Last updated: March 2026
Threshold Signalworks Ltd ("we", "us", "our") provides Threshold Cloud, a persistence and synchronisation service for AI agent safety policies, WAL events, and related records. The service is accessed via API and MCP protocol.
You need an account to use Threshold Cloud.
You are responsible for keeping your API key secure and for all activity under your account. If you believe your key has been compromised, contact us immediately and we will issue a replacement or revoke the old key.
You retain ownership of your data.
We store and process your data only to provide Threshold Cloud, including storing, synchronising, retrieving, securing, backing up, and deleting the data you send us through the service. We do not sell your data. We do not use your data for advertising or profiling.
We may access data only where necessary to operate, secure, maintain, support, or troubleshoot the service, or where required by law.
When your account is closed, we will delete or return your data as described in the Data Processing Agreement and Privacy Policy.
You must not use the service for any unlawful purpose.
You must not attempt to:
We may suspend or restrict access where reasonably necessary to protect the service, other customers, or our infrastructure.
We aim to provide a reliable service, but we do not guarantee uninterrupted availability or any specific uptime for the Starter tier.
If Threshold Cloud is unavailable, Keel is designed to fall back to local operation where configured to do so.
Business or enterprise customers may agree separate service levels in writing.
Threshold Cloud Starter is €29/month per account unless otherwise stated on the pricing page.
Subscriptions are billed in advance on a recurring basis. We may change pricing on 30 days' notice. You may cancel at any time, and your subscription will remain active until the end of the current billing period unless otherwise stated.
Payments are processed by Stripe. We do not store full payment card details.
You may stop using the service at any time.
We may suspend or terminate access if:
Where reasonably possible, we will provide notice before suspension or termination.
On termination, access to the service will end and data handling will follow the deletion/return process described in the Data Processing Agreement and Privacy Policy.
Keel and Threshold Cloud are safety tools, not safety guarantees. They may reduce the probability of agent mistakes but cannot eliminate all risk.
You remain responsible for your own systems, deployments, agents, prompts, tools, approvals, and operational decisions.
To the maximum extent permitted by law, we are not liable for indirect, incidental, special, consequential, or punitive losses, or for loss of profits, revenue, data, goodwill, or business opportunity.
Our total aggregate liability arising out of or in connection with the service will not exceed the fees you paid us in the 12 months before the event giving rise to the claim.
Nothing in these terms excludes liability that cannot lawfully be excluded under applicable law.
We may update these terms from time to time. If we make a material change, we will update the date at the top of the page and notify active customers by email or through the service.
These terms are governed by the laws of Ireland. Any dispute arising from or relating to these terms or the service will be subject to the exclusive jurisdiction of the courts of Ireland, unless applicable consumer law requires otherwise.
This Data Processing Agreement ("DPA") forms part of the Terms of Service and applies where Threshold Signalworks processes personal data on your behalf through Threshold Cloud.
For customer workspace data processed through Threshold Cloud, you are the controller and Threshold Signalworks is the processor.
You determine what data your agents generate and what is sent to Threshold Cloud. We process that data only on your documented instructions, as set out in this DPA and the service documentation.
Subject matter: Storage, synchronisation, retrieval, backup, and deletion of customer workspace data submitted through Threshold Cloud.
Purpose: Providing the Threshold Cloud persistence and synchronisation service.
Duration: For the duration of your subscription, plus up to 30 days afterward for deletion processing, backup expiry, and service closure tasks unless a longer retention period is required by law.
Categories of personal data may include:
Data subjects may include:
Your documented instructions are to store, synchronise, retrieve, secure, back up, and delete the policies, WAL events, quarantine records, and related data you send to us through the API and service interface.
We will not process personal data for any other purpose except:
We ensure that any person authorised to process personal data is subject to an appropriate duty of confidentiality.
We implement appropriate technical and organisational measures to protect personal data, taking into account the nature of the data and the risks involved.
These measures include:
We may update our security measures from time to time, provided the overall level of protection is not materially reduced.
You authorise us to use sub-processors to provide the service.
A current list of sub-processors is maintained in the Privacy Policy or another page linked from it. We will give at least 30 days' notice before adding or replacing a sub-processor where required.
We will impose data protection obligations on sub-processors that are no less protective than those in this DPA. If a sub-processor fails to meet its data protection obligations, we remain responsible to you to the extent required by law.
If you reasonably object to a new sub-processor on data protection grounds and we cannot resolve the objection, you may terminate the affected service.
Data is processed and stored in the European Union unless otherwise stated.
If we transfer personal data outside the EEA, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses or another valid transfer mechanism where required.
Taking into account the nature of the processing and the information available to us, we will provide reasonable assistance to help you:
If we become aware of a personal data breach affecting customer workspace data, we will notify you without undue delay and provide available information reasonably necessary for you to meet your obligations under applicable data protection law.
We will make available information reasonably necessary to demonstrate compliance with this DPA.
Where appropriate, this may be satisfied through written responses, security summaries, certifications, or other documentation rather than on-site audits.
At the end of the service, we will delete personal data or, where technically feasible and requested, return it to you, unless applicable law requires us to retain it.
Residual copies in backups will be deleted in the ordinary backup lifecycle.
If there is any conflict between this DPA and the Terms of Service in relation to personal data processing, this DPA will prevail to the extent of that conflict.