AIOrouter Terms of Service
Version: 1.3.0 Effective Date: 2026-06-14 French Version: Conditions d'utilisation (FR)
1. Acceptance of Terms
By accessing or using the AIOrouter API proxy service ("the Service"), operated by AIOCANA Technologies Inc. ("AIOrouter", "we", "us", "our"), you ("you", "User") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.
These Terms incorporate by reference:
- Our Privacy Policy — how we handle your data
- Our Data Processing Agreement (DPA) — for enterprise customers processing personal data
2. Service Description
AIOrouter is an API proxy and intelligent routing service that provides developers with unified, OpenAI-compatible access to multiple AI model providers through a single endpoint. Key features include:
- Multi-provider aggregation — access DeepSeek, Qwen, Kimi, GLM, Gemini, Claude, and other AI models through one API
- Privacy protection — automatic PII pseudonymization, technical secret redaction, and AI Firewall (configurable per API key via the Dashboard)
- Intelligent routing — automatic provider selection based on availability, cost, and task type
- Automatic fallback — if your primary provider is unavailable, requests are automatically routed to the next best alternative
The Service is provided on a best-effort basis during the public beta phase. Post-beta, we target 99% uptime (SLA terms to be published separately).
3. Account Registration & Security
3.1 Registration
You must provide accurate, complete registration information and keep it updated. You are responsible for all activity under your account.
3.2 API Key Security
You will receive an API key (format: ak- + 43-character base64url string (V2.23.0)) upon registration. You are solely responsible for:
- Maintaining the confidentiality of your API keys
- All API requests made with your keys (whether authorized by you or not)
- Notifying us immediately of any unauthorized use at support@aiorouter.ca
You must NOT:
- Share your API keys publicly (e.g., in GitHub repositories, blog posts, or client-side code)
- Embed API keys in mobile apps, browser extensions, or other client-distributed software
- Use API keys for any purpose other than accessing the Service
If you suspect your API key has been compromised, rotate it immediately via the Dashboard. AIOrouter scans public code repositories for leaked keys and may proactively revoke compromised keys.
3.3 Dashboard Authentication
Dashboard access is secured by AIOrouter's Canada-resident Auth Enclave with passkey/WebAuthn-first authentication, TOTP fallback, recovery codes, and session controls. You are responsible for maintaining the security of your authentication credentials, passkeys, MFA devices, and recovery codes.
Optional OAuth or enterprise SSO may be offered in the future only as an opt-in identity provider integration with separate disclosure and approval. API keys do not authenticate Dashboard sessions.
4. Subscription & Billing
All prices are in Canadian Dollars (CAD). GST/HST is added for Canadian customers as required by law.
4.1 Top-Up Balance
Top-Up balance is available in multiple pack sizes and is supplemental credit for active subscribers. Top-Up balance:
- Never expire
- Are deducted from your balance as you use the Service at the then-current per-token rate
- Is automatically refunded at 95% of remaining Top-Up balance when you cancel your subscription, subject to applicable law and successful refund processing
- Can be viewed at any time in your Dashboard
4.2 Monthly Subscriptions
Monthly subscriptions (Explorer, Developer, Professional, Business tiers) include:
- A provider-cost indexed monthly allowance, calculated at the locked allowance price for the billing period, which resets on your monthly billing date
- Unused allowance does NOT roll over to the next billing period, EXCEPT when you change plans mid-cycle: your unused allowance is preserved and added to your new plan's allowance (you never lose what you've already paid for)
- Plan changes are immediate: you pay the full monthly fee of the new plan at the time of change, and your billing cycle restarts. No prorated charges or credits apply.
- All tiers hard-stop at quota exhaustion (402). Top-Up balance is supplemental credit that extends usage after your monthly allowance is exhausted — it is not automatic overage.
- Subscriptions auto-renew each month until cancelled
4.3 Pricing Changes
We may adjust retail pricing with 30 days notice. Provider price changes may cause automatic retail price adjustments (increases take effect immediately; decreases apply after a 24-hour verification delay).
4.4 Payment Processing
Payments are processed securely by Stripe. We do not store your full credit card number. By providing payment information, you authorize Stripe to process payments on our behalf per Stripe's terms.
4.5 Taxes
You are responsible for all applicable taxes. GST/HST (5-15% depending on province) is added to invoices for Canadian customers per Canada Revenue Agency (CRA) requirements. Tax-exempt organizations must provide valid exemption certificates.
4.6 Refunds
- Top-Up balance: When you cancel your subscription, remaining Top-Up balance is automatically refunded at 95%. Top-Up usage balance does not expire by age. If the automatic refund rail fails, the balance enters manual review while we preserve the refund obligation and audit record.
- Monthly subscriptions: Non-refundable for the current billing period. You may cancel at any time — cancellation takes effect at the end of the current billing period
- Refund support: Contact billing@aiorouter.ca if payment details need to be updated for a failed automatic refund.
4.7 Failed Payments
If a subscription payment fails, we will notify you and retry. Continued non-payment may result in service suspension. Top-Up balances remain tracked separately from subscription status.
4.8 Unauthorized Usage
You are solely responsible for all charges incurred through your API keys, including charges from unauthorized use resulting from your failure to secure your credentials. AIOrouter is under no obligation to refund or credit charges from unauthorized API key usage. You should monitor your usage regularly via the Dashboard and rotate compromised keys immediately. If you suspect your API key has been compromised, see §3.2 for key rotation procedures.
5. Acceptable Use Policy
You agree NOT to use the Service for any purpose that violates these Terms or applicable law.
5.1 Prohibited Content
You may not use the Service to generate, distribute, or facilitate:
- Illegal content under Canadian federal or provincial law
- Content promoting violence, terrorism, or hate speech against individuals or groups based on race, ethnicity, religion, gender, sexual orientation, disability, or other protected characteristics
- Malicious content — malware, phishing schemes, social engineering attacks, or content designed to harm or deceive
- Attempts to bypass Service safeguards — attempts to manipulate, evade, or defeat AIOrouter controls or underlying model safety behavior
- Intellectual property violations — content that infringes on copyrights, trademarks, trade secrets, or patents
- Harassment or stalking — content intended to intimidate, threaten, or harass individuals
- Sexually explicit content involving minors — zero tolerance, immediate account termination, and reporting to law enforcement
- Non-consensual intimate imagery — zero tolerance, immediate termination
5.2 Prohibited Conduct
You may not:
- Scrape, crawl, or systematically extract data from the Service
- Reverse engineer, decompile, or attempt to extract model weights, algorithms, or proprietary Service components
- Resell or redistribute AIOrouter access without written authorization
- Circumvent rate limits through multiple accounts, API keys, or automated means
- Attempt to bypass privacy filtering, abuse-prevention controls, or any security measure, except through the authorized Shield Disable feature on your Dashboard API key settings
- Use the Service for any activity that violates PIPEDA, Quebec Law 25, or applicable privacy regulations
- Impersonate AIOrouter or misrepresent your affiliation with us
5.3 Enforcement
AIOrouter reserves the right, at its sole discretion, to:
- Block specific prompts or requests that violate this AUP
- Suspend or terminate accounts for AUP violations
- Report illegal activity to law enforcement authorities
- Cooperate with legal investigations and disclose information as required by law
We will make reasonable efforts to notify you before suspension or termination, except in cases of ongoing harm, legal requirement, or technical emergency.
5.4 Shield Disable Feature
AIOrouter provides a Shield Disable feature that allows you to configure an API key to bypass PII pseudonymization, technical secret redaction, and template injection protection. When Shield is disabled on an API key:
- Your raw prompts — including any personal information, API keys, passwords, credit card numbers, or other sensitive data they contain — are transmitted directly to third-party AI model providers without filtering or redaction.
- The AI Firewall continues to operate and may still block requests for detected prompt injection, jailbreak attempts, or abuse patterns.
- You accept full responsibility for all data transmitted through Shield-disabled API keys, including any personal information, credentials, or regulated data that reaches third-party providers.
- The indemnification provisions in §10 apply to all Shield-disabled traffic.
You may have at most one (1) Shield-disabled API key among your active keys. Shield-disabled status is clearly indicated in your Dashboard API key list and via the X-AIORouter-Shield response header on every API response. Shield can be re-enabled at any time from the Dashboard without additional verification.
6. API Usage & Rate Limits
6.1 Rate Limits
Rate limits apply per API key based on your subscription tier:
- Standard limits displayed in API response headers (
X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset) - Higher limits available on higher subscription tiers
- Rate limit status viewable in your Dashboard
6.2 Excessive Usage
We may throttle or contact you if your usage deviates significantly from normal patterns. Excessive automated usage that impacts Service availability for other users may result in temporary throttling.
6.3 API Versioning
The Service supports API versioning via the API-Version header (e.g., API-Version: 2026-06-01). Each version is maintained with backward compatibility for at least 12 months. Deprecation notices are communicated via the Sunset response header and email notification.
7. Intellectual Property
7.1 AIOrouter IP
The AIOrouter Service, software, branding, and documentation are owned by AIOCANA Technologies Inc. and protected by Canadian and international intellectual property laws. These Terms do not grant you any right, title, or interest in AIOrouter's intellectual property beyond the limited right to use the Service.
7.2 Your Content
- You retain ownership of your prompts and the AI-generated responses you receive through the Service
- AIOrouter does NOT claim any ownership over your prompts or generated content
- AIOrouter does NOT use your prompts to train, fine-tune, or improve AI models
7.3 Feedback
If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, royalty-free license to use that feedback for any purpose.
8. Service Availability & Disclaimers
8.1 Beta Phase
During the public beta phase, the Service is provided "AS IS" and "AS AVAILABLE" without any service level agreement (SLA). We will make reasonable efforts to maintain availability but do not guarantee uninterrupted service.
8.2 Third-Party Dependencies
The Service depends on third-party AI providers (DeepSeek, Qwen, Kimi, GLM, and others). AIOrouter is not responsible for:
- Provider outages, service degradations, or API changes
- Changes to provider pricing, model availability, or terms of service
- Quality, accuracy, or appropriateness of AI model outputs
8.3 Automatic Fallback
The Service may automatically fail over to alternative providers when your primary provider is unavailable. Fallback may result in different model behavior, capabilities, or response quality.
8.4 AI Model Output Disclaimer
AI-GENERATED CONTENT MAY CONTAIN ERRORS, INACCURACIES, BIASES, OR INAPPROPRIATE MATERIAL. You are solely responsible for:
- Reviewing and validating all AI outputs before use
- Ensuring AI-generated content complies with applicable laws and regulations
- Any decisions or actions taken based on AI-generated content
AIOrouter makes no warranties regarding the accuracy, completeness, or fitness-for-purpose of AI model outputs.
8.5 No Security Guarantee; Shared Responsibility
AIOrouter employs commercially reasonable security measures including encrypted transport, privacy filtering, abuse-prevention controls, hashed API-key storage, access controls, and Canada-resident infrastructure. These measures represent commercially reasonable efforts consistent with current best practices.
HOWEVER, YOU ACKNOWLEDGE AND AGREE THAT:
(a) No computer system is immune from intrusion. AIOrouter does not and cannot guarantee that our security measures will prevent all unauthorized access, data breaches, or cyberattacks.
(b) The threat landscape evolves continuously. Novel attack vectors, zero-day vulnerabilities, AI-specific adversarial techniques, and supply chain compromises may defeat any security system.
(c) Security is a shared responsibility. You must secure your API keys, authentication credentials, MFA devices, and recovery codes. AIOrouter is not responsible for breaches originating from your failure to maintain adequate security on your end.
(d) To the maximum extent permitted by law, AIOrouter disclaims all liability for security incidents except where directly and solely caused by our gross negligence or willful misconduct.
8.6 Privacy Filtering Limitations
AIOrouter's privacy filtering system is designed to reduce the exposure of sensitive personal information before request content is forwarded to AI model providers outside Canada.
YOU ACKNOWLEDGE THAT:
(a) Sensitive-information detection is inherently probabilistic. Novel formats, obfuscated data, mixed-language text, and edge cases may not be detected by our current controls.
(b) AIOrouter makes no warranty that all sensitive personal information will be detected before provider routing.
(c) You are responsible for ensuring that you do not submit sensitive personal information in prompts if zero export is required for your use case.
(d) AIOrouter continuously improves its privacy controls but cannot guarantee detection of future or unknown sensitive-information formats.
9. Limitation of Liability
9.1 Liability Cap
TO THE MAXIMUM EXTENT PERMITTED BY LAW, AIOCANA TECHNOLOGIES INC.'S TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICE IS LIMITED TO THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
9.2 Exclusion of Damages
IN NO EVENT SHALL AIOCANA TECHNOLOGIES INC. BE LIABLE FOR:
- Indirect, incidental, special, consequential, or punitive damages
- Loss of profits, revenue, data, business opportunity, or goodwill
- Damages arising from unauthorized use of your API keys, whether caused by your failure to secure credentials, third-party attacks, or any other circumstance beyond our direct and exclusive control
- Damages arising from PII that escapes our scrubbing layer, including where our automated scanning fails to detect novel or obfuscated PII patterns. You acknowledge that no automated security system is infallible and accept this residual risk
- Provider outages, model unavailability, or API changes beyond our control
- AI model output quality, accuracy, bias, hallucinations, or inappropriateness — AI-generated content is inherently non-deterministic and may contain errors. You are solely responsible for human review of all AI outputs before use
- Cybersecurity incidents including DDoS attacks, zero-day exploits, supply chain compromises, or any attack that defeats our security controls despite our commercially reasonable efforts
- Unauthorized access to your account resulting from your failure to secure your API keys or authentication credentials
9.3 Basis of Bargain
You acknowledge that the limitations of liability, disclaimers of warranty, and security limitations set forth in these Terms (including but not limited to §8.5 No Security Guarantee, §8.6 Privacy Filtering Limitations, and §9.2 Exclusion of Damages) are a fundamental basis of the bargain and that AIOrouter would not provide the Service without them.
9.4 Statutory Rights
Some jurisdictions do not allow the exclusion or limitation of certain warranties or liabilities. These Terms do not affect your statutory rights that cannot be waived or limited by contract.
10. Indemnification
You agree to indemnify, defend, and hold harmless AIOCANA Technologies Inc., its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising from or related to:
- Your use of the Service
- Your violation of these Terms
- Your violation of third-party rights (including intellectual property or privacy rights)
- Content you generate or distribute using the Service
- Your failure to secure your API keys or authentication credentials, including any resulting unauthorized access, data exposure, or financial charges
- Any PII you submit in prompts that bypasses our scrubbing layer, including where such PII is transmitted to third-party AI providers
- Any security incident originating from your systems, applications, or credentials
- Your failure to comply with applicable privacy laws (PIPEDA, Quebec Law 25, GDPR, or other applicable regulations) in your own use of AI outputs or handling of personal data
11. Termination
11.1 By You
You may stop using the Service at any time. To close your account, contact support@aiorouter.ca or use the Dashboard account deletion flow. Account deletion includes:
- 30-day grace period (deletion can be cancelled during this period)
- Immediate API key revocation upon submission
- Subscription cancellation (no further charges)
- Permanent data deletion after the grace period (except billing records per CRA requirements)
11.2 By Us
We may suspend or terminate your account:
- For violation of these Terms (with notice where feasible)
- For extended non-payment
- If required by law or legal process
- If you cease business operations or enter bankruptcy proceedings
11.3 Effect of Termination
Upon termination:
- API key access is immediately revoked
- Dashboard access is revoked
- Top-Up balances: handled under the Top-Up refund policy, including 95% remaining-balance refund on customer subscription cancellation and manual review if automatic refund rails fail, except where applicable law or a ToS violation requires a different result
- Data is handled per our Privacy Policy retention schedule
- Provisions that by their nature should survive termination (Intellectual Property, Limitation of Liability, Indemnification, Governing Law) continue in effect
12. Governing Law & Dispute Resolution
12.1 Governing Law
These Terms are governed by and construed in accordance with the laws of the Province of Quebec and the federal laws of Canada, without regard to conflict of law principles.
12.2 Dispute Resolution Process
Step 1 — Informal Resolution (30 days): Before filing any formal claim, you agree to contact us at privacy@aiorouter.ca and attempt to resolve the dispute informally. We will do the same. Both parties agree to negotiate in good faith for at least 30 days.
Step 2 — Binding Arbitration: If informal resolution fails, disputes shall be resolved by binding arbitration administered by the Canadian Arbitration Association in accordance with its Commercial Arbitration Rules. The arbitration shall take place in Montreal, Quebec, Canada, and be conducted in English (or French, at your election).
12.3 Class Action Waiver
TO THE MAXIMUM EXTENT PERMITTED BY LAW, YOU AGREE THAT ALL DISPUTES SHALL BE RESOLVED ON AN INDIVIDUAL BASIS ONLY. YOU WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR REPRESENTATIVE PROCEEDING.
12.4 Small Claims Exception
Notwithstanding the arbitration agreement, either party may bring an individual claim in small claims court in Montreal, Quebec, provided the claim falls within the court's jurisdictional limits.
12.5 Time Limit
Any claim must be filed within one (1) year of the event giving rise to the claim, or it is permanently barred.
13. Changes to Terms
We may update these Terms from time to time. For material changes:
- We will notify you via email at least 30 days before the changes take effect
- We will display a notice in your Dashboard
- For material changes (not clarifications or formatting), you will be prompted to re-accept the Terms at your next Dashboard login
- Continued use of the Service after the effective date constitutes acceptance of the updated Terms
If you do not agree to the updated Terms, you must stop using the Service and may close your account per Section 11.1.
14. General Provisions
14.1 Entire Agreement
These Terms, together with the Privacy Policy and any applicable DPA, constitute the entire agreement between you and AIOCANA Technologies Inc. regarding the Service and supersede all prior agreements.
14.2 Severability
If any provision of these Terms is found unenforceable, that provision shall be limited to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.
14.3 No Waiver
Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision.
14.4 Assignment
You may not assign these Terms or your rights without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.
14.5 Force Majeure
We are not liable for delays or failures in performance resulting from causes beyond our reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, government action, internet or power outages, and third-party service failures.
14.6 Relationship of Parties
These Terms do not create a partnership, joint venture, employment, or agency relationship between you and AIOCANA Technologies Inc.
14.7 Contact
| Purpose | Contact |
|---|---|
| General Support | support@aiorouter.ca |
| Billing Inquiries | billing@aiorouter.ca |
| Privacy & Legal | privacy@aiorouter.ca |
| Physical Address | AIOCANA Technologies Inc., Ottawa, Ontario, Canada |
Related Documents:
- Privacy Policy — How we handle your personal information
- Data Processing Agreement (DPA) — For enterprise customers processing personal data