ZLAR Inc. · Legal

Legal

Effective Date: March 2026 · Last Updated: March 2026 · Entity: ZLAR Inc., incorporated under the Canada Business Corporations Act (CBCA)

Terms of Use

By accessing zlar.ai or using any ZLAR product (including ZLAR-OC, ZLAR-CC, and any future ZLAR product), you agree to these terms. If you do not agree, do not use the website or any ZLAR product.

1. About ZLAR Inc.

ZLAR Inc. is a Canadian corporation that develops open source agent governance infrastructure. Our products provide mechanisms for human oversight of autonomous AI systems. We are not a security company. We are not an AI safety research organization. We build tools that help humans maintain authority over AI agents operating on their systems.

Regulatory Classification

ZLAR products are deterministic, rule-based policy enforcement tools. They do not use machine learning, do not make inferences from inputs, and do not generate predictions, recommendations, or decisions. They enforce human-authored rules via string matching, operating system primitives, and cryptographic verification.

Under the EU AI Act (Regulation 2024/1689), the OECD AI framework, the Colorado AI Act, and other enacted AI legislation, ZLAR products do not meet the definition of "AI systems." The EU AI Act's Recital 12 explicitly excludes "systems that are based on the rules defined solely by natural persons to automatically execute operations."

ZLAR products may help AI system operators satisfy governance obligations (including Articles 9, 14, and 15 of the EU AI Act), but ZLAR Inc. does not certify that use of any ZLAR product satisfies any specific regulatory requirement.

2. Our Products Are Tools, Not Guarantees

All ZLAR products — including ZLAR-OC (OS-level containment for OpenClaw) and ZLAR-CC (hook-based governance for Claude Code) — are provided as tools to assist with AI agent governance.

They are not guarantees of safety, security, containment, or compliance.

Autonomous AI is an emerging technology. The behavior of AI agents — even agents operating under governance — can be novel, unexpected, and potentially harmful. No governance tool, from any provider, can eliminate this risk. ZLAR products reduce risk. They do not eliminate it.

By using any ZLAR product, you acknowledge:

You are choosing to operate autonomous AI agents on your own systems
You accept the inherent risks of autonomous AI, including unexpected behavior, data loss, unauthorized actions, and system damage
ZLAR products assist with governance but do not guarantee any outcome
You are solely responsible for your AI deployments, your data, and your systems
Each ZLAR product is one layer of defense in a defense-in-depth strategy, not a complete security solution

Known Limitations

ZLAR Inc. discloses the following in the interest of transparency:

ZLAR products enforce governance at specific layers (OS-level for ZLAR-OC, tool-call level for ZLAR-CC). Actions outside the enforcement surface are not intercepted.
Risk classification uses pattern matching against known signatures. Novel, obfuscated, or encoded inputs may not be classified correctly.
Containment depends on underlying platform integrity. Vulnerabilities in macOS, OpenClaw, Claude Code, or other dependencies are outside ZLAR Inc.'s control.
ZLAR products have not undergone independent third-party security certification as of the effective date of these terms.

Product-specific limitations are documented in each product's LEGAL.md file in its GitHub repository.

3. No Warranty

ALL ZLAR PRODUCTS, SERVICES, DOCUMENTATION, AND WEBSITE CONTENT ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.

ZLAR Inc. specifically disclaims all warranties including merchantability, fitness for a particular purpose, non-infringement, accuracy or completeness, uninterrupted or error-free operation, security or freedom from vulnerabilities, and compatibility with any specific platform, tool, model, or regulatory requirement.

4. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ZLAR INC., ITS FOUNDERS, OFFICERS, DIRECTORS, EMPLOYEES, CONTRIBUTORS, AND AGENTS SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM: the use or inability to use any ZLAR product; any actions taken by AI agents, whether or not governed by ZLAR products; any failure of any ZLAR product to prevent, detect, or contain any threat, action, or vulnerability; any data loss, system damage, unauthorized access, or security incident; any reliance on ZLAR documentation, audit reports, or communications; or any interaction with third-party platforms, services, or AI models.

This includes direct, indirect, incidental, special, consequential, exemplary, and punitive damages, regardless of legal theory, and regardless of whether ZLAR Inc. has been advised of the possibility of such damages.

Where law does not permit full exclusion: ZLAR Inc.'s total aggregate liability for all claims shall not exceed CAD $100 or the amount you paid to ZLAR Inc. in the twelve (12) months preceding the claim, whichever is greater.

5. Assumption of Risk

AI agent governance is a new field. You acknowledge that:

Agentic AI is inherently unpredictable. Models can hallucinate, misinterpret instructions, take unintended actions, discover novel behaviors, and interact with other systems in unexpected ways.
No containment is absolute. Software-based governance operates within the constraints of the underlying operating system, runtime, and hardware. Sufficiently capable adversaries or sufficiently novel agent behavior may exceed those constraints.
The threat landscape changes. New vulnerabilities, attack vectors, and exploitation techniques emerge continuously. ZLAR products are designed against known patterns. Unknown threats are not fully addressed.
You are the operator. ZLAR products provide mechanisms for human oversight. The effectiveness of that oversight depends on your policy configuration, your review diligence, your security practices, and your judgment.

6. Services

If you engage ZLAR Inc. for installation, configuration, consulting, custom development, or any other professional service:

All services are provided without warranty of outcome
ZLAR Inc. provides its best professional judgment, not assurance or certification
ZLAR Inc. does not guarantee that any deployment will meet any specific security, compliance, or governance standard
Service agreements are separate from these terms and governed by their own contracts
ZLAR Inc.'s liability for services shall not exceed the fees paid for those specific services

7. Indemnification

You agree to indemnify, defend, and hold harmless ZLAR Inc. and all ZLAR Parties from any claims, damages, losses, liabilities, costs, and expenses (including legal fees) arising from your use of any ZLAR product or service; your violation of these terms or any applicable law; actions taken by AI agents on your systems; claims by third parties related to your AI deployments; your failure to maintain adequate security or oversight; or any data breach or security incident involving your systems.

8. Third Parties

ZLAR products interact with third-party platforms and software. ZLAR Inc. is not affiliated with, endorsed by, or responsible for: Anthropic (Claude, Claude Code); OpenClaw (Peter Steinberger / contributors); Apple Inc. (macOS, system frameworks); Telegram (messaging platform); any AI model provider; or any open source dependency used in ZLAR products.

Third-party terms, privacy policies, and limitations apply independently. Changes to third-party platforms may affect ZLAR product operation without notice from ZLAR Inc.

9. No Professional Advice

Nothing on this website or in any ZLAR product constitutes legal advice, security consulting, compliance guidance, or professional certification. ZLAR Inc. does not certify that any product or configuration meets the requirements of any regulatory framework, including:

Jurisdiction	Frameworks
Canada	PIPEDA, OSFI guidelines, provincial privacy acts (note: AIDA was never enacted)
European Union	EU AI Act, GDPR, NIS2 Directive
United States	CCPA/CPRA, Colorado AI Act, Texas TRAIGA, NIST AI RMF, HIPAA, SOX
Asia-Pacific	APPI (Japan), PDPA (Singapore), PIPL (China)
International	ISO/IEC 42001, ISO 27001

Note on NIST AI RMF: ZLAR products' governance functions align with the NIST AI Risk Management Framework's "Govern" function. Compliance with NIST AI RMF provides statutory affirmative defenses in certain US jurisdictions (including Colorado and Texas). ZLAR Inc. does not certify that use of any ZLAR product constitutes NIST AI RMF compliance.

If you need compliance assurance, consult qualified legal and security professionals in your jurisdiction.

10. Vulnerability Disclosure

ZLAR Inc. is committed to responsible vulnerability disclosure and timely patching of known security issues. Report vulnerabilities via GitHub's private vulnerability reporting on the relevant repository. See each product's SECURITY.md for details.

This commitment does not create an obligation to provide ongoing maintenance, support, or updates. ZLAR products are open source software provided without a service level agreement.

11. Open Source and EU Compliance

ZLAR products are distributed as free, open source software under the Apache License 2.0 outside the course of a commercial activity.

Under the EU Cyber Resilience Act (December 2024), non-commercial open source software is exempt from product cybersecurity requirements. Under the revised EU Product Liability Directive (Directive 2024/2853, transposition deadline December 2026), free open source software supplied outside commercial activity is excluded from strict product liability.

ZLAR Inc. relies on these exemptions for the open source distribution. Any future commercial offerings (paid support, enterprise features, SaaS) will be subject to separate terms and may carry different legal obligations.

12. Intellectual Property

ZLAR products are open source under the Apache License 2.0. "ZLAR," "ZLAR Inc.," "ZLAR-OC," "ZLAR-CC," and associated names and marks are trademarks of ZLAR Inc. You may not use ZLAR trademarks to imply endorsement, certification, or affiliation without written permission. Website content, documentation, and design are copyright ZLAR Inc. unless otherwise noted.

13. Privacy

Website: zlar.ai is a static website hosted on GitHub Pages. We do not use cookies, analytics, or tracking. GitHub Pages may collect standard server logs per GitHub's privacy policy.

Products: ZLAR products process data locally on your machine. They do not transmit data to ZLAR Inc. You are responsible for all data generated, processed, or logged by ZLAR products.

Communications: If you contact us via email, we will use your information only to respond to your inquiry. We do not sell or share contact information.

14. Export Compliance

ZLAR products include cryptographic functionality. You are responsible for compliance with all applicable export control laws in your jurisdiction, including Canadian, U.S., EU, and international controls.

15. Governing Law

These terms are governed by the laws of the Province of Ontario and the federal laws of Canada, without regard to conflict of law principles. Disputes are subject to the exclusive jurisdiction of the courts of Ontario, Canada. Before initiating any legal proceeding, the parties agree to attempt good-faith resolution through written communication for a period of not less than thirty (30) days.

16. Severability

If any provision is unenforceable, it will be modified to the minimum extent necessary or severed. Remaining provisions continue in full force.

17. Changes

ZLAR Inc. may update these terms at any time. Changes take effect upon posting. Continued use constitutes acceptance.

18. Contact

ZLAR Inc.
Email: hello@zlar.ai
Web: zlar.ai

For product-specific legal notices, see ZLAR-OC LEGAL.md, ZLAR-CC LEGAL.md, and ZLAR Gate LEGAL.md.