Terms of Service

Last updated: February 2026

Overview

Snapper is a source-available Agent Application Firewall distributed under the PolyForm Noncommercial License 1.0.0. These terms govern your use of the Snapper website (snapper.bot) and related web services. Use of the Snapper software itself is governed by the PolyForm Noncommercial License and the full software terms (TERMS.md) in the repository.

Beta Software

Snapper is currently in beta. The Software is under active development and may contain bugs, incomplete features, or unexpected behavior. Features, APIs, and data formats may change at any time without notice. The Software has not undergone independent security auditing. We strongly recommend maintaining independent backups of any data stored by the Software. Your use during the beta period is voluntary and at your own risk.

Eligibility

You must be at least 18 years of age and have the legal capacity to enter into a binding agreement in your jurisdiction to use the Software. If you are using the Software on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these terms.

No Warranty

Snapper is provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement.

No Security Guarantee

While Snapper is designed to enhance the security of AI agent operations, no security tool can guarantee complete protection. Snapper does not guarantee that it will detect, block, or prevent all threats, unauthorized actions, data exfiltration, or security incidents. You are responsible for your own security posture, configuration, and risk assessment.

Limitation of Liability

In no event shall the McKinley Labs LLC, its officers, directors, employees, contributors, or agents be liable for any claim, damages, or other liability — whether in an action of contract, tort, or otherwise — arising from, out of, or in connection with the software or the use or other dealings in the software. This includes, without limitation, any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to loss of data, loss of profits, or unauthorized access to systems or data.

Indemnification

You agree to indemnify and hold harmless the McKinley Labs LLC from any claims, damages, losses, or expenses (including reasonable attorney's fees) arising from your use of the software or website, your violation of these terms, or your violation of any rights of a third party.

Your Responsibilities

You are solely responsible for configuring Snapper correctly for your environment, determining whether Snapper is appropriate for your use case, complying with all applicable laws and regulations, securing your own infrastructure, credentials, and API keys, and any actions taken by AI agents operating under your control — whether or not those actions pass through Snapper.

You are responsible for selecting which AI agents you choose to use, and for conducting your own due diligence regarding their behaviors, capabilities, security posture, and terms of service. Snapper does not endorse, certify, or guarantee the safety or reliability of any third-party AI agent.

You are responsible for the tasks you instruct AI agents to perform. You agree not to use Snapper to facilitate, enable, or conceal any activity that is illegal, fraudulent, harmful, or otherwise irresponsible. Snapper is a security tool designed to add oversight to agent actions — it is not a substitute for sound judgment about what you ask an agent to do.

You agree to exercise extreme care when instructing an AI agent to perform any task involving personally identifiable information (PII), whether your own or that of any third party. While Snapper's PII vault is designed to reduce exposure of sensitive data, you remain solely responsible for ensuring that any use of PII complies with applicable privacy laws and regulations, that you have obtained any necessary consent or authorization before providing PII to an AI agent, and that the handling of such data is appropriate for your jurisdiction and use case.

Acceptable Use

You agree to use the Software only for lawful purposes. You shall not use the Software to facilitate illegal or fraudulent activity, secure AI agents used to access systems without authorization, process third-party PII without consent, circumvent security features of any system, develop or deploy malware, conduct unauthorized security testing, or misrepresent Snapper's capabilities as satisfying specific compliance obligations without independent verification.

Financial Transactions and Real-World Actions

Snapper enables AI agents to perform real-world actions on your behalf, including filling out payment forms, submitting credentials, and executing financial transactions. You are solely responsible for any transaction initiated by an agent under your control, whether or not it was approved through Snapper. Approval of an action via Telegram or Slack constitutes your authorization — accidental, rushed, or uninformed approvals are your responsibility. We are not liable for unauthorized purchases, incorrect payments, fraud, or any financial loss resulting from agent actions.

Mobile and Desktop Approval Risks

Approval requests delivered to mobile devices or desktop applications (Telegram, Slack) carry inherent risks including accidental approval, compromised devices, and notification fatigue. You are responsible for securing any device used to respond to Snapper approvals. The "Allow Always" feature permanently authorizes a class of actions without future review — use it only when you fully understand the implications.

Vulnerability Disclosure

If you discover a security vulnerability in Snapper, please report it responsibly via GitHub Security Advisories (preferred) or by emailing [email protected] with "SECURITY" in the subject line. We will acknowledge reports within 72 hours and follow a 90-day coordinated disclosure timeline. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.

Contributor Terms

All contributions to the Snapper project require a Developer Certificate of Origin (DCO) sign-off, certifying that the contributor has the right to submit the code and agrees to license it under the project's PolyForm Noncommercial License. By submitting a contribution, you represent that your contribution is your original work (or that you have the right to submit it) and that you grant the project a perpetual, worldwide, non-exclusive, royalty-free license to use, reproduce, and distribute your contribution under the PolyForm Noncommercial License 1.0.0.

Class Action Waiver

All disputes must be brought on an individual basis only. You waive any right to participate in a class action, collective action, or representative proceeding. You waive any right to a jury trial. Any dispute shall first be attempted to be resolved through good-faith negotiation for 30 days before initiating legal proceedings.

Export Controls

The Software includes cryptographic functionality (Fernet/AES encryption) and may be subject to export control laws and regulations, including the U.S. Export Administration Regulations (EAR). You agree to comply with all applicable export and re-export control laws. You shall not use or export the Software in violation of U.S. law or the laws of your jurisdiction, including to any country, entity, or person subject to U.S. sanctions or export restrictions.

Governing Law

These terms shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of law provisions. Any disputes arising from these terms or your use of Snapper shall be resolved exclusively in the state or federal courts located in Dallas County, Texas.

Severability

If any provision of these terms is found to be unenforceable or invalid by a court of competent jurisdiction, the remaining provisions will continue in full force and effect.

Changes

We may update these terms at any time. Continued use of this website constitutes acceptance of any changes.

Contact

Questions? Open an issue at github.com/jmckinley/snapper/issues or email [email protected].

These website terms are intentionally concise. The full software terms — covering installation, self-hosting, data handling, and operational responsibilities — are in TERMS.md in the repository.