Enterprise AuthHub — Terms of Service
Version 2.1 — Effective 1 July 2026
1. Definitions
"Service" means the Enterprise AuthHub Relationship-Based Access Control platform operated by the Service Provider (Nilo Developments Limited, trading as AuthHub FGA). "Tenant" means an organisation registered to use the Service. "Authorised User" means any individual granted access to the Service by a Tenant administrator. "Subscription Tier" means one of: Developer, Starter, Professional, Enterprise, or Critical Infrastructure.
2. Service Description
The Service provides fine-grained, relationship-based access control (ReBAC) for healthcare applications. It enables Tenants to define permission schemas, manage relationship tuples, and evaluate access decisions in real time via Zanzibar-compatible APIs, AuthZEN evaluation endpoints, and SCIM 2.0 provisioning interfaces.
3. Acceptable Use
Tenants agree to use the Service solely for the purpose of managing authorization decisions within their applications. Tenants shall not: (a) attempt to access another Tenant's namespace; (b) store patient-identifiable data within permission schemas or tuple values; (c) exceed allocated quota limits without prior approval; (d) use the Service for purposes unrelated to legitimate business operations.
3(e) Rate Limiting & Emergency Mitigation
The Service Provider enforces strict rate limits tailored to each Subscription Tier. If a Tenant's API request volume or complex query patterns threaten the stability, security, or performance of the wider platform ecosystem, the Service Provider reserves the right to immediately throttle or temporarily suspend the Tenant's API connection to safeguard the environment. The Service Provider shall issue automated real-time alerts (via webhook and email) to the Tenant's designated technical contact within 1 minute of throttling being enacted.
4. Availability & SLA
The Service Provider targets monthly uptime availability based on the Tenant's Subscription Tier:
- Developer: Provided on a best-effort basis without uptime commitments or remedies.
- Starter & Professional: 99.9% monthly uptime.
- Enterprise: 99.95% monthly uptime.
- Critical Infrastructure: 99.99% monthly uptime, governed by a dedicated Service Level Agreement (SLA) Addendum.
Monthly Uptime Percentage Calculation
Monthly Uptime Percentage is calculated as: (Total Minutes in Month − Downtime Minutes) ÷ Total Minutes in Month × 100.
For the purposes of these Terms of Service, "Downtime" means only periods where the Service returns 5xx Server Errors. Latency-related performance issues are excluded from Downtime calculations under these main Terms of Service.
Note: Latency performance targets are governed separately under the Performance SLA schedule in the Critical Infrastructure Addendum.
Scheduled maintenance windows will be communicated at least 48 hours in advance for Starter, Professional, and Enterprise tiers, and 7 days in advance for Critical Infrastructure. The Service Provider shall not be liable for downtime caused by force majeure events or third-party infrastructure failures.
5. Fees, Invoicing & Taxes
5(a) Subscription Fees
Tenant shall pay the monthly fees corresponding to their selected tier:
| Tier | Monthly Fee |
|---|---|
| Developer | £0 (Free) |
| Starter | £995 |
| Professional | £3,995 |
| Enterprise | £9,995 |
| Critical Infrastructure | £37,000 |
All fees are quoted in British Pounds (GBP) and are exclusive of Value Added Tax (VAT), which will be added at the prevailing rate.
5(b) Invoicing & Payment
Developer, Starter, and Professional tiers are billed monthly in advance via credit card or direct debit. Enterprise and Critical Infrastructure tiers are invoiced monthly in advance with payment due within thirty (30) days of the invoice date.
5(c) Late Payment
The Service Provider reserves the right to suspend access to the Service upon fourteen (14) days written notice if any invoiced amounts remain unpaid past their due date.
6. Data Retention
Audit logs are retained based on the Tenant's Subscription Tier (Developer: 7 days; Starter: 30 days; Professional: 2 years; Enterprise: 7 years; Critical Infrastructure: 10+ years with cold archive). Relationship tuples and schemas are retained for the duration of the Tenant's subscription. Upon termination, Tenant data will be deleted within 30 days unless legal retention obligations apply. Expedited deletion within 7 days is available upon formal written request.
7. Limitation of Liability
7(a) Free Tiers
The Developer tier is provided strictly "as is" and "as available." To the maximum extent permitted by law, the Service Provider's total liability for the Developer tier shall be capped at £100.
7(b) Paid Tiers
For Starter, Professional, Enterprise, and Critical Infrastructure tiers, the Service Provider's total aggregate liability in contract, tort (including negligence), or otherwise arising under or in connection with this agreement shall be limited to 100% of the total fees paid by the Tenant in the twelve (12) months preceding the event giving rise to liability.
7(b-i) Critical Infrastructure
For Critical Infrastructure tier specifically, the Service Provider's total aggregate liability shall be limited to the greater of: (i) £2,000,000, or (ii) 100% of fees paid in the 12 months preceding the event. The Service Provider maintains Professional Indemnity insurance coverage of not less than £5,000,000.
7(c) Exclusions
Neither party shall be liable to the other for any indirect, consequential, special, or incidental damages, or any loss of profits, revenue, or data, even if advised of the possibility of such damages.
8. Termination
Either party may terminate this agreement with 30 days written notice. The Service Provider may suspend access immediately if a Tenant breaches these terms or poses a security risk to other Tenants or the wider platform ecosystem.
For non-security breaches, the Service Provider shall provide 7 days written notice and opportunity to cure before suspension. For breaches posing an immediate security risk, suspension may be immediate, but the Service Provider shall designate a 24/7 emergency contact to resolve the issue within 4 hours.
9. Governing Law
These terms are governed by the laws of England and Wales. Disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
10. Data Processing
The Service Provider acts as a Data Processor on behalf of the Tenant (Data Controller) for any personal data processed through the Service. A separate Data Processing Agreement (DPA), incorporating UK GDPR Standard Contractual Clauses, is available upon request and forms part of this agreement when executed. The Service Provider's current subprocessors are listed at https://healthcare.authhub.cloud/subprocessors and updated with 30 days prior notice.
11. Warranty
For paid Subscription Tiers (Starter, Professional, Enterprise, Critical Infrastructure), the Service Provider warrants that the Service will perform substantially in accordance with the published API documentation during the subscription term. The Developer tier is provided strictly "as is" without warranties of any kind.
Critical Infrastructure — SLA Addendum
This Service Level Agreement Addendum supplements the Terms of Service and applies exclusively to the Critical Infrastructure tier.
1. Uptime Commitment
The Service Provider guarantees that the core AuthHub API endpoints (including Zanzibar-compatible Check, Read, Write, and Expand endpoints, as well as AuthZEN and SCIM 2.0 provisioning interfaces) will achieve a Monthly Uptime Percentage of 99.99%.
2. Definitions of Downtime
"Downtime" is defined as any minute where all continuous attempts by the Tenant to establish a connection to the Service's authorization endpoints return a 5xx HTTP Server Error.
Downtime Exclusions:
- Scheduled Maintenance (provided 7 days' written notice is given).
- Tenant misconfigurations (e.g., malformed tuples, invalid schemas, or policy errors).
- Throttling enacted to protect platform stability due to Tenant exceeding agreed burst quotas.
- Force majeure events or underlying third-party network failures outside the Service Provider's control.
2b. Performance SLA
The Service Provider targets a p95 API response time of less than 2,000 milliseconds. If the monthly p95 response time exceeds 2,000ms, a separate Performance Credit of 5% of the monthly fee (£1,850) shall be applied. Performance Claims must include monitoring reports from the Tenant's APM tooling or AuthHub's analytics dashboard.
3. Service Credits
If the Service Provider fails to meet the 99.99% Uptime Commitment in a given billing month, the Tenant will be eligible to request a Service Credit:
| Monthly Uptime | Credit % | Credit Value |
|---|---|---|
| 99.9% to < 99.99% | 10% | £3,700 |
| 99.0% to < 99.9% | 25% | £9,250 |
| Below 99.0% | 50% | £18,500 |
Claim Process: The Tenant must submit a claim containing server logs demonstrating the 5xx errors, or performance monitoring reports from the Tenant's APM tooling demonstrating sustained latency exceeding the Performance SLA thresholds, within 30 days of the incident.
Sole Remedy: Service Credits are the Tenant's sole and exclusive financial remedy for any performance or availability issues.
4. Support Response Times
The Critical Infrastructure tier includes priority 24/7 technical support with the following Initial Response Times (IRT):
| Severity | Definition | Target IRT |
|---|---|---|
| Sev 1 (Critical) | Total loss of core authorization impacting live environments | 15 Minutes |
| Sev 2 (High) | Significant degradation; API timeouts affecting workflows | 1 Hour |
| Sev 3 (Normal) | Non-critical bug, SCIM sync delay, or general inquiry | 4 Hours |
5. Chronic Failure
If the Monthly Uptime Percentage falls below 99.0% for two (2) consecutive months, or three (3) months within any rolling twelve-month period, the Tenant shall have the right to terminate the Agreement immediately upon written notice without penalty, and receive a pro-rata refund of any pre-paid fees for the remainder of the term.
AuthHub FGA (a trading name of Nilo Developments Limited), 200 Drake Street, Rochdale, Greater Manchester, OL16 1PJ, UK.
← Back to Registration