Terms of Service — Munin Cloud

Last updated: 2026-04-30

These terms govern your organisation's use of Munin Cloud at app.getmunin.com, api.getmunin.com, and mcp.getmunin.com (the "Service"). Munin Cloud is operated by Apps AS, registered at Vulkan 16, 0178 Oslo, Norway ("we", "us", "Munin").

By signing up, you accept these terms on behalf of your organisation ("Customer", "you"). If you don't have authority to bind your organisation, don't sign up.

For the public marketing site, see the separate getmunin.com Terms of Use. For the open-source code under MIT, see LICENSE.

1. The Service

Munin Cloud provides a hosted, multi-tenant version of the Munin business-app suite — Knowledge Base, Conversations, CRM, CMS — accessible via a web dashboard, REST API, and the Model Context Protocol (MCP) server at mcp.getmunin.com.

The MCP server serves two distinct caller types:

  • Admin agents (your connected AI tooling, such as Claude Desktop, Cursor, internal automation) authorised by your organisation via OAuth 2.1.
  • End-user agents (your customers' voice bots, web chatbots, mobile assistants) authorised by delegated tokens that you mint server-side from your backend, scoped to a single end-user record.

2. Accounts and access

You are responsible for:

  • the accuracy of information you provide at sign-up;
  • safeguarding credentials, OAuth tokens, API keys, and end-user delegated tokens;
  • the activity of every user, agent, and key under your organisation;
  • promptly revoking compromised credentials (POST /api/v1/api-keys/:id/revoke, conv_widget_rotate_key, dashboard).

The first user to sign up an organisation is the organisation admin until reassigned. Team invitations require an admin to issue them.

3. Acceptable use

You will not, and will not permit any user, agent, or end-user to:

  • use the Service to violate law, infringe rights, or send spam;
  • attempt to circumvent tenancy, RLS, or scope boundaries;
  • probe, scan, or test the Service's vulnerabilities except through our published Security Policy;
  • use the Service to harass, defraud, or deceive end-users (including by representing AI-generated content as human without disclosure where law requires);
  • use the Service to circumvent another platform's terms of service (e.g. routing automated calls in violation of Twilio's AUP);
  • reverse-engineer or attempt to extract source other than the parts published under MIT;
  • resell or sublicense the Service except under an explicit written reseller / partner agreement with us;
  • circumvent or attempt to inflate the published quotas through deliberate org-splitting or similar evasion;
  • use the Service to operate critical safety systems, life-support, or any application where failure could cause death, personal injury, or severe environmental damage.

We may suspend or terminate access (in whole or in part) for violations or to protect the Service. We aim to give notice unless doing so would harm investigation or other customers.

4. Connected agents and end-user delegated tokens

You acknowledge that:

  • Actions performed by AI agents authorised under your organisation are your actions for the purposes of these terms — including agents you connect via OAuth and end-user agents acting under delegated tokens you minted.
  • AI agents are non-deterministic and may produce incorrect, biased, or unintended output. We provide tools, scope boundaries, audit logging, and prompt-injection defences, but you are responsible for designing your agents' instructions, validating outputs before any consequential action, and supervising agent behaviour.
  • Prompt injection. Inbound channel content (email bodies, widget messages, voice/SMS transcripts when those adapters are enabled) may attempt to manipulate connected agents. You accept this risk; we will not be liable for losses caused by an agent acting on injected instructions, except to the extent caused by our gross negligence or wilful misconduct.

5. Customer data

You retain all rights, title, and interest in the data your organisation submits to the Service ("Customer Data") — knowledge-base articles, conversations, contacts, companies, deals, activities, CMS entries, assets, audit logs.

You grant us a limited, non-exclusive licence to host, process, transmit, generate embeddings from, back up, and otherwise act on Customer Data solely to provide and improve the Service for you. We will not use Customer Data to train AI models, sell it, or share it with third parties beyond the subprocessors disclosed in our Privacy Policy. Aggregated, fully anonymised metrics (e.g. "average tools called per session") may be used to improve the product and report on platform health.

You represent that you have all rights necessary to submit Customer Data and to grant us this licence, including any rights of any individual whose personal data is included.

6. Privacy and Data Processing

Our processing of personal data within Customer Data is governed by our Privacy Policy. A Data Processing Agreement (DPA) reflecting the EU GDPR's Article 28 requirements is available on request from privacy@getmunin.com when paid plans launch.

7. Pricing during alpha

Munin Cloud is in alpha and free to use during this period, subject to the quotas published in the dashboard. We may change the free-tier quotas with 30 days' notice and may suspend organisations that have been inactive for 12 months.

Paid plans are not yet available. When we introduce them, pricing will be published at getmunin.com and existing organisations will be given at least 30 days' notice and the choice to remain on a free tier (subject to revised quotas) or upgrade. Until paid plans launch we do not collect payment information and we do not charge for the Service.

8. Service availability

Munin Cloud is currently in alpha and is provided on a best-effort basis. We do not commit to a contractual uptime SLA at this stage and will notify affected customers of any incident affecting their data.

When we move out of alpha and offer SLAs on specific plans, those SLAs will be added to these terms or to a separate, plan-specific addendum. Until then, no SLA is implied.

9. Suspension and termination

You may terminate at any time from the dashboard or by emailing support@getmunin.com. On termination:

  • Customer Data is deleted within 30 days, with backups rolling off within a further 35 days.
  • You can request an export before termination via the export endpoints; we will not preserve data beyond the deletion window solely on request.

We may terminate for material breach with 14 days' notice and an opportunity to cure where reasonably possible. We may terminate immediately for unlawful use or where required by law.

10. Intellectual property

We and our licensors retain all rights in the Service, including the Munin trademark and any portions not released under MIT. The MIT-licensed open-source components remain governed by the MIT License regardless of whether your account is active.

You retain all rights in Customer Data. Feedback you submit (suggestions, ideas, bug reports) is non-confidential; you grant us a perpetual, royalty-free licence to use it without obligation.

11. No warranty

The Service is provided "as is" and "as available". To the maximum extent permitted by law we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, non-infringement, accuracy of AI-generated outputs, and freedom from interruption or error. Open-source components are governed by their licences (the MIT License disclaims warranties for the MIT-licensed code).

12. Limitation of liability

To the maximum extent permitted by law:

  • Neither party will be liable for indirect, incidental, special, consequential, or punitive damages, or for lost profits, lost data (subject to the next paragraph), or lost goodwill, even if advised of the possibility.
  • Each party's total aggregate liability arising out of or relating to these terms or the Service will not exceed €100. (When paid plans launch, this cap will be revised to the greater of (a) the fees paid in the 12 months before the event giving rise to the claim, and (b) €100.)

Nothing in these terms limits liability that cannot be limited under applicable law (including liability for fraud, gross negligence, wilful misconduct, or death/personal injury caused by negligence).

13. Indemnity

You will defend and indemnify us against third-party claims arising out of: (a) your or your users' violation of these terms; (b) your Customer Data infringing a third party's IP or privacy rights; (c) actions taken by AI agents you connected to the Service. We will defend and indemnify you against third-party claims that the Service, used as documented and within these terms, infringes a third party's intellectual-property rights, subject to the limit in Section 12.

In each case the indemnified party must promptly notify the indemnifying party, allow it to control the defence (with reasonable cooperation), and not settle without consent.

14. Data Processing Agreement (DPA)

A standard DPA reflecting GDPR Article 28 obligations is available on request from privacy@getmunin.com and identifies our subprocessors (also listed in the Privacy Policy). When paid plans launch the DPA will be incorporated by reference into these terms automatically; during alpha it is available on request and signed individually.

15. Force majeure

Neither party is liable for failure or delay caused by events beyond reasonable control (natural disasters, war, civil unrest, government action, internet or power outages affecting subprocessors), to the extent such events prevent performance.

16. Changes to these terms

We may update these terms. Material changes will be notified to account admins at least 30 days in advance. Continued use after the effective date constitutes acceptance. If you reject a material change you may terminate the Service before the effective date.

17. Assignment

You may not assign these terms without our prior written consent, except to a successor in connection with a merger or sale of all or substantially all of your business. We may assign to an affiliate or successor on similar terms with notice.

18. Notices

Notices to us: legal@getmunin.com, with a copy to Vulkan 16, 0178 Oslo, Norway. Notices to you: the email address of your account admin. Either party may update its notice address by giving written notice.

19. Governing law and venue

These terms are governed by the laws of Norway, without regard to its conflict-of-laws rules. Disputes will be brought before the ordinary courts of Oslo, Norway, except that consumers (where the Service is used outside their trade or profession) retain the right to bring proceedings in the courts of their country of residence under mandatory consumer-protection law.

20. Entire agreement and severability

These terms, together with the Privacy Policy, the DPA (when applicable), and any plan-specific addenda, constitute the entire agreement between us about the Service and supersede any prior agreement on the same subject. If a clause is held unenforceable, the rest remains in effect; the unenforceable clause will be reformed to the minimum extent necessary to make it enforceable.

21. Contact

Apps AS Vulkan 16, 0178 Oslo, Norway legal@getmunin.com — contractual / commercial privacy@getmunin.com — privacy / data subject rights security@getmunin.com — security disclosures support@getmunin.com — operational support