Terms of Service
Last updated: 7 April 2026
1. About Bordair
Bordair is operated as a sole trader business based in the United Kingdom. These Terms of Service ("Terms") govern your access to and use of the Bordair API, website, dashboard, SDKs, documentation, and Bordair's Castle wargame (collectively, the "Service").
Address: Russellcroft Road, Welwyn Garden City, AL8 6QY, Hertfordshire, United Kingdom
Contact: hello@bordair.io
ICO registration reference: ZC116587
2. Acceptance of terms
By accessing or using the Service, you agree to be bound by these Terms, our Privacy Policy, and any additional terms referenced herein. If you do not agree, do not use the Service.
If you are entering into these Terms on behalf of an organisation, you represent that you have the authority to bind that organisation to these Terms.
3. Eligibility
You must be at least 16 years old to use the Service. By creating an account, you represent and warrant that you are at least 16 years of age. If we learn that a user is under 16, we will promptly delete their account and associated data.
4. Accounts
You must provide a valid email address to create an account. You are responsible for:
- Maintaining the confidentiality of your API key and account credentials
- All activity that occurs under your account
- Notifying us immediately at hello@bordair.io if you suspect unauthorised access
We reserve the right to refuse registration or cancel accounts at our discretion.
5. Description of service
Bordair provides a real-time API for detecting prompt injection attacks in text, image, document, and audio inputs before they reach large language models. The Service analyses submitted content using automated detection models and returns a threat assessment. The decision to act on scan results is made by your application, not by Bordair.
6. Acceptable use
You agree not to:
- Use the Service for any unlawful purpose or in violation of any applicable laws
- Attempt to reverse-engineer, decompile, or extract the detection models
- Deliberately submit inputs designed to degrade service quality for other users
- Resell or redistribute API access without prior written permission
- Exceed your plan's rate limits through circumvention (e.g. rotating API keys)
- Use the Service to develop a competing product or service
- Interfere with or disrupt the integrity or performance of the Service
- Attempt to gain unauthorised access to any part of the Service or its systems
Violation of this section may result in immediate suspension or termination of your account.
7. API usage and credits
Each plan includes a credit allowance (weekly and per-minute). Different scan types consume different credit amounts:
| Scan type | Credits per scan |
|---|---|
| Text | 1 credit |
| Image | 10 credits |
| Document | 15 credits |
| Audio | 15 credits |
Exceeding your plan's limits will result in HTTP 429 responses until the limit resets. Unused credits do not carry over between billing periods.
8. Pricing and payment
Free tier accounts are available at no charge with limited credits. Paid plans are billed monthly via Stripe, Inc. All prices are listed on our pricing page in US dollars and are exclusive of any applicable taxes.
We reserve the right to change pricing with at least 30 days' written notice to affected users. Price changes will not apply to the current billing period.
9. Consumer cancellation rights
If you are a consumer based in the United Kingdom or European Economic Area, you have the right to cancel your subscription within 14 days of purchase without giving any reason, in accordance with the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 and/or EU Directive 2011/83/EU.
To exercise your right of cancellation, notify us by email at hello@bordair.io. If you have used the Service during the cancellation period, you may be charged a proportionate amount for the service consumed.
After the 14-day cancellation period, you may cancel your subscription at any time. Cancellation takes effect at the end of the current billing period. No refunds are provided for partial months of service after the statutory cancellation period has expired.
10. Data handling and privacy
We do not store the raw content of your API requests. Only a one-way SHA-256 hash, scan result, and metadata are logged. Our full data handling practices, your rights under UK GDPR, the Data Protection Act 2018, and the CCPA (for California residents) are detailed in our Privacy Policy, which forms part of these Terms.
11. Service availability
We aim for high availability but do not guarantee 100% uptime on free or Individual plans. Business plans include a 99.9% uptime SLA, measured monthly. Enterprise customers may negotiate custom SLAs.
Planned maintenance will be communicated in advance where possible. We are not liable for downtime caused by factors outside our reasonable control, including internet outages, third-party service failures, or force majeure events.
12. Intellectual property
The Bordair API, detection models, website, documentation, Bordair's Castle, and all related software and content are the intellectual property of Bordair. Your use of the Service does not grant you any ownership rights or licence except the limited right to use the Service in accordance with these Terms.
You retain all rights to the data you submit through the API. By using the Service, you grant Bordair a limited licence to process your submissions solely for the purpose of providing the Service.
13. Limitation of liability
To the fullest extent permitted by law, the Service is provided "as is" and "as available" without warranties of any kind, whether express, implied, or statutory, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Bordair is not liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from:
- False negatives (malicious inputs not detected by the Service)
- False positives (benign inputs incorrectly flagged)
- Service outages, interruptions, or latency issues
- Any downstream consequences of relying on scan results
- Loss of data, profits, or business opportunities
In no event shall Bordair's total aggregate liability exceed the amount you paid for the Service in the 12 months preceding the claim, or 100 GBP, whichever is greater.
Nothing in these Terms excludes or limits liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot be excluded or limited by applicable law.
14. Indemnification
You agree to indemnify, defend, and hold harmless Bordair from and against any claims, damages, losses, costs, and expenses (including reasonable legal fees) arising from: (a) your use of the Service; (b) your violation of these Terms; or (c) your violation of any rights of a third party.
15. Termination
We may suspend or terminate your access to the Service immediately if you violate these Terms, or with 30 days' notice for any other reason. You may cancel your account at any time by emailing hello@bordair.io or through the dashboard.
Upon termination:
- Your API key will be revoked immediately
- Scan logs will be deleted within 90 days
- Account information will be deleted within 30 days, subject to any legal retention requirements
Sections that by their nature should survive termination (including limitation of liability, indemnification, intellectual property, and governing law) will continue to apply.
16. Changes to terms
We may update these Terms from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "last updated" date at the top of this page will always reflect the current version.
Continued use of the Service after changes take effect constitutes acceptance of the revised Terms. If you do not agree to the revised Terms, you must stop using the Service and cancel your account.
17. Governing law and disputes
These Terms are governed by and construed in accordance with the laws of England and Wales.
If a dispute arises, we encourage you to contact us first at hello@bordair.io so we can attempt to resolve the matter informally. If we cannot resolve the dispute within 30 days, either party may pursue formal resolution.
Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales. If you are a consumer, you may also be entitled to use the UK's alternative dispute resolution (ADR) procedures or, where applicable, the European Commission's Online Dispute Resolution platform.
18. Severability
If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision will be enforced to the maximum extent permissible and the remaining provisions will remain in full force and effect.
19. Entire agreement
These Terms, together with the Privacy Policy, constitute the entire agreement between you and Bordair regarding the Service and supersede all prior agreements, understandings, and communications, whether written or oral.
20. Contact
For any questions about these Terms:
Email: hello@bordair.io