Hashline — Terms and Conditions

Effective Date: April 21, 2026 Last Updated: April 21, 2026 Version: 1.0

1. Introduction and Scope

1.1 Agreement

These Terms and Conditions ("Agreement" or "Terms"), together with (a) the Data Processing Addendum ("DPA") available at https://hashline.dev/legal/dpa (incorporated by reference and applicable whenever Customer provides Personal Data to the Service), (b) any applicable Order Form, (c) the Acceptable Use Policy available at https://hashline.dev/legal/aup, and (d) the Refund Policy available at https://hashline.dev/refund, constitute the entire agreement ("Contract") between Hashline ("Hashline", "we", "us", "our") and the entity or individual agreeing to these terms ("Customer", "you", "your").

1.2 Acceptance

By creating an account, accessing or using the Service, or clicking "I agree" (or similar mechanism), you acknowledge that you have read, understood, and agree to be bound by this Agreement. If you are agreeing to this Agreement on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to this Agreement.

1.3 Eligibility

The Service is intended for businesses and professionals acting in a commercial capacity. You must be at least eighteen (18) years old to use the Service. The Service is not intended for consumers.

1.4 Precedence

In the event of a conflict between documents forming part of the Contract: (1) the DPA controls for matters relating to Personal Data processing; (2) an Order Form controls for matters relating to fees, scope, or service levels specified therein; and (3) these Terms control for all other matters.

2. Definitions

"Account" means the Customer's account on the Service, including all associated API keys, configuration, and metadata.

"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting interests.

"API Key" means the unique authentication credential issued to Customer for accessing the Service.

"Authorised User" means Customer's employees, agents, contractors, or other representatives who are authorised by Customer to access and use the Service under Customer's Account.

"Client Data" means all data, content, and information submitted to the Service by or on behalf of Customer through the API, SDK, or any other interface, including but not limited to event payloads, run metadata, agent identifiers, actor information, and any other data transmitted to or processed by the Service. Client Data expressly includes any Personal Data or sensitive information contained within event payloads.

"Compliance Pack" means the exportable evidence bundle generated by the Service containing events, verification artifacts, and manifest data for a given run.

"Documentation" means the technical documentation, API reference, SDK documentation, and guides made available by Hashline at https://docs.hashline.dev or within the SDK repositories.

"Event" means a single structured record submitted to the Service describing an action, decision, or state change within an agent run.

"Hash Chain" means the cryptographic chain of SHA-256 hashes linking sequential Events within a Run, as described in the Documentation.

"Order Form" means a separately executed order form, statement of work, or subscription agreement between the parties, if applicable.

"Plan" means the subscription tier selected by Customer (Hobby, Starter, Pro, Team, or Enterprise), each with defined usage limits, features, and pricing as published at https://hashline.dev/pricing.

"Run" means a logical unit of agent execution consisting of an ordered sequence of Events, identified by a unique run identifier.

"SDK" means the Hashline software development kits published by Hashline (including but not limited to the TypeScript SDK on npm and the Python SDK on PyPI).

"Service" means the Hashline hosted audit log platform, including the API at api.hashline.dev, the dashboard at app.hashline.dev, the SDKs, the Documentation, and all associated infrastructure and features.

"Service-Generated Data" means data derived from Customer's use of the Service, including usage metrics, performance data, error logs, and aggregated analytics, but excluding Client Data.

"Subprocessor" means any third-party entity engaged by Hashline to process Client Data on behalf of Customer.

"Subscription Term" means the period during which Customer has an active subscription to a Plan, as specified at the time of sign-up or in an Order Form.

"Verification" means the process of cryptographically validating the integrity of a Hash Chain within a Run via the Service's verification API or exported verification artifacts.

3. The Service

3.1 Service Description

Hashline provides a hosted, append-only, tamper-evident audit log for AI agent workloads. The Service enables Customer to: (a) ingest structured Events describing agent actions via API or SDK; (b) store Events with per-Run cryptographic hash chaining; (c) query and retrieve Events and Runs; (d) verify Hash Chain integrity; and (e) export Runs as Compliance Packs.

3.2 Licence Grant

Subject to Customer's compliance with this Agreement (including payment obligations), Hashline grants Customer a limited, non-exclusive, non-transferable, non-sublicensable (except to Affiliates), revocable right to access and use the Service during the Subscription Term in accordance with the Documentation and the applicable Plan.

3.3 SDK Licence

The SDKs are provided under their respective open-source licences as published in their repositories. Nothing in this Agreement restricts or modifies the terms of those open-source licences. However, use of the SDKs to access the hosted Service is subject to this Agreement.

3.4 Service Modifications

Hashline may update, modify, or enhance the Service from time to time. Hashline will use commercially reasonable efforts to provide advance notice of material changes that adversely affect Customer's use of the Service. Hashline will not remove core functionality of the Service in a manner that materially diminishes the Service during an active Subscription Term without providing at least thirty (30) days' prior written notice and offering Customer the option to terminate with a pro-rata refund of prepaid fees.

3.5 Service Availability

Hashline will use commercially reasonable efforts to make the Service available with a target uptime of 99.9% measured on a calendar-month basis, excluding scheduled maintenance and force majeure events. Scheduled maintenance windows will be communicated via https://status.hashline.dev with at least twenty-four (24) hours' advance notice where practicable.

For Enterprise Plan customers, specific service level commitments and remedies (if any) shall be set forth in the applicable Order Form.

3.6 Support

Support is provided via email at support@hashline.dev. Response times vary by Plan:

Support targets are goals, not guarantees, unless otherwise specified in an Order Form.

4. Customer Obligations

4.1 Account Security

Customer is responsible for: (a) maintaining the confidentiality and security of all API Keys and Account credentials; (b) all activities that occur under Customer's Account, whether or not authorised by Customer; (c) promptly notifying Hashline at security@hashline.dev of any unauthorised access to or use of Customer's Account or API Keys; and (d) ensuring that all Authorised Users comply with this Agreement.

API Keys are displayed once at creation and cannot be retrieved thereafter. Customer must store API Keys securely. Hashline is not responsible for unauthorised access resulting from Customer's failure to protect API Keys.

4.2 Acceptable Use

Customer shall not, and shall ensure that Authorised Users do not:

(a) use the Service in violation of any applicable law, regulation, or third-party right;

(b) submit Client Data that Customer does not have the lawful right to collect, process, or transmit;

(c) use the Service to store, transmit, or process content that is unlawful, defamatory, obscene, or that promotes hatred, violence, or illegal activities;

(d) attempt to gain unauthorised access to the Service, other customers' data, or Hashline's infrastructure, including but not limited to attempting to access Runs or data belonging to other tenants;

(e) interfere with or disrupt the integrity, performance, or availability of the Service or its underlying infrastructure;

(f) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service (excluding the open-source SDKs);

(g) use the Service for competitive benchmarking, analysis, or to build a competing product or service;

(h) resell, sublicence, or redistribute access to the Service to third parties without Hashline's prior written consent;

(i) circumvent or attempt to circumvent any rate limits, usage quotas, or security mechanisms of the Service;

(j) use automated means (bots, scrapers, etc.) to access the Service other than through the API and SDK in accordance with the Documentation; or

(k) use the Service to send unsolicited communications or for any purpose unrelated to audit logging of AI agent workloads.

4.3 Usage Limits

Customer's use of the Service is subject to the usage limits of the applicable Plan, including but not limited to events per month, events per second, data retention periods, and active run limits. Usage in excess of Plan limits may result in throttling (HTTP 429 responses), degraded service, or suspension. Hashline will use reasonable efforts to notify Customer before or promptly after any overage.

4.4 Compliance with Laws

Customer is solely responsible for ensuring that its use of the Service complies with all applicable laws and regulations, including but not limited to data protection laws, export control regulations, and industry-specific regulatory requirements. Hashline's marketing materials referencing regulatory frameworks (such as the EU AI Act, SOC 2, or HIPAA) describe how the Service may support compliance efforts but do not constitute legal advice or a guarantee of compliance.

5. Client Data

5.1 Ownership

Customer retains all right, title, and interest in and to Client Data. This Agreement does not transfer or convey to Hashline any ownership interest in Client Data.

5.2 Licence to Client Data

Customer grants Hashline a worldwide, non-exclusive, limited licence to host, store, process, transmit, display, and reproduce Client Data solely as necessary to: (a) provide, maintain, and support the Service; (b) comply with applicable law or valid legal process; and (c) enforce this Agreement. This licence terminates upon deletion of the applicable Client Data or termination of this Agreement, subject to Section 12 (Data Retention and Deletion).

5.3 Client Data Responsibility — IMPORTANT

Customer is solely responsible for the content of all Client Data submitted to the Service. This includes, without limitation:

(a) Personal Data and PII. The Service does not perform any personal data identification, scrubbing, tokenisation, masking, redaction, or anonymisation. If Customer submits Personal Data, sensitive personal information, protected health information (PHI), or other regulated data within event payloads, Customer does so at its own risk and is solely responsible for ensuring a lawful basis for such processing and compliance with all applicable data protection laws.

(b) Data Minimisation. Customer is strongly advised to apply data minimisation principles before submitting data to the Service. Customer should avoid including unnecessary Personal Data, credentials, access tokens, passwords, financial account numbers, government-issued identifiers, or other sensitive information in event payloads unless strictly necessary for audit purposes.

(c) Downstream Obligations. Where Customer's use of the Service involves processing Personal Data of Customer's own end users, customers, or data subjects, Customer is the data controller (or equivalent under applicable law) and Hashline acts as a data processor. Customer is responsible for providing appropriate privacy notices, obtaining necessary consents, and fulfilling data subject rights requests.

(d) Prohibited Data. Customer shall not submit to the Service: (i) payment card data subject to PCI DSS (full card numbers, CVVs, PINs); (ii) data subject to ITAR or EAR export restrictions; (iii) classified government information; or (iv) data whose storage would violate applicable law in the jurisdiction of processing.

5.4 No Training on Client Data

Hashline does not use Client Data to train, fine-tune, or improve machine learning or artificial intelligence models. Client Data is processed solely for the purpose of providing the Service.

5.5 Service-Generated Data

Hashline may collect and use Service-Generated Data to operate, maintain, improve, and develop the Service, including for purposes of diagnostics, analytics, capacity planning, and product development. Service-Generated Data shared externally will be aggregated or anonymised such that it cannot reasonably identify Customer, its users, or any Client Data.

5.6 Hash Chain Immutability

Events stored in the Service are append-only by design. Once an Event is ingested and assigned a hash within a Run's Hash Chain, neither Customer nor Hashline can modify or delete that individual Event without breaking the Hash Chain integrity. This is a core architectural property of the Service, not a limitation. Customer acknowledges and accepts that:

(a) individual Events within an active retention period cannot be selectively modified or deleted through the Service;

(b) the Hash Chain provides a tamper-evident (not tamper-proof) record — it enables detection of tampering, not prevention of all possible forms of interference; and

(c) deletion of Client Data occurs only through retention policy expiry, account termination, or a valid data erasure request under applicable law (see Section 12).

6. Data Processing and Infrastructure

6.1 Infrastructure Provider

The Service is hosted on Cloudflare, Inc.'s global edge network ("Infrastructure Provider"). By using the Service, Customer acknowledges that Client Data will be processed and stored on Cloudflare's infrastructure.

6.2 Data Location

For the current version of the Service, data is processed and stored across Cloudflare's global network. Cloudflare may route and process requests at any of its global data centre locations. Hashline does not currently offer data residency guarantees for specific geographic regions.

For Enterprise Plan customers, region-specific data residency requirements may be addressed in a separate Order Form, subject to availability.

6.3 Data Storage Layers

Client Data is stored across multiple layers of the Service infrastructure:

(a) Hot storage — for real-time access and hash chain computation during active Runs;

(b) Indexed storage — for query and retrieval of Events and Runs;

(c) Immutable archival storage — for long-term storage with governance-mode object locking, where Events cannot be overwritten or deleted for the duration of the applicable retention period, enforced at the infrastructure level.

6.4 Encryption

All Client Data in transit between Customer and the Service is encrypted using TLS 1.2 or higher. Data at rest is encrypted by the Infrastructure Provider using industry-standard encryption methods (AES-256 or equivalent). Hashline does not currently offer customer-managed encryption keys (CMEK).

6.5 Subprocessors

Hashline uses the following categories of Subprocessors to provide the Service:

A current list of Subprocessors is maintained at https://hashline.dev/legal/subprocessors. Hashline will provide at least thirty (30) days' prior written notice (via email to the Account's primary contact) before engaging a new Subprocessor that processes Client Data. Customer may object to a new Subprocessor on reasonable data protection grounds within that thirty (30) day period. If the parties cannot resolve the objection, Customer's sole remedy is to terminate the affected Service with a pro-rata refund of prepaid fees.

6.6 Data Processing Addendum

Where Customer's use of the Service involves Hashline processing Personal Data on Customer's behalf, the DPA at https://hashline.dev/legal/dpa applies and is incorporated by reference. The DPA includes: (a) processing details (nature, purpose, duration, categories of data, data subjects); (b) Hashline's obligations as a data processor; (c) Customer's obligations as a data controller; (d) sub-processing terms; (e) data subject rights assistance; (f) data breach notification; (g) international data transfer mechanisms (including EU Standard Contractual Clauses where applicable); and (h) audit rights.

7. Fees and Payment

7.1 Merchant of Record

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries related to billing and handles returns. When Customer purchases a subscription, payment information is collected and processed directly by Paddle in accordance with Paddle's Privacy Policy (https://www.paddle.com/legal/privacy) and Paddle's Checkout Buyer Terms (https://www.paddle.com/legal/checkout-buyer-terms). Hashline does not receive, store, or have access to Customer's payment card details.

7.2 Pricing

Fees for the Service are as published at https://hashline.dev/pricing at the time of subscription, or as specified in an Order Form. The Hobby Plan is provided free of charge, subject to applicable usage limits.

7.3 Subscription and Billing

Paid Plans are billed on a monthly or annual basis as selected by Customer at subscription. All fees are quoted in United States Dollars (USD) unless otherwise specified. Billing is processed by Paddle.

7.4 Auto-Renewal

Subscriptions automatically renew for successive periods equal to the initial Subscription Term unless Customer cancels prior to the renewal date through the Account dashboard or by written notice to billing@hashline.dev. Hashline will provide reasonable notice of upcoming renewal and any fee changes.

7.5 Fee Changes

Hashline may change fees for Paid Plans upon at least thirty (30) days' prior written notice. Fee changes take effect at the start of the next Subscription Term. If Customer does not agree to a fee change, Customer may cancel the subscription before the new term begins.

7.6 Late Payment

Overdue amounts accrue interest at the lesser of 1.5% per month or the maximum rate permitted by applicable law. Hashline may suspend access to the Service after fifteen (15) days of non-payment following written notice. Suspension does not relieve Customer of payment obligations.

7.7 Refunds

Refunds are governed by our Refund Policy at https://hashline.dev/refund. In summary: (a) full refund within fourteen (14) days of initial purchase; (b) no refund for monthly subscriptions after the 14-day period; (c) pro-rata refunds as expressly stated in this Agreement (e.g., upon termination for material breach by Hashline or objection to Subprocessor change); or (d) as required by applicable law. All refunds are processed by Paddle and returned to the original payment method.

7.8 Taxes

As Merchant of Record, Paddle is responsible for calculating, collecting, and remitting applicable sales taxes, VAT, and GST on transactions processed through Paddle's checkout. Customer is responsible for any taxes not collected by Paddle, including withholding taxes where applicable.

8. Intellectual Property

8.1 Hashline IP

Hashline and its licensors retain all right, title, and interest (including all intellectual property rights) in and to the Service, the API, the Documentation, the dashboard, the underlying technology, algorithms, architectures, and all improvements, modifications, and derivative works thereof. This Agreement grants Customer no rights to Hashline's intellectual property except the limited licence in Section 3.2.

8.2 Customer IP

Customer and its licensors retain all right, title, and interest (including all intellectual property rights) in and to Client Data and any software, agents, or systems developed by Customer that interact with the Service.

8.3 Feedback

If Customer provides suggestions, ideas, feature requests, or other feedback regarding the Service ("Feedback"), Customer grants Hashline a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, non-exclusive licence to use, incorporate, and commercialise such Feedback without restriction or obligation to Customer.

8.4 Marks

Neither party grants the other any right to use its trademarks, logos, or trade names without prior written consent. Customer grants Hashline the right to include Customer's name and logo in Hashline's customer lists and marketing materials, subject to Customer's right to revoke such permission at any time by written notice.

9. Confidentiality

9.1 Definition

"Confidential Information" means any non-public information disclosed by one party ("Disclosing Party") to the other ("Receiving Party") that is marked as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure. Confidential Information includes, but is not limited to: Client Data, API Keys, pricing terms in Order Forms, business plans, technical specifications, and security configurations.

9.2 Obligations

The Receiving Party shall: (a) use Confidential Information solely for the purposes of performing its obligations or exercising its rights under this Agreement; (b) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care; and (c) not disclose Confidential Information to any third party except to employees, contractors, or advisors who have a need to know and are bound by confidentiality obligations no less protective than this Section 9.

9.3 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was known to the Receiving Party prior to disclosure; (c) is independently developed by the Receiving Party without use of Confidential Information; or (d) is rightfully received from a third party without restriction.

9.4 Compelled Disclosure

If the Receiving Party is compelled by law, regulation, or legal process to disclose Confidential Information, it shall provide prompt written notice to the Disclosing Party (to the extent legally permitted) and cooperate to seek protective treatment.

10. Warranties and Disclaimers

10.1 Mutual Warranties

Each party represents and warrants that: (a) it has the legal power and authority to enter into this Agreement; (b) this Agreement constitutes a valid and binding obligation; and (c) it will comply with all applicable laws in performing its obligations hereunder.

10.2 Hashline Warranties

Hashline warrants that: (a) the Service will perform materially in accordance with the Documentation during the Subscription Term; and (b) Hashline will implement and maintain commercially reasonable administrative, physical, and technical safeguards to protect Client Data.

10.3 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION 10, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE". TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, HASHLINE DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

WITHOUT LIMITING THE FOREGOING, HASHLINE DOES NOT WARRANT THAT: (A) THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR ENTIRELY SECURE; (B) THE SERVICE WILL MEET CUSTOMER'S SPECIFIC REGULATORY OR COMPLIANCE REQUIREMENTS; (C) THE HASH CHAIN MECHANISM CONSTITUTES LEGALLY ADMISSIBLE EVIDENCE IN ANY JURISDICTION; OR (D) THE SERVICE WILL DETECT OR PREVENT ALL FORMS OF DATA TAMPERING, UNAUTHORISED ACCESS, OR SECURITY BREACHES.

10.4 Compliance Disclaimer

Hashline's documentation and marketing materials may reference regulatory frameworks such as the EU AI Act, SOC 2, HIPAA, PCI DSS, GDPR, and others. Such references are provided for informational purposes only and do not constitute a representation that use of the Service alone will make Customer compliant with any law, regulation, or standard. Customer should seek independent legal counsel regarding its compliance obligations.

10.5 Beta Features

Hashline may offer features designated as "beta", "preview", "experimental", or similar. Such features are provided without warranty or support commitment and may be modified or discontinued without notice. Customer uses beta features at its own risk.

11. Limitation of Liability

11.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA (BEYOND HASHLINE'S OBLIGATIONS UNDER THIS AGREEMENT WITH RESPECT TO CLIENT DATA), BUSINESS, GOODWILL, OR ANTICIPATED SAVINGS, ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Aggregate Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO HASHLINE DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED UNITED STATES DOLLARS (US$100).

11.3 Exceptions

The limitations in Sections 11.1 and 11.2 shall not apply to: (a) either party's indemnification obligations under Section 13; (b) Customer's payment obligations; (c) liability arising from a party's wilful misconduct or gross negligence; (d) Hashline's liability for breach of Section 9 (Confidentiality) with respect to Client Data; or (e) liability that cannot be limited or excluded under applicable law.

11.4 Basis of the Bargain

Customer acknowledges that Hashline has set its fees and entered into this Agreement in reliance upon the limitations of liability and disclaimers set forth herein, which form an essential basis of the bargain between the parties.

12. Data Retention and Deletion

12.1 Retention Periods

Client Data is retained for the duration specified by Customer's Plan:

Retention periods run from the Event's ingestion timestamp. Events past their retention period are permanently and irrecoverably deleted from all storage layers (including indexed storage, archival storage, and hot storage). Deletion is physical and final.

12.2 Retention During Subscription

Retention periods apply on a rolling basis during the Subscription Term. Hashline will not delete Client Data within its applicable retention period while the subscription is active, except as required by law or valid legal process.

12.3 Post-Termination

Upon termination or expiration of this Agreement: (a) Customer may export Client Data via the API or export functionality for a period of thirty (30) days following termination ("Wind-Down Period"); (b) after the Wind-Down Period, Hashline will delete all Client Data within sixty (60) days in a manner designed to preserve confidentiality; and (c) Hashline may retain anonymised or aggregated Service-Generated Data indefinitely.

12.4 Data Erasure Requests (GDPR Article 17)

If Customer receives a valid data subject request for erasure that requires deletion of specific Client Data stored in the Service, Customer shall notify Hashline at privacy@hashline.dev. Hashline will use commercially reasonable efforts to assist Customer in responding to such requests, subject to technical feasibility. Customer acknowledges that:

(a) deletion of individual Events within a Run will break the Hash Chain integrity for that Run;

(b) Hashline may need to delete an entire Run or mark affected Events as redacted to comply with an erasure request;

(c) archived data subject to object lock may not be deletable until the lock period expires, in which case Hashline will delete the data as soon as technically possible; and

(d) Hashline may retain metadata necessary to demonstrate that erasure was performed.

12.5 Legal Holds

If Hashline receives a valid legal hold, litigation hold, or preservation order applicable to Client Data, Hashline may suspend deletion of affected data and will notify Customer to the extent legally permitted.

13. Indemnification

13.1 Customer Indemnification

Customer shall indemnify, defend, and hold harmless Hashline and its officers, directors, employees, and agents from and against any third-party claims, demands, suits, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to: (a) Customer's use of the Service in violation of this Agreement or applicable law; (b) Client Data, including any claim that Client Data infringes a third party's intellectual property or privacy rights; (c) Customer's failure to comply with applicable data protection laws regarding Client Data; or (d) Customer's breach of Section 4 (Customer Obligations).

13.2 Hashline Indemnification

Hashline shall indemnify, defend, and hold harmless Customer from and against any third-party claims alleging that Customer's use of the Service (excluding Client Data) in accordance with this Agreement infringes a third party's intellectual property rights. Hashline's obligations under this section do not apply to claims arising from: (a) Client Data; (b) modifications to the Service made by Customer; (c) combination of the Service with non-Hashline products; or (d) use of the Service in violation of this Agreement.

13.3 Indemnification Procedure

The indemnified party shall: (a) promptly notify the indemnifying party in writing of any claim; (b) grant the indemnifying party sole control of the defence and settlement (provided the indemnifying party shall not settle any claim that admits liability on behalf of the indemnified party without consent); and (c) provide reasonable cooperation at the indemnifying party's expense.

14. Term and Termination

14.1 Term

This Agreement commences on the date Customer first accepts it and continues until terminated in accordance with this Section 14.

14.2 Termination by Customer

Customer may terminate this Agreement at any time by: (a) cancelling the subscription through the Account dashboard or by written notice to support@hashline.dev; and (b) ceasing all use of the Service. Cancellation takes effect at the end of the current billing period. No refund is provided for the remaining portion of a billing period unless otherwise required by law.

14.3 Termination by Hashline

Hashline may terminate this Agreement: (a) for Customer's material breach that remains uncured for thirty (30) days after written notice; (b) immediately if Customer breaches Section 4.2 (Acceptable Use); (c) immediately if Customer fails to pay fees for more than thirty (30) days after written notice; or (d) upon thirty (30) days' written notice for any reason (in which case Hashline shall provide a pro-rata refund of any prepaid fees for the unused portion of the Subscription Term).

14.4 Termination for Insolvency

Either party may terminate this Agreement immediately upon written notice if the other party: (a) becomes insolvent; (b) files or has filed against it a petition in bankruptcy; (c) makes an assignment for the benefit of creditors; or (d) has a receiver appointed for a substantial part of its assets.

14.5 Effect of Termination

Upon termination: (a) Customer's right to access and use the Service immediately ceases (subject to the Wind-Down Period in Section 12.3); (b) all outstanding fees become immediately due and payable; (c) each party shall return or destroy the other party's Confidential Information; and (d) Sections that by their nature should survive termination shall survive, including but not limited to Sections 2, 5.1, 5.4, 8, 9, 10.3, 11, 12, 13, 15, 16, and 17.

14.6 Free Plan Termination

Hashline may suspend or terminate Hobby Plan (free) accounts at any time with fourteen (14) days' prior notice if the account has been inactive for ninety (90) consecutive days, or if Hashline discontinues the free tier.

15. Privacy and Data Protection

15.1 Privacy Policy

Hashline's collection and use of personal information in connection with the operation of the Service (such as Account registration data, usage data, and cookies) is governed by Hashline's Privacy Policy at https://hashline.dev/privacy.

15.2 GDPR

Where the General Data Protection Regulation (EU) 2016/679 ("GDPR") applies:

(a) Customer is the data controller and Hashline is the data processor with respect to Personal Data contained within Client Data;

(b) Hashline processes Personal Data only on Customer's documented instructions (which include this Agreement and the DPA);

(c) the DPA includes the technical and organisational measures implemented by Hashline, sub-processing terms, data breach notification procedures, and data subject rights assistance;

(d) where Client Data is transferred outside the European Economic Area, Hashline relies on the EU Standard Contractual Clauses (Module 2: Controller to Processor) as adopted by the European Commission, or other valid transfer mechanisms as set forth in the DPA; and

(e) Customer is responsible for conducting any required data protection impact assessments and for obtaining any necessary consents from data subjects.

15.3 CCPA / CPRA

Where the California Consumer Privacy Act (as amended by the CPRA) applies:

(a) Hashline is a "service provider" as defined under the CCPA;

(b) Hashline will not sell or share (as defined by the CCPA) Personal Data received from Customer;

(c) Hashline will not retain, use, or disclose Personal Data for any purpose other than providing the Service as specified in this Agreement; and

(d) Hashline will not combine Personal Data received from Customer with personal information received from other sources, except as permitted by the CCPA.

15.4 UK Data Protection

Where the UK General Data Protection Regulation and the Data Protection Act 2018 apply, the DPA shall include the UK International Data Transfer Addendum to the EU Standard Contractual Clauses as issued by the UK Information Commissioner's Office.

15.5 Data Breach Notification

In the event of a confirmed security breach affecting Client Data ("Data Breach"), Hashline shall: (a) notify Customer without undue delay and in any event within seventy-two (72) hours of becoming aware of the Data Breach; (b) provide Customer with sufficient information to enable Customer to fulfil its own breach notification obligations under applicable law; (c) take reasonable steps to contain, investigate, and remediate the Data Breach; and (d) cooperate with Customer's reasonable requests for information regarding the Data Breach.

16. General Provisions

16.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, without regard to its conflict of laws principles. The parties submit to the exclusive jurisdiction of the state and federal courts located in Delaware for the resolution of any disputes arising under this Agreement.

For Customers domiciled in the European Economic Area, United Kingdom, or Switzerland: this Agreement shall be governed by the laws of Germany, and disputes shall be submitted to the exclusive jurisdiction of the courts of Berlin, Germany.

16.2 Dispute Resolution

Before initiating any formal legal proceeding, the parties shall attempt in good faith to resolve any dispute through negotiation between senior representatives for a period of thirty (30) days following written notice of the dispute.

16.3 Assignment

Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign this Agreement without consent to an Affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees to be bound by this Agreement.

16.4 Force Majeure

Neither party shall be liable for any delay or failure to perform obligations under this Agreement (other than payment obligations) caused by events beyond its reasonable control, including but not limited to acts of God, war, terrorism, pandemic, government action, natural disaster, power outage, internet disruption, or failure of third-party infrastructure providers. The affected party shall provide prompt notice and use reasonable efforts to mitigate the impact.

16.5 Notices

All notices under this Agreement shall be in writing and sent to: (a) for Customer, the email address associated with Customer's Account; and (b) for Hashline, legal@hashline.dev or such other address as Hashline may designate. Notices are effective upon receipt (for email, upon delivery confirmation or one business day after sending, whichever is earlier).

16.6 Severability

If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the parties' original intent.

16.7 Waiver

The failure of either party to enforce any provision of this Agreement shall not constitute a waiver of that party's right to enforce such provision or any other provision in the future.

16.8 Entire Agreement

This Agreement (including the DPA, any Order Forms, the Acceptable Use Policy, and the Refund Policy) constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior and contemporaneous agreements, representations, and understandings. No terms or conditions included in Customer's purchase order or other business documents shall be incorporated into or form part of this Agreement.

16.9 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship between the parties.

16.10 Third-Party Rights

Except as expressly set forth herein, this Agreement does not confer any rights or remedies upon any person or entity other than the parties and their permitted successors and assigns.

16.11 Export Compliance

Customer shall comply with all applicable export control and sanctions laws and regulations, including those of the United States, the European Union, and any other applicable jurisdiction. Customer shall not use the Service in, or export Client Data to, any country, territory, or entity subject to comprehensive sanctions.

17. Changes to These Terms

17.1 Notification

Hashline may update these Terms from time to time. Hashline will provide at least thirty (30) days' prior written notice of material changes via email to the Account's primary contact address and/or by posting notice on the Service.

17.2 Acceptance

If Customer does not agree to the updated Terms, Customer may terminate this Agreement before the updated Terms take effect and receive a pro-rata refund of any prepaid fees for the unused portion of the Subscription Term. Continued use of the Service after the effective date of the updated Terms constitutes acceptance of the updated Terms.

17.3 Non-Material Changes

Hashline may make non-material changes (such as corrections of typographical errors, formatting changes, or clarifications that do not alter the substance of the Terms) without prior notice, but will update the "Last Updated" date.

18. Contact Information

Hashline Hashline · hello@hashline.dev

Appendix A — Plan Comparison (as of April 21, 2026)

Plan details and pricing are subject to change. The current pricing is always available at https://hashline.dev/pricing.

Appendix B — List of Subprocessors (as of April 21, 2026)

The current list is maintained at https://hashline.dev/legal/subprocessors.

These Terms and Conditions are provided as a template and should be reviewed by qualified legal counsel before publication. They do not constitute legal advice.