LEGAL
Terms of Service
Términos y Condiciones de Uso
1. Acceptance of Terms
By accessing or using any of the websites, APIs, tools, or services operated by TrustLayer Foundation, A.C. ("TLF", "we", "us") under the ARIA Protocol — including aria.bar, api.aria.bar, registry.aria.bar, and trustlayer.foundation (collectively, the "Services") — you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you must not use the Services.
These Terms constitute a legally binding agreement between you ("User", "you") and TLF. If you are using the Services on behalf of an organization, you represent that you have authority to bind that organization to these Terms.
We may update these Terms at any time. Changes take effect upon publication at aria.bar/terms. Your continued use of the Services after any modification constitutes acceptance of the updated Terms.
2. Description of Services
The ARIA Protocol is an open standard for verifiable AI agent identity. TLF operates the following Services:
- aria.bar — Protocol documentation, specification, and public verifier.
- api.aria.bar — Public resolver API for verifying Agent Identity Documents (AIDs) and credential status.
- registry.aria.bar — Registry portal for registering and managing AIDs, viewing the Trust Ledger, and administering agent credentials.
- trustlayer.foundation — Corporate website of TrustLayer Foundation, A.C.
- @aria-registry/verify — Open-source SDK for credential verification (npm).
The Services are commercially operated by TUNO Labs SAPI de CV ("TUNO Labs") under a separate and independent services agreement with TLF. TLF is a non-profit entity that develops and maintains the ARIA Protocol, its specifications, and standards. TUNO Labs acts solely as an independent service provider responsible for the technical infrastructure and commercial deployment of certain Services.
3. Eligibility
The Services are available to individuals aged 18 or older and to legal entities duly constituted under applicable law. The public verifier at aria.bar/verify is available to anyone without registration. Registration of AIDs (trust levels L0–L3) requires acceptance of these Terms and, at higher trust levels, additional identity verification.
4. Agent Identity Documents (AIDs)
4.1 Registration
An AID is a W3C Verifiable Credential that represents a cryptographic identity for an AI agent. By registering an AID, you represent that: (a) the information provided is accurate, (b) you have authority to register agents on behalf of the organization claimed, and (c) you will maintain the accuracy of registration information.
The user shall be solely responsible for maintaining the confidentiality of their keys, passwords, and other access credentials to the platform, as well as for any activity carried out using them, releasing the company from any liability arising from their misuse, loss, or disclosure to third parties.
4.2 Trust Levels
| LEVEL | NAME | VERIFICATION | MEANING |
|---|---|---|---|
| L0 | Anchored | Cryptographic key generation | Cryptographic identity exists. No organizational verification. |
| L1 | Identified | DNS verification | Organization controls the claimed domain. |
| L2 | Certified | vLEI credential + human review | Organization identity cryptographically verified via GLEIF. |
| L3 | Sovereign | vLEI + role credential + audit | Named person in verified role has authorized agent registration. |
4.3 Credential Reliance Disclaimer
IMPORTANT: ARIA trust levels represent the degree of identity verification performed at the time of registration. They do not constitute a guarantee of the agent's behavior, security, or fitness for any particular purpose. An AID is an identity credential, not a warranty, endorsement, or certification.
The ARIA Protocol is a technical standard for interoperability. Counterparties relying on ARIA credentials to make business, financial, or legal decisions do so at their own risk. TrustLayer Foundation, A.C., in its capacity as the non-profit administrator of the protocol and standard, does not intervene in, nor warrant, any commercial transactions or professional relationships resulting from the use of an AID.
Analogy: A passport confirms identity. It does not guarantee the passport holder will honor their commitments. ARIA works the same way.
4.4 Revocation
TLF and TUNO Labs reserve the right to suspend or revoke any AID at any time if: (a) the registration information is found to be false or misleading, (b) the underlying identity attestation is revoked or invalidated, (c) the credential is used in connection with illegal activity, or (d) revocation is required by law, court order, or regulatory authority. Revocation is logged to the Trust Ledger and reflected in the StatusList within 15 minutes.
In the event of a revocation, the User may submit a written appeal to legal@aria.bar within fifteen (15) calendar days. TLF will review the appeal and issue a final determination within thirty (30) days. The AID shall remain revoked during the appeal period.
5. Acceptable Use
You agree not to:
- Register AIDs using false, misleading, or stolen identity information.
- Use the Services to facilitate fraud, impersonation, or deception.
- Attempt to circumvent trust level requirements or forge credential chains.
- Use the API to perform denial-of-service attacks or exceed published rate limits.
- Reverse-engineer, scrape, or bulk-harvest data from the Trust Ledger for purposes unrelated to credential verification.
- Use ARIA credentials to misrepresent the capabilities, permissions, or safety of an AI agent.
- Register agents for the purpose of spam, phishing, social engineering, or automated harassment.
Violation of this section may result in immediate credential revocation, account termination, and referral to law enforcement where applicable.
6. API Usage
6.1 Public Tier
The public resolver API at api.aria.bar is available without authentication, subject to rate limiting. TLF reserves the right to adjust rate limits at any time.
6.2 Authenticated Tier
Authenticated API access with SLA-backed guarantees is available under separate commercial agreements. Contact legal@aria.bar for enterprise API terms.
6.3 API Stability
TLF commits to maintaining backward compatibility for API v1 endpoints for a minimum of 5 years from the date of publication. Breaking changes will be introduced only in new major versions with a minimum 12-month deprecation notice.
7. Trust Ledger
The Trust Ledger is an append-only log of credential lifecycle events (issuance, renewal, suspension, revocation, expiration, tombstoning). The Trust Ledger records cryptographic identifiers (SAIDs) and timestamps. It does not record per-interaction data between agents.
Trust Ledger data is retained for a minimum of 7 years. Trust Ledger entries are public and may be queried by any party for the purpose of credential verification.
Upon the lapse of 7 years, all information shall be permanently and irreversibly destroyed, unless there is a legal obligation requiring its retention for an additional period.
The Trust Ledger is not a legal record. It is a technical log. Its admissibility as evidence in any jurisdiction depends on applicable law.
8. Intellectual Property
The ARIA Protocol specification and documentation are published under the Creative Commons Attribution 4.0 International License (CC-BY-4.0). Source code and SDKs are published under the Apache License 2.0. These licenses are irrevocable.
The names "ARIA", "ARIA Protocol", "TrustLayer Foundation", and associated logos are trademarks of TrustLayer Foundation, A.C.
You retain ownership of all data and content you submit to the Services. By registering an AID, you grant TLF and TUNO Labs a worldwide, non-exclusive, royalty-free license to store, process, display, and distribute the AID and its metadata for the purpose of operating the registry and Trust Ledger.
9. Privacy
Your use of the Services is subject to the ARIA Privacy Policy (Aviso de Privacidad) published at aria.bar/privacidad. The Privacy Policy describes the personal data we collect, how we use it, your rights under applicable law (including ARCO rights under Mexican LFPDPPP), and how to contact us regarding data protection inquiries.
In accordance with the LFPDPPP, the Company shall respond to ARCO rights requests within a maximum period of 20 business days from the date of receipt. Contact: legal@aria.bar
10. Disclaimers
THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
TLF does not warrant that: (a) the Services will be uninterrupted, error-free, or secure; (b) any credential verification result is legally binding or conclusive; (c) the Trust Ledger is complete or free from technical errors; or (d) counterparties will accept or honor ARIA credentials.
TLF does not perform independent verification of AI agent behavior, safety, or capabilities. ARIA verifies identity, not quality.
11. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TLF, TUNO Labs, and their directors, officers, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill, arising from or related to your use of or inability to use the Services.
In no event shall the total aggregate liability of TLF and TUNO Labs for all claims arising from or related to the Services exceed the greater of: (a) the amounts paid by you to TLF or TUNO Labs in the 12 months preceding the claim, or (b) USD $500.
12. Indemnification
You agree to indemnify, defend, and hold harmless TLF, TUNO Labs, and their respective directors, officers, employees, and agents from and against any claims, liabilities, damages, losses, and expenses arising from: (a) your use of the Services, (b) your violation of these Terms, (c) your registration of AIDs with false or misleading information, or (d) any third-party claim arising from the actions of an agent registered under your account.
13. Open Source Components
The ARIA Protocol incorporates open-source components licensed under Apache 2.0 and CC-BY-4.0. Nothing in these Terms restricts your rights under those open-source licenses. However, your use of the hosted Services (API, registry, verifier) is governed by these Terms in addition to applicable open-source licenses.
14. Termination
You may stop using the Services at any time. TLF may suspend or terminate your access to the Services at any time, with or without cause, upon notice to the email address associated with your account. Provisions that by their nature should survive termination (including Sections 7, 8, 10, 11, 12, and 15) shall survive.
15. Governing Law and Jurisdiction
These Terms are governed by and construed in accordance with the laws of the United Mexican States (México). Any dispute arising from or relating to these Terms shall be submitted to the exclusive jurisdiction of the competent courts of Mexico City (Ciudad de México).
Any dispute, controversy, or claim arising out of or relating to these Terms shall be settled by arbitration in accordance with the Arbitration Rules of the International Chamber of Commerce (ICC). Seat of Arbitration: Mexico City, Mexico. Language: English (unless otherwise agreed). The prevailing party shall be entitled to recover its reasonable attorneys' fees and costs.
16. General Provisions
- Severability: If any provision is found unenforceable, the remaining provisions remain in full force.
- Waiver: Failure to enforce any provision does not constitute a waiver.
- Entire Agreement: These Terms, together with the Privacy Policy, constitute the entire agreement.
- Assignment: TLF may assign these Terms. You may not assign without prior written consent.
- Force Majeure: Neither party shall be liable for delays caused by events beyond reasonable control.
- Language: Published in English and Spanish. In case of conflict, English prevails.