Terms of Use

Last updated: March 8, 2026

Overview

These terms govern your use of the Invariant Systems website (invariantsystems.io) and related services. The AIIR open-source software is licensed separately under the Apache License 2.0.

AIIR open-source software

AIIR is licensed under the Apache License, Version 2.0. You may use, modify, and distribute AIIR in accordance with that license. The full license text is available in the LICENSE file in the AIIR repository.

AIIR is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement. See the Apache 2.0 license for the full disclaimer.

Website content

The content on this website — including text, documentation, diagrams, and examples — is provided for informational purposes. We make reasonable efforts to keep it accurate and up to date, but we do not guarantee completeness or accuracy.

Compliance statements

AIIR is a tool that generates structured data about AI involvement in code commits. References to the EU AI Act, SOC 2, ISO 27001, and other regulatory frameworks on this website describe potential use cases for AIIR's output — they do not constitute legal advice and do not guarantee compliance with any regulation.

You are responsible for determining whether AIIR's output is sufficient for your specific compliance requirements. We recommend consulting qualified legal counsel for regulatory compliance decisions.

Detection accuracy

AIIR's AI detection is heuristic-based. It identifies commits with declared AI involvement markers in git metadata. It does not detect undeclared AI usage (e.g., copy-pasting from ChatGPT without attribution). AIIR receipts record what is declared, not what is hidden.

See the THREAT_MODEL.md for a full analysis of detection limitations and residual risks.

Sigstore signing

When you opt into Sigstore signing, AIIR interacts with public Sigstore infrastructure (Fulcio CA, Rekor transparency log). Signatures and certificates are logged publicly and permanently in Rekor. This is by design — transparency logs are append-only and immutable. Do not enable Sigstore signing if you do not want your CI identity (OIDC subject) recorded in a public log.

Future products

References to "Hub" and "Fortress" on our pricing page describe products under development. Features, pricing, and availability are subject to change. No commitment or obligation is created by the description of future products.

Limitation of liability

To the maximum extent permitted by applicable law, Invariant Systems, Inc. shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses resulting from your use of our website or software.

Governing law

These terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law provisions.

Changes to these terms

We may update these terms from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the website after changes constitutes acceptance of the updated terms.

Contact

Questions about these terms? Contact us at noah@invariantsystems.io.

Invariant Systems, Inc.
Delaware, USA