The terms, in plain English.
heso is built on one promise: verify it yourself, trust no one — including us. These terms describe how that promise holds in practice.
What heso does
heso evaluates each action an agent takes against your policy and produces an Ed25519-signed, BLAKE3-chained receipt of the verdict. Receipts verify offline, in your browser, with no dependency on heso infrastructure.
Your data and your keys
Redacted values are replaced by a hash before they reach heso; the original never leaves your environment. Signing and co-signing keys are held by you and your approvers — the cloud holds no signing key, at any trust level.
Cloud retention
Cloud retention quotas cap convenience storage only. The local audit trail is never dropped: a receipt remains independently verifiable even after its cloud copy expires.
Acceptable use
Use heso to govern and audit your own agents and the actions they take on your behalf. Do not use it to fabricate, alter, or misrepresent a receipt — a tampered receipt fails verification by design.
Changes and contact
These terms may be updated as the product evolves; material changes are reflected here. Questions about the terms or a custom agreement go to our team.