BlueNexus – Developer Terms of Use

These Developer Terms of Use (“Terms”) govern your access to and use of the BlueNexus platform, APIs, SDKs, confidential compute environments, sovereign identity infrastructure, and related tools or services (collectively, the “Services”) provided by BlueNexus Tech Pty Ltd (“BlueNexus”, “we”, “us”, or “our”).

By creating a developer account or using any part of the Services, you agree to be bound by these Terms, along with the BlueNexus End User Terms, Privacy Policy, and Universal Data Processing Agreement (“DPA”). In the event of a conflict, the DPA or Privacy Policy prevails.

If you do not agree to these Terms, you must not use the Services.

1. Definitions

• Account – A developer account registered to access the Services.
• Developer – The individual or entity using the Services, including its employees, contractors, or authorised personnel.
• End User – Any person whose identity, data, or actions pass through or are processed by an application you build using the Services.
• Core Services – Standard BlueNexus infrastructure including sovereign identity, encrypted document storage, confidential compute, authentication, account management, MCP server functionality, User Memory, and default integrations.
• Additional Services – Usage-based or optional services (e.g., LLM access, advanced compute, premium integrations).
• Developer-Managed Account – A custodial End User account in which the Developer controls authentication keys, permissions, routing, or identity transitions.
• Sovereign BlueNexus Account – A non-custodial End User identity controlled exclusively by the End User’s own keys and permissions.
• Third-Party Service – Any external API, platform, data provider, or integration used within or alongside your implementation.
• User Data / End User Data – Any data submitted, transmitted, generated, or processed through the Services by or on behalf of an End User.

2. Eligibility & Account Registration

To use the Services, you represent and warrant that you:

• are at least 18 years old;
• have the authority to bind the organisation you represent;
• will provide accurate and complete registration information;
• will maintain the confidentiality of your login credentials and API keys; and
• will notify BlueNexus immediately of any unauthorised access or security incident.

You are responsible for all activity conducted under your Account.

3. Scope of the Services

3.1 Core Services

BlueNexus provides Core Services aligned to sovereign identity and secure compute standards, including:

• Sovereign identity infrastructure
• Encrypted document and file storage
• Confidential compute and TEE-based execution
• User authentication and account management
• User Memory
• MCP server capabilities
• Default external integrations

BlueNexus may modify, enhance, or discontinue Core Service features at any time for security, regulatory, performance, or operational reasons.

3.2 Additional Services

Additional Services include but are not limited to:

• Confidential or non-confidential LLM access
• Premium MCP or integration modules
• Large-scale compute or storage
• Usage-based or metered features
• Any service designated as add-on or billed separately

All Additional Services are subject to published pricing.

4. Acceptable Use of the Services

BlueNexus grants you a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to access and use the Services solely to develop, test, and operate applications integrated with BlueNexus.

You must not:

• use the Services in violation of any law or regulation;
• interfere with, probe, or compromise the security, integrity, or performance of the Services;
• reverse engineer, decompile, derive, or attempt to discover any source code, cryptographic materials, schemas, or internal operations of the Services;
• simulate, replicate, or bypass BlueNexus sovereign identity flows, TEE environments, confidential compute processes, or permission structures;
• modify, mask, proxy, frame, embed, or override any BlueNexus-hosted interface, including connection, consent, or sovereignty-claim screens;
• resell or sublicense the Services unless expressly permitted in a written Enterprise Agreement;
• misrepresent BlueNexus branding, sovereignty guarantees, or capabilities;
• attempt to bypass or override sovereign account permissions, consent signals, revocation mechanisms, or End User-controlled transitions;
• engage in excessive traffic generation, abuse of rate limits, or behaviour that degrades platform performance.

You must comply with the End User Terms, Privacy Policy, DPA, and all published Integration and Implementation Guidelines.

5. Implementation Requirements

Developers must:

• follow all technical, security, and integration guidelines made available by BlueNexus;
• clearly disclose to End Users whether your application uses confidential or non-confidential LLM or compute workflows;
• display the attribution:
  “Powered by the BlueNexus Trust Network”
  linking to https://www.bluenexus.ai/network/secure?source=<yourdomain> ;
• retain all BlueNexus connection, consent, and sovereignty-claim screens unless explicitly approved by BlueNexus;
• maintain compatibility with updated connection and consent flows within commercially reasonable timeframes.

Failure to comply may result in suspension or termination.

6. Third-Party Services & External Integrations

6.1 Developer-Managed Third-Party Services

“Developer-Managed Third-Party Services” refers to any Third-Party Service that you choose to integrate with your application, where you—not BlueNexus—control the integration, including the setup, configuration, API keys, routing, or data flows.

For all Developer-Managed Third-Party Services, you are solely responsible for:

• Provisioning, securing, and managing all third-party accounts, API keys, credentials, and access tokens;
• Obtaining, maintaining, and recording valid End User consent for each third-party integration you activate or use;
• Ensuring your use and your End Users’ use of such third-party services complies with all applicable third-party terms, policies, licensing, and restrictions;
• All data exchanged, transmitted, processed, or stored through Developer-Managed Third-Party Services via your implementation;
• Verifying compatibility between your chosen third-party integrations and your application.

BlueNexus has no responsibility for the behaviour, availability, pricing, functionality, or security of Developer-Managed Third-Party Services.

6.2 BlueNexus-Managed Integrations

“BlueNexus-Managed Integrations” refers to third-party connectors or integrations that BlueNexus makes available within the Platform (e.g., EMR APIs, wearable data sources, productivity tools, OAuth providers, or other connectors designated by BlueNexus).

For BlueNexus-Managed Integrations:

• They are provided as-is and as-available;
• Compatibility with your particular implementation is not guaranteed;
• Third-party changes, deprecations, or outages may affect behaviour or availability;
• BlueNexus is not responsible or liable for any third-party outages, errors, failures, service changes, pricing changes, or data inaccuracies;
• You remain responsible for obtaining lawful End User consent for any data exchanged through these integrations.

6.3 Acting on Your Instructions

If you request that BlueNexus enable or configure a BlueNexus-Managed Integration for your account:

• you grant BlueNexus permission to activate and maintain that connector solely to operate the integration;
• BlueNexus will not access, use, or disclose any third-party data obtained through the connector for any purpose other than enabling the integration or fulfilling security, regulatory, or support obligations.

7. Fees & Billing

• Services may incur fees as specified on the BlueNexus website.
• Fees are non-refundable unless required by law.
• Pricing may change with notice posted on the BlueNexus website.
• You are responsible for taxes, currency conversion fees, and charges imposed by third-party providers.
• Non-payment, failed payment methods, or overdue balances may result in suspension or termination.
• Payments are processed via third-party processors, and BlueNexus is not liable for their actions or errors.

8. Developer-Managed Accounts (Custodial Accounts)

A Developer-Managed Account is custodial, meaning the Developer retains control of the End User’s authentication keys, permissions, or routing until the End User transitions to a Sovereign BlueNexus Account.

Developers must:

• provide End Users with a clear, seamless mechanism to claim or migrate their account to a Sovereign BlueNexus Account;
• provide a method for End Users to revoke Developer access and transfer their data to a sovereign account;
• comply with all End User rights, consent flows, permissions, and revocation mechanisms;
• avoid implying that a custodial account provides sovereignty;
• ensure End Users enter into terms of use that align with BlueNexus policies;
• comply with the Universal DPA regarding controller/processor assignments.

BlueNexus may contact End Users directly for security, verification, compliance, enforcement, or sovereignty-claim purposes.

9. Data & Privacy

Data governance for both Developers and End Users is governed exclusively by:

• the BlueNexus Privacy Policy, and
• the BlueNexus Universal Data Processing Agreement.

These Terms do not override or replace either document. By using the Services, you agree to both.

10. Intellectual Property

10.1 Ownership

BlueNexus and its licensors retain all intellectual property rights in:

• the BlueNexus platform, Core Services, and Additional Services;
• sovereign identity infrastructure, key-handling mechanisms, and permission frameworks;
• confidential compute, TEE execution models, and security primitives;
• encryption systems, schemas, and data-routing architecture;
• all protocols, integrations, adapters, MCP servers, and related logic;
• User Memory systems, storage architecture, and abstractions;
• all documentation, designs, UI/UX, and hosted interfaces;
• operational metadata, logs, and system-level analytics.

No rights are transferred to you except those expressly granted.

10.2 License to Developers

Subject to compliance with these Terms, you are granted a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to access and use the Services solely to build and operate applications integrated with BlueNexus.

This license does not permit you to:

• access or copy source code, internal schemas, or algorithms;
• recreate or simulate sovereign identity flow, TEE environments, or cryptographic models;
• bypass or interfere with BlueNexus-hosted screens or interfaces;
• inspect, extract, or derive cryptographic materials or routing logic.

10.3 Prohibited Technical Conduct

You must not attempt to:

• reverse engineer or derive underlying structures of the Services;
• extract metadata schemas or permission models;
• probe internal APIs or non-public endpoints;
• reproduce or white-label BlueNexus infrastructure without agreement.

Any attempt to circumvent sovereign identity or custody boundaries is a material breach.

10.4 AI-Generated Output

For any AI-generated output delivered through the Services:

• you receive a license to use such output within your application;
• the output may not be unique or exclusive;
• you are responsible for validating all output before presenting it to End Users.

BlueNexus retains ownership of all underlying models and infrastructure.

11. Confidentiality

11.1 Definition of Confidential Information

“Confidential Information” means all non-public information disclosed by BlueNexus to you, whether orally, in writing, electronically, or through access to the Services. Confidential Information includes, without limitation:

• platform architecture, security designs, and sovereign identity mechanisms;
• confidential compute systems, TEE implementations, routing logic, and integration frameworks;
• APIs (public or private), schemas, keys, tokens, credentials, and system-level metadata;
• pricing, internal processes, roadmaps, and non-public documentation;
• any information designated as confidential or that a reasonable developer would understand to be confidential.

Confidential Information does not include information that you can demonstrate:

• (a) is or becomes publicly available without breaching these Terms;
• (b) was lawfully known to you without confidentiality obligations before disclosure;
• (c) was independently developed by you without use of BlueNexus confidential materials;
• (d) was rightfully received from a third party without confidentiality obligations.

11.2 Developer Obligations

You must:

• maintain the confidentiality of all Confidential Information using at least the same degree of care you use to protect your own confidential information (and no less than reasonable care);
• use Confidential Information solely to integrate with and operate applications on the BlueNexus Platform;
• not disclose Confidential Information to any third party except your authorised employees, contractors, or service providers who need access for permitted purposes and are bound by confidentiality obligations no less protective than these Terms;
• prevent unauthorised access, use, or disclosure of Confidential Information;
• promptly notify BlueNexus if you become aware of any unauthorised use or disclosure.

11.3 Platform Security Safeguards

You must not attempt to inspect, probe, extract, or analyse BlueNexus confidential infrastructure, including cryptographic materials, key-handling mechanisms, metadata schemas, or internal system components made visible through use of the Services.

11.4 Required Disclosures

If you are legally compelled to disclose Confidential Information, you may do so only to the extent required, and must (where legally permitted):

• provide prompt notice to BlueNexus so we may seek protective measures; and
• limit disclosure to what is strictly mandated.

11.5 Return or Destruction

Upon termination of these Terms or upon BlueNexus’ request, you must promptly return or securely destroy all Confidential Information in your possession, except where retention is required by law or necessary for limited audit, compliance, or security recordkeeping.

11.6 Survival

Confidentiality obligations survive termination of these Terms for five (5) years, except for trade secrets and security architecture details, which survive indefinitely.

12. Suspension & Termination

12.1 Developer Termination

You may stop using the Services at any time by deleting your Account or ceasing API calls.

12.2 Suspension by BlueNexus

We may suspend or restrict access, with or without notice, if:

• you fail to pay fees or your payment method fails;
• your use creates security, legal, operational, or compliance risks;
• you violate acceptable use rules or attempt to manipulate hosted interfaces;
• your integration harms the Platform, End Users, or third-party providers.

Suspension does not relieve you of payment obligations.

12.3 Termination by BlueNexus

BlueNexus may terminate your access immediately if:

• you materially breach these Terms and fail to cure within 10 days;
• the breach is not reasonably curable;
• you engage in unlawful activity or compromise platform integrity.

Upon termination:

• all API keys are revoked;
• all access ceases;
• all fees incurred remain payable;
• no refunds are provided.

Data may be deleted after 30 days, subject to legal obligations.

12.4 Discontinuation of Services

BlueNexus may discontinue any Service or the Platform on 30 days’ notice. Any refunds are at BlueNexus’ sole discretion.

12.5 Force Majeure

Neither party is liable for delays caused by events outside reasonable control (e.g., natural disasters, cyberattacks, government actions). You remain responsible for usage fees incurred prior to such events.

13. Disclaimers, Limitation of Liability & Indemnity

13.1 Disclaimer

The Services are provided “as-is” and “as available”, without warranties of any kind.

13.2 Limitation of Liability

Except where prohibited by law, BlueNexus’ total liability is limited to the fees you paid in the preceding 12 months. This limitation does not apply to unavoidable liabilities under applicable Australian law.

13.3 Indemnity

You agree to indemnify and hold harmless BlueNexus from claims arising out of:

• your misuse of the Services;
• your handling of User Data;
• your End Users’ actions;
• your use of Third-Party Services;
• breaches of these Terms.

14. Governing Law

These Terms are governed by the laws of New South Wales, Australia. All disputes must be brought exclusively in the courts of New South Wales.

15. Updates to These Terms

We may update these Terms by posting a revised version to our website. Your continued use of the Services after changes take effect constitutes acceptance of the updated Terms.

16. Contact