Gatekeeper Beta - Station 70, Inc.
Effective as of June 2026
Please read this End User License Agreement ("EULA") carefully before using the Gatekeeper Beta Service offered by Station 70, Inc. ("Station70"). By accepting this EULA, clicking a box indicating acceptance, or otherwise accessing or using the Beta Solution (defined below), you ("Customer") agree to be bound by this EULA (together with Station70's Privacy Policy, and, to the extent applicable to Customer's processing of personal data, the Data Processing Addendum, each as may be updated or amended from time to time, which are hereby incorporated by reference, the "Agreement") to the exclusion of all other terms. If the terms of this Agreement are considered an offer, acceptance is expressly limited to such terms. If Customer does not agree to all of this Agreement, do not use or access the Beta Solution.
If the individual accepting this Agreement is accepting on behalf of a company or other legal entity, such individual represents that they have the authority to bind such entity and its affiliates to this Agreement, in which case the term "Customer" shall refer to such entity and its affiliates. If the individual accepting this Agreement does not have such authority, or does not agree with these terms and conditions, such individual must not accept this Agreement and may not use the Beta Solution.
Customer acknowledges that Gatekeeper is a pre-release beta offering provided for evaluation purposes only. The Beta Solution is provided without any service level commitments, may contain bugs, errors, or security vulnerabilities, and is not recommended for use with high-value, sensitive, or mission-critical accounts or data.
Gatekeeper, Station70's pre-release policy-evaluated credential layer for autonomous AI agents, which intercepts tool calls and evaluates them against policy, securely injecting credentials inside a trusted execution environment before forwarding to downstream services. This prevents AI agents from accessing the underlying credentials and includes a human approval escrow mechanism for flagged actions, together with any related software, applications, and documentation.
Subject to Customer's compliance with this Agreement, Station70 grants Customer a nonexclusive, revocable, limited, nonsublicensable, nontransferable right and license to access and use the Beta Solution during the Beta Term (defined in Section 9) solely for the internal business purposes of evaluating the Beta Solution and providing Feedback to Station70, only as provided herein and only in accordance with Station70's applicable official user documentation.
Customer shall use the Beta Solution only in connection with non-production, staging, or evaluation accounts and tenants by default. Customer shall not use the Beta Solution with production administrator, break-glass, or other high-privilege accounts without Station70's prior written consent. Customer is solely responsible for designating which of its accounts and tenants are connected to the Beta Solution and for limiting use to the designated scope.
Customer may designate authorized users to access the Beta Solution through Customer's Gatekeeper account. Station70 may impose reasonable limits on the number of authorized users during the Beta Term, which limits will be communicated to Customer through the Gatekeeper product or by email. Customer shall maintain an accurate list of authorized users in its Gatekeeper account and shall promptly revoke access through the Gatekeeper account when access should no longer be granted.
Customer shall be responsible for the acts or omissions of any person who accesses the Beta Solution using the access procedures provided to or created by Customer, including any authorized users with whom Customer shares access through the Beta Solution. Customer is solely responsible for determining which accounts and credentials it chooses to manage through the Beta Solution.
The Beta Solution is provided on an "as available" basis without any service level agreement, uptime commitment, or support obligation of any kind.
Customer acknowledges that the Beta Solution is pre-release, experimental, and under active development. The Beta Solution may be incomplete, unstable, may contain defects, errors, or security vulnerabilities, and may be modified, suspended, or discontinued in whole or in part by Station70 at any time, in its sole discretion, without notice or liability.
Customer is strongly advised not to use the Beta Solution to manage credentials or authentication for accounts involving financial assets, sensitive personal data, regulated data, healthcare information, or any other high-risk or mission-critical account. Customer assumes all risk arising from its choice of accounts to use with the Beta Solution.
Customer is solely responsible for maintaining independent backup access (including recovery codes and alternative 2FA methods) for any account used with the Beta Solution. Station70 shall have no liability for lockouts, loss of access, or any other consequence resulting from Customer's reliance on the Beta Solution as a sole means of access.
Customer shall designate, through its Gatekeeper account settings, a security contact for receipt of security-related notices and shall keep this designation current.
Customer shall report any suspected security vulnerabilities in the Beta Solution to security@station70.com without undue delay and, in any event, within seventy-two (72) hours of discovery, and shall reasonably cooperate with Station70's investigation.
Station70 shall notify Customer's designated security contact without undue delay of any confirmed security incident affecting Customer Data in the Beta Solution, and in any event within seventy-two (72) hours after Station70's confirmation of such incident.
From time to time, Station70 may provide upgrades, patches, enhancements, or fixes for the Beta Solution ("Updates"), and such Updates will become part of the Beta Solution and subject to the terms of this Agreement; provided that Station70 shall have no obligation to provide any such Updates. Station70 reserves the right to modify, discontinue, or cease supporting any version or release of the Beta Solution at any time in its sole discretion, with or without notice.
As between the parties, Station70 retains all right, title, and interest in and to the Beta Solution and all software, products, works, and other intellectual property and moral rights related thereto or created, used, or provided by Station70 for the purposes of this Agreement, including any copies and derivative works of the foregoing. No rights or licenses are granted except as expressly and unambiguously set forth in this Agreement.
Customer acknowledges that providing Feedback (defined below) is a material purpose of this Agreement. All suggestions, comments, input, bug reports, test results, information, or other feedback provided by Customer to Station70 hereunder (collectively, "Feedback") will be the property of Station70, and Customer shall and hereby does assign any rights in such Feedback to Station70. Customer agrees to assist Station70 in obtaining intellectual property protection for such Feedback, as Station70 may reasonably request. Nothing in this Agreement will impair Station70's right to develop, acquire, license, market, promote, or distribute products, software, or technologies that perform the same or similar functions as, or otherwise compete with, any products, software, or technologies that Customer may develop, produce, market, or distribute.
Customer agrees to provide good-faith Feedback on usability, performance, security, and fit-for-purpose through the channels Station70 makes available, which may include in-product feedback, scheduled review calls, shared messaging channels, or written reports as agreed between the parties.
"Customer Data" means any data, information, credentials, authentication secrets, or other material provided, uploaded, submitted, or generated by Customer in the course of using the Beta Solution. Notwithstanding anything to the contrary, Customer shall retain all right, title, and interest in and to the Customer Data, including all intellectual property rights therein.
Customer hereby grants to Station70 a worldwide, non-exclusive, royalty-free license during the term of this Agreement to use, copy, access, process, reproduce, perform, display, modify, distribute, transmit, operate, maintain, and prepare derivative works of Customer Data solely for the purposes of providing the Beta Solution to Customer and related support, troubleshooting, and product improvement activities.
Customer agrees that Station70 is free to disclose aggregate measures of usage and performance, and to reuse all general knowledge, experience, know-how, works, and technologies (including ideas, concepts, processes, and techniques) acquired during provision of the Beta Solution hereunder ("General Knowledge"), provided that Station70 shall not disclose General Knowledge in a manner that identifies Customer or its Confidential Information.
Customer Data will be processed in the United States and in such other jurisdictions where Station70 or its subprocessors operate.
Customer shall not submit or expose any special categories of personal data (as defined under the GDPR or equivalent law), payment card data, protected health information, or other regulated data to the Beta Solution, except as expressly agreed in writing by Station70.
If Customer's use of the Beta Solution involves the Processing of Personal Data of Data Subjects in the European Economic Area, the United Kingdom, or Switzerland, or Personal Data otherwise subject to the EU GDPR, the UK GDPR, or the Swiss Federal Act on Data Protection, the Data Processing Addendum (the "DPA") is hereby incorporated into and forms part of this Agreement and shall apply to such Processing. In the event of any conflict between the DPA and this Agreement, the DPA shall prevail solely with respect to its subject matter.
The Beta Solution is provided to Customer without charge during the Beta Term. Station70 reserves the right, upon conclusion of the Beta Term or conversion of the Beta Solution to a generally available offering, to require payment of fees for continued use, which fees (if any) shall be set forth in a separate written agreement or order form executed by the parties. For the avoidance of doubt, no obligation to pay fees arises under this Agreement unless and until such a separate writing is executed.
Except as expressly set forth in this Agreement, Customer shall not (and shall not permit any third party to), directly or indirectly:
Customer acknowledges and agrees that the Beta Solution operates on, with, or using application programming interfaces (APIs) and/or other services operated or provided by third parties ("Third Party Services"), including the third-party accounts and identity providers for which Customer shares credentials or authentication access through the Beta Solution. Station70 is not responsible for the operation of any Third Party Services nor the availability or operation of the Beta Solution to the extent such availability and operation is dependent upon Third Party Services. Customer is solely responsible for procuring any and all rights necessary for it to access Third Party Services and for complying with any applicable terms or conditions thereof. Station70 does not make any representations or warranties with respect to Third Party Services or any third party providers. Any exchange of data or other interaction between Customer and a third party provider is solely between Customer and such third party provider and is governed by such third party's terms and conditions.
Station70's Gatekeeper product accesses Google user data through the Google OAuth 2.0 authorization framework. The following disclosures apply specifically to Google user data accessed via Gatekeeper.
Station70's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
This Agreement commences on the date that Customer accepts this Agreement or first uses the Beta Solution, whichever comes first, and continues until the earlier of:
Upon termination or expiration, Customer's access to the Beta Solution shall immediately cease and all licenses granted to Customer hereunder shall immediately terminate. Customer shall, at Station70's option, return or destroy all copies of Station70 Confidential Information in its possession. Station70 may delete Customer Data from its systems following termination, and Customer is responsible for exporting or backing up any Customer Data it wishes to retain prior to termination. All terms of this Agreement which by their nature should survive termination shall survive, including, without limitation, ownership provisions, warranty disclaimers, indemnity, limitations of liability, and confidentiality.
Customer represents and warrants to Station70 that:
Each party agrees that the business, technical, and financial information that is designated in writing as confidential, or is disclosed in a manner that a reasonable person would understand the confidentiality of the information disclosed, shall be the confidential property of the disclosing party and its licensors ("Confidential Information"). The Beta Solution itself, including its features, performance, and any related documentation, is Station70's Confidential Information. Confidential Information does not include information that:
Except as expressly and unambiguously allowed herein, the receiving party will hold in confidence and not use or disclose any Confidential Information and shall similarly bind its employees, consultants, and independent contractors. Upon the disclosing party's request, all of the Confidential Information (including any copies) will be returned to the disclosing party, and the receiving party will make no further use of such materials. If required by law, the receiving party may disclose Confidential Information of the disclosing party, but will give adequate prior notice of such disclosure to the disclosing party to permit the disclosing party to intervene and to request protective orders or other confidential treatment therefor. The parties acknowledge and agree that there can be no adequate remedy at law for any breach of such party's obligations under this Section, which breach may result in irreparable harm to the non-breaching party, and therefore, that upon any such breach or any threat thereof, the non-breaching party shall be entitled to appropriate equitable relief, without the requirement of posting a bond, in addition to whatever remedies it might have at law.
Without limiting the foregoing, Customer shall not publicly disclose its participation in the beta program, performance benchmarks, or security findings relating to the Beta Solution without Station70's prior written consent. Customer may disclose its participation on a need-to-know basis to its employees, affiliates, and professional advisors who are bound by confidentiality obligations at least as protective as those in this Agreement.
Customer shall defend, indemnify, and hold harmless Station70, its affiliates, and each of the foregoing entities' employees, agents, partners, contractors, directors, suppliers, and representatives from all liabilities, claims, and expenses paid or payable to an unaffiliated third party (including reasonable attorneys' fees) that arise from or relate to:
To the maximum extent permitted by applicable law, the Beta Solution and all related information, recommendations, technology, and services provided by or on behalf of Station70 are provided "as is" and "as available" and are without warranty of any kind, express or implied, including, but not limited to, the implied warranties of title, non-infringement, merchantability, accuracy, completeness, security, and fitness for a particular purpose, and any warranties implied by any course of performance, usage of trade, or course of dealing, all of which are expressly disclaimed. Without limiting the generality of the foregoing, Station70 does not warrant that:
Customer acknowledges that the Beta Solution has not been fully security-tested and uses it at its own risk.
In no event shall Station70, its affiliates, or any of the foregoing entities' employees, agents, partners, contractors, directors, suppliers, or representatives be liable under contract, tort, strict liability, negligence, or any other legal or equitable theory with respect to the subject matter of this Agreement:
The parties acknowledge that, because the Beta Solution is provided without charge, the foregoing limitations reflect a reasonable allocation of risk and are a fundamental basis of the bargain between the parties.
This Agreement represents the entire agreement between Customer and Station70 with respect to the subject matter hereof, and supersedes all prior or contemporaneous communications and proposals (whether oral, written, or electronic) between Customer and Station70 with respect thereto. Station70 reserves the right to amend, modify, or change this Agreement at any time and will use commercially reasonable efforts to notify Customer of the same. If Customer uses the Beta Solution in any way after such changes are effective, then Customer will be deemed to have agreed to all of the changes.
This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, excluding its conflicts of law rules, and the parties consent to exclusive jurisdiction and venue in the state and federal courts located in the State of Delaware.
All notices to Station70 under this Agreement shall be in writing and shall be deemed to have been duly given when received, if sent by email to security@station70.com or to such other address as Station70 designates in writing. Notices to Customer may be sent to the email address associated with Customer's Gatekeeper account and shall be deemed received upon transmission.
Station70 shall not use Customer's name, logo, or trademarks in any marketing, promotional, or customer-list materials without Customer's prior written consent.
Station70 shall not be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond Station70's reasonable control, including, without limitation, the elements; fire; flood; severe weather; earthquake; vandalism; accidents; sabotage; power failure; denial of service attacks or similar attacks; Internet failure; acts of God and the public enemy; acts of war; acts of terrorism; riots; civil or public disturbances; strikes, lock-outs, or labor disruptions; any laws, orders, rules, regulations, acts, or restraints of any government or governmental body or authority, civil or military, including the orders and judgments of courts.
Customer may not assign any of its rights or obligations hereunder without Station70's consent. Station70 may freely transfer, assign, or delegate this Agreement and its rights and obligations thereunder without consent. Any purported transfer or assignment in violation of the foregoing is void. Subject to the foregoing, this Agreement shall be binding upon and inure to the benefit of the parties and their successors and assigns.
No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement, and neither party has any authority of any kind to bind the other in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and attorneys' fees. If any provision of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable. The failure of either party to act with respect to a breach of this Agreement by the other party shall not constitute a waiver and shall not limit such party's rights with respect to such breach or any subsequent breaches.
Station 70, Inc.
Please read this Data Processing Addendum ("DPA") carefully. This DPA is incorporated by reference into the End User License Agreement (the "Agreement"), and applies automatically to any processing of Personal Data subject to Applicable Data Protection Law (as defined below) arising in connection with Customer's use of the Solution. By accepting the Agreement, Customer agrees to be bound by this DPA with respect to such processing. Capitalized terms not defined herein have the meanings given in the Agreement or in the GDPR (as defined below).
This DPA is entered into between Station 70, Inc. ("Station70" or "Processor") and the Customer that accepts this DPA ("Customer" or "Controller").
"Applicable Data Protection Law" means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including:
"Control," "Controller," "Processor," "Data Subject," "Personal Data," "Personal Data Breach," "Processing," "Special Categories of Personal Data," and "Supervisory Authority" have the meanings given in the GDPR.
"Standard Contractual Clauses" or "SCCs" means:
"Subprocessor" means any third party engaged by Station70 to process Personal Data on Customer's behalf.
The parties acknowledge and agree that, with respect to the Processing of Personal Data under the Agreement, Customer is the Controller and Station70 is the Processor. Each party shall comply with its respective obligations under Applicable Data Protection Law.
Station70 shall Process Personal Data only to the extent, and in such a manner, as is necessary to provide the Solution in accordance with the Agreement and Customer's documented instructions. The subject matter, duration, nature, purpose, categories of Data Subjects, and types of Personal Data are described in Annex I.
Customer's instructions to Station70 for Processing Personal Data are set forth in the Agreement, this DPA, and any additional written instructions given by Customer and acknowledged by Station70. Station70 shall notify Customer if, in its opinion, an instruction violates Applicable Data Protection Law.
Station70 shall ensure that persons authorized to Process Personal Data on its behalf are bound by written confidentiality obligations or are under an appropriate statutory obligation of confidentiality.
Station70 shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, as further described in Annex II.
Customer acknowledges that the Solution is a pre-release offering and that the security controls listed in Annex II represent Station70's current controls, which may evolve as the Solution matures. Station70 shall promptly notify Customer of any material changes that reduce the protection of Personal Data.
Station70 shall notify Customer without undue delay, and in any event within seventy-two (72) hours after becoming aware of a Personal Data Breach affecting Customer Personal Data. Such notice shall include, to the extent known, a description of the nature of the breach, the categories and approximate number of Data Subjects and records concerned, the likely consequences, and the measures taken or proposed to address the breach.
Customer provides general authorization for Station70 to engage Subprocessors to Process Personal Data. A current list of Subprocessors is available at trust.station70.com/subprocessors and is summarized in Annex III.
Station70 shall provide at least thirty (30) days' prior notice of the addition or replacement of any Subprocessor by updating the list at the URL above and, where Customer has subscribed to Subprocessor change notifications, by email to Customer's designated contact. Customer may object to such change on reasonable data protection grounds by notifying Station70 in writing within that notice period. If the parties cannot resolve the objection, Customer may terminate the Agreement with respect to the affected services.
Station70 shall impose on each Subprocessor, by written contract, data protection obligations substantially equivalent to those set out in this DPA. Station70 shall remain liable to Customer for the acts and omissions of its Subprocessors.
Taking into account the nature of the Processing, Station70 shall provide reasonable assistance to Customer, insofar as possible, by appropriate technical and organizational measures, to enable Customer to respond to requests from Data Subjects to exercise their rights under the GDPR. If Station70 receives a request directly from a Data Subject, Station70 shall (unless prohibited by law) forward the request to Customer without undue delay and shall not respond to the request except on Customer's documented instructions or as required by applicable law.
Station70 shall provide reasonable assistance to Customer with any data protection impact assessments and prior consultations with Supervisory Authorities that Customer is required to carry out under Articles 35 or 36 of the GDPR, to the extent relating to the Processing of Personal Data under the Agreement and taking into account the nature of the Processing and the information available to Station70.
Customer acknowledges that Station70 is established in the United States and that Personal Data may be transferred to and Processed in the United States and in such other countries where Station70 or its Subprocessors operate.
For transfers of Personal Data from the European Economic Area to a country not subject to an adequacy decision, the parties shall be deemed to have entered into the EU SCCs, Module Two (Controller-to-Processor), which are incorporated by reference and completed as follows:
For transfers subject to the UK GDPR, the parties shall be deemed to have entered into the UK Addendum, with the EU SCCs completed as described above and the tables in the UK Addendum completed consistently with this DPA and its Annexes.
For transfers subject to Swiss data protection law, the EU SCCs shall apply with references to the GDPR deemed to refer to the Swiss Federal Act on Data Protection, and references to Supervisory Authorities deemed to refer to the Swiss Federal Data Protection and Information Commissioner.
Customer agrees that audit rights shall be satisfied by Station70 providing a copy of its most recent third-party security audit report (e.g., SOC 2, Type II). Only if such report does not provide sufficient information to verify compliance, or if a Data Protection Authority requires it, shall Customer have the right to request a further audit, limited to a review of relevant documentation.
Upon termination or expiration of the Agreement, Station70 shall, at Customer's option and written request, return or delete all Personal Data Processed on behalf of Customer, unless retention is required by applicable law. Where retention is required, Station70 shall continue to protect the Personal Data in accordance with this DPA.
Each party's liability arising out of or in connection with this DPA shall be subject to the limitations and exclusions of liability set forth in the Agreement. Nothing in this DPA limits any right of a Data Subject under Clause 12 of the EU SCCs.
In the event of any conflict or inconsistency between this DPA and the Agreement, this DPA shall prevail solely with respect to its subject matter. In the event of any conflict between the SCCs and any other term of this DPA or the Agreement, the SCCs shall prevail to the extent required by Applicable Data Protection Law.
This DPA shall remain in force for so long as Station70 Processes Personal Data on behalf of Customer under the Agreement.
Annex I — Description of Processing
A. List of Parties. Controller: Customer as identified through the in-app acceptance event for this DPA. Processor: Station 70, Inc.
B. Categories of Data Subjects. Customer's authorized users and their designated delegates who access third-party accounts via the Solution.
C. Categories of Personal Data. Name, business email address, unique user identifiers, authentication secrets (including TOTP seeds or equivalents), one-time passcodes, authentication approval events, session metadata, IP address, device identifiers, user-agent, and audit log data.
D. Special Categories of Personal Data. None. Customer shall not submit Special Categories of Personal Data to the Solution.
E. Frequency of Processing. Continuous during the Beta Term.
F. Nature and Purpose of Processing. Provision of the Solution, including storage and transmission of authentication secrets, generation and delivery of one-time passcodes, authentication approval workflows, audit logging, and support activities.
G. Duration. For the term of the Agreement, plus any period during which return or deletion is pending under Section 11 of this DPA.
H. Competent Supervisory Authority. The Irish Data Protection Commission, for purposes of the EU SCCs, unless the Data Subject's Member State designates otherwise under Clause 13 of the EU SCCs.
Annex II — Technical and Organizational Measures
Station70 implements the following technical and organizational measures, which may be updated from time to time in accordance with Section 4 of this DPA:
Annex III — Subprocessors
Station70 maintains a current, up-to-date list of authorized Subprocessors at trust.station70.com/subprocessors. The list at that URL is incorporated by reference into this Annex III and constitutes the authoritative list of Subprocessors for purposes of this DPA. The list identifies, for each Subprocessor, the corporate name, the service or function provided, and the location(s) at which Personal Data is processed.
Customer may subscribe to email notifications of Subprocessor changes by following the instructions at the URL above.