Terms of Service

Mailbox.bot — Physical Logistics Infrastructure for AI Agents
Operated by Golden Ratio, LLC, a Utah Limited Liability Company
Effective Date: February 7, 2026 · Last Updated: March 18, 2026

1. Introduction and Definitions

1.1 Agreement Overview

Welcome to Mailbox.bot (the "Service," "Platform," "we," "us," "our"), a managed micro-fulfillment platform for individuals, businesses, and AI agents, operated by Golden Ratio, LLC, a Utah limited liability company doing business as "Mailbox.bot" (the "Company"). The Company provides software infrastructure that connects clients with independently licensed facility operators who receive, store, and forward packages and mail on their behalf. By accessing or using our website, API, mobile applications, agent protocols, and services, you ("Member," "Operator," "you," "your") agree to be bound by these Terms of Service ("Terms").

1.2 Key Definitions

• "Agent" means any artificial intelligence system, autonomous software agent, bot, or automated process registered on the Platform by a Member. Agents can autonomously order products, manage logistics, and interact with physical commerce through the Platform.
• "Member" or "Operator" means the verified human individual or authorized representative of a business entity who creates an account, completes identity verification (KYC), and is responsible for all Agents and Endpoints under their account.
• "Endpoint" means a logistics intake point provisioned by the Platform for an Agent at a Company-operated Facility, identified by a unique Reference Code, for private carrier package receiving purposes.
• "Reference Code" means the unique alphanumeric identifier assigned to an Endpoint for package routing purposes at the Facility (e.g., Ref: GR-7F3A).
• "Facility" or "Node" means any physical location on the mailbox.bot network operated by an independently licensed facility operator for the purpose of receiving, storing, processing, and forwarding packages and mail. Facilities may be CMRA-registered mail centers or warehouse/fulfillment operators.
• "Package" means any physical item, parcel, envelope, or document received at a Facility on behalf of a Member or their Agent. Packages are the property of the Member; the Facility holds them under custodial care.
• "Bailee" / "Bailment" means the legal relationship in which the Facility (bailee) holds temporary custody of the Member's property (the Package) under a duty of reasonable care, while the Member (bailor) retains ownership. This is the same model used by warehouses, fulfillment centers, and 3PL providers.
• "Private Carrier" means any non-USPS delivery service, including but not limited to FedEx, UPS, DHL, Amazon Logistics, OnTrac, LaserShip, GSO, Spee-Dee, and regional carriers.
• "CMRA" means a Commercial Mail Receiving Agency registered with the United States Postal Service under 39 CFR Part 111 to receive USPS mail on behalf of customers.
• "Form 1583" means USPS Form 1583 (Application for Delivery of Mail Through Agent), required for virtual mailbox service at CMRA facilities. Form 1583 must be completed and notarized (in-person or remote notarization) before USPS mail can be received.
• "Operator Dashboard" means the web-based interface through which Members manage their account, Agents, Endpoints, and Packages with human oversight.
• "Webhook" means an HTTP POST callback notification sent by the Platform to a Member's or Agent's designated endpoint with JSON payload upon occurrence of a package event or tracking update.
• "KYC" means Know Your Customer identity verification procedures conducted via Stripe Identity or equivalent third-party verification provider.
• "Prohibited Items" has the meaning set forth in Section 8.
• "Content Scan" means the process of opening a Package, photographing or digitizing its contents, and delivering the resulting images and structured data to the Member or Agent via the Platform.
• "Outbound Mail" means a physical letter mailed by the Company on behalf of a Member or Agent, produced from a PDF document submitted via API or MCP, printed, enveloped, stamped, and deposited with USPS.
• "Outbound Only" means the service plan ($0/mo base, $0.30/page printing + carrier postage) that provides outbound mail capabilities without an inbound receiving address, Form 1583, or notarization.
• "API" means the Application Programming Interface through which Members and Agents interact programmatically with all Platform services.
• "Agent Protocol" means standardized discovery and communication protocols including MCP, A2A, OpenClaw, REST, and others supported by the Platform.
• "Logistics Intake Node" means a physical facility on the mailbox.bot network used for package and mail receiving, storage, and forwarding purposes.
• "Provenance Chain" means the documented chain of custody from carrier delivery through intake, storage, and disposition, attributed to a specific client via Reference Code.
• "Acceptable Use Policy" or "AUP" means the acceptable use policy incorporated herein by reference and available at mailbox.bot/aup.

2. Nature of Service

2.1 Service Description

Mailbox.bot is a physical logistics infrastructure platform designed for AI agents and their human sponsors. The Platform connects autonomous agents (and the individuals or businesses who deploy them) with independently licensed facility operators. AI agents are the primary operators — they receive packages, evaluate rules, and execute actions (forward, store, scan, discard) autonomously. Human Account Holders serve as sponsors who monitor agent decisions from mission control and may override or modify agent actions at any time. The Platform provides the software layer — intake, scanning, notifications, forwarding, dashboard, and API — while facilities provide the physical receiving and custody. Actions initiated by an AI agent configured by the Account Holder are treated as authorized by the Account Holder. The type of facility you are provisioned at determines the carriers accepted and the verification requirements:

(a) Virtual Mailbox: Provisioned at a CMRA-registered facility on our network. Accepts USPS letter mail, flats, and documents only. USPS packages and parcels are not accepted and will be refused or returned to sender by the carrier. Private carrier packages (FedEx, UPS, DHL, Amazon, etc.) are not accepted on this plan. Requires identity verification (KYC), completion of USPS Form 1583, and a notary session (in-person or remote notarization). Members must not direct packages of any kind to their virtual mailbox address. The Company has registered its CMRA scope to accept letter mail and flats only, and USPS parcels addressed to your mailbox will be returned to sender at the carrier level. The Company assumes no responsibility or liability for packages or parcels shipped to a virtual mailbox address. For package receiving, Members must enroll in a Warehouse Space plan.

(b) Warehouse Space: Provisioned at a warehouse or fulfillment facility on our network. Accepts packages from private carriers (FedEx, UPS, DHL, Amazon, and others). Requires identity verification (KYC). No Form 1583 or notary required.

(c) Outbound Mail: Available as an add-on to any plan or as a standalone service ("Outbound Only" plan). Members or their Agents submit a PDF document via API or MCP, and the Company arranges for printing, envelope stuffing, postage, and physical mailing through the facility network. Photo proof of mailing is provided. Available mail classes include First Class, Priority Mail, Certified Mail, and Certified Mail with Return Receipt. The Outbound Only plan ($0/mo base) requires no inbound address, no Form 1583, and no notarization — Members provide their own return address and pay $0.30 per page for printing plus actual carrier postage at published retail rates. Photo proof of mailing is included; color printing is charged as an add-on. The Company does not guarantee delivery times, which are determined by USPS. The Company is not liable for mail lost, delayed, damaged, or returned by USPS after drop-off at the post office. Photo proof of mailing documents the drop-off only and does not constitute proof of delivery.

All services include the full Platform feature set: intake documentation, package photography, webhook notifications, mission control dashboard, API access, and agent protocol support (OpenClaw, MCP, A2A, REST). Your agent operates as the primary decision-maker for package and mail actions. Facilities hold your property under custodial care while you retain ownership.

2.2 What We Provide

• Software platform connecting you with independently licensed facility operators
• Virtual mailbox service at CMRA-registered facilities for USPS letter mail, flats, and documents only — no packages or parcels of any kind (Form 1583 + notary + KYC required)
• Warehouse space at fulfillment facilities (KYC required)
• Endpoint provisioning with unique Reference Codes for package routing
• Custodial care of client property with documented provenance chain
• Package intake documentation with exterior photography, logging, tracking, weight, and dimensions
• Instant webhook notifications with JSON payload upon package arrival
• Content scanning services (opening, photographing, and digitizing package contents upon request)
• Bailee storage for the duration specified by the Member's subscription plan (14-day to 30-day depending on plan)
• Package forwarding and consolidation services with integrated carrier shipping
• Return shipment routing for outbound packages
• Agent identity management and public profile hosting at [agent-slug].mailbox.bot
• Agent-to-agent discovery via standard protocols (MCP, A2A, OpenClaw, REST)
• REST API access for programmatic interaction with all Platform services
• Outbound mail service: PDF submission via API or MCP, printed, enveloped, stamped, and mailed by facility staff with photo proof of mailing
• Webhook notifications for real-time package and outbound mail events
• Shipping portal for third-party senders (ship.mailbox.bot)
• Operator Dashboard for human oversight and management

2.3 What We Do NOT Provide

• Virtual office services, registered agent services, or business registration addresses. Reference codes are operational identifiers for package routing, not addresses for government filings, banking, or business registration.
• Residential addresses or addresses suitable for establishing residency
• Licensed professional services (legal advice, financial planning, accounting, real estate brokerage)
• Customs brokerage or international import/export services
• Hazardous materials handling, storage, or disposal
• Cold storage, refrigerated storage, or temperature-controlled environments
• Insurance coverage for Package contents (Members are responsible for insuring their own property)
• Guaranteed delivery times or outcomes from Private Carriers
• Direct supervision or control of Agent activities (Members are solely responsible for their Agents)

2.4 Carrier Acceptance by Facility Type

The carriers accepted at your facility depend on your service type:

Virtual Mailbox (CMRA facility): Accepts USPS letter mail, flats, and documents only. USPS packages and parcels are not accepted and will be refused or returned to sender by the carrier. Private carrier packages are not accepted on this plan. The Company's CMRA registration scope is limited to letter mail and flats; USPS parcels addressed to your mailbox will be returned to sender at the carrier level before reaching the facility. Requires completed Form 1583 and notarization before USPS mail can be received. Do not ship packages or parcels of any kind to a virtual mailbox address. The Company assumes no liability for packages or parcels shipped to a virtual mailbox address.

Warehouse Space (fulfillment facility): Accepts packages from private carriers (FedEx, UPS, DHL, Amazon, and others). USPS mail is not accepted at warehouse facilities. If USPS mail arrives at a warehouse facility, it will be returned to sender. Members who need USPS mail receiving should enroll in the virtual mailbox service.

2.5 Intended Use Cases

The Platform is designed to support a variety of logistics capabilities for individuals, businesses, and AI agents, including but not limited to:

• E-Commerce Fulfillment: Individuals and businesses receiving, storing, and forwarding inventory and customer orders
• Personal Package Receiving: Individuals who need a stable shipping address for personal package management, scanning, and forwarding
• Hardware Procurement: Ordering, receiving, and inventorying components, sensors, boards, cables, and equipment for robotics, IoT, and technology projects
• Supply Chain Operations: Reordering when stock runs low and routing incoming shipments automatically for logistics and inventory management
• Document Intake: Receiving physical contracts, filings, and documents via private courier, scanned as structured data
• Component & Parts Receiving: Managing incoming hardware, parts, and materials for manufacturing or assembly workflows
• Return Handling: Using the receiving address as a return shipment destination for outbound packages, with returns automatically routed back via Reference Code
• Package Forwarding: Receiving packages at the Facility and requesting forwarding to end destinations — manually via dashboard or autonomously via AI agent
• Inventory Tracking: Using package intake data and content scans for real-time inventory management and tracking

The Company does not endorse, verify, or guarantee the success of any particular use case. Members are responsible for ensuring their use of the Platform complies with all applicable laws and regulations.

2.6 Platform Provider and Operator Responsibility

The Company provides the software platform. Facilities on our network are independently licensed operators responsible for the physical custody and care of your packages and mail. The Company is NOT the principal, employer, partner, joint venturer, or agent of any Member, Facility Operator, or AI Agent. The Company does not direct, control, or supervise the activities of any Agent. Members are solely responsible for the actions, omissions, and conduct of their autonomous agents, including all packages received, orders placed, and logistics decisions made by AI agents operating through the Platform.

3. Waitlist and Early Access

3.1 Waitlist Registration

The Platform is currently in limited launch. Prospective Members may join the waitlist by providing an email address via the website (mailbox.bot) or API endpoint (POST /api/v1/waitlist). Waitlist registration does not guarantee access to the Platform and creates no binding obligation on either party.

3.2 AI Agents on Waitlist

AI agents and autonomous systems may join the waitlist programmatically via the API without captcha verification (rate limited to 5 requests per minute). However, when the Platform launches, agents will still require a verified human or legal entity sponsor to complete KYC and provision an Endpoint. Waitlist registration by an agent does not waive the mandatory identity verification requirement.

3.3 Launch Notification

The Company will notify waitlist members via email when the Platform is ready for registration. Early access will be granted to waitlist members in the order of registration, subject to KYC verification and the Company's sole discretion. The Company reserves the right to grant priority access to certain users, use cases, or partnerships.

4. Member Eligibility and Registration

4.1 Eligibility Requirements

To register as a Member, you must:

• Be at least 18 years of age
• Have the legal capacity to enter into a binding contract
• Provide a valid government-issued photo identification document
• Provide a valid payment method (debit or credit card issued by a bank). Prepaid cards, gift cards, and other anonymous or non-reloadable funding sources are not accepted.
• Successfully complete the Company's KYC identity verification process
• Provide a valid physical address (not a PO Box or virtual mailbox) for compliance records
• Not be listed on any U.S. government sanctions list, including but not limited to the OFAC Specially Designated Nationals (SDN) List
• Not have been previously terminated from the Platform for violations of these Terms

4.2 Business Entity Registration

If you are registering on behalf of a business entity, you represent and warrant that you have the authority to bind that entity to these Terms, and that the entity is duly organized, validly existing, and in good standing under the laws of its jurisdiction of formation. The entity must provide its legal name, jurisdiction of formation, EIN or equivalent tax identification number, and registered agent information.

4.3 Account Security

You are responsible for maintaining the confidentiality of your account credentials, API keys, and webhook secrets. You are responsible for all activities that occur under your account, whether or not authorized by you. You must immediately notify the Company of any unauthorized use of your account or any other breach of security.

5. Know Your Customer (KYC) and Identity Verification

5.1 Mandatory Identity Verification — Every Operator Verified

The Company verifies every operator before issuing a Reference Code. Before any Agent can be registered or any Endpoint provisioned, the Member must complete the Company's identity verification process via Stripe Identity. The KYC process typically takes under 2 minutes and requires:

• A valid, unexpired government-issued photo identification document (driver's license, passport, state ID, or equivalent)
• A live selfie photograph for biometric liveness check and comparison against the identification document
• Verification of the Member's full legal name, date of birth, and physical address
• Confirmation that the Member is not listed on any sanctions lists or watchlists

Upon successful verification, the Member can immediately provision Endpoints for their Agents. Agents inherit identity from their KYC-verified operator — autonomous agents cannot self-register without a verified human or legal entity sponsor.

5.2 Sanctions and Watchlist Screening

The Company screens all Members against applicable sanctions lists and watchlists, including but not limited to:

• U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN List)
• Other applicable U.S. and international sanctions lists as determined by the Company

Members who appear on any sanctions or watchlist will be immediately rejected and reported to the appropriate authorities.

5.3 Right to Refuse Service

The Company is not required to provide reasons for refusal of service. Fees paid by rejected applicants will be refunded for unused services only.

5.4 Ongoing Verification

The Company may, at any time and without prior notice, require Members to re-verify their identity, provide additional documentation, or answer questions about their account activity. Failure to comply with re-verification requests within 48 hours may result in immediate account suspension.

5.5 KYC Record Retention

The Company retains KYC records, including identity verification results, for a minimum of five (5) years after account closure. This retention is required for compliance with applicable law and to facilitate cooperation with law enforcement. You consent to this retention period by creating an account.

6. Agents and Endpoints

6.1 Package Management and Agent Registration

Members may manage their packages directly through the Operator Dashboard, or register AI agents to automate workflows via API. Agent registration is optional — all Platform features are accessible through the dashboard without any automation.

For Members who choose to automate: AI agents and autonomous systems may be registered on the Platform subject to subscription plan limits. Each Agent registration requires a unique name, a slug for subdomain assignment (e.g., agent-slug.mailbox.bot), and optionally a webhook URL for event notifications, framework identifier, capability declarations, and Agent Protocol configurations (MCP, A2A, OpenClaw, REST).

Agents registered on the Platform can autonomously order products from e-commerce platforms, receive packages, request content scans, and initiate forwarding or consolidation via the API. Members are encouraged to implement spending limits, approval workflows, and monitoring for autonomous agents to maintain control over Agent activities.

6.2 Member Responsibility for Agents — Inherited Identity Model

The Company does not monitor, supervise, or control Agent behavior. Members must implement their own monitoring, spending limits, and approval workflows for autonomous agents. The Member agrees to indemnify and hold the Company harmless for all claims arising from Agent activity.

6.3 Endpoint Provisioning — Instant Reference Code Assignment

Upon Agent registration, the Platform immediately provisions an Endpoint consisting of:

• A unique Reference Code at the active Facility (e.g., Ref: GR-7F3A)
• A physical shipping address formatted for Private Carrier delivery (Facility address + Reference Code)
• A vanity subdomain for agent identity (agent-slug.mailbox.bot)
• API credentials scoped to the Agent
• Webhook endpoint configuration for instant package notifications
• Public profile hosting with Agent Protocol support (MCP, A2A, OpenClaw, REST)

Endpoint provisioning typically occurs within seconds of Agent registration, enabling the Agent to immediately begin using the Reference Code for shipping workflows. The physical facility address associated with an Endpoint may change if the Company relocates a Facility. The Company will provide at least sixty (60) days' notice before any Facility relocation and will maintain forwarding from the prior address for ninety (90) days after relocation.

6.4 Agent Credentials and API Keys

The Platform provides separate API credentials for Member-level access and Agent-level access. Agent credentials are scoped to the specific Endpoint and cannot be used to modify billing, create new Agents, or access other Members' data. Members are responsible for securing all credentials and must revoke compromised credentials immediately.

6.5 Agent Identity and Protocol Support

Each Agent receives a public profile hosted at [agent-slug].mailbox.bot, including support for standard agent discovery and communication protocols:

• MCP (Model Context Protocol): For context-aware agent interactions
• A2A (Agent-to-Agent): Discovery and interoperability protocol support
• OpenClaw: Agent discovery and capability declaration via /.well-known/agent.json
• REST: Standard RESTful API access for programmatic interaction

The Company provides the infrastructure for agent identity and protocol hosting but does not verify, endorse, or guarantee any information in an Agent's profile, protocol declarations, or capability claims. Members are solely responsible for the accuracy, security, and compliance of their Agent's profile information and protocol implementations.

7. Facility and Physical Operations

7.1 Facility Address

The Company operates one or more physical Facilities for package receiving. Facility addresses are provided to Members via the API and Operator Dashboard. The Company reserves the right to change Facility addresses at any time with sixty (60) days' prior notice to affected Members.

7.1.1 Facility Risk Acknowledgment

Facilities on the mailbox.bot network are independently owned and operated businesses. They are not employees, agents, subsidiaries, or affiliates of the Company. The Company provides software infrastructure that connects you with these independent operators but does not own, manage, or control any facility's day-to-day operations, staffing, or business decisions.

By using the Platform, you acknowledge and accept the following risks:

• Facility Underperformance — A facility may fail to meet expected standards for timeliness, accuracy, communication, or package handling. While the Company enforces service level standards and a performance accountability process against facility operators (see the Facility Operator Agreement), the Company cannot guarantee any particular level of service from an independent operator.
• Facility Removal — The Company may suspend or remove a facility from the network at any time for underperformance, renter complaints, compliance failures, or any other reason. If your assigned facility is removed, your Endpoint address will change and you will need to update your shipping arrangements.
• Facility Closure — A facility may voluntarily withdraw from the network or cease business operations entirely, with or without advance notice. Economic conditions, lease terminations, staffing issues, or other factors outside the Company’s control may cause a facility to close.
• Address Changes — Any of the above events may require you to change the shipping address you have provided to vendors, senders, and other parties. The Company will make commercially reasonable efforts to provide advance notice and facilitate a transition to a replacement facility, including maintaining mail forwarding from the prior address for a reasonable period, but cannot guarantee uninterrupted service during the transition.

7.1.2 Service Address Relocation and CMRA Portability

The Company does not guarantee that any Facility address will remain at the same physical location for the duration of your subscription or for any particular period of time. The Company reserves the right, in its sole discretion, to relocate any Facility to a different physical address at any time, for any reason, including but not limited to: lease expiration or termination, changes in business conditions, network optimization, capacity planning, regulatory requirements, or any other operational reason.

Notice: The Company will provide affected Members with at least sixty (60) days' written notice prior to any Facility address change. Notice will be sent via email and/or webhook notification to all Members with active Endpoints at the affected Facility.

Mail and Package Forwarding During Transition: Upon relocation, the Company will establish forwarding from the prior Facility address to the new Facility address and will maintain such forwarding for a minimum of ninety (90) days following the effective date of the relocation. The Company will use commercially reasonable efforts to ensure continuity of mail and package receiving during the transition period, but does not guarantee uninterrupted service.

CMRA Compliance and USPS Good Standing: For Members enrolled in virtual mailbox service at CMRA-registered facilities, the Company and/or its facility operator will take the following steps in connection with any Facility relocation:

• File an updated CMRA registration with the USPS Program Office reflecting the new Facility address
• Maintain the CMRA’s registration in good standing with the USPS throughout the transition, with no lapse in registered CMRA status
• Comply with all applicable USPS regulations under 39 CFR Part 111 during and after the relocation
• Notify all affected Members of the address change and coordinate execution of new Form 1583 authorizations for the new Facility address

New Form 1583 Required at New Address: Under USPS regulations, PS Form 1583 is address-specific. A Form 1583 executed for one CMRA address does not transfer to a different address. In the event of a Facility relocation, each virtual mailbox Member will need to execute a new Form 1583 for the new Facility address. The Company will handle this process to make it as simple as possible:

• The Company or its CMRA operator is authorized to verify Member identity and witness Form 1583 execution directly — no third-party notary visit is required
• The Company will initiate the re-execution process, prepare the new Form 1583 with the updated address, and deliver it to Members electronically for signature
• Members will need to sign the new Form 1583 and present valid government-issued photo identification to the Company or its CMRA operator for verification — the same identification used during initial onboarding is acceptable
• There is no additional fee for Form 1583 re-execution required solely due to a Company-initiated Facility relocation

Authorization for Address Change Processing: By enrolling in virtual mailbox service, you authorize the Company and/or its CMRA operator to prepare updated Form 1583 documents on your behalf in connection with any Facility address change, using the identity verification records and personal information you provided during onboarding. You agree to promptly sign any such updated Form 1583 and present valid identification when requested. This authorization remains in effect for the duration of your subscription.

Completion Deadline: Members must complete the new Form 1583 within thirty (30) days of receiving notice of the address change. The Company will send reminders during this period. If a Member does not complete the new Form 1583 within thirty (30) days, USPS regulations require the Company to suspend mail receiving for that Member at the new address until a valid Form 1583 is on file. This is a regulatory requirement, not a penalty — the Company will promptly restore mail service as soon as the updated form is completed. Members whose mail service is suspended due to an incomplete Form 1583 will not be charged for the virtual mailbox service during the suspension period.

7.2 Carrier Policy

Carrier acceptance depends on your facility type. See Section 2.4 for details. Virtual mailbox customers at CMRA facilities may receive USPS letter mail, flats, and documents only. USPS packages and parcels will be refused or returned to sender by the carrier. Private carrier packages are not accepted on the virtual mailbox plan. Warehouse space customers at fulfillment facilities may receive from private carriers (FedEx, UPS, DHL, Amazon Logistics, OnTrac, LaserShip, GSO, Spee-Dee, and regional carriers). USPS mail is not accepted at warehouse facilities.

7.3 Package Intake Procedures: Intake, Document, Notify

Upon receipt of a Package at a Facility, the facility operator follows a standardized intake process establishing a documented provenance chain:

• RECEIVE: Sign for and accept the Package from the carrier, establishing bailee custody
• SCAN: Photograph the exterior of the Package from multiple angles
• LOG: Record Package details in the Platform including carrier, tracking number, dimensions, weight, and timestamp
• ATTRIBUTE: Route the Package to the appropriate Endpoint based on the Reference Code — no commingling of client property
• STORE: Place the Package in a designated storage area within the Facility under bailee custody
• NOTIFY: Immediately send webhook notification with JSON payload to the Agent's configured endpoint, and/or email notification to the Member

Webhook notifications include structured data: tracking number, carrier name, package photos (URLs), weight, dimensions, timestamp, Reference Code, and Agent identifier. This enables autonomous agents to make immediate logistics decisions upon package arrival. All packages are attributed to a specific client via Reference Code throughout the provenance chain.

7.4 Package Storage

Packages are stored at the Facility under bailee custody for the duration specified by the Member's subscription plan. Storage periods begin on the date of receipt. The Member retains ownership of all Packages at all times during storage. Packages not retrieved, forwarded, or otherwise disposed of before the storage period expires will be subject to the abandonment procedure described in Section 7.7.

7.5 Content Scanning

Members may request a Content Scan for any Package. Content Scanning involves opening the Package, photographing or digitizing the contents, delivering the resulting images and/or extracted data to the Member via the Platform, and resealing the Package. Content Scan requests are subject to additional fees per the applicable pricing plan. The Company reserves the right to refuse Content Scanning for any Package that appears to contain Prohibited Items.

7.5.1 Sensitive and Regulated Content

Mail and packages opened through Content Scanning or other handling services may contain sensitive, confidential, or regulated information, including but not limited to:

• Protected health information (PHI) such as medical records, insurance statements, explanation of benefits (EOBs), prescriptions, lab results, and healthcare correspondence
• Financial information such as bank statements, credit card numbers, tax documents, account numbers, PINs, and investment records
• Authentication credentials such as passwords, security codes, access tokens, and multi-factor authentication materials
• Business confidential information such as trade secrets, proprietary data, customer lists, contracts, and intellectual property
• Legal documents such as court filings, attorney correspondence, settlement agreements, and regulatory notices
• Government-issued documents such as Social Security cards, passports, immigration documents, and benefit notices

Consent to Handle Sensitive Content: By requesting a Content Scan, mail opening, or any service that involves accessing the contents of your mail or packages, you expressly consent to the Company and its facility operators viewing, photographing, digitizing, and transmitting the contents to you via the Platform — including any sensitive or regulated information contained therein. You acknowledge that this consent is necessary for the Company to perform the services you have requested and that the Company cannot selectively redact or exclude sensitive content during scanning without prior specific instruction from you.

No HIPAA Covered Entity Status: The Company is not a healthcare provider, health plan, healthcare clearinghouse, or business associate as defined under the Health Insurance Portability and Accountability Act (HIPAA). The Company does not hold itself out as HIPAA-compliant and is not subject to HIPAA regulations. If you receive mail containing protected health information (PHI) and request that it be scanned, you acknowledge that the scanning, storage, and transmission of that information through the Platform is not subject to HIPAA safeguards. Members who require HIPAA-compliant mail handling should not use Content Scanning for mail that may contain PHI, or should make alternative arrangements for the receipt of healthcare-related correspondence.

No SOC 2 Certification: The Company does not currently hold SOC 2 Type I or Type II certification. While the Company implements commercially reasonable security measures (encryption at rest and in transit, access controls, audit logging, and secure infrastructure providers — several of which are themselves SOC 2 certified), the Company's own operations have not been independently audited under the SOC 2 framework. Members who require SOC 2-certified document handling for regulatory or compliance purposes should evaluate whether the Platform meets their requirements before using Content Scanning services.

Data Protection Commitment: Notwithstanding the above, the Company commits to the following with respect to all content obtained through Content Scanning and mail handling services:

• The Company will not sell, rent, license, or otherwise commercially distribute the contents of your mail, packages, or scanned documents to any third party — ever
• The Company will not use the contents of your mail or scanned documents for advertising, marketing, data mining, AI model training, or any purpose other than delivering the requested service to you
• Scanned content is accessible only to you (the Member), your authorized Agents, and authorized Company personnel with a legitimate operational need (e.g., quality review, troubleshooting, or fulfilling your service request)
• The Company will not voluntarily disclose the contents of your mail or scanned documents to any third party except: (a) as required by law, valid court order, subpoena, or other legal process; (b) to law enforcement pursuant to Section 9 of these Terms; (c) to protect the safety of Company personnel, other Members, or the public; or (d) with your explicit written consent
• The Company will apply the same security measures to scanned content as it applies to all other Member data, including encryption at rest and in transit, access controls, and audit logging

7.6 Package Forwarding

Members may request that Packages be forwarded to a designated address. Forwarding is subject to additional fees including the cost of shipping via the selected carrier. The Company is not liable for Packages lost, damaged, or delayed during forwarding by the carrier.

7.7 Abandoned Packages

Packages that remain in bailee custody beyond the applicable storage period without instruction from the Member are deemed abandoned. The Company will send a notification to the Member at least seven (7) days before declaring a Package abandoned. Upon abandonment, the bailment terminates and Packages become the property of the Company and may be disposed of, donated, recycled, or destroyed at the Company's sole discretion without liability to the Member.

7.8 Package Condition and Chain of Custody

The Company accepts Packages in the condition delivered by the carrier and establishes bailee custody at the point of intake. The Company makes no representations or warranties regarding the condition of a Package upon arrival, including but not limited to damage, tampering, or partial delivery that may have occurred during carrier transit. Exterior photographs taken at intake document the Package's condition at the time of receipt and establish the provenance chain. The Company is not liable for any condition issues attributable to carrier handling prior to Facility receipt.

7.9 No Climate or Environmental Controls

Unless specifically agreed to in writing under an Enterprise plan, the Company's Facilities do not provide climate-controlled, temperature-regulated, humidity-controlled, or environmentally sealed storage. Members who ship items that are sensitive to temperature, humidity, light, vibration, or other environmental conditions do so entirely at their own risk. The Company is not liable for damage, degradation, spoilage, or loss of functionality caused by environmental conditions during storage.

7.10 Right to Refuse or Dispose of Dangerous Packages

If any Package received at a Facility is leaking, emitting fumes, producing unusual odors, making sounds, generating heat, or otherwise presenting an actual or perceived safety risk to Facility personnel, other Packages, or the Facility itself, the Company may immediately quarantine, remove, or dispose of the Package without prior notice to the Member. The Company may also contact emergency services or hazardous materials response teams at its sole discretion. The Member is liable for all costs incurred by the Company in responding to a dangerous Package, including cleanup, decontamination, emergency response fees, and any damage to the Facility or other Members' Packages.

7.11 Cross-Contamination and Shared Facility Risk

Members acknowledge that Packages are stored in a shared Facility alongside Packages belonging to other Members. The Company takes reasonable precautions to segregate Packages by Reference Code with no commingling of client property, but does not guarantee complete physical isolation from other Packages. The Company is not liable for any cross-contamination, pest infestation, odor transfer, moisture damage, or other harm caused by proximity to other Members' Packages in the shared Facility environment.

7.12 Carrier Misdelivery

The Company is not liable for Packages that are misdelivered by a carrier to the wrong Facility, wrong address, or wrong Reference Code. If a Package addressed to a Member's Reference Code is delivered to a different location by the carrier, the Member's sole remedy is against the carrier. If a Package addressed to a different recipient is delivered to the Facility, the Company will make reasonable efforts to return it to the carrier or correct the delivery, but assumes no liability for such misdelivered Packages.

7.13 Photography and Documentation Accuracy

Exterior and Content Scan photographs are provided on an "as-is" basis. Photographs may not capture all damage, defects, or details of a Package or its contents. Lighting, camera limitations, and human error may affect photograph quality. The Company does not warrant that photographs are complete, accurate, or sufficient for any particular purpose including insurance claims, legal proceedings, or inventory management. Members should not rely solely on Company-provided photographs for critical assessments of Package condition or contents.

7.14 Package Size and Weight Limits

Standard subscription plans accept Packages up to the following limits:

• Maximum weight: 70 pounds per Package
• Maximum size: 108 inches in combined length + girth (length + 2×width + 2×height)
• Standard carrier package dimensions accepted by FedEx, UPS, DHL, and Amazon

Packages exceeding these limits may be refused at intake, require special handling fees, or require upgrade to an Enterprise plan. Enterprise plans with reserved facility space can accommodate larger items including server racks, pallets, and oversized equipment. Members should contact before shipping oversized items.

7.15 Physical Operations Risk Acknowledgment

The Company and its facility operators handle physical mail and packages in real-world environments staffed by human beings and assisted by automated systems. Despite commercially reasonable care, security measures, training, and operational procedures, the following risks exist and are inherent to any physical logistics operation:

• Package Loss — Packages may be lost during any phase of the logistics lifecycle, including carrier transit to the facility, intake processing, internal storage, retrieval, forwarding preparation, or outbound carrier handoff. Loss may result from human error, mislabeling, misattribution to the wrong Reference Code, system errors, inventory discrepancies, or circumstances that cannot be identified or explained. The Company will make commercially reasonable efforts to locate lost Packages but cannot guarantee recovery.
• Package Theft — Packages may be stolen by facility personnel, contractors, co-tenants, visitors, delivery drivers, or unknown third parties. While the Company implements access controls, surveillance, and personnel screening at its facilities, no physical security system eliminates the risk of theft entirely. The Company is not an insurer of your property against theft.
• Package Damage — Packages may be damaged during intake handling, storage, content scanning, resealing, movement within the facility, forwarding preparation, or outbound shipping. Damage may result from drops, crushing, stacking, water exposure, equipment malfunction, or ordinary wear associated with handling physical goods. The Company exercises reasonable care but does not guarantee that Packages will remain in the same condition as received.
• Mail and Package Misattribution — Packages may be attributed to the wrong Member or Reference Code due to illegible labels, missing reference codes, human sorting errors, barcode scanning failures, or similar intake errors. The Company follows standardized attribution procedures but cannot guarantee error-free routing in a high-volume physical environment.
• Delayed Processing — Package intake, scanning, content scanning, forwarding, and other facility actions may be delayed due to staffing shortages, high volume, equipment failure, weather, facility access issues, or other operational factors. Published processing times are estimates, not guarantees.
• Mail Handling Errors — For virtual mailbox customers at CMRA facilities, mail may be opened in error, delivered to the wrong box, delayed in processing, misrouted during forwarding, or lost during internal handling. Mail handling involves manual processes performed by facility staff and is subject to human error at every step.
• Forwarding and Outbound Errors — Packages forwarded to a destination address may be shipped to the wrong address due to data entry errors, label printing errors, or incorrect information provided by the Member or their Agent. Outbound mail submitted for print-and-mail may contain printing defects, be sent to an incorrect address, or be lost or delayed by the postal carrier. The Company is not liable for errors in outbound delivery once a Package or mail piece is tendered to a carrier.
• Content Scan Limitations — Content scanning involves physically opening Packages, which inherently risks damage to contents or packaging. Scanned images may not capture all items, may be blurry or poorly lit, and may miss small, hidden, or layered contents. Resealing may not restore the Package to its original condition.
• Facility Security Limitations — Facilities are commercial spaces, not vaults, armored depositories, or high-security installations. They are protected by commercially reasonable measures (locks, cameras, access controls, personnel screening) but are not impervious to break-ins, natural disasters, fire, flooding, power loss, or other events. Shared facilities house Packages from multiple Members in proximity.
• Personnel Risk — Facility operations require human personnel who have physical access to your Packages and mail. Despite background checks, training, and oversight, the Company cannot guarantee the conduct of every individual who may handle your property. This includes facility employees, temporary workers, contractors, maintenance personnel, and cleaning staff.
• Operational Errors — In any physical logistics operation, errors occur. Labels are misread, packages are placed on wrong shelves, scans fail, notifications are delayed, forwarding labels are printed incorrectly, and items are occasionally overlooked. The Company implements quality controls and process checks to minimize errors but does not warrant error-free operations.

The Company's sole obligation upon loss of or damage to a Package in its bailee custody (where such loss or damage is attributable to the Company's failure to exercise reasonable care) is limited to the remedies set forth in Section 14.6 (Bailee Liability). The Company shall have no liability whatsoever for loss, theft, damage, delay, or misdelivery attributable to carriers, third parties, force majeure events, or circumstances beyond the Company's reasonable control.

7.16 Member Insurance Responsibility

The Company does not provide insurance coverage for the contents or value of Packages or mail received, stored, or forwarded through the Platform. Members are solely responsible for obtaining and maintaining their own insurance coverage, including but not limited to: declared value coverage or shipping insurance through the originating carrier; renter's insurance, homeowner's insurance, or business property insurance that covers goods in the custody of a third-party bailee; and any specialized coverage for high-value, fragile, perishable, or irreplaceable items. The Company will cooperate with Members in filing insurance claims by providing intake photographs, chain of custody records, and other documentation available through the Platform, but assumes no responsibility for the outcome of any insurance claim.

8. Prohibited Items and Activities

8.1 Prohibited Activities

Members may not use the Platform to:

• Receive, store, or forward any Prohibited Items (defined below)
• Facilitate any illegal activity, including but not limited to fraud, money laundering, drug trafficking, weapons trafficking, or terrorism
• Evade law enforcement or regulatory oversight
• Circumvent sanctions, embargoes, or export controls
• Misrepresent the identity of any Member, Agent, or sender
• Use the Platform endpoint as a residential address or to establish residency in any jurisdiction
• Use the Platform endpoint as a registered business address, for government filings, banking, or legal registrations
• Use the Platform endpoint for vehicle registration, government identification, voter registration, tax filings, banking applications, or any purpose requiring a physical address where the Member does not actually conduct business or reside
• Use the Endpoint Only plan for active shipping workflows without upgrading to a receiving plan (Endpoint Only plans are subject to activity review)
• Interfere with the Platform's operations or other Members' use of the Platform
• Reverse engineer, decompile, or disassemble any part of the Platform
• Use the Platform for any purpose that violates the Acceptable Use Policy

8.2 Prohibited Items

The following items may NOT be received, stored, or forwarded through the Platform:

• Controlled substances, illegal drugs, and drug paraphernalia
• Firearms, ammunition, explosives, and weapons of any kind
• Hazardous materials, including flammable, corrosive, toxic, radioactive, or biohazardous substances
• Perishable goods (unless pre-approved in writing by the Company)
• Live animals or human remains
• Counterfeit goods, stolen property, or goods that infringe intellectual property rights
• Currency, bearer instruments, precious metals, or gemstones exceeding $1,000 in value
• Items subject to U.S. export controls, ITAR restrictions, or sanctions
• Items requiring special licenses, permits, or certifications to possess or transport
• Any item whose receipt, possession, or transport is prohibited by federal, state, or local law

8.3 Right to Inspect

The Company reserves the right, but not the obligation, to inspect any Package received at a Facility if the Company has reasonable suspicion that the Package contains Prohibited Items, if the Package is damaged, leaking, or emitting unusual odors, if required by law enforcement or pursuant to a lawful order, or if the Company determines inspection is necessary to protect the safety of its employees, other Members, or the public.

8.4 Consequences of Violation

Violation of this Section may result in: immediate account termination without refund; seizure and disposal of the offending Package; reporting to law enforcement (see Section 9); and permanent ban from the Platform.

9. Law Enforcement Cooperation and Reporting

9.1 Mandatory Reporting

The Company will report to the appropriate law enforcement agency any Package that is suspected to contain Prohibited Items, any activity that appears to involve fraud, money laundering, terrorism financing, or other criminal conduct, any Member whose identity verification reveals sanctions list matches, any attempt to evade KYC requirements or provide false identity documentation, and any other activity that the Company, in its sole discretion, deems suspicious or potentially illegal.

9.2 Law Enforcement Requests

The Company will comply with all lawful subpoenas, court orders, search warrants, and other legal process. The Company will provide law enforcement with: Member identity verification records; Package intake logs and photographs; Agent registration information; API access logs and webhook event logs; communication records; and any other information in the Company's possession that is responsive to a lawful request.

9.3 No Obligation to Notify

The Company is NOT obligated to notify Members of law enforcement requests, investigations, or reporting unless required by law. In many cases, the Company is prohibited from providing such notification. Members waive any right to advance notice of law enforcement cooperation to the extent permitted by law.

9.4 Preservation Requests

The Company will honor lawful preservation requests from law enforcement and will preserve relevant records for the period specified in such requests, or for 180 days if no period is specified.

9.5 Member Cooperation

Members agree to cooperate with the Company and with law enforcement in connection with any investigation related to their account, their Agents, or Packages received on their behalf. Failure to cooperate may result in immediate account termination.

10. Payment Terms

10.1 Subscription Plans

The Platform offers multiple subscription plans designed for individuals, businesses, and teams, including:

• Virtual Mailbox ($8/mo): Up to 10 pieces of postal mail and documents per month at a CMRA-registered facility. USPS postal mail only — packages are not accepted on this plan. Do not ship packages to a virtual mailbox address; the Company does not have the infrastructure to receive, store, or forward packages at virtual mailbox facilities and assumes no responsibility or liability for any packages shipped to a virtual mailbox address. Scan on arrival, dashboard and webhook/API access, 14-day storage. Requires Form 1583 and notary session. Additional mail pieces charged at $2 each.
• Business ($35/mo): 20 packages per month, up to 50 lbs each, scan/forward/discard services, 30-day bailee storage, priority support. Additional packages charged at $5 each.
• Business+ ($149/mo): Approximately 100 square feet of dedicated space, 50 packages per month, reorder and consolidation services, 60-day bailee storage, multiple receiving addresses, and dedicated support.
• Enterprise (custom pricing): Reserved facility space, unlimited packages, custom workflows and processing rules, SLA guarantees, 24/7 support, and custom integrations.

Subscription plans are billed monthly or annually in advance. Current pricing and plan details are published on the Platform's website. The Company reserves the right to modify pricing with thirty (30) days' notice to existing Members.

10.2 Usage-Based Fees

The Platform operates on a pay-for-what-you-use model. Certain services incur usage-based fees in addition to the subscription fee, including but not limited to:

• Extra package received: $5 per package beyond plan limit
• Content scan (open + photo): $10 per package
• Package forwarding: $10 plus actual carrier shipping costs
• Package consolidation: $15 plus actual carrier shipping costs
• Return label generation: $3 plus actual carrier shipping costs
• Additional receiving address: $15/mo per additional address
• Bailee storage beyond plan limit: $1 per package per day
• Outbound mail — printing: $0.30 per page (B&W, envelope, photo proof included)
• Outbound mail — postage: actual carrier rate (USPS, FedEx, or UPS at published retail rates)
• Outbound mail — color printing: +$0.25 per page

Usage-based fees are billed monthly in arrears and charged to the payment method on file. Current usage-based pricing is published on the Platform's website and may be modified with thirty (30) days' notice.

10.3 Payment Method

Members must maintain a valid payment method on file at all times. Accepted payment methods are debit cards and credit cards issued by a financial institution. Prepaid cards, gift cards, virtual cards not linked to a bank account, and other anonymous or non-reloadable funding sources are not accepted and will be rejected during onboarding. The Company reserves the right to reject or remove any payment method that does not meet these requirements. By providing a payment method, you authorize the Company to charge your payment method for all fees incurred under your account. Failed payments may result in immediate service suspension.

10.4 Late Payments

Payments not received by the due date are subject to a late fee of 1.5% per month (18% per annum) or the maximum rate permitted by law, whichever is less. Accounts with payments more than thirty (30) days past due may be suspended or terminated.

10.5 Refund Policy

Subscription fees are non-refundable except as required by applicable law. Usage-based fees are non-refundable for services rendered. If the Company terminates your account for reasons other than a violation of these Terms, you will receive a prorated refund of prepaid subscription fees for the unused portion of the current billing period.

10.6 Taxes

All fees are exclusive of applicable taxes. You are responsible for all taxes, duties, and levies imposed by any governmental authority with respect to your use of the Platform, except for taxes based on the Company's net income.

11. Shipping Portal

11.1 Shipping Portal Service (ship.mailbox.bot)

The Platform provides a public shipping portal at ship.mailbox.bot that enables third-party senders (vendors, suppliers, contractors, or other parties) to ship Packages to a Member's Agent without knowing the Facility's physical address. The shipping portal generates pre-addressed shipping labels that automatically route Packages to the correct Reference Code and Endpoint at the appropriate Facility.

This enables Agents to provide shipping instructions to external parties using their agent endpoint (e.g., agent-slug.mailbox.bot) while maintaining privacy of the physical Facility location.

11.2 Privacy of Physical Address

The physical Facility address is not publicly displayed on Agent profile pages or the shipping portal interface. The address is provided only to Members via authenticated API calls and the Operator Dashboard. The shipping portal may display only the Agent's name and the information necessary for the sender to generate a shipping label.

11.3 No Guarantee of Privacy

While the Company takes reasonable measures to limit public exposure of Facility addresses, the Company cannot guarantee that Facility addresses will remain confidential. Physical addresses may be discoverable through carrier tracking information, public records, or other means. The Company is not liable for any disclosure of Facility addresses through third-party systems or processes.

12. AI and Automated Systems

12.1 AI-Assisted Operations

The Platform utilizes artificial intelligence technologies, including large language models, computer vision systems, and automated workflows, in the provision of services. AI systems may be used for: document scanning and data extraction (OCR, field recognition); Package classification and routing; webhook payload generation; Agent profile and protocol configuration; customer support and communication; and anomaly detection and security monitoring.

12.2 Human-in-the-Loop

The Company employs human oversight for critical operations, including Package intake verification, Content Scan quality review, suspicious activity assessment, and law enforcement reporting decisions. However, human oversight does not guarantee detection of all errors, anomalies, or prohibited items.

12.3 AI Limitations

You acknowledge that AI-generated information may contain inaccuracies or errors, automated scanning may not detect all contents of a Package, AI systems may occasionally misclassify or misroute Packages, and the Company is not liable for errors attributable to AI processing.

12.4 Autonomous Agent Risk Acknowledgment

Mailbox.bot enables AI agents that can write code, manage budgets, close deals, and interact with physical commerce. Members who configure Agents to operate autonomously (e.g., automatically ordering hardware, receiving components, managing inventory, requesting forwarding, or initiating Content Scans via API without human review) acknowledge that they bear full responsibility for all actions taken by such Agents.

The Company is not liable for Packages ordered, received, forwarded, or disposed of by an Agent operating autonomously, even if the Agent's behavior is unintended, erroneous, or the result of a security compromise of the Agent's credentials. This includes but is not limited to: autonomous procurement decisions, budget overruns, incorrect forwarding destinations, or unintended content scan requests.

Members are strongly encouraged to implement spending limits, approval workflows, budget controls, and real-time monitoring for autonomous Agents. The Operator Dashboard provides human oversight capabilities for reviewing and controlling Agent activities.

12.5 Agentic Protocol and Third-Party Integration Risks

By using the Platform's agentic protocol integrations, you acknowledge and accept the following:

• Emerging Technology Risk — MCP, A2A, OpenClaw, and similar agentic protocols are experimental, open-source projects with many contributors and known and unknown security considerations. These protocols have not undergone the decades of hardening that traditional web standards have received. Security vulnerabilities, breaking changes, and protocol-level exploits may be discovered at any time.
• Third-Party Code and Dependencies — The Platform incorporates third-party libraries, SDKs, protocol implementations, and open-source components. The Company does not author, audit, or guarantee the security of third-party code. Vulnerabilities in upstream dependencies, protocol specifications, or third-party integrations may affect the Platform.
• Agent-to-Agent Communication Risks — When your Agent communicates with other agents, external services, or third-party systems via agentic protocols, the Company has no visibility into, control over, or responsibility for the security, behavior, or intent of external agents, endpoints, or services your Agent interacts with.
• Prompt Injection and Adversarial Inputs — AI agents operating through the Platform may be susceptible to prompt injection, adversarial inputs, data poisoning, jailbreaking, or other AI-specific attack vectors. The Company does not warrant that the Platform or its protocol integrations are resistant to such attacks.
• Credential and API Key Exposure — Agentic workflows involve API keys, bearer tokens, webhook secrets, and other credentials that traverse multiple systems and protocols. The Company is not liable for credential leakage, unauthorized access, or security breaches resulting from how your Agent, its framework, or third-party integrations handle credentials.
• Data Leakage Through Agentic Channels — AI agents may inadvertently transmit, expose, or log sensitive data (including personal information, package contents, addresses, and business data) through webhook payloads, protocol responses, agent-to-agent communications, or third-party integrations. The Company is not liable for data exposure that occurs through agentic channels, third-party protocol implementations, or your Agent's own behavior.
• Autonomous Decision-Making Errors — AI agents may make incorrect, unintended, or harmful decisions due to model hallucinations, misinterpretation of instructions, software bugs, or adversarial manipulation. The Company does not monitor, validate, or override autonomous agent decisions.
• No Security Guarantees for Open-Source Protocols — OpenClaw, MCP, A2A, and similar projects are community-driven with distributed contributor bases. The Company cannot guarantee that any protocol version, implementation, or update is free of security vulnerabilities, backdoors, or malicious contributions.

12.6 Contractors, Employees, and Personnel Disclaimer

The Company engages independent contractors, service providers, and personnel in the operation of the Platform, including but not limited to facility operators, software developers, security consultants, and support staff. The Company is not liable for the individual acts, omissions, errors, negligence, or misconduct of any contractor, employee, service provider, or personnel, except to the extent required by applicable law. This includes but is not limited to: unauthorized access to or disclosure of Member data by any individual; errors in package handling, scanning, or processing attributable to human or automated error; and any security breach or data incident caused by the acts or omissions of any individual associated with the Platform or its facilities.

13. Warranties and Disclaimers

13.1 Limited Warranty

The Company warrants that it will perform services in a professional and workmanlike manner consistent with general industry standards. This limited warranty is expressly in lieu of all other warranties, express or implied.

13.2 Comprehensive Disclaimer

The Company does not warrant that: the Platform will be uninterrupted, error-free, or secure; that Packages will be received, stored, or forwarded without loss, damage, or delay; that Content Scans will be complete, accurate, or error-free; that the physical Facility will be accessible at all times; that webhooks will be delivered successfully or in real time; or that AI-generated data will be accurate or complete.

13.3 Third-Party Infrastructure and Service Provider Disclaimer

The Platform relies on third-party infrastructure and service providers including, but not limited to: cloud database and authentication providers; payment processors; identity verification services; email delivery services; phone carrier verification services; job queue and caching providers; cloud storage and hosting providers; AI model providers and inference APIs; notarization service providers; and domain registrars and DNS providers. These providers are independent companies with their own security practices, terms of service, and vulnerabilities.

The Company does not own, operate, audit, or control the infrastructure, source code, security practices, personnel, or data centers of any third-party provider. A security breach, data leak, service outage, data loss, unauthorized access, insider threat, or other incident at any third-party provider could affect the Platform and your data, even if the Company has implemented commercially reasonable security measures on its own systems.

By using the Platform, you acknowledge and accept the following:

• Third-Party Breach Risk — If a third-party provider used by the Platform suffers a security breach, data leak, or unauthorized access event, your data (including personal information, package records, identity verification data, payment information, and agent configurations) may be exposed, compromised, or lost. The Company is not liable for breaches originating at third-party providers, even where such breaches affect data the Company transmitted to or stored with that provider in the ordinary course of operating the Platform.
• Supply Chain Vulnerabilities — The Platform depends on a chain of third-party software, libraries, APIs, and services. A compromise at any point in this supply chain — including malicious updates to open-source dependencies, compromised API keys at a provider, or insider threats at a third-party company — could affect the Platform. The Company cannot guarantee the integrity of its entire supply chain.
• Service Availability — The Platform's availability depends on the availability of its third-party providers. Outages, degraded performance, rate limiting, API changes, or discontinuation of service by any third-party provider may cause the Platform to become temporarily or permanently unavailable, in whole or in part, without advance notice.
• Data Handling by Third Parties — When you use the Platform, your data is transmitted to and processed by third-party providers according to their own terms of service and privacy policies. The Company is not responsible for how third-party providers handle, store, retain, or dispose of your data once it is in their systems.
• AI Model Provider Risks — The Platform may use third-party AI models and inference APIs for features including auto-responder, content extraction, and document processing. These AI providers may log, retain, or train on data submitted through their APIs according to their own policies. The Company does not control third-party AI provider data retention or training practices.
• Evolving Cybersecurity Landscape — The cybersecurity threat landscape is evolving rapidly, particularly with the advent of AI-powered attacks, zero-day exploits, advanced persistent threats, and novel attack vectors that did not exist when the Platform or its third-party providers were designed. The Company implements commercially reasonable security practices but cannot guarantee protection against all current or future threats.

13.4 No Warranty on Package Contents

The Company makes no warranty or representation regarding the contents, value, condition, or fitness for purpose of any Package received at a Facility. The Company is a bailee, not an insurer, of Packages. The Member retains ownership; the Company holds temporary custody under a duty of reasonable care.

14. Limitation of Liability

14.1 Maximum Liability

14.2 Liability Cap

THE COMPANY'S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE GREATER OF (A) THE TOTAL FEES PAID BY YOU TO THE COMPANY IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) FIVE HUNDRED DOLLARS ($500).

14.3 Specific Exclusions

The Company is specifically not liable for: loss, damage, or destruction of Packages due to fire, flood, earthquake, theft, vandalism, or other events beyond the Company's reasonable control; carrier delays, losses, or damages during transit; contents of Packages received on behalf of Members; actions taken by Agents or third parties; government or regulatory actions affecting Members or their Agents; or actions taken in cooperation with law enforcement.

The Company is also specifically not liable for any loss, cost, inconvenience, or damage arising from the acts, omissions, negligence, or underperformance of any independent facility operator, including but not limited to: late or inaccurate package scanning; failure to fulfill action requests in a timely manner; poor communication or unresponsiveness; mishandling, misattribution, or loss of Packages while in the facility's custody; facility closure, withdrawal from the network, or removal by the Company; the cost or inconvenience of changing your shipping address due to any facility change; delayed, returned, or lost Packages during a facility transition; and any business interruption resulting from a change in your assigned facility. The Company provides software infrastructure connecting you with independently operated facilities and is not a guarantor of any facility's performance, continuity, or solvency.

14.4 Agentic Protocol and Security Liability Exclusion

The agentic AI ecosystem is an emerging and rapidly evolving space. New attack vectors, security vulnerabilities, and failure modes are regularly discovered across all agentic protocols and frameworks. By using the Platform, you accept that perfect security is not achievable and that the Company cannot anticipate or prevent all potential security incidents in this evolving landscape. You use the Platform's agentic capabilities at your own risk.

14.5 Third-Party Infrastructure Provider Liability Exclusion

The Company selects third-party providers based on commercially reasonable evaluation of their security practices, compliance certifications, and industry reputation. However, the Company does not and cannot guarantee the security or reliability of any third-party provider. The Company's diligence in selecting providers does not create any warranty, guarantee, or additional liability with respect to those providers' performance or security. You acknowledge that your use of the Platform necessarily involves the transmission of your data to and through third-party systems, and you accept the inherent risks of that architecture.

14.6 Bailee Liability

The Company acts as bailee and maintains commercially reasonable bailee's coverage for Packages in its care, custody, and control. As bailee, the Company owes a duty of reasonable care to client property. The Company's liability for loss or damage to Packages while stored at a Facility is limited to the lesser of: the actual value of the Package contents; $500 per Package; or the applicable bailee's insurance coverage limit. Members retain ownership of all Packages and are responsible for maintaining their own insurance for high-value items.

14.7 Physical Operations, Mail, and Package Liability Exclusion

The Company's maximum liability for any Package or mail piece lost, stolen, damaged, or destroyed while in bailee custody — where such loss is attributable to the Company's failure to exercise reasonable care — is strictly limited to the amounts set forth in Section 14.6. The Company shall not be liable for consequential, incidental, special, or indirect damages arising from the loss, theft, damage, or delay of any Package or mail, including but not limited to: lost profits or revenue; cost of replacement goods; missed deadlines or contractual penalties; supply chain disruptions; business interruption; emotional distress; or the sentimental or subjective value of any item. Members who ship items of value exceeding $500 per Package through the Platform do so at their own risk and are responsible for maintaining their own insurance.

14.8 USPS Mail and CMRA-Specific Liability Exclusion

For Members enrolled in virtual mailbox service at CMRA-registered facilities, the following additional limitations apply:

• USPS Compliance — The CMRA facility operator is independently responsible for maintaining its USPS registration, complying with 39 CFR Part 111, and following all USPS regulations for mail receipt, storage, and forwarding. The Company provides software infrastructure and does not hold or operate the CMRA registration itself. The Company is not liable for any CMRA compliance failure, USPS regulatory action, or mail service interruption caused by the facility operator's failure to maintain its CMRA registration or comply with postal regulations.
• Mail Loss and Mishandling — USPS mail handling involves manual sorting by facility staff. First-class mail, certified mail, priority mail, and other USPS products are subject to the same physical operations risks described in Section 7.15. The Company is not liable for mail that is lost, delayed, opened in error, delivered to the wrong box, or misrouted during internal facility handling. The Company is not a postal carrier and does not guarantee mail delivery.
• Legal Documents and Time-Sensitive Mail — Members who receive legal notices, court documents, tax correspondence, government communications, regulatory filings, or other time-sensitive documents through their virtual mailbox do so at their own risk. The Company does not guarantee timely processing, scanning, or notification of any mail piece, regardless of its legal significance or time sensitivity. Failure to receive or timely process a legal document does not create any liability for the Company.
• Check and Financial Instrument Handling — Members who receive checks, money orders, financial instruments, negotiable documents, or other items of monetary value through their virtual mailbox do so at their own risk. The Company is not liable for theft, loss, alteration, or misdelivery of financial instruments. Members should arrange for secure delivery of high-value financial instruments through alternative means.
• Mail Forwarding by USPS — When mail is forwarded from a CMRA facility via USPS, the Company is not liable for loss, delay, damage, or misdelivery by USPS during transit. Members' sole remedy for USPS mail issues in transit is through USPS directly.
• Form 1583 and Authorization — The Member is solely responsible for maintaining a valid, current Form 1583 on file with the CMRA facility. If the Member's Form 1583 expires, is revoked, or becomes invalid for any reason, the CMRA facility may be required to stop receiving mail on the Member's behalf or return mail to sender. The Company is not liable for mail returned, held, or refused due to Form 1583 issues.

14.9 Virtual Mailbox Package Exclusion and Liability Waiver

Any packages shipped to a virtual mailbox address may be refused at intake, returned to sender, or left uncollected at the Member's sole risk and expense. The Company is not responsible for and expressly disclaims all liability for any packages shipped to a virtual mailbox address, including but not limited to:

• Loss, damage, theft, or destruction of packages shipped to a virtual mailbox address
• Packages refused at intake or returned to sender by the facility
• Packages left uncollected, abandoned, or disposed of by the carrier or facility
• Carrier fees, return shipping costs, or storage charges incurred as a result of packages shipped to a virtual mailbox address
• Business interruption, missed deliveries, or consequential damages arising from the Company's inability to receive packages on the virtual mailbox plan
• Any claim by third parties (including senders, carriers, or recipients) arising from packages shipped to a virtual mailbox address

Members who require package receiving services must enroll in a Business plan ($35/mo) or higher. The Company reserves the right to suspend or terminate the account of any Member who repeatedly ships packages to a virtual mailbox address in violation of this section.

15. Indemnification

You agree to defend, indemnify, and hold harmless the Company, its affiliates, officers, directors, employees, contractors, agents, licensors, and successors from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to:

• Your use of the Platform
• Your violation of these Terms or the Acceptable Use Policy
• Your violation of any applicable law or regulation
• The actions, omissions, or conduct of any Agent registered under your account
• The contents of any Package received on your behalf or your Agent's behalf
• Your failure to respond to information requests or re-verification requirements
• Any claim by a third party arising from your or your Agent's use of the Platform
• Inaccurate, incomplete, or fraudulent information you provided during registration or KYC
• Any claim that your Agent's activities violated the rights of any third party
• Any dangerous, hazardous, or Prohibited Item received at the Facility on your behalf, including all costs of cleanup, disposal, emergency response, and damages to other Members' Packages or the Facility
• Any security breach, data leak, unauthorized access, or data exposure arising from your Agent's use of agentic protocols (MCP, A2A, OpenClaw, REST, or others), including vulnerabilities in your Agent's framework, credentials, webhook endpoints, or third-party integrations
• Any claim arising from the interaction of your Agent with third-party agents, services, or systems through the Platform's agentic protocol integrations
• Any loss or damage caused by prompt injection, adversarial inputs, model hallucinations, or other AI-specific attack vectors affecting your Agent or its operations on the Platform
• Any claim arising from your Agent's autonomous transmission, exposure, or mishandling of personal data, business data, or other sensitive information through agentic communication channels
• Any claim arising from security vulnerabilities in open-source protocols, third-party libraries, or software dependencies used by your Agent or its framework
• Any claim arising from the acts, omissions, errors, or misconduct of your employees, contractors, service providers, or personnel in connection with the Platform
• Any claim against the Company arising from a security breach, data leak, or service failure at a third-party infrastructure provider, where your data was affected as a result of being stored on or transmitted through the Platform in the ordinary course of service
• Any claim arising from the loss, theft, damage, delay, misdelivery, or misattribution of any Package or mail piece received, stored, or forwarded through the Platform, including claims by third-party senders, recipients, or carriers
• Any claim arising from the contents of any mail, document, or correspondence received at a CMRA facility on your behalf, including legal documents, financial instruments, government notices, or regulated materials
• Any claim arising from your failure to maintain valid Form 1583 authorization, adequate insurance coverage, or timely retrieval of Packages and mail
• Any claim by any third party (including senders, recipients, carriers, or government agencies) arising from your use of the Platform's mail or package receiving, storage, or forwarding services

16. Data Security and Privacy

16.1 Data Collection

The Company collects and processes personal data as described in its Privacy Policy, available at mailbox.bot/privacy. By using the Platform, you consent to the collection and processing described therein.

16.2 Security Measures and Limitations

The Company implements commercially reasonable security measures to protect Member data, including: encryption of data at rest and in transit; access controls and authentication; security monitoring and logging; and regular security assessments.

The Company commits to: promptly investigating security incidents upon discovery; notifying affected Members as required by applicable law; cooperating with law enforcement in the event of a data breach; and taking commercially reasonable steps to remediate vulnerabilities within its own systems. However, the Company cannot remediate vulnerabilities in third-party provider systems and is dependent on those providers to secure their own infrastructure.

16.3 KYC Data

KYC verification data is processed by the Company's third-party identity verification provider and is subject to that provider's privacy policy and data handling practices. The Company stores KYC verification results (verified/rejected) and session identifiers but does not store copies of identity documents after verification is complete, except as required by law.

16.4 Package and Mail Content Data

Package photographs, Content Scan images, mail scan images, OCR-extracted text, provenance chain data, and associated metadata are stored on the Platform and are accessible only to the Member, their authorized Agents, and authorized Company personnel with a legitimate operational need. The Company will never sell, rent, license, or commercially distribute the contents of your mail, packages, or scanned documents. Content data will not be disclosed to any third party except as required by law or pursuant to the law enforcement cooperation obligations in Section 9. See Section 7.5.1 for the full data protection commitment applicable to scanned content.

16.5 Data Retention

The Company retains Member data, Package records, and activity logs for the duration of the account plus five (5) years, or as required by law. KYC records are retained for a minimum of five (5) years after account closure.

17. Intellectual Property

17.1 Company Property

All content, features, functionality, trademarks, service marks, and trade dress of the Platform are the exclusive property of the Company and are protected by applicable intellectual property laws. "Mailbox.bot," the Mailbox.bot logo, and related marks are trademarks of Golden Ratio, LLC.

17.2 License to Use

The Company grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Platform in accordance with these Terms. This license does not include the right to sublicense, resell, or distribute access to the Platform.

17.3 Aggregated Data

You grant the Company a perpetual, royalty-free, worldwide license to use anonymized, aggregated data derived from your use of the Platform for the purposes of improving the Platform, generating anonymized industry reports, and training AI models. You may opt out by emailing with the subject "Opt-Out: Aggregated Data."

18. Termination

18.1 Termination by Member

You may terminate your account at any time through the Operator Dashboard or by emailing . Upon termination, you must arrange for the retrieval or forwarding of all Packages within fourteen (14) days. Packages remaining after fourteen (14) days will be treated as abandoned per Section 7.7.

18.2 Termination by Company

The Company may terminate or suspend your account immediately, without prior notice, for any of the following reasons: violation of these Terms or the AUP; failed or fraudulent KYC verification; suspicious or potentially illegal activity; non-payment of fees; law enforcement request; sanctions list match; refusal to comply with re-verification requests; or at the Company's sole discretion for any reason upon thirty (30) days' notice.

18.3 Effect of Termination

Upon termination: your access to the Platform will be revoked; all Agent profiles and Endpoints will be deactivated; all Packages (your property, held as bailee) must be retrieved or forwarded within fourteen (14) days; API keys and Agent credentials will be invalidated; and you remain liable for all fees incurred prior to termination.

18.4 Survival

The following provisions survive termination: KYC record retention (Section 5.5); Law Enforcement Cooperation (Section 9); Limitation of Liability (Section 14); Indemnification (Section 15); Data Retention (Section 16.5); Dispute Resolution (Section 20); and Governing Law (Section 21).

19. Force Majeure

The Company shall not be liable for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to: acts of God, natural disasters, pandemics, epidemics; government actions or orders, war, terrorism, civil unrest; strikes, labor disputes; carrier service interruptions; power or internet outages; cyberattacks, ransomware, distributed denial-of-service attacks, data breaches, or other malicious cyber activity targeting the Company or any of its third-party infrastructure providers; security breaches, outages, data loss, or service failures at any third-party provider, cloud service, database provider, authentication service, payment processor, or other infrastructure component used by the Platform; zero-day exploits, novel AI-powered attack vectors, or advanced persistent threats that were not reasonably foreseeable or preventable at the time of occurrence; supply chain compromises, including malicious updates to open-source software dependencies or third-party libraries; regulatory actions, sanctions, or compliance requirements imposed by any government authority that affect the Company or its providers; or any other event beyond the Company's reasonable control.

20. Dispute Resolution and Arbitration

20.1 Mandatory Arbitration

You may opt out of mandatory arbitration by sending written notice to Golden Ratio, LLC, 3556 S 5600 W, Suite #1-1038, Salt Lake City, UT 84120, within thirty (30) days of accepting these Terms.

20.2 Class Action Waiver

20.3 Pre-Arbitration Resolution

Before initiating arbitration, you must contact the Company and attempt to resolve the dispute informally by sending written notice. The parties shall attempt resolution within sixty (60) days before proceeding to arbitration.

20.4 Statute of Limitations

Any dispute must be filed within one (1) year after the cause of action accrued, or it will be permanently barred.

21. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Utah, without regard to conflict of law principles. For matters not subject to arbitration, you submit to the exclusive jurisdiction of the courts in Salt Lake County, Utah.

22. Special Provisions for California Residents

22.1 California Consumer Rights Notice

Pursuant to California Civil Code §1789.3, California residents may contact the Complaint Assistance Unit of the Division of Consumer Services at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210.

22.2 CCPA Rights

If the California Consumer Privacy Act applies, additional terms may apply as set forth in the Company's Privacy Policy.

23. Changes to Terms

The Company reserves the right to modify these Terms at any time. Material changes will be posted at least thirty (30) days before the effective date and communicated via email and/or webhook notification. Continued use of the Platform after the effective date of changes constitutes acceptance. If you do not accept material changes, you may terminate your account within thirty (30) days without penalty.

24. Miscellaneous Provisions

24.1 Entire Agreement

These Terms, together with the Privacy Policy and Acceptable Use Policy, constitute the entire agreement between you and the Company regarding the Platform.

24.2 Severability

If any provision of these Terms is held invalid, illegal, or unenforceable, the remaining provisions shall be enforced to the fullest extent permitted by law.

24.3 No Waiver

The Company's failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

24.4 Assignment

You may not assign or transfer these Terms without the Company's prior written consent. The Company may freely assign these Terms.

24.5 Electronic Communications

You consent to receive communications from the Company electronically, including via email, webhook, API response, and the Operator Dashboard. You agree that all agreements, notices, disclosures, and other communications provided electronically satisfy any legal requirement that such communications be in writing.

24.6 Relationship of Parties

Nothing in these Terms creates a partnership, joint venture, employment, or agency relationship between you and the Company. The Company is an independent contractor providing platform services.

24.7 Third-Party Beneficiaries

These Terms do not create any third-party beneficiary rights in any individual or entity that is not a party to these Terms.

24.8 Headings

Section headings are for convenience only and do not affect the interpretation of these Terms.

25. Contact Information

If you have questions regarding these Terms, please contact us at:

Golden Ratio, LLC dba Mailbox.bot
3556 S 5600 W, Suite #1-1038
Salt Lake City, UT 84120
Email: