← Back to Heron

Terms of Service

Last updated: April 6, 2026

1. Service

Heron is an AI agent access auditing tool operated by Theona, Inc. ("we", "us"). It provides structured interviews of AI agents, risk analysis, and compliance reporting. The service is available as open-source software (MIT license) and as a hosted platform.

2. What Heron Is Not

  • Heron is not a formal security audit, penetration test, or compliance certification
  • Reports are based on agent self-reported information and have not been independently verified
  • Regulatory compliance flags are advisory — consult qualified legal counsel for compliance decisions
  • Heron does not guarantee the accuracy of agent responses or LLM analysis

3. Your Account

The hosted service requires a Google account for authentication. You are responsible for the security of your account and the agents you audit. We may suspend accounts that violate these terms or are used for abusive purposes.

4. Your Data

You retain ownership of all data submitted through Heron, including interview transcripts and audit reports. We do not use your data to train AI models. We do not sell or share your data with third parties. See our Privacy Policy for details.

5. Open Source

The Heron audit engine is open source under the MIT License. You may self-host, modify, and distribute it freely. The hosted dashboard and enterprise features are proprietary.

6. LLM Providers

Heron uses third-party LLM providers (OpenAI, Anthropic, Google) for transcript analysis. When using the hosted service, interview transcripts are sent to the configured provider for analysis. Each provider's data handling policies apply to that processing. When self-hosting, you control which provider is used and how data is routed.

7. Limitation of Liability

Heron is provided "as is" without warranty. We are not liable for decisions made based on Heron reports, inaccurate agent responses, LLM analysis errors, or any damages arising from the use of the service. Use professional judgment and independent verification for access control decisions.

8. Contact

Heron is operated by Theona, Inc.
For questions: [email protected]