Terms of Service

Terms of Service

Last modified: March 2026

Welcome to Candide, the blockchain infrastructure platform for Ethereum smart account development. By accessing or using our services, you agree to these Terms of Service ("Terms"). If you do not agree, do not use our services.


1. Product Description

Candide Labs ("Candide," "we," "us," "our") provides blockchain infrastructure for building and operating smart accounts on Ethereum and EVM-compatible networks. Our services include:

- Bundler: Software infrastructure that processes UserOperations for ERC-4337 smart accounts across supported networks.
- InstaGas (Paymaster): Backend infrastructure and smart contracts for sponsoring or facilitating payment of Ethereum transaction fees, including gas policy management and ERC-20 token paymaster functionality.
- AbstractionKit: An open-source SDK for building smart accounts on Safe infrastructure.
- Dashboard: A web-based platform for developers to manage API keys, gas policies, team members, and usage.
- Safe OpenSig: A verification instrument for institutional Safe signers. It provides local transaction intent reconstruction and audit capabilities before hardware signing. Safe OpenSig is not a wallet, a custodian, or a replacement for the Safe Web UI.


2. Company Information

Legal Name: Candide Labs
Contact Email: team@candidelabs.com
Address: 37 Rue Gazan, Paris, 75014 France


3. Target Audience

Candide services are designed for software companies, developers, and enterprises building on Ethereum and EVM-compatible blockchains. By using our services, you represent that you are using them for business or development purposes.


4. Subscription Tiers and Pricing

4.1 Tiers

Candide offers the following subscription tiers:

- Starter (Free): Limited mainnet access (90 days or 2,000 UserOperations, whichever comes first). Testnet access remains free indefinitely.
- Launch Prod ($399/month): Production infrastructure with standard bundler, 5 chains, and Slack support.
- Grow ($899/month): Expanded infrastructure with priority bundler, 10 chains, 15 team seats, and dedicated customer success manager.
- Enterprise ($3,000+/month): Dedicated infrastructure, custom SLAs, unlimited capacity, and white-glove support. Pricing is custom.

Current pricing and feature details are available on our pricing page. Candide reserves the right to modify pricing with 30 days' written notice to existing subscribers.

4.2 Annual Plans

Annual subscriptions receive a discount equivalent to 2 months free. Annual plans are billed upfront for the full 12-month period.

4.3 Refund Policy

- Monthly plans: Cancel anytime. No refund for the current billing period.
- Annual plans (first 30 days): Full refund if you are not satisfied, no questions asked.
- Annual plans (months 1-6): No refunds or cancellations. Remaining balance may be applied as credit toward an upgrade to a higher tier.
- Annual plans (after 6 months): Pro-rated refund for remaining unused months, or credit toward a higher tier. No cancellation fees.
- Enterprise plans: Governed by individual contract terms.

4.4 Free Tier Limits

When you reach either free tier limit (90 days or 2,000 mainnet UserOperations), mainnet access will be paused. Testnet access continues uninterrupted. Upgrade to a paid tier to restore mainnet access.


5. Gas Sponsorship and Token Paymaster

5.1 Gas Pricing

Candide charges zero markup on gas costs. Gas is passed through at cost. A flat per-UserOperation service fee applies after included free operations are consumed, as specified by your subscription tier.

5.2 Token Paymaster

When using the ERC-20 token paymaster, exchange rates between tokens and gas are not guaranteed and are determined based on current gas prices and token prices at the time of transaction execution. Candide is not liable for rate fluctuations.

5.3 Gas Policy Deposits

Funds deposited into InstaGas gas policies are used to sponsor UserOperations on your behalf. Deposited funds are non-refundable once consumed by sponsored transactions. Unused deposits may be withdrawn subject to the terms of your gas policy configuration.


6. Service Level Agreements (SLA)

6.1 SLA by Tier

Starter: No SLA
Launch Prod: No SLA
Grow: 99% uptime
Enterprise: 99.9% uptime (or as specified in contract)

6.2 Definitions

Uptime is calculated monthly as: ((Total minutes in month - Downtime minutes) / Total minutes in month) x 100.

Downtime means periods where the Candide API is unavailable or returns errors for more than 5 consecutive minutes, excluding scheduled maintenance and blockchain network outages or degradation (e.g., chain halts, network congestion, RPC provider failures) which are outside Candide's control.

Scheduled maintenance windows will be communicated at least 48 hours in advance and do not count toward downtime.

6.3 Service Credits

If Candide fails to meet the applicable SLA in a given month, service credits apply as follows:

For 99.9% SLA:
- 99.0% - 99.89% uptime achieved: 10% service credit
- 95.0% - 98.99% uptime achieved: 25% service credit
- Below 95% uptime achieved: 50% service credit

For 99% SLA:
- 98.0% - 98.99% uptime achieved: 10% service credit
- 95.0% - 97.99% uptime achieved: 25% service credit
- Below 95% uptime achieved: 50% service credit

Service credits are applied to the next billing cycle and do not exceed 50% of the monthly fee. Credits must be requested within 30 days of the incident. Service credits are the sole and exclusive remedy for SLA breaches.

6.4 Enterprise SLA

Enterprise customers may negotiate custom SLA terms, including financial penalties, as part of their individual contract.


7. Fair Use and Acceptable Use

7.1 Fair Use

All subscription tiers are subject to fair use. Candide reserves the right to throttle or suspend access if usage patterns indicate abuse, including but not limited to:

- Sustained API requests exceeding the rate limits of your tier
- Submitting malformed, spam, or intentionally failing UserOperations
- Using Candide infrastructure to perform denial-of-service attacks on any network
- Attempting to circumvent rate limits, usage caps, or tier restrictions
- Reselling Candide API access to third parties without written authorization

7.2 Enforcement

Candide may, at its sole discretion, throttle, suspend, or terminate accounts that violate these terms. Where possible, we will provide 7 days' written notice before suspension, except in cases of imminent harm or legal obligation.


8. Safe OpenSig

8.1 Purpose

Safe OpenSig is a verification instrument for institutional Safe signers. It locally reconstructs and audits transaction intent before hardware signing.

8.2 Local-First Verification

All forensic simulation and Merkle proof validation are performed locally on the user's device. No transaction data is transmitted to Candide servers during the verification process.

8.3 Third-Party Data

Safe OpenSig interacts with third-party RPC providers (e.g., Alchemy) to verify blockchain state. Candide is not responsible for the uptime, accuracy, or data integrity of these third-party providers.

8.4 No Liability for Financial Loss

Safe OpenSig's transaction preview is provided for informational purposes only. Users are solely responsible for verifying the final payload on their hardware device before signing. Candide is not liable for losses resulting from blind signing, malicious UI injections, compromised hardware, or discrepancies in third-party interfaces.

8.5 Not a Financial Service

Safe OpenSig is not a wallet, custodian, exchange, or financial advisor. It does not hold, transmit, or have access to user funds at any time.


9. Intellectual Property and Trademarks

Candide's proprietary software is owned by Candide Labs. Open-source components are licensed under their respective open-source licenses.

The Candide name, logo, and branding are trademarks of Candide Labs.

Trademark attribution: Safe is a trademark of the Safe Ecosystem Foundation. Ledger, Nano S, Nano X, and Nano Plus are trademarks of Ledger SAS. Safe OpenSig is an independent verification instrument and is not affiliated with, sponsored by, or endorsed by Safe or Ledger.


10. Data Protection and Privacy

10.1 Data We Collect

Candide collects and processes the following personal data for billing and account management purposes:

- Name
- Email address
- Billing address
- Payment information (processed by our third-party payment provider)

10.2 API and Usage Data

We collect API usage data (request counts, error rates, response times) for billing, analytics, and service improvement. This data is associated with your API key, not with individual end-users of your application.

10.3 GDPR Compliance

As a company based in France, Candide complies with the General Data Protection Regulation (EU 2016/679). You have the right to:

- Access your personal data
- Rectify inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to processing of your data

To exercise these rights, contact team@candidelabs.com. We will respond within 30 days.

10.4 Data Retention

Account and billing data is retained for the duration of your subscription and for 24 months after cancellation for legal and accounting purposes. API usage logs are retained for 90 days. You may request earlier deletion of non-required data.

10.5 Sub-Processors

Candide uses third-party services for payment processing, email, and infrastructure hosting. A list of sub-processors is available upon request.


11. Limitations and Disclaimers

11.1 As-Is Basis

Candide services are provided on an "as-is" and "as-available" basis. While critical smart contract components are audited, software may contain vulnerabilities. Candide does not warrant uninterrupted, error-free, or completely secure operation of its services.

11.2 Blockchain Risks

You acknowledge the inherent risks of blockchain technology, including but not limited to: network congestion, gas price volatility, smart contract vulnerabilities, consensus failures, and chain reorganizations. Candide is not liable for losses caused by blockchain network behavior.

11.3 Limitation of Liability

To the maximum extent permitted by applicable law, Candide's total liability for any claim arising from these Terms or use of our services shall not exceed the fees paid by you in the 12 months preceding the claim. Candide shall not be liable for indirect, incidental, consequential, or punitive damages.

11.4 SLA Remedies

Service credits as described in Section 6.3 are the sole and exclusive remedy for service availability failures.


12. Add-On Services

Recovery Plugin, Allowance Module, Custom Network deployments, and other add-on services are governed by their own separate terms provided at the time of purchase. In case of conflict between these Terms and add-on terms, the add-on terms prevail for the specific add-on service.


13. Account Responsibilities

You are responsible for maintaining the confidentiality of your API keys and account credentials.

You are responsible for all activity under your account.

You must notify Candide immediately if you suspect unauthorized access to your account.

Candide is not liable for losses caused by compromised API keys or credentials.


14. Modifications to Terms

Candide may update these Terms at any time. We will provide 30 days' written notice for material changes. Continued use of our services after the notice period constitutes acceptance of the updated Terms. If you do not agree with the changes, you may cancel your subscription.


15. Governing Law and Disputes

These Terms are governed by the laws of France. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the courts of Paris, France.


16. Contact

For questions about these Terms, contact us at team@candidelabs.com.