relay-mcp

Terms of Service

relay-mcp is an evaluation project offered free of charge. These Terms are written in good faith and in plain language. They are not legal advice, and they do not create any obligation for us to keep the service running.

Effective date: 2026-07-12 — Version 1.0

In short:

1. Acceptance of these Terms

These Terms govern your use of relay-mcp (the "service"), which is operated by us (the "operator", "we", "us"). For details about the operator, see the Impressum. By creating an account, enrolling an agent, minting a token, connecting an AI client, or otherwise using the service, you agree to these Terms. If you do not agree, do not use the service.

We may update these Terms as described in section 21. The current version always lives at this page with its effective date.

2. Definitions

3. What relay-mcp is

relay-mcp is a self-hosted relay built on the Model Context Protocol. It lets an AI client you connect operate your own machines and third-party services through scoped capabilities that you control. This means it can execute real shell and PowerShell commands and take real actions on connected third-party systems on your behalf. The service is experimental and under active development; features may be added, changed, or removed at any time.

4. Evaluation status and no guarantee

The service is a free evaluation / beta project. There are no service levels, no uptime, availability, performance, backup, or support commitments, and no promise that the service will ever reach a stable state.

If you need guaranteed uptime, a service-level agreement, or permanent / production use, this free evaluation does not provide it — please get in touch through the contact form to discuss a separate arrangement.

To the maximum extent permitted by applicable law, we may change, limit, interrupt, suspend, or permanently shut down the service (in whole or in part) at any time, immediately, and without notice — for example at the end of the evaluation, for maintenance, for resource or cost reasons, on any security concern, or to comply with the law. In particular, if we have any security concern we may take the service offline immediately and leave it offline permanently, at our sole discretion. Maintenance, shutdown, or failures may interrupt operations already in progress (for example a running shell command or SSH session may be cut off mid-execution).

Because the service is free, you are not entitled to any compensation, credit, refund, or damages if it is changed, interrupted, suspended, shut down, or if data is lost, except for any liability we cannot exclude under section 14 (including intent, gross negligence, personal injury or death, product liability, and Article 82 GDPR). We are not obliged to give any advance notice of a shutdown.

5. Eligibility and authorization

You must be at least 18 years old and have full legal capacity to accept these Terms. If you act for an organisation (a tenant), you confirm you are authorized to do so on its behalf. You must not be barred from using the service under any applicable law or sanctions.

Most importantly: you may only enroll agents, connect integrations, and mint tokens for machines, accounts, data, and credentials that you own or are clearly authorized to operate. You are solely responsible for having and keeping that authorization.

6. Your account and security

Access requires a password and mandatory multi-factor authentication (MFA). You are responsible for keeping your password, MFA factors, and recovery codes confidential, and for all activity under your account, tenant, users, agents, and tokens. Tell us promptly (via the contact form) if you suspect a compromise.

We store only hashes of your password (Argon2id) and of your tokens (SHA-256). This means we cannot recover a lost token — a lost token must be revoked and re-minted. We describe our security measures honestly, but we do not warrant that they are sufficient in every case (see sections 13–14).

7. Tokens, agents, and connected systems

You alone decide which machines to enroll and which capabilities to grant. Scoped MCP tokens and enrolled agents act with the permissions you assign. Anyone holding a valid token, or with access to an active agent, can run real commands on your machines — treat tokens and enrollment links like passwords or keys.

You must not share, sell, sublicense, or transfer your tokens, agents, or account. You are responsible for granting only the scopes you need, and for revoking or rotating tokens and disconnecting agents when they are no longer needed or may be compromised. Deleting a stored credential on our side does not by itself revoke that credential's validity on the target system — you remain responsible for rotating it there.

8. Acceptable use — no misuse

You must use the service lawfully and only as intended. In particular, you must not:

If you discover a security flaw, please report it via the contact form and do not exploit it, access other users' data, or disclose it publicly before it is fixed.

9. AI-assisted actions and your responsibility

Actions through the service are initiated by the AI clients you connect and by the commands they generate. We do not control, review, or endorse those actions. Actions taken by any AI client, automation, or agent you connect are attributed to you and are your responsibility. You are responsible for supervising them, for reviewing and confirming state-changing operations, for keeping your own backups and access controls in order, and for any resulting changes, data loss, or damage on your own or third-party systems.

10. Your content and data

You keep ownership of your data, commands, files, and integration credentials. You grant us only the limited technical processing needed to operate the relay and carry out what your AI clients request. You are responsible for the legality of the data you route through the service. Data protection is addressed in section 16.

11. Third-party services and integrations

Integrations (SSH, Microsoft Graph, Google Workspace, Proxmox, Home Assistant, UniFi, vSphere, and others) are operated by third parties under their own terms. We are not responsible for them, their availability, or their changes. You are responsible for your credentials for those services and for complying with their terms.

12. Intellectual property and feedback

The service, its software, site, and documentation belong to the operator or its licensors. You receive a narrow, personal, revocable permission to use the service for evaluation. Where open-source components are included, their licenses govern those parts. No other rights are granted.

Any feedback you send — suggestions, bug reports, or security reports — is given voluntarily. We may use it freely and without restriction, obligation, or compensation, and using it grants you no rights in the service.

13. Disclaimer of warranties

To the maximum extent permitted by applicable law, the service is provided "as is" and "as available", without warranties or guarantees of any kind, whether express or implied. We do not warrant that the service will be available, uninterrupted, timely, secure, or error-free, that data will be preserved or recoverable, or that any AI client will act correctly, safely, or as you intend.

This disclaimer does not exclude or limit any mandatory statutory rights you have as a consumer, including non-waivable warranty (Gewaehrleistung) rights under the Austrian Consumer Protection Act, or any liability that cannot be excluded under applicable Austrian or EU law (see section 14).

14. Limitation of liability

To the maximum extent permitted by applicable law, we are not liable for data loss or corruption, downtime, damage to your systems, loss caused by a security incident, bug, or vulnerability, or for actions taken through your tokens, agents, or AI clients, including indirect or consequential loss such as lost data, lost profits, or the cost of restoring data.

Nothing in these Terms limits or excludes our liability for damage caused by intent (Vorsatz) or gross negligence (grobe Fahrlaessigkeit), for personal injury or death, under the Product Liability Act (Produkthaftungsgesetz), under data-protection law (including Article 82 GDPR), or for any other liability that cannot be limited or excluded under applicable Austrian or EU law, including mandatory statutory consumer rights.

You remain responsible for what you choose to enroll, for the commands issued through your account, and for your own backups and access controls (see sections 7–9).

15. Indemnification (business users)

If you are a business user, you will indemnify and hold the operator harmless against third-party claims, losses, and reasonable costs arising from your unlawful or unauthorized use of the service, your operation of systems you were not authorized to operate, or your breach of section 8.

If you are a consumer, this section applies only within the limits of mandatory Austrian consumer law and does not reduce your statutory rights. It does not create any obligation beyond what the law already provides for the damage you actually cause.

16. Data protection

We process personal data (such as your account email, contact-form messages, and access logs) under the GDPR. Our Privacy Policy sets out the details — controller identity, what we collect, purposes, legal bases, retention, and your data-subject rights. For any data-protection question you can also use the contact form, and the operator's identity and contact details are on the Impressum. Your statutory data-protection rights are unaffected by these Terms.

Where you are a business user or tenant and route other people's personal data through an integration (for example Microsoft Graph, Google Workspace, or an SSH host), you act as the controller for that data and we act as your processor. In that case we will, on request, enter into a data-processing agreement meeting the requirements of Article 28 GDPR. Absent a separate agreement, we process such data only to operate the relay and carry out the requests your AI clients issue, keep it confidential, apply the security measures we describe, and delete or return it on termination as set out in section 19.

17. Suspension, blocking, and termination

To the extent permitted by applicable law, we may suspend, restrict, terminate, or block any account, user, tenant, token, or enrolled agent at our sole discretion, at any time, with or without notice, and for any reason or no reason. Examples include, without limitation: actual or suspected misuse or unlawful use; controlling systems you are not authorized to operate; security or legal risk to the service, other users, or third parties; attempts to attack, probe, overload, or circumvent controls; abuse-detection triggers; excessive resource use; prolonged inactivity; or our decision to pause or shut down the project.

Because the service can run code on live systems, we may act immediately and without prior notice where we reasonably believe there is a security threat, ongoing abuse, or legal risk — we prioritise containment over notice. This is a right, not an obligation to monitor.

18. Your right to stop and delete your account

You may stop using the service and delete your account and data at any time, for any reason, with no notice period and no fee. Where self-service tools exist, you can revoke tokens, disconnect and delete agents, remove integrations, delete users, and request full account or tenant deletion via the contact form.

Consumers — right of withdrawal. The service is free and no paid contract is concluded, so there is no payment to refund. Independently of any statutory withdrawal right you may have as a consumer for distance contracts, you can withdraw simply by deleting your account or telling us via the contact form at any time, without giving a reason and at no cost.

19. Effect of termination

When access ends or an account is deleted: your right to use the service ends immediately; active tokens and enrollment links stop working and enrolled agents are disconnected; and we may delete your account data, configuration, integrations, stored credentials, tokens, and logs within a reasonable period, subject to any limited operational or legal retention. Deletion of personal data follows applicable data-protection law.

The dial-out agent software runs on your own machines, so we cannot uninstall it remotely — you should run the installer's uninstall step to remove the agent and its stored token. You should also independently revoke or rotate any credentials and OAuth grants you gave the service. Sections that by their nature should survive (including sections 8, 9, 10, 12, 13, 14, 15, 16, this section 19, and sections 22 and 23, and any other provision that by its nature is intended to survive) continue to apply after termination.

20. Notices

We give you notices through the site and/or by email to your account address. You are responsible for keeping a valid, current email address on file. You reach us through the contact form. A notice is treated as received when it is posted on the site or sent to your account email.

21. Changes to the service and to these Terms

The service is an evaluation project under active development, so both the service and these Terms may change. We may update these Terms at any time; the current version is always posted on this page with its effective date, and it applies to your use of the service from the date it is posted. We are not obliged to give advance notice of a change, although where a change is significant we may note it on the site or by email.

If you do not agree with a change, your remedy is simple: stop using the service and delete your account — you can do this at any time, for any reason, at no cost. Continuing to use the service after a change takes effect means you accept the updated Terms. This does not remove any mandatory rights you have as a consumer under Austrian or EU law, which continue to apply regardless of these Terms.

22. Governing law and jurisdiction

These Terms and any dispute arising out of or in connection with them (including non-contractual disputes) are governed by the substantive law of the Republic of Austria, excluding its conflict-of-laws rules and the UN Convention on Contracts for the International Sale of Goods (CISG). This does not deprive you, as a consumer, of the protection of the mandatory provisions of the law of your EU/EEA country of habitual residence.

For users who are not consumers, the courts competent for the operator's registered seat in Austria (see the Impressum) have jurisdiction. If you are a consumer, the mandatory venue rules of EU law apply: you may only be sued in your country of domicile, and you may bring proceedings either there or in Austria.

23. Final provisions

Severability. If any provision is or becomes invalid or unenforceable, the rest stays in force, and the invalid provision is replaced by the applicable statutory rule. Severability does not operate to a consumer's detriment.

No waiver. If we do not enforce a provision, or delay doing so, that is not a waiver of our right to enforce it later.

Assignment. You may not transfer or assign your account, tokens, agents, or your rights and obligations under these Terms. We may transfer or assign the service or these Terms (for example if operation moves to another person), provided your rights are not reduced; any transfer of personal data will comply with the GDPR and be notified to you in advance. If the operator changes, you may terminate and delete your account before the transfer takes effect.

Force majeure. We are not in breach for any failure or delay caused by events beyond our reasonable control (for example outages of upstream hosting, network, or electricity providers, internet failures, cyber-attacks, natural events, official measures, or strikes). This is subject to the mandatory-liability carve-out in section 14.

Language. These Terms are provided in English, which is the working version. Where mandatory Austrian consumer law requires it, the protection of Austrian and EU consumer law applies regardless of language, and the consumer-protective meaning prevails.

Entire agreement. These Terms, together with the Impressum and any published Privacy Policy, are the whole agreement about your use of the service, subject to mandatory law.

24. Contact

You can reach us through the contact form, or by email at mcp@darky.cc. The operator's identity and legal disclosures are on the Impressum page.

Effective date: 2026-07-12 — Version 1.0. This is a free evaluation service; these Terms are provided in good faith and are not legal advice.