Terms of Service

Use terms for the hosted XMemo service, written for public users, ChatGPT reviewers, and MCP clients while matching the implemented authentication, tenant isolation, and abuse-protection boundaries.

Use the service only through approved public, REST, MCP, SDK, and authenticated control-plane surfaces.
Keep scoped credentials in environment variables or secret stores; never embed them in public URLs or client-side code.
Respect rate limits, tenant boundaries, and acceptable-use controls.
Use XMemo only for memory, recall, workflow handoff, and governance data that you have the right to process.

Account access and credentials

Users are responsible for protecting account sessions, invite codes, OAuth grants, API keys, and MCP bearer tokens. Operators may revoke or rotate credentials during abuse, compromise, or offboarding events.

Browser operators should use HttpOnly console/user sessions instead of raw API-key flows.
Machine automation should use scoped REST or MCP credentials issued for the intended tenant and purpose.
Credential sharing across tenants, customers, or unapproved agents is not permitted.

ChatGPT and MCP use

ChatGPT and MCP clients may connect to XMemo only through approved OAuth, hosted MCP, REST, SDK, or local secret-store flows.

Do not require users or reviewers to paste raw bearer tokens into public app listings, screenshots, or shared prompts.
Tools must truthfully describe their read, write, destructive, and open-world behavior.
Users remain responsible for reviewing what they ask an agent to save, update, redact, or delete.

Acceptable use

The service is designed for agent memory, recall, workflow handoff, and governance. Abuse controls protect public onboarding, auth, control-plane, data-plane, and MCP endpoints.

Do not bypass rate limits, probe other tenants, scrape public onboarding routes, or attempt cross-tenant access.
Do not store unlawful content, malware, credential dumps, or data you do not have rights to process.
Do not use XMemo to make automated decisions where law or contract requires human review unless your deployment adds the required controls.

Service boundary and support

Public product and legal pages are informational. Production operators must still pass configured readiness gates, backup/restore runbooks, incident response procedures, and customer-specific contractual review before broad launch.

Support requests can be filed through the public support channel linked from this site.
Operators may suspend, rate-limit, rotate, or revoke access when necessary to protect users, tenants, or the service.
Approved marketplace listings may add reviewer instructions, demo accounts, screenshots, and recordings, but they must not include secrets or private customer data.

Aligned with production hardening, rate-limit, and enterprise control-plane contracts.