billing period.

10.7 Taxes

All fees are exclusive of applicable taxes. You are responsible for all taxes, duties, and levies imposed by any governmental authority with respect to your use of the Platform, except for taxes based on the Company's net income.

11.1 Token-Scoped Anonymous Access

The recipient flow at /v/[token] is the only mechanism by which a Recipient interacts with the Platform. Tokens are high-entropy URL secrets and must not be exposed by the Owner, the Agent, or any tool to anyone other than the intended Recipient. The public API does not expose Tokens, and the Platform may rotate, invalidate, or narrow Tokens as needed for safety, abuse mitigation, or operational reasons.

11.2 No Guarantee of Recipient Privacy from Sender

The Platform discloses to the Recipient the Owner business name and the recipient instructions you supply. You are responsible for ensuring that any disclosure to the Recipient is honest, lawful, and consistent with the Recipient's reasonable expectations. The Platform does not anonymize the sender from the Recipient.

11.3 No Enumeration, Brute-Force, or Misuse

You may not, and you must instruct your Agents not to, enumerate Tokens or printed Codes, brute-force the recipient flow, scrape recipient pages, attempt to deanonymize Recipients, or otherwise undermine recipient anonymity or platform integrity. Such activity will trigger immediate suspension and may be reported to law enforcement.

12.1 AI-Assisted Operations

The Platform may use artificial-intelligence technologies, including large language models, computer vision, and automated workflows, in the provision of services. AI systems may be used for: address normalization, evidence classification, anomaly detection, manual-review heuristics, OCR/field extraction, recipient-page rendering, support, and security monitoring.

12.2 Human-in-the-Loop

The Company employs human oversight for critical operations, including risky-Verification review, suspicious-activity assessment, and law-enforcement reporting decisions. However, human oversight does not guarantee detection of all errors, anomalies, or prohibited content.

12.3 AI Limitations

You acknowledge that AI-generated information may contain inaccuracies or errors, that automated heuristics may mis-flag or fail to flag risky requests, that automated address normalization may be incorrect, and that the Company is not liable for errors attributable to AI processing.

12.4 Autonomous Agent Risk Acknowledgment

address.bot enables AI agents that can preflight, create live Verifications, resolve reviews, update Live Policy, and consume recipient evidence. Owners who configure Agents to operate autonomously acknowledge that they bear full responsibility for all actions taken by such Agents. The Company is not liable for Verifications created, postcards mailed, evidence requested, follow-on tasks issued, or downstream actions gated by an Agent operating autonomously, even if the Agent's behavior is unintended, erroneous, or the result of a security compromise of the Agent's credentials.

12.5 Agentic Protocol and Third-Party Integration Risks

THE PLATFORM INTEGRATES WITH AND SUPPORTS EMERGING AGENTIC AI PROTOCOLS AND FRAMEWORKS, INCLUDING BUT NOT LIMITED TO MCP (MODEL CONTEXT PROTOCOL), A2A (AGENT-TO-AGENT PROTOCOL), OPENCLAW, HERMES, AND OTHER THIRD-PARTY AGENT COMMUNICATION STANDARDS. THESE PROTOCOLS ARE NASCENT, RAPIDLY EVOLVING, AND DEVELOPED BY INDEPENDENT THIRD-PARTY OPEN-SOURCE COMMUNITIES. THE COMPANY DOES NOT DEVELOP, MAINTAIN, AUDIT, OR CONTROL THESE PROTOCOLS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THEIR SECURITY, RELIABILITY, OR FITNESS FOR ANY PURPOSE.

By using the Platform's agentic-protocol surfaces, you accept the same emerging-technology, prompt-injection, credential-exposure, data-leakage, autonomous-decision, and open-source-protocol risks that you would accept when integrating any other agentic API. The Company shall not be liable for loss arising from those risks.

12.6 Contractors, Employees, and Personnel Disclaimer

The Company engages independent contractors, service providers, and personnel in the operation of the Platform, including software developers, fulfillment staff, security consultants, and support staff. The Company is not liable for the individual acts, omissions, errors, negligence, or misconduct of any contractor, employee, or service provider, except to the extent required by applicable law.

13.1 Limited Warranty

The Company warrants that it will perform services in a professional and workmanlike manner consistent with general industry standards. This limited warranty is expressly in lieu of all other warranties, express or implied.

13.2 Comprehensive Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. THE COMPANY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

The Company does not warrant that: the Platform will be uninterrupted, error-free, or secure; that postcards will be printed, mailed, or delivered on any schedule or at all; that recipients will respond, submit Evidence, or submit Evidence of any particular quality; that webhooks will be delivered successfully or in real time; or that AI-generated data (including manual-review heuristics and address normalization) will be accurate or complete.

13.3 Third-Party Infrastructure and Service Provider Disclaimer

THE PLATFORM IS BUILT ON AND DEPENDS UPON THIRD-PARTY INFRASTRUCTURE PROVIDERS, CLOUD SERVICES, AND SOFTWARE-AS-A- SERVICE PLATFORMS THAT ARE INDEPENDENTLY OWNED, OPERATED, AND SECURED BY THEIR RESPECTIVE PROVIDERS. THE COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE SECURITY, AVAILABILITY, RELIABILITY, OR DATA HANDLING PRACTICES OF ANY THIRD-PARTY PROVIDER.

The Platform relies on third-party infrastructure including, but not limited to: Vercel for hosting; Supabase for Postgres, authentication, and Storage; Stripe for payment processing and (where enabled) hosted billing portal; the United States Postal Service and (where designated) other carriers for mail delivery; Resend or equivalent for transactional email; analytics and error-reporting providers; and AI/inference providers used in specific features. A security incident, breach, outage, data loss, supply-chain compromise, or unauthorized access at any third-party provider could affect the Platform and your data, even if the Company has implemented commercially reasonable security on its own systems.

13.4 No Warranty on Recipient Evidence

The Company makes no warranty or representation regarding the authenticity, accuracy, completeness, quality, or fitness-for-purpose of any Recipient-submitted Evidence. The Company does not verify that the Recipient is at the target address, that uploaded photos depict the intended subject, that videos are unedited, that signatures are genuine, or that codes were entered by the intended Recipient. You are solely responsible for evaluating Evidence and for the consequences of any downstream action you take in reliance on it.

14.1 Maximum Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE COMPANY SHALL NOT BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, BUSINESS INTERRUPTION, OR OTHER INTANGIBLE LOSSES, ARISING FROM OR RELATED TO YOUR USE OF THE PLATFORM.

14.2 Liability Cap

SUBJECT TO SECTION 14.2.1, THE COMPANY'S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING FROM OR RELATED TO THESE TERMS, THE PLATFORM, ANY VERIFICATION, ANY POSTCARD, ANY API KEY, ANY WEBHOOK, ANY RECIPIENT EVIDENCE, OR THE SERVICES SHALL NOT EXCEED THE GREATER OF (A) THE TOTAL FEES PAID BY YOU TO THE COMPANY IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) FIVE HUNDRED DOLLARS ($500). THIS CAP APPLIES IN THE AGGREGATE TO ALL CLAIMS, ACROSS ALL THEORIES OF LIABILITY, AND IS NOT MULTIPLIED BY THE NUMBER OF VERIFICATIONS, POSTCARDS, RECIPIENTS, EVIDENCE FILES, API CALLS, AGENTS, KEYS, OR INCIDENTS INVOLVED.

14.2.1 No Per-Verification Liability Beyond Fees

Without limiting Section 14.2, the Company's liability for any individual Verification — including any allegation of late dispatch, late delivery, non-delivery, mis-delivery, return-to- sender, recipient non-response, low-quality evidence, missed deadline, missed downstream action, or consequential harm to your business or counterparty relationship — shall not exceed the actual fees you paid for that specific Verification (i.e., postcard production plus postage plus any evidence-storage or processing surcharges actually charged). The Company shall have no liability for any indirect, special, incidental, consequential, exemplary, or punitive damages arising from any Verification, including without limitation lost profits, lost contracts, missed deadlines, default judgments, statutory penalties, late fees, foreclosed legal rights, missed elections, business interruption, or harm to reputation, regardless of the theory of liability.

14.3 Specific Exclusions

The Company is specifically not liable for: loss, damage, tampering, theft, or destruction of postcards in transit or at the destination address; carrier delays, losses, or damages during transit; recipient non-response, recipient identity issues, recipient impersonation, or recipient misuse of the printed Code or Token; the contents, authenticity, or quality of any Recipient-submitted Evidence; actions taken by Owners, Agents, or third parties in reliance on Verification state; government or regulatory actions affecting Owners, Recipients, or addresses; or actions taken in cooperation with law enforcement.

14.4 Agentic Protocol and Security Liability Exclusion

THE COMPANY SHALL NOT BE LIABLE FOR ANY LOSS, DAMAGE, DATA BREACH, UNAUTHORIZED ACCESS, FINANCIAL LOSS, OR OTHER HARM ARISING FROM OR RELATED TO: (A) SECURITY VULNERABILITIES, EXPLOITS, OR DEFECTS IN ANY AGENTIC PROTOCOL, INCLUDING MCP, A2A, OPENCLAW, HERMES, OR ANY SUCCESSOR OR ALTERNATIVE PROTOCOL; (B) PROMPT INJECTION, ADVERSARIAL ATTACKS, DATA POISONING, JAILBREAKING, OR OTHER AI-SPECIFIC ATTACK VECTORS TARGETING YOUR AGENT OR THE PLATFORM; (C) UNAUTHORIZED ACCESS TO YOUR ACCOUNT, AGENT, KEYS, OR DATA RESULTING FROM VULNERABILITIES IN THIRD-PARTY PROTOCOLS, LIBRARIES, OR INTEGRATIONS; (D) DATA LEAKAGE, CREDENTIAL EXPOSURE, OR INFORMATION DISCLOSURE THROUGH AGENTIC COMMUNICATION CHANNELS, WEBHOOK PAYLOADS, OR PROTOCOL RESPONSES; (E) THE ACTIONS, ERRORS, OR SECURITY FAILURES OF ANY THIRD-PARTY AGENT, SERVICE, OR ENDPOINT THAT YOUR AGENT COMMUNICATES WITH; (F) SECURITY VULNERABILITIES IN OPEN-SOURCE DEPENDENCIES OR THIRD-PARTY SOFTWARE INCORPORATED INTO THE PLATFORM; (G) THE ACTS, OMISSIONS, ERRORS, NEGLIGENCE, OR MISCONDUCT OF ANY CONTRACTOR, EMPLOYEE, SERVICE PROVIDER, OR PERSONNEL ASSOCIATED WITH THE PLATFORM; OR (H) ANY UNINTENDED, ERRONEOUS, OR HARMFUL ACTION TAKEN BY AN AI AGENT OPERATING THROUGH THE PLATFORM, WHETHER CAUSED BY SOFTWARE BUGS, MODEL HALLUCINATIONS, ADVERSARIAL MANIPULATION, OR ANY OTHER CAUSE.

14.5 Third-Party Infrastructure Provider Liability Exclusion

THE COMPANY SHALL NOT BE LIABLE FOR ANY LOSS, DAMAGE, DATA BREACH, DATA LOSS, SERVICE INTERRUPTION, UNAUTHORIZED ACCESS, OR OTHER HARM ARISING FROM OR RELATED TO A SECURITY BREACH, DATA LEAK, UNAUTHORIZED ACCESS, OUTAGE, DEGRADATION, DISCONTINUATION, OR OTHER INCIDENT ORIGINATING AT ANY THIRD- PARTY INFRASTRUCTURE PROVIDER (INCLUDING WITHOUT LIMITATION VERCEL, SUPABASE, STRIPE, RESEND, ANY POSTAL OR PARCEL CARRIER, ANY ANALYTICS PROVIDER, ANY AI/INFERENCE PROVIDER, OR ANY DNS OR DOMAIN PROVIDER) USED BY THE COMPANY IN THE OPERATION OF THE PLATFORM, REGARDLESS OF WHETHER THE COMPANY SELECTED, VETTED, OR CONTRACTED WITH THAT PROVIDER.

14.6 Recipient Evidence Liability Exclusion

The Company shall not be liable for any loss, harm, claim, or damage arising from or related to: (a) the contents, authenticity, completeness, or accuracy of any Recipient- submitted Evidence; (b) any disclosure, mishandling, or misuse of sensitive personal information that a Recipient elects to include in uploaded photos, videos, notes, signatures, or files; (c) any reliance you place on Recipient Evidence in any downstream system, decision, payment, or action; (d) the Recipient's identity, authority, or relationship to the target address; or (e) any act of impersonation, fraud, or misrepresentation by the Recipient or by any person who comes into possession of the postcard.

You agree to defend, indemnify, and hold harmless the Company and its affiliates, parents, subsidiaries, members, managers, governors, owners, founders, shareholders, officers, directors, employees, independent contractors, agents, representatives, licensors, service providers, payment processors, fulfillment partners, postage vendors, carriers, cloud and storage providers, successors, and assigns (collectively, the “Indemnitees”) from and against any and all claims, demands, actions, suits, proceedings, damages, losses, liabilities, judgments, settlements, fines, penalties, costs, and expenses of every kind (including without limitation reasonable attorneys' fees, expert fees, and investigative and audit costs) arising from or related to, or alleged to arise from or relate to:

• Your use of, or any access to, the Platform, including its REST API, OpenAPI surface, MCP/agent adapters, OpenClaw descriptors, webhook system, dashboard, and recipient flow
• Any address, recipient instruction, recipient message, evidence requirement, follow-on task, metadata, or other content you (or any agent, framework, MCP client, A2A peer, third-party tool, or person using your credentials) submitted to the Platform
• Any postcard printed, mailed, delivered (or not delivered, or delayed, or returned, or tampered with at the address) through the Platform on your behalf, including all consequential, business, financial, contractual, or personal effects on you, the Recipient, or any third party
• Any Recipient claim, including stalking, harassment, unwanted contact, unauthorized disclosure, deceptive solicitation, FCRA violation, biometric-information privacy violation, state-privacy-law violation, intrusion-upon-seclusion, intentional infliction of emotional distress, defamation, or any other tort or statutory claim
• Any business dealing, contract, transaction, dispute, debt-collection effort, marketing campaign, fundraising solicitation, real-estate offer, legal notice, settlement communication, employment communication, or other private or commercial matter that you used the Platform to communicate or verify
• Any matter involving any government agency, regulatory body, court, taxing authority, election authority, immigration authority, healthcare regulator, or other governmental actor that you used or attempted to use the Platform to facilitate
• Any service, transaction, or relationship between you and any third party that you used the Platform to support
• Any deadline, due date, statute of limitations, contractual option, claim deadline, election deadline, opt-out deadline, or other time-sensitive obligation that you missed or failed to satisfy
• Any consequence to you arising out of your use of the Platform for HIPAA-, GLBA-, PCI-DSS-, FCRA-, FERPA-, ITAR-, GDPR-, biometric-, or otherwise specially-regulated content, where you elected to submit such content despite the Company's express disclaimers in Section 9B.2
• Your violation of these Terms or any Acceptable Use Policy in force
• Your violation of any applicable law, regulation, court order, contractual obligation, or third-party right
• The actions, omissions, decisions, errors, or misconduct of any Agent, agent framework, MCP client, A2A peer, OpenClaw integration, webhook receiver, or other tool or third-party software acting under your account or with your credentials, whether or not you intended such action
• Inaccurate, incomplete, expired, or fraudulent information you provided during registration, verification, agent configuration, account-intent submission, or at any other time
• Any claim that content you submitted infringed, misappropriated, or violated the intellectual-property, privacy, publicity, or other rights of any person or entity
• Any claim by any Recipient, intended recipient, third-party at the address, carrier, postal authority, or other party arising from a postcard you sent or attempted to send
• Any compromise, leak, theft, phishing, prompt-injection, social-engineering, or other unauthorized use of any API key, webhook signing key, session cookie, or other credential issued to you, regardless of how the credential came into the hands of the actor that used it
• Any security breach, data leak, unauthorized access, or data exposure arising from your Agent's use of MCP, A2A, OpenClaw, REST, or any other protocol, framework, third-party tool, or open-source dependency
• Any loss or damage caused by prompt injection, adversarial inputs, model hallucinations, or other AI-specific attack vectors affecting your Agent or its operations on the Platform
• Any claim arising from your Agent's autonomous transmission, exposure, or mishandling of personal data, business data, recipient data, or other sensitive information through agentic communication channels
• Any claim arising from the acts, omissions, errors, or misconduct of your employees, contractors, service providers, or personnel in connection with the Platform
• Any claim against the Company arising from a security breach, data leak, or service failure at a third-party infrastructure provider, where your data was affected as a result of being stored on or transmitted through the Platform in the ordinary course of service
• Any downstream action you, your systems, or any third party take in reliance on Verification state, Evidence, status transitions, or webhooks, including without limitation payment release, claim approval, contract advancement, model acceptance, dispatch, or denial of service

The Company shall have the right, but not the obligation, to assume the exclusive defense and control of any matter subject to indemnification by you, in which case you shall fully cooperate with the Company in asserting any available defenses. You shall not settle any claim without the Company's prior written consent.

16.1 Privacy Snapshot

The Company collects and processes personal data as described in its Privacy Policy at /privacy. By using the Platform, you consent to the collection and processing described therein. In summary: (a) the Company does not sell your personal information; (b) the Company does not share your personal information with any third party for that party's own advertising, marketing, model-training, or data-brokerage purposes; (c) recipient instructions, evidence requirements, and Recipient-submitted Evidence you transmit through the Platform are not used to train AI models, are not licensed to any third party, and are not commercially distributed; and (d) the Company will disclose your information only to its operational service providers (under contractual protections), to law enforcement under valid legal process, or as otherwise required by law.

16.2 Security Measures and Limitations

The Company implements commercially reasonable security measures to protect Owner and Recipient data, including: encryption of data at rest and in transit (TLS in transit, AES- 256 at rest); access controls and authentication; row-level security at the database; service-role isolation for server- only operations; private storage buckets with short-lived signed upload and download URLs for Recipient evidence; HMAC- signed webhooks; security monitoring and logging; and regular review of access patterns.

NO SYSTEM IS COMPLETELY SECURE. THE COMPANY DOES NOT AND CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR DATA. YOUR DATA IS STORED ON AND TRANSMITTED THROUGH THIRD-PARTY INFRASTRUCTURE PROVIDERS THAT THE COMPANY DOES NOT OWN OR OPERATE. A BREACH AT ANY THIRD-PARTY PROVIDER COULD RESULT IN UNAUTHORIZED ACCESS TO, DISCLOSURE OF, OR LOSS OF YOUR DATA, EVEN IF THE COMPANY HAS IMPLEMENTED ALL COMMERCIALLY REASONABLE SECURITY MEASURES ON ITS OWN SYSTEMS.

16.3 Verification Data

Owner-side verification and account data are processed by the Company's third-party providers (currently including Supabase for authentication, Postgres, and Storage; Stripe for payment readiness; and Resend or equivalent for transactional email) and are subject to those providers' privacy policies and data-handling practices.

16.4 Recipient Evidence Data

Recipient-submitted Evidence (photos, videos, files, notes, signatures, code-confirmation events) is stored in private buckets, accessed only via short-lived signed download URLs, and is accessible to (i) the Owner and any Agent acting under the Owner's account, (ii) authorized Company personnel with a legitimate operational need, and (iii) law enforcement pursuant to valid legal process. The Company does not sell, rent, license, or commercially distribute Recipient Evidence, and does not use it to train AI models.

16.5 Data Retention

The Company retains Owner data, Verification records, Evidence, webhook delivery logs, billing events, and activity logs for the duration of the account plus five (5) years, or as required by law. Verification and account-intent records, including identity-related verification results, are retained for a minimum of five (5) years after account closure.

17.1 Company Property

All content, features, functionality, trademarks, service marks, and trade dress of the Platform are the exclusive property of the Company and are protected by applicable intellectual property laws. “address.bot”, the address.bot logo, and related marks are trademarks of Golden Ratio, LLC. Certain technology and workflows are subject to a pending patent application; see /legal/patents(U.S. Provisional Patent Application No. 64/060,913, “Physical-Challenge-Bootstrapped Bidirectional Evidence Channel”).

17.2 License to Use

The Company grants you a limited, non-exclusive, non- transferable, revocable license to access and use the Platform in accordance with these Terms. This license does not include the right to sublicense, resell, or distribute access to the Platform.

17.3 Aggregated Operational Telemetry

What we do not use to train AI. The Company does not use the contents of your recipient instructions, recipient messages, evidence requirements, follow-on tasks, or Recipient-submitted Evidence to train, fine-tune, evaluate, or improve any artificial-intelligence or machine-learning model, whether operated by the Company or by any third party.

What we do use. You grant the Company a perpetual, royalty-free, worldwide license to use aggregated operational telemetry derived from your use of the Platform — for example, latency, error rates, queue depth, request-type mix, conversion-tier outcomes, anonymized product analytics, and similar engineering and reliability metrics — for the purposes of operating, securing, and improving the Service and producing anonymized internal or industry reports that do not identify you or expose Owner or Recipient content. Aggregated telemetry will not include recipient PII, evidence content, or other identifying details about specific Verifications.

18.1 Termination by Owner

You may terminate your account at any time by emailing the support address listed in Section 26 or by following any self-serve cancellation flow available in the dashboard. Upon termination, all sandbox and live API keys are revoked, all in-progress live Verifications that have not entered the print queue are cancelled, and pending Account Intents associated with the email may be deleted.

18.2 Termination by Company

THE COMPANY MAY SUSPEND, RESTRICT, OR TERMINATE YOUR ACCOUNT, API KEYS, MCP TOKENS, WEBHOOK SECRETS, AND OTHER ACCESS TO THE PLATFORM AT ANY TIME TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, INCLUDING FOR RISK, FRAUD, ABUSE, OPERATIONAL, COMPLIANCE, LEGAL, PAYMENT, OR SECURITY REASONS, OR FOR ANY OTHER REASON NOT PROHIBITED BY LAW. EXCEPT WHERE PROHIBITED BY LAW, THE COMPANY'S OBLIGATION ON TERMINATION IS LIMITED TO REFUND OF PRORATED UNUSED PRE-PAID SUBSCRIPTION FEES.

18.3 Effect of Termination

• Credential revocation. All API keys, webhook secrets, and active sessions are revoked at the effective time of cancellation. Subsequent API calls using revoked credentials will be rejected.
• Pending Verifications. Verifications that have not yet entered the print queue at the effective time of cancellation will be cancelled. Verifications in production may, at the Company's option, be (a) completed, dispatched, and charged in full, or (b) cancelled with a partial refund of any cost components not yet incurred. Verifications already tendered to a carrier are non-cancellable and non-refundable; carrier custody and Section 9A.2 risk allocation control.
• Recipient flow. Active recipient pages corresponding to mailed-but-not-yet-completed Verifications may continue to function until the Token expires or the Verification is otherwise closed. Evidence submitted before closure remains subject to the same retention rules.
• Non-refundability. Postage and printing costs already incurred are non-refundable. Subscription fees follow Section 10.6.
• Pre-cancellation liability. You remain liable for all fees, charges, postage, printing, surcharges, and reasonable costs incurred prior to the effective time of cancellation.
• Data retention. Account, Verification, Evidence, audit, and billing data are retained per Section 16.5.
• Account reactivation. Reactivation of a cancelled account, where permitted by the Company, may require re-verification and acceptance of then-current Terms.

18.4 Survival

The following provisions survive termination: Verification Record Retention (Section 5.5); Law Enforcement Cooperation (Section 9); Limitation of Liability (Section 14); Indemnification (Section 15); Data Retention (Section 16.5); Dispute Resolution (Section 20); and Governing Law (Section 21).

The Company shall not be liable for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to: acts of God, natural disasters, pandemics, epidemics; government actions or orders, war, terrorism, civil unrest; strikes, labor disputes; carrier service interruptions; power or internet outages; cyberattacks, ransomware, distributed denial-of-service attacks, data breaches, or other malicious cyber activity targeting the Company or any third-party infrastructure provider; security breaches, outages, data loss, or service failures at any third-party provider; zero-day exploits, novel AI-powered attack vectors, or advanced persistent threats; supply chain compromises, including malicious updates to open-source dependencies; regulatory actions, sanctions, or compliance requirements imposed on the Company or its providers; or any other event beyond the Company's reasonable control.

20.1 Mandatory Arbitration

EXCEPT FOR THE CARVEOUTS IN SECTION 20.5, ANY DISPUTE ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE SHALL BE RESOLVED BY FINAL AND BINDING ARBITRATION ADMINISTERED BY THE AMERICAN ARBITRATION ASSOCIATION (AAA), SEATED IN SALT LAKE CITY, UTAH. YOU AND THE COMPANY EACH WAIVE THE RIGHT TO A JURY TRIAL AND TO PROCEED IN COURT, EXCEPT AS EXPRESSLY PROVIDED BELOW.

Applicable AAA rules. If you are an individual using the Service for personal, family, or household purposes, the arbitration will be administered under the AAA Consumer Arbitration Rules. If you are using the Service in a business, commercial, or developer capacity, the arbitration will be administered under the AAA Commercial Arbitration Rules. The current rules are available at adr.org. The Federal Arbitration Act governs the interpretation and enforcement of this Section.

20.2 Class Action Waiver

BY AGREEING TO ARBITRATION, YOU WAIVE YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT, CLASS-WIDE ARBITRATION, PRIVATE ATTORNEY GENERAL ACTION, OR ANY PROCEEDING IN WHICH SOMEONE ACTS IN A REPRESENTATIVE CAPACITY. ALL CLAIMS MUST BE BROUGHT IN YOUR INDIVIDUAL CAPACITY. IF THIS CLASS-ACTION WAIVER IS HELD UNENFORCEABLE AS TO ANY PARTICULAR CLAIM, THAT CLAIM SHALL BE SEVERED AND PROCEED IN COURT, BUT THE REMAINDER OF SECTION 20 SHALL CONTINUE IN FORCE.

20.3 Pre-Arbitration Resolution

Before initiating arbitration, the party with a dispute must give the other party written notice describing the dispute and the relief sought, sent to the address in Section 26 (for the Company) or your account contact information (for you). The parties shall attempt in good faith to resolve the dispute informally for sixty (60) days before either party may commence arbitration.

20.4 Arbitration Fees

Filing, administrative, and arbitrator fees will be allocated as set forth in the applicable AAA rules. For consumer arbitrations governed by the AAA Consumer Arbitration Rules, the Company will pay the portion of fees designated as the business's responsibility under those rules; you remain responsible only for the consumer filing fee (or such lesser amount as the AAA rules require). Each party otherwise bears its own attorneys' fees and costs unless a statute or court order allocates fees differently.

20.5 Carveouts — Court May Hear Certain Matters

Notwithstanding the arbitration agreement, either party may: (a) bring an individual action in small-claims court in the county of the responding party's residence (or, for a business, principal place of business), so long as the action remains in small-claims court; and (b) seek injunctive or other equitable relief in a court of competent jurisdiction to address actual or threatened infringement, misappropriation, or violation of intellectual-property rights, unauthorized access to or misuse of the Service, credential theft, or breaches of confidentiality, security, or data-protection obligations, pending the appointment of an arbitrator and selection of an arbitral seat. The filing of such an action does not waive the right to compel arbitration of all other claims.

20.6 Opt-Out

You may opt out of this Section 20 (other than the small-claims and injunctive-relief carveouts in Section 20.5, which remain available to both parties) by sending written notice to the Company at the address in Section 26 within thirty (30) days of first accepting these Terms. The notice must include your name, account email, and a clear statement that you opt out of arbitration.

20.7 Statute of Limitations

Any claim must be filed within one (1) year after the cause of action accrued, or it will be permanently barred, except where applicable law prohibits a contractual reduction of the statute of limitations.

20.8 Non-Waiver of Statutory Consumer Rights

Nothing in these Terms or in this Section 20 limits or waives any right or remedy that, under applicable law, may not be limited or waived by contract, including any non-waivable rights under state or federal consumer-protection law.

These Terms shall be governed by and construed in accordance with the laws of the State of Utah, without regard to conflict of law principles. For matters not subject to arbitration, you submit to the exclusive jurisdiction of the courts in Salt Lake County, Utah.

22.1 California Consumer Rights Notice

Pursuant to California Civil Code §1789.3, California residents may contact the Complaint Assistance Unit of the Division of Consumer Services at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210.

22.2 CCPA / CPRA Rights

If the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to you, additional terms apply as set forth in the Privacy Policy at /privacy.

By creating an account, you consent to receive transactional emails and webhook events from the Platform, including without limitation magic-link sign-in messages, account-claim handshakes, security and incident notifications, billing and invoice notices, Verification lifecycle events, manual-review notifications, and product updates relevant to operating your account. The Platform does not send unsolicited marketing email without your explicit opt-in consent. You may opt out of non- essential email at any time by emailing the support address in Section 26; transactional, security, billing, fraud-prevention, and reliability emails are essential to the Service and not subject to opt-out.

The Company reserves the right to modify these Terms at any time. Material changes will be posted at least thirty (30) days before the effective date and communicated via email and/or webhook notification. Continued use of the Platform after the effective date of changes constitutes acceptance. If you do not accept material changes, you may terminate your account within thirty (30) days without penalty.

25.1 Entire Agreement

These Terms, together with the Privacy Policy and any Acceptable Use Policy in force, constitute the entire agreement between you and the Company regarding the Platform.

25.2 Severability

If any provision of these Terms is held invalid, illegal, or unenforceable, the remaining provisions shall be enforced to the fullest extent permitted by law.

25.3 No Waiver

The Company's failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

25.4 Assignment

You may not assign or transfer these Terms without the Company's prior written consent. The Company may freely assign these Terms.

25.5 Electronic Communications

You consent to receive communications from the Company electronically, including via email, webhook, API response, and the Operator Dashboard. You agree that all agreements, notices, disclosures, and other communications provided electronically satisfy any legal requirement that such communications be in writing.

25.6 Relationship of Parties

Nothing in these Terms creates a partnership, joint venture, employment, or agency relationship between you and the Company. The Company is an independent contractor providing platform services.

25.7 Third-Party Beneficiaries

These Terms do not create any third-party beneficiary rights in any individual or entity that is not a party to these Terms, including but not limited to any Recipient.

25.8 Headings

Section headings are for convenience only and do not affect the interpretation of these Terms.

If you have questions regarding these Terms, please contact us at:

Golden Ratio, LLC dba address.bot
3556 S 5600 W, Suite #1-1038
Salt Lake City, UT 84120
Email: support [at] address [dot] bot

By creating an account on address.bot, claiming an Account Intent, or using our services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.