Last Updated: May 4, 2026
By accessing or using oakallow (the "Service"), operated by Islemonics Studios LLC ("we", "us", "our"), you agree to be bound by these Terms of Service. If you do not agree, do not use the Service.
You must be at least 18 years old and have the legal authority to enter into these terms. If using the Service on behalf of an organization, you represent that you have authority to bind that organization.
oakallow provides a hosted REST API for governing AI agent tool execution. The Service includes: permission resolution, approval workflows, HMAC-signed execution tokens, audit logging, and related developer tools (dashboard, API builder, documentation).
The Service also includes optional notification channels that deliver approval-event notifications to third-party services you choose (Slack, PagerDuty, or arbitrary HTTPS webhook endpoints). The third-party destinations you configure are not part of the Service. They are independent services governed by their own terms; oakallow's only role is to deliver the notification payload you have asked us to send. You are responsible for the destinations you configure and for ensuring their use is consistent with your obligations to your end users.
The Service is provided "as is" and "as available." We aim for high availability but do not guarantee uninterrupted access.
oakallow operates on a prepaid credit model. You purchase credits which are consumed by billable API calls. Credits do not expire unless your account is terminated. Free credits included with new accounts expire after 30 days.
All credit purchases are final and non-refundable. By purchasing credits, you acknowledge that credits are consumed as they are used and cannot be returned. For billing questions, contact support@oakallow.io.
You agree to use the API in accordance with our documentation and rate limits. Excessive API calls, abuse of the service, or attempts to circumvent rate limits may result in throttling or account suspension.
API keys must be kept confidential. Do not embed API keys in client-side code, public repositories, or logs. Compromised keys should be revoked immediately via the dashboard.
The oakallow service, including its API, documentation, dashboard, and underlying code, is owned by Islemonics Studios LLC. Your data (tool definitions, permission rules, execution logs) remains your property. We claim no ownership over the data you submit through the API.
We implement industry-standard security measures including encryption in transit and at rest, passkey-based multi-factor authentication, API key hashing, HMAC-signed tokens, and layered access controls. You are responsible for securing your own systems that integrate with oakallow.
oakallow is not designed to process or store personally identifiable information. You must not transmit PII through the oakallow API. Detected PII patterns are automatically redacted before processing and storage as a best-effort safety net, but you remain responsible for what your agent submits. See the Acceptable Use Policy for the full list of categories covered and guidance on how to correlate records without sending identifying data.
If you discover a security vulnerability, please report it to security@oakallow.io.
oakallow exposes a Model Context Protocol (MCP) endpoint at https://api.oakallow.io/mcp. You may connect this endpoint as a custom connector or app from any MCP-compliant AI client, including Anthropic Claude (claude.ai and the Claude apps) and OpenAI ChatGPT, and authorize that client to call oakallow on your behalf using OAuth 2.1 with PKCE. Connecting an AI client is a permitted use of the Service.
Each connector authorization issues an opaque access token that you control. You may revoke a connector at any time from your AI client's connector settings, from the oakallow dashboard at oakallow.io/dashboard/security, or by calling the standard /revoke endpoint (RFC 7009). Revocation in any one place is sufficient.
You are responsible for the AI clients you connect, the prompts you submit to them, and any resulting tool calls made under your account. The AI provider operating the client (for example Anthropic for Claude, OpenAI for ChatGPT) is not a party to these Terms; their handling of your prompts and the tool-call payloads they relay is governed by their own terms and privacy policy. oakallow's role is limited to validating the bearer token, resolving permissions, dispatching the tool call, and writing audit records, as described in our Privacy Policy.
Tool-call billing, rate limits, and the Acceptable Use Policy apply to MCP traffic the same way they apply to direct REST API traffic.
oakallow does not train, fine-tune, or evaluate AI models on customer data, customer tool definitions, customer tool-call arguments, customer tool-call results, or audit records. We do not provide customer data to third parties for the purpose of training their models. Aggregate, fully de-identified service-health metrics (request counts, latency percentiles, error rates) may be used internally to operate and improve the Service.
If you connect oakallow to a third-party AI client, your prompts and the tool-call payloads relayed by that client are governed by the AI provider's own training and data-use policies. Review those policies before connecting.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, ISLEMONICS STUDIOS LLC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUE, ARISING FROM YOUR USE OF THE SERVICE. Our total liability shall not exceed the amount you paid to us in the 12 months preceding the claim.
You may close your account at any time by contacting support. We may suspend or terminate your account for violations of these terms, non-payment, or abuse. Upon termination, your API keys, enrolled passkeys, and remaining recovery codes are revoked immediately, and your data is retained for 30 days before deletion. Billing records may be retained longer where required by law.
These Terms shall be governed by and construed in accordance with the laws of the State of California, without regard to conflict of law principles. Any disputes shall be resolved in the courts of Alameda County, California.
We reserve the right to modify these Terms at any time. We will notify registered users of material changes via email at least 30 days before they take effect. Continued use of the Service after changes constitutes acceptance.
Business Address
Islemonics Studios LLC
3020 Bernal Ave Ste 1103014
Pleasanton, CA 94566
Legal Inquiries
legal@oakallow.io