Terms of Service

Last updated: March 2026

This is a binding legal agreement. By accessing or using the Nefesh AI API, you agree to be bound by these terms. If you do not agree, do not use the service.

1. Acceptance of Terms

By accessing or using the Nefesh AI API ("Service"), you agree to be bound by these Terms of Service ("Terms"). These Terms constitute a legally binding agreement between you ("Customer", "you") and Nefesh AI, operated by Tom Stuhl ("Nefesh", "we", "us").

If you do not agree to these Terms, you must not access or use the Service.

If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms, and "Customer" refers to that organization.

2. Service Description

Nefesh AI provides a B2B middleware API for real-time stress state estimation. The API processes heart rate, heart rate variability (HRV), voice characteristics, facial expression data, and text sentiment to produce a fused stress score, a state label, and a behavioral adaptation prompt.

The Service is classified as a General Wellness Product under applicable regulations. It is designed for integration by business customers into their own applications and products.

The Nefesh AI API is NOT a medical device. It is not Software as a Medical Device (SaMD) and is not intended for clinical, diagnostic, or therapeutic use. API output must not be used as a substitute for professional medical advice, diagnosis, or treatment.

3. Account & API Keys

  • Each subscription provides one API key.
  • You are solely responsible for the security and confidentiality of your API key. All activity that occurs under your key is your responsibility.
  • API keys must not be shared, published, embedded in client-side code, or transferred to third parties.
  • You must notify Nefesh immediately at [email protected] if you suspect unauthorized use of your key.
  • Nefesh reserves the right to revoke API keys that are compromised or misused, without refund.
  • Authentication is performed via the X-Nefesh-Key HTTP header.

4. Pricing & Payment

  • The Service is offered at $25 per month, billed via Stripe.
  • Each billing period includes 50,000 API calls. Usage exceeding the included quota is billed on a pay-per-use basis.
  • Subscriptions auto-renew monthly unless cancelled. Cancellation is available at any time through the Stripe billing portal.
  • No refunds are issued for partial billing periods.
  • Nefesh reserves the right to change pricing with 30 days written notice to the email address associated with your account.
  • All prices are in USD and exclusive of applicable taxes, duties, and levies.

5. Usage Limits & Rate Limiting

  • 50,000 API calls are included per billing period. Unused calls do not roll over.
  • Rate limits: 120 requests per minute per session, 50 concurrent sessions per minute per API key.
  • Maximum request payload size: 4KB.
  • Exceeding rate limits will result in HTTP 429 responses. Exceeding your monthly quota will result in HTTP 402 responses until additional usage is purchased or the next billing period begins.
  • Nefesh reserves the right to throttle or suspend access if usage patterns suggest abuse.

6. Acceptable Use Policy

You agree NOT to:

  • Use the API output to make medical decisions, clinical diagnoses, or treatment recommendations.
  • Resell, sublicense, or redistribute the API or its output as a standalone product.
  • Reverse engineer, decompile, disassemble, or attempt to extract the source code or underlying algorithms.
  • Use the API to conduct denial-of-service attacks, unauthorized stress testing, or any form of abuse.
  • Transmit malicious payloads, malware, or exploit vulnerabilities in the Service.
  • Use the API in any manner that violates applicable laws or regulations.
  • Misrepresent the API output as medical-grade, clinically validated, or diagnostic.

Violation of this Acceptable Use Policy may result in immediate suspension or termination of your API access without refund.

7. Data & Privacy

Edge Processing

Raw biometric data (video frames, audio recordings) is processed on the client device. Only extracted numerical metrics (e.g., heart rate value, HRV metric, sentiment score) are transmitted to the Nefesh API. No raw video or audio is ever sent to or stored on Nefesh servers.

No PII Storage

Nefesh does not store personally identifiable information. Session identifiers are generated client-side using UUIDs. Subject identifiers, when used, must be pre-hashed (SHA-256) by the Customer.

Data Retention

Session data has a 20-minute TTL (time-to-live) and is automatically purged from Redis after expiration. No session data is persisted beyond this window.

GDPR / DSGVO Compliance

Nefesh complies with the EU General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG / DSGVO). Data subjects may exercise their right to erasure. Cascading deletion of all sessions and stored signals is supported via DELETE /v1/subjects/{subject_id}. A Data Processing Agreement (DPA) is available upon request at [email protected].

BIPA Compliance

No raw biometric identifiers (facial geometry, voiceprints) are stored server-side. The edge processing architecture ensures that raw biometric data never reaches Nefesh servers. The Customer is responsible for obtaining any required consent from their own end users before processing biometric data through the API.

For full details, refer to our Privacy Policy.

8. Intellectual Property

  • All intellectual property rights in the Nefesh AI API — including algorithms, machine learning models, documentation, trademarks, and trade secrets — are owned exclusively by Nefesh AI.
  • The Customer retains all rights to their own input data and any data they generate independently.
  • The subscription grants a limited, non-exclusive, non-transferable, revocable license to use the API for the Customer's internal business purposes during the active subscription period.
  • No rights are granted by implication, estoppel, or otherwise beyond the express license in these Terms.

9. Disclaimer of Warranties / No Medical Use

Important — Please Read Carefully

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

NEFESH AI IS NOT A MEDICAL DEVICE. THE API OUTPUT IS NOT A MEDICAL DIAGNOSIS, CLINICAL ASSESSMENT, OR THERAPEUTIC RECOMMENDATION. THE API IS NOT SOFTWARE AS A MEDICAL DEVICE (SaMD) UNDER EU MDR, FDA, OR ANY OTHER REGULATORY FRAMEWORK.

The stress scores and wellness indicators produced by the API must NOT be used for: clinical decision-making, medical diagnoses, medication dosing or treatment decisions, emergency triage, or any safety-critical application.

The Customer assumes full responsibility for how they use, display, and act upon the stress state data returned by the API. Nefesh disclaims all liability for any decisions made based on API output.

10. Limitation of Liability

Cap on liability: NEFESH'S TOTAL AGGREGATE LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE TOTAL FEES PAID BY THE CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

Exclusion of indirect damages: IN NO EVENT SHALL NEFESH BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO: LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, OR REPUTATIONAL HARM.

This limitation applies regardless of the theory of liability — whether in contract, tort, negligence, strict liability, or otherwise — even if Nefesh has been advised of the possibility of such damages.

11. Indemnification

The Customer agrees to indemnify, defend, and hold harmless Nefesh AI, its officers, employees, and agents from and against any claims, damages, losses, costs, and expenses (including reasonable legal fees) arising from:

  • The Customer's use or misuse of the API.
  • The Customer's violation of these Terms.
  • The Customer's violation of any applicable law or regulation.
  • Any claim by a third party related to the Customer's application or product that integrates the Nefesh API.
  • Any claim that the Customer used API output for medical, diagnostic, or clinical purposes.

12. Termination

Either party may terminate this agreement at any time. The Customer may cancel their subscription via the Stripe billing portal.

Nefesh may terminate or suspend access immediately, without prior notice, if the Customer violates these Terms, including the Acceptable Use Policy.

Upon termination:

  • API access is revoked immediately.
  • Any remaining session data is deleted per the 20-minute retention policy. No further API calls will be processed.
  • Sections that by their nature should survive termination — including Intellectual Property, Limitation of Liability, Indemnification, Disclaimers, the AI-Specific Clause, and Governing Law — will survive.

13. Modifications to Terms

Nefesh reserves the right to modify these Terms at any time. We will notify you of material changes via email (to the address associated with your account) at least 30 days before changes take effect.

Continued use of the API after the effective date of updated Terms constitutes acceptance. If you do not agree to the updated Terms, you must stop using the API and cancel your subscription.

14. Governing Law & Dispute Resolution

  • These Terms are governed by the laws of the Federal Republic of Germany, without regard to conflict of law principles.
  • The exclusive jurisdiction for any disputes arising under these Terms is Leipzig, Germany.
  • For EU consumers (if applicable): The European Commission provides an online dispute resolution platform at ec.europa.eu/consumers/odr.
  • Before initiating legal proceedings, the parties agree to attempt to resolve disputes through good-faith negotiation for a period of 30 days.

15. AI-Specific Clause

The Customer may not use API responses, output data, model scores, or any derivative data to train, fine-tune, distill, or otherwise develop competing machine learning models, algorithms, or services without prior written consent from Nefesh AI.

"Competing" means any product or service that provides stress detection, emotion recognition, affective computing, or similar biometric analysis capabilities.

This restriction applies to both the Customer and any third parties that the Customer shares API output with.

Aggregated, anonymized analytics derived from API output for the Customer's own internal reporting purposes are permitted.

16. Contact Information

For questions about these Terms, contact: [email protected]

Nefesh AI

← Back to Home