Terms of Service

By installing the Walour Chrome extension, accessing or calling the Walour API (available at walour.vercel.app), installing the @walour/sdk npm package, or otherwise using any Walour service (collectively, the “Services”), you (“you” or “User”) agree to be bound by these Terms of Service (“Terms”). If you do not agree, do not use the Services.

These Terms form a legally binding agreement between you and Walour (“Walour”, “we”, “us”, or “our”). Use of the Services is also subject to our Privacy Policy, which is incorporated into these Terms by reference.

If you are using the Services on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms.

Walour provides the following Services:

• Chrome Extension. A Manifest v3 browser extension for Chrome and Brave that intercepts and analyses Solana transaction signing requests in real time, displaying a threat score and decoded summary before you confirm or reject the transaction.
• Public API. An HTTP API hosted on Vercel Edge Functions that accepts a Solana transaction payload or address and returns a threat assessment, including a confidence-weighted risk score, detected threat categories, and an AI-generated plain-language summary.
• @walour/sdk. An open-source TypeScript npm package that wraps the Walour API and on-chain oracle with a typed interface, caching layer, and circuit breakers. Distributed under the MIT licence.
• On-chain Oracle. A Solana program that stores verified threat entries on the Solana blockchain. On-chain data is public and immutable.
• Web Application. The website at walour.io, including the public threat registry, live oracle statistics, and documentation.

All Services are currently provided free of charge. Walour reserves the right to introduce paid tiers or modify the feature set at any time, with advance notice.

Walour threat scores, risk ratings, confidence values, and AI-generated summaries (collectively, “Threat Assessments”) are provided for informational purposes only. They are not a guarantee that a transaction or address is safe or malicious.

Threat Assessments are derived from heuristic analysis, third-party threat intelligence feeds, community reports, and machine-learning models, each of which may be incomplete, stale, or incorrect. In particular:

• A score of “safe” or low risk does not mean the transaction cannot drain your wallet.
• A score of “high risk” does not guarantee the transaction is malicious.
• New attack vectors may not yet be reflected in the oracle or threat database.
• On-chain oracle entries submitted by third parties have not been independently verified by Walour unless explicitly stated.

You bear sole responsibility for any decision to sign, reject, or otherwise act upon a transaction. Walour is a decision-support tool, not a security guarantee. Never sign a transaction you do not understand, regardless of its Walour score.

You may use the Services only for lawful purposes and in accordance with these Terms. The following are prohibited:

• Using the API or SDK to build, operate, or improve any wallet drainer, phishing kit, social engineering tool, or any product designed to deceive users into signing malicious transactions.
• Scraping, bulk-harvesting, or systematically downloading threat intelligence data from the API, web application, or on-chain oracle for redistribution or resale without prior written consent.
• Reverse-engineering, decompiling, or otherwise extracting proprietary scoring logic, model weights, or detection rules from the Services for malicious purposes or to create a competing service without attribution.
• Circumventing or attempting to circumvent rate limits, authentication controls, or access restrictions imposed on the API.
• Submitting false, misleading, or malicious threat reports to the oracle with the intent to smear legitimate addresses or manipulate confidence scores.
• Deploying automated scripts or bots that generate excessive load on the API beyond what is reasonably necessary for your application's stated purpose.
• Using the Services in any way that violates applicable law, including export control laws, sanctions programmes, anti-money-laundering regulations, or data protection law.
• Impersonating Walour, misrepresenting the source or accuracy of Threat Assessments, or using Walour branding without prior written permission.

These restrictions apply to all access methods: direct API calls, use of the SDK, use of the extension, and automated or programmatic access via any third-party interface.

The Walour name, logo, brand marks, website design, extension code, API code, SDK source code (where not separately MIT-licensed), scoring algorithms, and documentation are owned by or exclusively licensed to Walour and are protected by copyright, trade mark, and other intellectual property laws. Nothing in these Terms transfers ownership of any Walour intellectual property to you.

The @walour/sdk npm package is distributed under the MIT Licence. Your rights with respect to that package are governed by the MIT Licence, not these Terms. These Terms continue to apply to your use of the API endpoints the SDK calls.

On-chain oracle data stored on the Solana blockchain is public by nature and is not owned by Walour. You may read and reference on-chain oracle entries freely, subject to the acceptable use restrictions in Section 4.

Subject to these Terms, Walour grants you a limited, non-exclusive, non-transferable, revocable licence to access and use the Services for their intended purpose.

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.

To the fullest extent permitted by applicable law, Walour expressly disclaims all warranties, including but not limited to:

• implied warranties of merchantability, fitness for a particular purpose, and non-infringement;
• any warranty that the Services will be uninterrupted, error-free, or free from viruses or malicious code;
• any warranty that Threat Assessments will be accurate, complete, current, or reliable;
• any warranty that the Services will detect all known or unknown wallet drainers, phishing attacks, or scam transactions;
• any warranty as to the continued availability, accuracy, or completeness of threat data sourced from third parties (GoPlus Security, Helius, and others).

Some jurisdictions do not allow the exclusion of implied warranties. In such jurisdictions, the above exclusions apply to the maximum extent permitted by law.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WALOUR, ITS CONTRIBUTORS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO LOSS OF FUNDS, LOSS OF CRYPTOCURRENCY ASSETS, LOSS OF DATA, LOSS OF PROFITS, LOSS OF BUSINESS, OR LOSS OF GOODWILL, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Because the Services are provided free of charge, and to the maximum extent permitted by applicable law, Walour's total aggregate liability to you for any claim arising out of or relating to these Terms or the Services shall not exceed zero pounds sterling (£0). This zero-liability cap reflects the fact that no fee is charged for the Services and that Threat Assessments are explicitly advisory in nature.

The essential basis of the bargain between you and Walour is that Walour provides the Services at no charge in reliance on these liability limitations. You acknowledge that this allocation of risk is reasonable and that Walour would not provide the Services without these limitations.

Nothing in these Terms limits or excludes liability for fraud, fraudulent misrepresentation, death or personal injury caused by negligence, or any other liability that cannot be excluded or limited under applicable law.

Threat entries submitted to the Walour on-chain oracle are written to the Solana blockchain and are immutable once confirmed. Walour cannot delete, modify, or suppress on-chain entries after they have been finalised, nor can any other party. Do not submit data to the oracle that you do not wish to be permanently and publicly recorded.

Walour does not guarantee the accuracy of community-submitted oracle entries and expressly disclaims liability for any loss arising from reliance on such entries. Confidence scores attached to oracle entries reflect the degree of corroboration from multiple sources; a high confidence score is not a guarantee of accuracy.

If you believe an on-chain entry is factually incorrect or was submitted in bad faith, please contact us at walour786@gmail.com. While we cannot alter the blockchain record, we may flag the entry in the off-chain registry with a dispute notice.

The Services integrate with or depend on the following third-party providers:

• Anthropic: AI inference (Claude models) for transaction decoding and threat summaries.
• GoPlus Security: External threat intelligence feeds.
• Helius / Triton: Solana RPC node infrastructure.
• Supabase: Database and backend services.
• Upstash: Redis caching layer.
• Vercel: API hosting and edge function runtime.

Walour is not responsible for the availability, accuracy, content, policies, or conduct of any third-party provider. Outages or changes in any third-party service may degrade or interrupt the Services without notice. Your use of third-party services accessed through or alongside Walour is subject to those providers' own terms and policies.

Walour implements circuit breakers to limit the impact of third-party failures, but does not guarantee uninterrupted service when upstream dependencies are unavailable.

Walour may, in its sole discretion and without prior notice, suspend or permanently revoke your access to the API and SDK if:

• you breach any provision of these Terms, including the acceptable use restrictions in Section 4;
• your usage patterns suggest automated abuse, excessive load generation, or scraping in violation of these Terms;
• you use the Services in a manner that causes or is likely to cause harm to Walour, other users, or third parties;
• Walour is required to do so by applicable law, regulation, or court order; or
• Walour discontinues the relevant Service.

Where Walour suspects a breach but it is capable of remedy, Walour may at its discretion provide you with written notice (including by email) and a period of not less than 7 days to remedy the breach before suspension takes effect. Walour is under no obligation to provide such a cure period where the breach is serious, deliberate, or incapable of remedy.

Upon suspension or termination: (a) all licences granted under these Terms cease immediately; (b) you must stop using the API and delete any cached API responses or SDK artefacts that rely on Walour's proprietary data; and (c) Sections 3, 5, 6, 7, 8, 11, and 12 survive termination indefinitely.

You may stop using the Services at any time. Uninstalling the Chrome extension and ceasing API calls constitutes termination by you.

These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.

Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or their subject matter or formation.

Notwithstanding the above, Walour reserves the right to seek injunctive or other equitable relief in any jurisdiction to prevent or restrain infringement of intellectual property rights or breach of the acceptable use restrictions in Section 4.

Walour processes limited personal data in connection with the Services. Our full data processing practices, legal bases, and your rights as a data subject are described in our Privacy Policy, which constitutes the primary data protection notice for purposes of Articles 13 and 14 of the UK GDPR and EU GDPR.

The Chrome extension operates principally on-device. Solana transaction data submitted to the API for scoring is processed transiently and is not stored in association with identifying information about the user making the request, except as described in the Privacy Policy.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data protection legislation, you may exercise your rights (including rights of access, rectification, erasure, restriction, portability, and objection) by contacting us at the address in Section 14. Note that on-chain data written to the Solana blockchain is subject to Section 8 and cannot be erased.

Walour reserves the right to modify these Terms at any time. When we make material changes, we will update the “Effective” date at the top of this page and, where reasonably practicable, provide notice via the website or extension update notes.

Your continued use of the Services after the updated Terms take effect constitutes your acceptance of the revised Terms. If you do not agree to the revised Terms, you must stop using the Services and uninstall the Chrome extension.

We encourage you to review these Terms periodically. The current version is always available at walour.io/terms.

If you have any questions about these Terms, please contact us at:

Walour
walour786@gmail.com
walour.io

These Terms do not constitute legal advice. If you are building a commercial product on top of the Walour API or SDK, you should obtain independent legal counsel appropriate to your jurisdiction and use case.