Skip to main content
Legal

Civic Customer Product Specific Terms

Last Modified: February 3, 2026

PLEASE READ THESE TERMS CAREFULLY.

The Civic Customer Product Specific Terms are intended to highlight some of the important things about using our different Services. The Customer Product Specific Terms form part of the Civic Customer Services Agreement and are hereby incorporated therein.

If you are using any of the Services described below, the terms corresponding to those product(s) apply to your use. We periodically update this page, so please check back here for current information.

1. CIVIC NEXUS

1.1 Description

Civic Nexus is a platform that enables Customers to configure and manage access to third-party MCP Servers for use by AI agents. Civic Nexus operates exclusively at the MCP protocol layer and allows for centralized management of API credentials, application permissions, and optional guardrails that restrict or condition AI agent API calls at the MCP protocol layer. Civic Nexus does not control, monitor, or have visibility into AI agent software, AI agent local capabilities (including without limitation file system access, terminal or shell command execution, network scanning, or browser automation), or any AI agent activity that does not pass through the Civic Nexus MCP gateway.

1.2 Service Boundaries

CIVIC HAS NO VISIBILITY INTO OR CONTROL OVER: (I) AI AGENT SOFTWARE, CONFIGURATION, OR CAPABILITIES OUTSIDE THE MCP PROTOCOL; (II) ACTIONS TAKEN ON MACHINES WHERE AI AGENTS RUN; (III) WHICH SPECIFIC TOOLS WITHIN AN AUTHORIZED MCP SERVER ARE INVOKED; OR (IV) ANY AI AGENT CAPABILITIES THAT DO NOT USE THE CIVIC NEXUS MCP GATEWAY.

1.3 Third-Party AI Agent Disclaimer

CIVIC DOES NOT PROVIDE, DEVELOP, CONTROL, OR WARRANT ANY THIRD-PARTY AI AGENT SOFTWARE THAT CUSTOMER MAY CONNECT TO CIVIC NEXUS. CUSTOMER IS SOLELY RESPONSIBLE FOR (I) SELECTING, INSTALLING, CONFIGURING, AND SECURING ANY AI AGENT SOFTWARE; (II) EVALUATING THE SECURITY, CAPABILITIES, AND RISKS OF SUCH AI AGENT SOFTWARE; AND (III) ALL ACTS, OMISSIONS, OUTPUTS, AND CONSEQUENCES OF SUCH AI AGENT SOFTWARE, WHETHER OCCURRING VIA CIVIC NEXUS OR OTHERWISE. CIVIC HAS NO CONTROL OVER AI AGENT CODE, UPDATES, CAPABILITIES, OR CONFIGURATION, AND DISCLAIMS ALL LIABILITY ARISING FROM OR RELATING TO THIRD-PARTY AI AGENT SOFTWARE.

1.4 Security Requirements and Shared Responsibility

(a) Machine Separation Requirement for Certain AI Agents. CERTAIN AI AGENTS HAVE CAPABILITIES THAT MAY ALLOW THEM TO ACCESS CUSTOMER'S AUTHENTICATED CIVIC NEXUS SESSIONS IF CUSTOMER IS LOGGED INTO CIVIC NEXUS ON THE SAME MACHINE WHERE SUCH AI AGENTS RUN. SPECIFICALLY, AI AGENTS WITH BROWSER AUTOMATION, TERMINAL ACCESS, OR SIMILAR CAPABILITIES MAY BE ABLE TO NAVIGATE TO CIVIC NEXUS, ACCESS CUSTOMER'S AUTHENTICATED SESSION, AND BYPASS CIVIC NEXUS SECURITY CONTROLS. Customer must evaluate the capabilities of any AI agent software before connecting it to Civic Nexus. For AI agents with browser automation, terminal/shell access, or other capabilities that could access authenticated web sessions, Customer MUST NOT access or log into Civic Nexus from the same machine on which such AI agents are running. Customer should configure and authorize Civic Nexus toolkits on a separate machine and authorize AI agent requests from that separate machine or via links sent to another device. Examples of AI agents requiring machine separation include: (i) AI agents with headless browser automation capabilities; (ii) AI agents with unrestricted terminal or shell command execution; (iii) AI agents capable of making direct HTTP requests to web applications or services outside the MCP protocol; and (iv) AI agents that can automate desktop application interactions or access applications outside their sandboxed environment. AI agents that operate in sandboxed environments without browser automation, terminal access, or similar capabilities (such as Claude Desktop in its default configuration) generally do not present this authentication bypass risk; however, Customer remains responsible for evaluating each AI agent's capabilities and implementing appropriate security measures. CIVIC DISCLAIMS ALL LIABILITY FOR ANY SECURITY INCIDENT, UNAUTHORIZED ACCESS, OR DAMAGES ARISING FROM CUSTOMER'S FAILURE TO EVALUATE AI AGENT CAPABILITIES AND MAINTAIN APPROPRIATE MACHINE SEPARATION WHERE REQUIRED. CUSTOMER IS RESPONSIBLE FOR REVIEWING AI AGENT DOCUMENTATION, UNDERSTANDING AI AGENT CAPABILITIES, AND IMPLEMENTING SECURITY CONTROLS APPROPRIATE FOR THE SPECIFIC AI AGENTS BEING USED.

(b) Customer Security Obligations. Customer acknowledges that Civic Nexus controls only the MCP protocol layer and that Customer is solely responsible for: (i) implementing security controls appropriate for autonomous agent deployment, including access restrictions, monitoring, and incident response capabilities; (ii) configuring Civic Nexus guardrails, parameter presets, and least-privilege OAuth scopes as appropriate for Customer's use case; (iii) securing AI agent runtime environments according to industry best practices and Customer's risk tolerance; (iv) monitoring both Civic Nexus audit logs (for MCP gateway activity) and AI agent local logs (for non-MCP activity); (v) managing token lifecycle, including renewal of Civic Nexus access tokens and response to authorization elevation requests; (vi) testing AI agent integrations with non-production data before deploying with sensitive, personal, or regulated data; (vii) implementing human oversight and approval processes appropriate for AI-generated actions in Customer's environment; (viii) complying with all applicable laws and third-party service provider terms; (ix) providing appropriate disclosures to end users regarding AI agent capabilities and data access; (x) disabling or restricting unsafe AI agent features; and (xi) promptly revoking Civic Nexus access if an AI agent is suspected of being compromised or misbehaving.

(c) Incident Response Limitations. Customer acknowledges that Civic cannot detect compromised or malicious AI agents, detect anomalous AI agent behavior, emergency-stop an active AI agent session, prevent AI agents from obtaining credentials outside Civic Nexus, or see or log AI agent local actions. Customer is solely responsible for incident detection, response, and remediation relating to AI agent activity. If Customer suspects an AI agent is compromised or acting inappropriately, Customer must immediately revoke access via Civic Nexus toolkit deletion or authorization revocation, and investigate AI agent local activity and host machine security.

1.5 Logging and Data Visibility

Civic logs API requests and responses passing through the Civic Nexus MCP gateway and retains such logs for approximately thirty (30) days. Civic does not process or have visibility into: (i) conversational content between Customer and AI agents; (ii) AI agent local activity or logs; (iii) which specific tools or APIs an AI agent invokes within an authorized service; or (iv) data that AI agents access outside of Civic Nexus. Customer is solely responsible for ensuring that AI agent data handling complies with applicable privacy and data protection laws. For additional information about Civic's data processing practices, please refer to Civic's Data Processing Agreement.

1.6 Developer Responsibilities

If you are using Civic Nexus as a developer, You are responsible for ensuring that your use of Civic Nexus complies with applicable law and all third-party terms governing access to connected services. This includes: (i) obtaining end-user consent where applicable; (ii) providing required disclosures regarding AI agent behavior and connected services; (iii) implementing appropriate safeguards for any data processed via MCP servers or by AI agents outside of Civic Nexus; (iv) ensuring AI agents are operated in compliance with any guardrails imposed; (v) ensuring that AI agents comply with all terms of service, acceptable use policies, and other requirements of third-party services accessed via Civic Nexus; and (vi) monitoring AI agent behavior for violations of third-party terms.

1.7 Experimental Features

CERTAIN CIVIC NEXUS FEATURES (INCLUDING CHATBOT AND DESKTOP BRIDGE) MAY BE OFFERED AS “CIVIC LABS” OR BETA FEATURES, WHICH ARE EXPERIMENTAL, PRE-COMMERCIAL, AND PROVIDED SOLELY FOR EVALUATION PURPOSES. THESE FEATURES MAY BE INCOMPLETE, MAY CHANGE SUBSTANTIALLY, OR MAY BE DISCONTINUED AT ANY TIME WITHOUT NOTICE, AND CIVIC MAKES NO COMMITMENT THAT THEY WILL BECOME GENERALLY AVAILABLE OR MEET ANY PARTICULAR SPECIFICATIONS. CIVIC LABS AND BETA FEATURES MAY NOT COMPLY WITH CIVIC’S USUAL SECURITY, PRIVACY, OR COMPLIANCE STANDARDS AND SHOULD NOT BE USED WITH PRODUCTION DATA, PERSONAL DATA, OR REGULATED DATA UNLESS CIVIC EXPRESSLY AUTHORIZES SUCH USE IN WRITING. THEY ARE PROVIDED “AS IS,” WITHOUT WARRANTIES OF ANY KIND, AND ARE EXCLUDED FROM CIVIC’S SERVICE LEVEL COMMITMENTS, UPTIME GUARANTEES, AND SUPPORT OBLIGATIONS. CUSTOMER ASSUMES ALL RISKS RELATED TO ITS ACCESS OR USE OF THESE FEATURES, INCLUDING POTENTIAL DATA LOSS, SERVICE INTERRUPTIONS, OR FUNCTIONAL LIMITATIONS, AND CIVIC DISCLAIMS ALL LIABILITY ARISING FROM SUCH USE. CIVIC MAY SOLICIT OR COLLECT FEEDBACK ON THESE FEATURES, WHICH CUSTOMER GRANTS CIVIC A PERPETUAL, ROYALTY-FREE RIGHT TO USE WITHOUT RESTRICTION.

1.8 No Access to End-User LLM Activity

Civic does not process or store content exchanged between Customer’s AI agents and MCP-connected tools, except as necessary to facilitate authorization and Guardrail enforcement.

1.9 AI Output Disclaimer

CIVIC NEXUS ENABLES CUSTOMERS TO CONNECT AI AGENTS WITH THIRD-PARTY MCP SERVERS. YOU ACKNOWLEDGE AND AGREE THAT (I) CIVIC DOES NOT CONTROL OR GENERATE THE CONTENT, RECOMMENDATIONS, OR ACTIONS OF ANY AI MODEL OR AGENT; (II) AI AGENTS MAY OPERATE AUTONOMOUSLY AND EXECUTE ACTIONS WITHOUT HUMAN APPROVAL, INCLUDING ACTIONS THAT MAY BE IRREVERSIBLE OR CAUSE HARM; (III) SUCH MODELS MAY PRODUCE INACCURATE, INCOMPLETE, OFFENSIVE, OR MISLEADING RESULTS (“HALLUCINATIONS”), WHICH ARE OUTSIDE OF CIVIC’S CONTROL; AND (IV) YOU ARE SOLELY RESPONSIBLE FOR REVIEWING, VALIDATING, AND APPROVING ANY AI-GENERATED OUTPUT OR ACTION BEFORE RELYING ON IT OR PERMITTING IT TO AFFECT YOUR SYSTEMS, DATA, OR END USERS. CIVIC MAKES NO REPRESENTATION OR WARRANTY AS TO THE ACCURACY, RELIABILITY, SAFETY, OR SUITABILITY OF ANY AI OUTPUTS OR ACTIONS TAKEN THROUGH OR IN CONNECTION WITH CIVIC NEXUS, AND DISCLAIMS ALL LIABILITY ARISING FROM OR RELATING TO YOUR RELIANCE ON SUCH OUTPUTS OR THE CONSEQUENCES OF AI AGENT ACTIONS. YOU MUST IMPLEMENT AND MAINTAIN APPROPRIATE HUMAN OVERSIGHT, REVIEW PROCESSES, AND APPROVAL WORKFLOWS TO MITIGATE RISKS FROM AI-GENERATED CONTENT OR AUTONOMOUS AI AGENT ACTIONS.

1.10 Indemnification

You agree to indemnify, defend, and hold harmless Civic, its affiliates, and their respective officers, directors, employees, agents, licensors, and service providers, from and against any and all losses, liabilities, damages, fines, penalties, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to (i) your access to or use of Civic Nexus; (ii) your violation of applicable laws, regulations, or third-party rights, including without limitation any terms of service or acceptable use policies governing third-party MCP servers; (iii) any misuse, circumvention, or misconfiguration of guardrails, or any acts or omissions of your AI agents when interacting with MCP servers or otherwise; (iv) your failure to implement, enforce, or maintain appropriate security measures, access controls, machine separation, human oversight processes, or end-user disclosures relating to use of Civic Nexus or AI agents; (v) any claim that your data, configurations, or use of Civic Nexus infringe, misappropriate, or otherwise violate the intellectual property or other proprietary rights of a third party; (vi) any third-party claims arising from AI agent actions, including without limitation claims by providers of third-party services accessed via Civic Nexus alleging violations of their terms of service; (vii) any security incident involving AI agents connected to Civic Nexus, including incidents arising from compromised, misconfigured, or misbehaving AI agents; or (viii) your gross negligence, fraud, or willful misconduct. Civic reserves the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify Civic, and you agree to cooperate fully with Civic in the defense of such matters.

2. CIVIC AUTH

2.1 Embedded Wallet Disclosure and Third-Party Terms

Civic Auth is powered in part by MetaKeep. If the application you are accessing through Civic Auth has enabled embedded wallet functionality, a MetaKeep wallet may be automatically created on your behalf using your email address provided during the Civic Auth account creation process. Your use of any such MetaKeep wallet is governed solely by MetaKeep’s terms and policies, which are separate from and not controlled by Civic. You are responsible for reviewing MetaKeep’s applicable terms to understand your rights and obligations related to wallet usage. You should review any terms or policies provided by MetaKeep to understand your rights and responsibilities. By using Civic Auth to access an embedded wallet, you acknowledge that MetaKeep governs the use of the wallet and that Civic does not control or maintain these terms.

2.2 Developer Responsibilities and Flowdown Obligations

If you are using Civic Auth as a developer, you agree to: (i) include in your end-user application terms of service (a) that such user’s use of the application must comply with applicable law, (b) restrictions and obligations and acknowledgement of risks applicable to end-users that are consistent with those restrictions and obligations and acknowledgement of risks contained in MetaKeep’s Terms of Service, including without limitation, responsibilities and risks related to authentication credentials, email recovery, key import and key export, (c) indemnify, defend, and hold harmless Civic and MetaKeep from and in connection with any and all responsibility or liability related to the risks set forth in MetaKeep’s Terms of Service, including without limitation, exported private keys and seed phrases or access credentials related to imported private keys stored outside MetaKeep’s services; (ii) require end-users to agree to such end-user application terms of service prior to being able to use the application; (iii) monitor the activity of end-users within the application for their compliance with such end-user application terms of service; (iv) use commercially reasonable efforts to enforce such end-user application terms of service after you become aware of such non-compliance by an end-user; and (v) screen each end-user in accordance with your applicable compliance policies (including without limitation the minimum compliance policy requirements set forth in MetaKeep’s Terms of Service). Furthermore, you will engage in commercially reasonable efforts, in good faith, to ensure that the implementation and/or use of the application by each end-user is in accordance with all applicable laws, rules and regulations, MetaKeep’s Terms of Services, the foregoing requirements and the MetaKeep’s documentation.

2.3 Disclaimer

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CIVIC PROVIDES CIVIC AUTH ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ANY WARRANTIES ARISING FROM A COURSE OF PERFORMANCE, DEALING, OR USAGE OF TRADE. CIVIC MAKES NO REPRESENTATION OR WARRANTY THAT CIVIC AUTH WILL BE SECURE, UNINTERRUPTED, ERROR-FREE, OR FREE FROM HARMFUL COMPONENTS.

2.4 Indemnification

To the maximum extent permitted by law, you agree to indemnify, defend, and hold harmless Civic, its affiliates, and their respective officers, directors, employees, agents, licensors, and service providers, from and against any and all losses, liabilities, damages, fines, penalties, costs, and expenses (including reasonable attorneys’ fees and costs) arising out of or relating to (i) your access to or use of Civic Auth; (ii) your violation of applicable laws, regulations, or third-party rights, including without limitation any terms of service or acceptable use policies governing embedded wallets or third-party integrations (such as MetaKeep); (iii) any acts or omissions of your end users when accessing Civic Auth under your account; (iv) your failure to implement or enforce appropriate end-user terms, security measures, or disclosures; or (v) your gross negligence, fraud, or willful misconduct. Civic reserves the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify Civic, and you agree to cooperate fully with Civic in the defense of such matters.

3. CIVIC LABS

3.1 Experimental Services

From time to time, we may provide you with access to early-stage, pre-release, beta, or prototype features, tools, or services (“Labs Features”) that are still in development. These Labs Features are experimental, pre-commercial, and provided for limited evaluation purposes only. They may not be fully tested, and may change significantly or be discontinued entirely at any time without notice. Access to Labs Features does not imply any commitment by Civic to release such features publicly or continue offering them in the future.

3.2 No Production Use or Commitments

Labs Features are offered solely for evaluation and testing purposes. They are not intended or licensed for production use, public deployment, or mission-critical operations. They are not covered by our standard service levels, support policies, or availability guarantees. We may limit, suspend, or terminate access to any Labs Feature at our sole discretion, at any time. You acknowledge that we have no obligation to maintain, support, or further develop any Labs Feature, or to make it part of our generally available services.

3.3 Use at Your Own Risk

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CIVIC PROVIDES ALL LABS FEATURES ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. THIS INCLUDES, BUT IS NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ANY WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. CIVIC MAKES NO REPRESENTATION OR WARRANTY THAT ANY LABS FEATURE WILL BE SECURE, UNINTERRUPTED, ERROR-FREE, OR FREE FROM DEFECTS OR HARMFUL COMPONENTS.

3.4 Feedback and Monitoring

We may ask you to provide feedback or suggestions about your experience with Labs Features. Any feedback you provide is completely voluntary, and by submitting it, you irrevocably assign to Civic all rights, title, and interest in such feedback, and grant Civic the unrestricted right to use, reproduce, and incorporate it into our products and services without compensation or attribution. We may also monitor your usage of Labs Features for testing, diagnostic, performance, or improvement purposes. Your use of any Labs Feature indicates your consent to such monitoring.

3.5 Data Handling

Labs Features may not meet the same privacy, security, or compliance standards as our fully released Services. You must not submit, upload, or process any live production data, personal data, or regulated data through a Labs Feature unless we have given you prior written authorization. You are solely responsible for ensuring that your use of any Labs Feature complies with applicable data protection laws and your internal policies.

3.6 Indemnification

To the maximum extent permitted by law, you agree to indemnify, defend, and hold harmless Civic, its affiliates, and their respective officers, directors, employees, agents, licensors, and service providers, from and against any and all losses, liabilities, damages, fines, penalties, costs, and expenses (including reasonable attorneys’ fees and costs) arising out of or relating to (i) your access to or use of any Civic Labs or beta feature; (ii) your violation of applicable laws, regulations, or third-party rights in connection with such use; (iii) any acts or omissions of your end users or integrations using Civic Labs features under your account; (iv) your failure to implement or maintain appropriate safeguards, security measures, or disclaimers when using Civic Labs features; or (v) your gross negligence, fraud, or willful misconduct. Civic reserves the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify Civic, and you agree to cooperate fully with Civic in the defense of such matters.