Terms of Service

Last updated: June 2026

Important — Sole Trader Notice The Service is operated by Andrew James Camilleri Micallef, a sole trader registered in Malta with VAT identification number MT30163832 (currently operating under the Maltese small undertakings exemption — no VAT charged at this time). All references to "we", "us", "Company", and "ApexMCP" refer to this sole trader operation. You acknowledge that you are contracting with an individual operating as a sole trader, not with a limited liability entity.

These Terms of Service govern your access to and use of the ApexMCP platform and related services (the "Service"). By creating an account, joining our waitlist, or using the Service, you agree to be bound by these Terms.

1. Acceptance and Business Eligibility

By registering for, accessing, or using the Service you confirm that:

You have read, understood, and agree to these Terms and our Privacy Policy;
You are acting on behalf of a business, organisation, freelance practice, or in a professional capacity, and not as a private consumer;
You have authority to bind the business or organisation you represent;
You have legal capacity to enter binding contracts in your jurisdiction.

The Service is intended for business use only. Consumer accounts are not supported.

2. Service Description and Hosting

ApexMCP provides a secure MCP (Model Context Protocol) gateway that enables AI agents to access databases, REST APIs, and SaaS tools via a single authenticated endpoint.

The Service is hosted on infrastructure provided by Hetzner Online GmbH (application servers, located in Finland) and Neon Inc. (managed PostgreSQL database, hosted on Amazon Web Services in the eu-central-1 region, Frankfurt, Germany). All customer data remains within the European Union during processing and storage.

3. Beta Service Period

The Service is currently a beta release. The first three (3) months following your initial account registration shall constitute a beta period for your account (the "Beta Period"). During the Beta Period:

The Service is provided strictly on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind;
Features may be changed, added, removed, or behave unexpectedly without prior notice;
We make no representations regarding security, reliability, performance, data integrity, or fitness for any particular purpose;
To the maximum extent permitted by law, we accept no liability for any loss, damage, or harm of any kind — including data loss, service interruption, security incidents, unauthorised access, downtime, or any direct, indirect, incidental, consequential, special, or punitive damages — arising from your use of the Service during the Beta Period;
You should not store sensitive production data or rely on the Service for business-critical operations during the Beta Period without independent backups and your own risk assessment.

Notwithstanding the limitations above, we commit to promptly investigate all security issues, vulnerabilities, or data integrity concerns raised by you or identified by us; take reasonable remedial action as soon as practicable; and communicate transparently with affected customers about incidents and their resolution.

4. Waitlist

Joining the waitlist does not guarantee access. We will contact waitlist members when capacity allows. By joining, you consent to receive emails from ApexMCP about early access and product updates. You may unsubscribe at any time.

5. Acceptable Use

You must not use ApexMCP to:

Violate any applicable law or regulation;
Transmit malicious code or conduct denial-of-service attacks;
Scrape, reverse-engineer, or resell the service without written permission;
Access systems or data you are not authorised to access;
Store or process sensitive personal data beyond your stated purpose.

6. Payment and VAT

Prices are quoted in EUR and are net of VAT.

Current VAT treatment: ApexMCP operates under the Maltese small undertakings VAT exemption (Article 11 of the Maltese VAT Act). No VAT is charged on invoices at this time.

If VAT registration becomes mandatory (when our turnover exceeds the Maltese small-undertakings threshold), VAT will be applied per EU rules: 18% for Maltese customers; reverse-charge mechanism for EU B2B customers with a valid VAT number (Article 196 of Council Directive 2006/112/EC); One-Stop Shop (OSS) rates where applicable; no VAT for customers established outside the EU.

You are responsible for any tax obligations arising in your own jurisdiction.

7. Intellectual Property

ApexMCP and its logo are operated by Andrew James Camilleri Micallef trading as ApexMCP. The underlying platform code is proprietary. Open-source components are licensed under their respective licences. You retain ownership of all data you upload or route through the Service.

7a. AI-Assisted Development Disclosure

In accordance with applicable EU guidance on transparency in AI-assisted software development, we disclose that portions of the ApexMCP platform were developed with the assistance of AI code generation tools. All AI-generated code has been reviewed, tested, and validated by the operator prior to deployment. Responsibility for the correctness, security, and suitability of the platform rests solely with Andrew James Camilleri Micallef as the developer and operator of the Service.

8. Purpose, Data Transit, and Limitation of Liability

Intended purpose. ApexMCP is designed to help organisations govern their use of AI by controlling which data sources and tools are accessible to AI agents, on what terms, and by whom. The platform is a governance and connectivity layer — its purpose is to reduce uncontrolled AI data exposure, not to increase it.

Data in transit. ApexMCP acts as a routing and governance layer between your data sources and your AI models. We do not store, retain, log, or process the content of data that passes through MCP tool calls beyond what is necessary to generate the audit log entry (which records metadata: user, tool, arguments summary, result status, and timestamp). We do not use data transiting the Service for any purpose other than delivering the Service to you. You remain the data controller for all data routed through the platform.

Data lost in transit. To the maximum extent permitted by law, we accept no liability for data corruption, loss, or interception occurring in transit between your data sources and the Service, or between the Service and AI model providers. You are responsible for ensuring that connections to the Service use appropriate encryption and network controls on your side of the integration. We strongly recommend against routing highly sensitive data — such as unredacted personal health information or payment card data — through any third-party intermediary, including ApexMCP, unless you have completed an independent risk assessment.

General limitation. To the maximum extent permitted by law, ApexMCP shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service. Our total aggregate liability for any claim shall not exceed the lesser of (i) the total amount paid by you for the Service in the three (3) months preceding the event giving rise to the claim, or (ii) EUR 100.

During the Beta Period defined in Section 3, our liability is further limited as set out in that section.

You acknowledge that the Service is provided by a sole trader and not a limited liability entity, and that the limitations in this Section are reasonable and form an essential basis of the bargain. These limitations do not apply to liability that cannot be excluded under applicable law, including fraud or fraudulent misrepresentation.

8a. Security Vulnerability Reporting

We take the security of the Service seriously. If you discover a potential security vulnerability, exploit, or bug that may affect the confidentiality, integrity, or availability of the Service or its users' data, we ask that you report it responsibly before any public disclosure.

You may report a security issue in either of the following ways:

Email: [email protected] — for sensitive disclosures. We will acknowledge receipt within 48 hours and provide an initial assessment within 5 business days.
Community feedback / bug report: via the ApexMCP Community repository on GitHub, where you can open an issue marked as a security concern.

We request that you do not publicly disclose the details of a security vulnerability until we have had a reasonable opportunity to investigate and, where necessary, remediate the issue. We commit to working with you in good faith and to crediting responsible disclosures where you consent to being named.

9. Data Protection

We process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and the Maltese Data Protection Act. All customer data is stored and processed within the European Union. Customers requiring a Data Processing Agreement (DPA) may request one at [email protected].

10. Termination

We may suspend or terminate access for breach of these Terms. You may cancel your account at any time. Termination provisions of any paid plan supersede this clause.

11. Changes

We may update these Terms. Continued use after notice of changes constitutes acceptance. We will provide at least 14 days notice of material changes to registered users.

12. Governing Law and Jurisdiction

These Terms are governed by the laws of Malta. Any disputes shall be subject to the exclusive jurisdiction of the courts of Malta.

13. Contact

Andrew James Camilleri Micallef (trading as ApexMCP)
Email: [email protected]
Maltese VAT identification number: MT30163832 (small undertakings exemption)