Terms of Service

1. Encryption Architecture and Liability

Balon AI utilizes a Client-Side End-to-End Encryption (E2EE) architecture. Encryption occurs within the secure execution context of your browser using a Master Encryption Key (MEK) derived via PBKDF2 (utilizing 100,000 iterations and a unique cryptographic salt generated via a Secure Pseudo-Random Number Generator). We never receive your password or MEK in plaintext.

Currently encrypted (for accounts using password-based authentication): Chat message content and subject lines, preset system prompts and instructions, preset names and descriptions, user profile details (names), organization names, API key labels, your encryption key material, and hashed user API keys. All data is protected using AES-256-GCM (Authenticated Encryption with Associated Data).

Social Login Accounts: Users who authenticate exclusively via Google or GitHub OAuth do not establish a password-derived encryption key, and therefore their profile and workspace data is protected by infrastructure-level encryption (TLS and S3 SSE) rather than client-side E2EE. To enable full E2EE, social login users may set an encryption passphrase from their account settings.

Network and Storage Security: Data in transit is protected by modern TLS cipher suites (TLS 1.3) with Perfect Forward Secrecy. Uploaded file contents are further protected by Amazon S3 Server-Side Encryption (SSE-S3) at the storage layer.

For data protected by active E2EE, Balon AI cannot read, decrypt, or recover your data without your credentials. If you lose your password and your recovery key, encrypted data is irretrievable. By using our service, you acknowledge and accept that Balon AI bears zero liability for data loss resulting from lost credentials.

2. API Keys and Camouflage

To balance our Zero-Trust Architecture with the need for autonomous server-to-server operations (such as backend API calls or background jobs), Balon AI utilizes a dual-key camouflage protocol.

• User API Keys: When you generate a User API key, the plaintext is shown to you exactly once. Our servers instantly discard the plaintext and retain only a one-way cryptographic hash. It is your responsibility to securely store the plaintext key immediately.
• System API Keys and Camouflage: To prevent attackers from identifying high-value access points, all API keys are stored in a uniform format. While system keys (used for background automation) are securely encrypted, user-generated keys are protected with random cryptographic noise so that all keys appear identical in our records.

You agree to properly secure your User API keys in dedicated vaults and understand that Balon AI cannot recover the plaintext of a User API key once the initial generation dialog is closed.

3. Ephemeral Storage and Physical Security

To provide a seamless application experience, Balon AI briefly decrypts your session keys within your browser's memory. Decryption keys are temporarily cached in your browser's local session storage to avoid requiring your password on every action.

This ephemeral caching places responsibility for physical device security on you. Our privacy guarantees end at your device's boundary. An adversary with physical access to your unlocked device could theoretically extract session keys. Balon AI is not liable for data compromises resulting from unsecured local endpoints, malware, or keyloggers in your environment.

4. Shared Organization Workspaces

When an organization admin shares access with a new member, the Organization Master Encryption Key (Org MEK) is wrapped with the invitee's public RSA key by the admin's client and delivered to the new member. You acknowledge that granting organization access provides the invitee with cryptographic capability to decrypt the entire historical encrypted state of that organization workspace. Access revocation only prevents future decryption; previously synchronized keys may remain on the invitee's local devices until cleared.

5. Acceptable Use and Restrictions

You agree not to use Balon AI for any activities that are illegal, harmful, or deceptive. Specifically, you shall not:

• Use the service to generate malware, ransomware, or phishing campaigns.
• Attempt to bypass or circumvent the Zero-Trust Architecture controls or encryption layers.
• Utilize the API to "scrape" or "harvest" data from other users or foundational model providers in violation of their terms.
• Deceive others by representing AI-generated content as entirely human-generated in a context where transparency is required.

6. Intellectual Property and Content Ownership

As between you and Balon AI, you own all input data you provide to the service. To the extent permitted by law, Balon AI assigns to you all right, title, and interest in and to the outputs generated by the service based on your inputs.

Due to the nature of machine learning, outputs may not be unique and the service may generate the same or similar output for Balon AI or other third parties. Balon AI does not use your encrypted data to train foundation models.

7. Disclaimer of Warranties and Limitation of Liability

BALON AI IS PROVIDED "AS IS" AND "AS AVAILABLE." WE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, RELIABILITY, OR AVAILABILITY OF THE AI OUTPUTS. YOU ACKNOWLEDGE THAT AI MODELS MAY GENERATE INACCURATE OR BIASED INFORMATION.

IN NO EVENT SHALL BALON AI BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS OR DATA, ARISING OUT OF YOUR USE OF THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8. Governing Law and Jurisdiction

These Terms shall be governed by the laws of the State of Delaware, without regard to its conflict of law provisions.

Any legal action or proceeding arising from or relating to these Terms shall be instituted exclusively in the Court of Chancery in Wilmington, New Castle County, Delaware. You and Balon AI hereby submit to the personal jurisdiction of such courts and waive any objection to venue or inconvenient forum.