Terms of Service

ShieldNode is a secure API proxy gateway that allows users to create virtual proxy keys for third-party APIs. The service:

• Stores your real API credentials in encrypted form (AES-256-GCM).
• Generates virtual proxy keys that route requests to the target API on your behalf.
• Provides access controls including rate limits, spending budgets, and endpoint restrictions on virtual keys.
• Logs request metadata (method, path, status, latency) but does not log request or response bodies.

ShieldNode acts as an intermediary proxy only. We are not affiliated with, endorsed by, or responsible for any third-party API provider whose service you connect through ShieldNode.

You must be at least 16 years old to use ShieldNode. By using the service, you represent that you are of legal age and have the authority to enter into these Terms. If you are using ShieldNode on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.

• You are responsible for maintaining the security of your account credentials.
• You must notify us immediately at contact@shieldnode.app if you suspect unauthorized access to your account.
• You are responsible for all activity that occurs under your account.
• You may not share your account with others. Each user must create their own account.

You agree not to use ShieldNode to:

• Violate any applicable law, regulation, sanction, export control, or third-party terms of service (including those of the target APIs you connect).
• Proxy traffic to APIs that you do not have authorization to access, or for which your authorization has been revoked.
• Conduct denial-of-service attacks, scraping at abusive scale, automated credential stuffing, or any activity that degrades our infrastructure or the target APIs.
• Process content that is illegal, infringing, defamatory, fraudulent, or that violates the rights of any third party.
• Distribute virtual keys for access to illegal content, child sexual abuse material, non-consensual intimate imagery, adult platforms without age verification, or services that violate applicable laws.
• Process regulated personal data (including but not limited to health information, payment card data, government-issued identifiers, or biometric data) through ShieldNode, unless you are independently compliant with the applicable framework (HIPAA, PCI-DSS, etc.) and you have entered into a separate written agreement with us covering such use.
• Use ShieldNode to develop or operate any service that competes with ShieldNode.
• Circumvent rate limits, billing systems, or access controls.
• Reverse engineer, decompile, or attempt to extract the source code of ShieldNode.
• Resell or sublicense access to ShieldNode without our written permission.
• Misrepresent your identity, the source of traffic, or the content of requests.

We reserve the right to suspend or terminate accounts that violate these rules without prior notice and without refund.

You are solely responsible for everything that happens through your account, including all requests, responses, content, and traffic that flows through ShieldNode under credentials you control. This includes, without limitation:

• All requests made using virtual keys you create — whether you, a teammate, a client, an AI agent, or an unauthorized third party initiated them.
• The content of any request body or response body that passes through ShieldNode. We do not log, inspect, or moderate this content; you alone control and are responsible for it.
• Any consequence with the upstream API provider, including charges, fees, overage costs, throttling, account suspension, account termination, or legal action taken by the API provider against you.
• Any third-party terms, policies, or laws that apply to your use of the upstream API. We do not represent that proxying through ShieldNode complies with any specific third-party terms or any specific law.
• Securing your virtual keys, credentials, and account access. You must promptly revoke any virtual key that you suspect is compromised, lost, or no longer needed.
• The choice of credential scope, rate limits, spending budgets, endpoint restrictions, and expirations applied to virtual keys. ShieldNode provides these controls; configuring them appropriately is your responsibility.
• Any tax obligations arising from your use of the service or from amounts you charge end-users.

ShieldNode provides instant key revocation (effective in under one second), spending budgets, and endpoint restrictions as tools to help you limit exposure. We do not, however, monitor your account for misuse, and we do not act as a gatekeeper for your traffic. The tools are yours to use.

We are not a party to the agreement between you and any third-party API provider. Disputes, charges, refunds, and policy violations involving an upstream API are entirely between you and that provider.

You alone are responsible for ensuring that your use of ShieldNode complies with all laws and regulations applicable to you, your business, your users, and the data you process. Without limitation, this includes:

• Data protection laws — GDPR, UK GDPR, CCPA/CPRA, LGPD, and any other privacy or data-protection regimes that apply to the personal data you process. If you process personal data of EU/UK residents through ShieldNode, you are the data controller for that data; ShieldNode acts as a processor only with respect to the limited metadata it stores (described in the Privacy Policy), and not with respect to the content of proxied requests, which we never see.
• Sectoral regulations — HIPAA (US health data), GLBA (US financial data), PCI-DSS (payment card data), FERPA (US education data), and similar frameworks. You must not transmit data subject to these frameworks through ShieldNode unless we have separately and in writing agreed otherwise.
• Export controls and sanctions — US OFAC, EU sanctions, UK sanctions, and equivalent regimes. You may not use ShieldNode from, or to provide services to, any sanctioned country, region, or person.
• AI-specific regulations — including the EU AI Act, where applicable. If your use case involves automated decisions, profiling, or generative AI, the legal classification and obligations are yours to determine and meet.
• Consumer protection laws applicable to the end-users of products you build using ShieldNode.

You represent and warrant that you have all rights, consents, and authorizations necessary to send any data through ShieldNode that you do send through it. You will not rely on ShieldNode to satisfy any compliance obligation owed by you to any third party, regulator, or end-user.

You agree to defend, indemnify, and hold harmless Dorunaitsu LLC, its officers, directors, employees, contractors, agents, affiliates, successors, and assigns (the "Indemnified Parties") from and against any and all claims, demands, actions, proceedings, losses, damages, liabilities, fines, penalties, judgments, settlements, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of, related to, or in connection with:

• Your use or misuse of ShieldNode;
• Your violation of these Terms or any policy referenced herein;
• Your violation of any applicable law, regulation, or third-party right (including intellectual property, privacy, publicity, or contractual rights);
• The content, accuracy, or legality of any data, request, or response that passes through ShieldNode under your account;
• Any dispute between you and a third-party API provider, end-user, customer, employee, contractor, or other person, where ShieldNode is named, joined, or otherwise involved as a result of your activities;
• Any virtual key you create, distribute, or fail to revoke, including all activity conducted under that virtual key.

We reserve the right, at your expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which case you agree to cooperate with our defense of that matter. You may not settle any matter without our prior written consent if the settlement imposes any obligation, payment, or admission on us.

This indemnification obligation survives termination of these Terms and your use of ShieldNode.

ShieldNode is provided "as is" and "as available", with all faults and without warranty of any kind, either express, implied, statutory, or otherwise. To the maximum extent permitted by applicable law, we expressly disclaim all warranties, including but not limited to:

• Implied warranties of merchantability, fitness for a particular purpose, title, accuracy, quiet enjoyment, and non-infringement.
• Any warranty arising out of course of dealing, course of performance, or trade usage.
• Any warranty that the service will meet your requirements, operate in any specific environment, or work in combination with any specific software, hardware, or service.

We do not warrant that:

• The service will be uninterrupted, secure, error-free, or available at any particular time or location.
• Defects will be corrected, or that the service will be free of viruses or other harmful components.
• Data stored on or transmitted through the service will remain accessible, accurate, or complete.
• Any information obtained through the service is reliable or accurate.
• The service will be compatible with any specific upstream API, version, or feature.

You should maintain independent backups of any credentials, configurations, or data you store in or rely on ShieldNode. We do not provide backup or recovery services.

No advice or information, oral or written, obtained from us or through the service creates any warranty not expressly stated in these Terms.

ShieldNode is a proxy service. We have no control over the third-party APIs you connect, the content that flows through your account, or the actions of users to whom you grant virtual keys. To the maximum extent permitted by applicable law, in no event shall Dorunaitsu LLC, its affiliates, officers, directors, employees, contractors, agents, suppliers, or licensors be liable for any:

• Indirect, incidental, special, consequential, exemplary, or punitive damages of any kind.
• Loss of profits, revenue, data, business, goodwill, opportunity, anticipated savings, or use, however arising.
• Substitute service or replacement-cost damages.
• Damages arising from downtime, errors, latency, throttling, suspension, or termination of any third-party API or upstream service.
• Damages arising from changes to a target API's authentication scheme, endpoints, pricing, terms, or availability.
• Charges, fees, overage costs, fines, penalties, or refunds incurred on your account with any third-party API provider, regardless of cause, including charges resulting from unauthorized requests made via virtual keys you created or distributed.
• Data loss, corruption, or unavailability resulting from third-party infrastructure failures (including Supabase, Render, Vercel, Cloudflare, or any other provider).
• Damages arising from the content, accuracy, legality, or use of any data, request, or response that passes through ShieldNode.
• Damages arising from your or any third party's misuse of virtual keys, credentials, or the service generally.
• Damages arising from regulatory action, fines, or enforcement related to your processing of personal data, regulated data, or any other data subject to law.

The above exclusions apply even if we have been advised of the possibility of such damages, and regardless of the legal theory (contract, tort, negligence, strict liability, statute, or otherwise).

Aggregate cap. To the maximum extent permitted by applicable law, our total cumulative liability to you for any and all claims arising out of or relating to these Terms or your use of ShieldNode, whether in contract, tort, or otherwise, shall not exceed the greater of (a) the total amount you actually paid us in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) one hundred US dollars (USD $100). Multiple claims do not enlarge this cap.

Essential basis. You acknowledge that the limitations and exclusions in this Section, together with the disclaimer of warranties in Section 9 and the indemnification in Section 7, are essential elements of the bargain between you and us, and that we would not provide the service without them. They will apply even if any limited remedy fails of its essential purpose.

Jurisdictional carve-out. Some jurisdictions do not allow certain limitations of liability. To the extent any limitation in this Section is unenforceable in a particular jurisdiction, our liability in that jurisdiction will be limited to the smallest extent permitted by law.

We encrypt your real upstream credentials at rest using AES-256-GCM and transmit all data over TLS. We hash virtual keys; only their hash is stored. However, no security measure is perfect. You acknowledge that:

• You use the service at your own risk.
• You should use the minimum necessary credential scope when adding services to ShieldNode (e.g., read-only keys where possible).
• You should set rate limits, spending budgets, endpoint allowlists, and expirations on virtual keys to limit potential exposure.
• We do not warrant that any specific security measure will prevent unauthorized access, and we are not liable for unauthorized access that occurs despite our reasonable efforts. See Section 10 (Limitation of Liability).

You may delete your account at any time from the settings page. Upon deletion, your encrypted credentials and all associated data are permanently deleted from our systems within 30 days, except as required by applicable law.

We may suspend or terminate your account immediately and without prior notice if (a) you violate these Terms or any policy referenced herein, (b) you engage in fraudulent, abusive, or illegal activity, (c) your use poses a security or operational risk to ShieldNode, our infrastructure providers, or other users, or (d) we reasonably believe such action is required by law or to protect a third party. Suspension or termination does not entitle you to a refund.

Upon termination, all rights granted to you under these Terms cease immediately. Sections that by their nature should survive termination — including but not limited to Sections 5 (Your Use of the Service), 6 (Compliance), 7 (Indemnification), 9 (Disclaimer), 10 (Limitation of Liability), 14 (Governing Law) and 15 (General) — survive termination.

We reserve the right to modify, suspend, or discontinue any part of ShieldNode at any time, with or without notice. For material changes to features that affect paid subscribers, we will provide at least 30 days notice by email.

We may update these Terms from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will provide reasonable advance notice by email or via in-app notice. Your continued use of ShieldNode after changes take effect constitutes acceptance of the updated Terms. If you do not agree to the updated Terms, you must stop using the service and may delete your account.

These Terms are governed by the laws of the State of Delaware, United States, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Any dispute, claim, or controversy arising out of or relating to these Terms or the service (a "Dispute") shall first be attempted to be resolved through informal good-faith negotiation. If not resolved within 30 days, the Dispute shall be finally resolved by binding arbitration in Delaware under the Commercial Arbitration Rules of the American Arbitration Association (AAA), by a single arbitrator. Either party may seek temporary or preliminary injunctive relief in a court of competent jurisdiction.

Class-action waiver. You and we each agree that any Dispute will be brought in our individual capacities only, and not as a plaintiff or class member in any purported class, collective, consolidated, or representative action. The arbitrator may not consolidate more than one person's claims and may not preside over any form of representative or class proceeding.

Mandatory venue (court actions). To the extent any Dispute is litigated in court rather than arbitration, the parties consent to the exclusive jurisdiction and venue of the state and federal courts located in Delaware, USA, and waive any objection to such venue.

Limitation period. Any Dispute must be brought within one (1) year after the cause of action arose; otherwise it is permanently barred, except where applicable law prohibits such a limitation.

Mandatory consumer rights. If you are a consumer in the European Union, the United Kingdom, or another jurisdiction whose mandatory consumer-protection laws would override the choice of law, dispute-resolution, or class-waiver provisions above, those mandatory rights apply notwithstanding this Section.

• Entire Agreement — These Terms, together with the Privacy Policy and Cookie Policy, constitute the entire agreement between you and Dorunaitsu LLC regarding ShieldNode and supersede all prior or contemporaneous communications and proposals.
• Severability — If any provision of these Terms is found invalid, illegal, or unenforceable, the remaining provisions remain in full force, and the unenforceable provision will be modified to the minimum extent necessary to make it enforceable while preserving the parties' intent.
• No Waiver — Our failure to enforce any provision of these Terms does not constitute a waiver of that or any other provision.
• Assignment — You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations freely, including in connection with a merger, acquisition, reorganization, or sale of assets.
• Force Majeure — We are not liable for any delay or failure to perform caused by circumstances beyond our reasonable control, including acts of God, war, terrorism, civil unrest, government action, labor disputes, internet or infrastructure failures, cyberattacks, or pandemics.
• No Third-Party Beneficiaries — These Terms confer no rights or remedies on any third party other than the Indemnified Parties identified in Section 7.
• Headings — Section headings are for convenience only and do not affect interpretation.
• Notices to you — We may give notice by email to the address associated with your account, by in-app notice, or by posting on the website. Notice is effective when sent or posted.
• Notices to us — Legal notices to us must be sent to contact@shieldnode.app and are effective upon receipt.

For questions about these Terms: