Wokey Terms of Service
These Terms govern your access to and use of Wokey as a consumer, provider, referrer, administrator, or other authorized user. By accessing or using Wokey, you agree to these Terms and any service-specific policies we publish from time to time.
1. Service Scope
Wokey is a unified API platform for accessing multiple model providers. For consumers, we provide platform API keys, routing, billing, settlement, referral, and console features. For providers, we provide credential custody, connection testing, model activation, earnings tracking, and payout workflows. Consumers receive Wokey platform keys and do not receive providers’ raw upstream credentials. Providers authorize us to use upstream capacity on their behalf; Wokey is not a marketplace for freely transferring raw accounts or API keys. Models, pricing, routing logic, limits, and payment or payout features may change, be rate-limited, be offered in preview, or be discontinued. If you use Wokey under a separate order form, addendum, or service-specific notice, that document controls to the extent of any conflict.
2. Eligibility and Accounts
You must be legally capable of entering into a binding agreement and must provide accurate, complete, and current registration information. You are responsible for safeguarding your account, email inbox, password, JWTs, platform API keys, admin tokens, and other access credentials. You should complete email verification and keep your profile, timezone, language, and other information up to date. You may not lend, sell, rent, or share your account or platform access credentials without our written approval. If you detect credential compromise, abnormal billing, unauthorized calls, or exposure of admin access, you must notify us promptly.
3. Consumer API Key Rules
Consumer API keys may only be used with applications, services, agents, test environments, or internal systems that you are authorized to control. You are responsible for key rotation, access control, and least-privilege handling. The raw API key is returned only once at creation; after that, we retain only a hash, a masked prefix, and usage metadata. You may not embed platform API keys in public clients, frontend source, browser extension packages, or other locations where third parties can easily extract them. If you need to stop use, you should promptly pause or revoke the relevant key and remain responsible for activity that occurred before revocation took effect.
4. Provider Credentials and Authorization
If you submit upstream model credentials, base URLs, budgets, or model configurations as a provider, you authorize us to process that information for connection testing, routing, upstream invocation, settlement, risk controls, and related operations. You represent and warrant that you are authorized to let Wokey use the relevant upstream resources and that doing so does not violate your upstream agreements, applicable law, or any third-party rights. We may test provider credentials, log test results, pause them, quarantine them, rate-limit them, cool them down, revoke them, or stop routing traffic to them. You may not submit stolen credentials, credentials of unclear origin, credentials obtained by circumventing technical limits, or credentials that you are not entitled to entrust to the platform. Wokey encrypts provider credentials at rest and limits access to them, but that does not replace your own responsibilities for upstream account management, compliance, taxes, or vendor relationships.
5. Fees, Balances, Referrals, and Payouts
Wokey’s prices, platform fees, revenue splits, top-up or payout thresholds, supported payment methods, and supported blockchain networks may change based on product strategy, upstream costs, compliance, and risk operations. Consumers are generally charged based on actual token usage, the then-published platform price, or the settlement strategy applicable to the request. Platform balances, provider payables, and referral balances are not bank deposits, e-money, or insured custodial funds. Once an on-chain payment, refund, or payout is broadcast, it may be irreversible; you are responsible for confirming wallet addresses, networks, and asset types. We may delay, reject, reverse, or correct certain balance movements due to fraud, anomalies, chargebacks, upstream disputes, compliance reviews, minimum payout thresholds, or technical failures.
6. Acceptable Use and Prohibited Conduct
You may use Wokey only in compliance with applicable law, industry rules, export controls, sanctions, intellectual property obligations, AI governance requirements, and the policies of upstream model vendors. You may not use the service for unlawful, fraudulent, harassing, infringing, hateful, malicious-code, or platform-security-disrupting activity. You may not evade balance checks, pricing, rate limits, concurrency controls, risk controls, logging, or any technical restriction. You may not use Wokey as a resale channel for raw upstream accounts or keys, or pressure us to violate upstream vendor restrictions. Without sufficient human review and compliance controls, you may not use outputs directly for medical, legal, financial, hiring, credit, law-enforcement, or other high-risk decisions.
7. Inputs, Outputs, and Content Responsibility
You are responsible for the prompts, system instructions, tool calls, files, links, and other inputs you submit to the models, as well as for how you use, publish, reuse, or rely on model outputs. To fulfill a request, we send the relevant request content to the selected upstream model provider. As between you and Wokey, we do not claim ownership of your inputs or outputs except for the rights needed to operate the service, bill for it, secure it, comply with law, and enforce these Terms. Model outputs may be inaccurate, incomplete, biased, unavailable, or subject to third-party rights. Rights in outputs and the scope of permissible commercialization may also depend on upstream vendor terms and applicable law.
8. Data Handling and Incident Archives
We process account data, request metadata, token usage, ledger records, referral relationships, provider configuration, and security logs to operate the service, settle usage, run risk controls, and investigate incidents. In the current repository implementation, the core request tables do not persist full prompts or full outputs for every normal successful request; they mainly retain request metadata, status, token usage, and cost data. For failed, abnormal, or investigative requests, we may archive the full original request payload and related request context for incident response, audit, and system recovery. In the current MVP, exception payload archives are retained for 14 days and are not automatically redacted or masked; authorized admins may access them to handle incidents.