Terms and Conditions

Msharti Terms of Service — Outlook Innovations Limited

1. Introduction

1.1 About These Terms

These Terms and Conditions (“Terms”) constitute a legally binding agreement between you (“Customer”, “Tenant”, “User”, or “you”) and Outlook Innovations Limited (“Msharti”, “we”, “us”, or “our”), a company registered in the Republic of Kenya, operating the Msharti MCP Gateway platform.

By accessing or using the Msharti platform — including the website at msharti.dev, the dashboard at apps.msharti.dev, the MCP gateway at mcp.msharti.dev, and any related services (collectively, the “Platform”) — you agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use the Platform.

1.2 About Msharti

Msharti is an enterprise MCP (Model Context Protocol) gateway and connector platform. We enable AI assistants — such as Claude, Microsoft Copilot, ChatGPT, and Cursor — to connect to business systems including M-Pesa, KRA GavaConnect, Salesforce, Sage, Microsoft 365, and other enterprise software. We do not provide AI models ourselves. We provide the infrastructure that connects AI assistants to your business data.

1.3 Eligibility

You must be at least 18 years old and have the legal capacity to enter into a binding contract. If you are using the Platform on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these Terms.

1.4 Changes to These Terms

We may update these Terms from time to time. We will notify you of material changes by email or through the Platform at least 30 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated Terms.


2. Definitions

“Account” means your registered user account on the Msharti Platform.

“AI Assistant” means any artificial intelligence tool that supports the Model Context Protocol, including but not limited to Claude, Microsoft Copilot, ChatGPT, and Cursor.

“API” means the application programming interface through which the Platform connects to third-party services.

“Connector” means a software module that enables the Platform to communicate with a specific third-party service (e.g., M-Pesa Daraja, KRA GavaConnect, Salesforce).

“Credentials” means the authentication information you provide to enable a Connector, including API keys, OAuth tokens, passwords, and security tokens.

“Customer Data” means all data that passes through the Platform on your behalf, including transaction data, API responses, and tool call results.

“Data Retention Service” means the optional add-on service that stores historical data beyond the native retention limits of third-party APIs.

“MCP” means Model Context Protocol, the open standard for connecting AI assistants to external systems.

“Service” means the Msharti Platform and all features, tools, and connectors made available through it.

“Subscription” means the paid or free plan under which you access the Service.

“Tenant” means the isolated workspace associated with your Account, containing your connected services, team members, and usage data.

“Trial” means the 7-day free trial period available to new subscribers on the Starter plan only. Business and Enterprise subscriptions do not include a Trial and begin as paid subscriptions immediately. No credit card is required to start a Trial. At the end of the Trial period, if no active paid Subscription is in place, the Account automatically reverts to the Free tier. All data, connectors, and settings are preserved on reversion.

“Third-Party Service” means any external platform connected through a Connector, such as Safaricom M-Pesa, KRA, Salesforce, or Microsoft 365.

“User” means any individual authorised by you to access your Tenant.


3. Account Registration and Security

3.1 Account Creation

To use the Service, you must create an Account by providing accurate and complete information, including your full name, email address, and organisation details. You agree to keep this information up to date.

3.2 Account Security

You are responsible for maintaining the confidentiality of your Account credentials, including your password and API keys. You agree to:

  • Use a strong, unique password
  • Enable two-factor authentication where available
  • Notify us immediately of any unauthorised access or suspected breach
  • Ensure that all Users under your Account comply with these Terms

3.3 Account Responsibility

You are fully responsible for all activity that occurs under your Account, whether or not authorised by you. Msharti is not liable for any loss or damage arising from your failure to maintain Account security.


4. Service Description and Use

4.1 What We Provide

Msharti provides:

  • An MCP gateway that translates requests between AI Assistants and your connected business systems
  • Pre-built connectors to Third-Party Services
  • A web-based dashboard for managing connections, users, and usage
  • Security features including injection detection, secret stripping, and audit logging
  • Optional Data Retention Services for historical data storage

4.2 What We Do Not Provide

Msharti does NOT provide:

  • AI models or AI-generated content
  • Financial, tax, or legal advice
  • Guarantees about the accuracy, completeness, or timeliness of data returned by Third-Party Services
  • Banking, payment processing, or money transmission services

4.3 Permitted Use

You may use the Service only for lawful business purposes. You agree not to:

  • Use the Service for any illegal, fraudulent, or unauthorised purpose
  • Attempt to gain unauthorised access to the Platform or any Third-Party Service
  • Reverse engineer, decompile, or disassemble any part of the Platform
  • Interfere with or disrupt the Platform or its underlying infrastructure
  • Use the Service to violate the terms of any Third-Party Service
  • Upload or transmit any malware, viruses, or harmful code
  • Use the Service to harass, abuse, or harm others
  • Resell, sublicense, or commercially exploit the Service without our written consent

4.4 Acceptable Use of Msharti MCP Gateway

When using the Msharti MCP Gateway, you agree not to:

  • Attempt prompt injection or adversarial attacks against the Platform
  • Use the Service to extract data you are not authorised to access
  • Bypass role-based access controls or tenant isolation
  • Use the Service to generate misleading, harmful, or deceptive content at scale

5. Connectors and Third-Party Services

5.1 Connector Setup

To use a Connector, you must provide valid Credentials for the relevant Third-Party Service. You are solely responsible for:

  • Obtaining and maintaining valid accounts with Third-Party Services
  • Ensuring you have the right to connect those accounts to Msharti
  • Keeping your Credentials accurate and up to date
  • Complying with the terms of service of each Third-Party Service

5.2 Third-Party Service Terms

Your use of Third-Party Services through Msharti is subject to the terms and conditions of those services. We are not a party to your agreements with Third-Party Services and are not responsible for:

  • Changes to Third-Party Service APIs, features, or availability
  • Data accuracy, completeness, or timeliness from Third-Party Services
  • Any fees, charges, or penalties imposed by Third-Party Services
  • Service interruptions, downtime, or errors originating from Third-Party Services

5.3 M-Pesa Daraja Specific Terms

M-Pesa is a service of Safaricom PLC. By connecting M-Pesa through Msharti, you agree to:

  • Safaricom’s terms of service for Daraja API
  • The 48-hour transaction history limitation of the Pull API
  • Any fees charged by Safaricom for API usage
  • Msharti’s Data Retention Service if you require historical data beyond 48 hours

5.4 KRA GavaConnect Specific Terms

KRA GavaConnect is a service of the Kenya Revenue Authority. By connecting KRA through Msharti, you agree to:

  • KRA’s terms of service for GavaConnect API
  • The requirement to create separate API applications for each KRA API product
  • Any usage limits or quotas imposed by KRA
  • The accuracy and timeliness of KRA data, which Msharti does not control

6. Data and Data Retention

6.1 What Data We Process

Msharti processes the following categories of data:

  • Account Data: Your registration information, billing details, and login credentials
  • Credentials: Encrypted authentication tokens for Third-Party Services
  • Customer Data: API requests and responses that pass through the Platform
  • Usage Data: Metrics about tool calls, connectors used, and performance
  • Audit Logs: Records of every tool call for security and compliance purposes

6.2 Data Retention

Standard Service: We do not retain Customer Data beyond what is necessary to process and respond to your requests. API responses are processed in real-time and are not stored unless you explicitly enable the Data Retention Service.

Data Retention Service: If you subscribe to this add-on, we store historical data from connected services (e.g., M-Pesa transactions, email archives) for the duration specified in your subscription (3, 12, or 24 months). You can:

  • View what data is retained in your dashboard
  • Export retained data at any time
  • Pause or cancel the Data Retention Service
  • Request deletion of retained data

6.3 Data Ownership

You retain all ownership rights to your Customer Data. We do not claim ownership of your data. We are a data processor under the Data Protection Act, 2019, and you are the data controller (or data processor, as applicable) for your Customer Data.

6.4 Data Deletion

Upon Account termination or upon your request, we will delete your Account Data and Customer Data within 30 days, except where we are required to retain it by law or for legitimate business purposes (e.g., audit logs for fraud prevention).


7. Fees and Payment

7.1 Subscription Plans

We offer the following subscription plans:

PlanMonthly Fee (KES)Rate LimitConnectorsSeats
Free010 calls / min31
Starter5,999300 calls / min105
Business14,9992,000 calls / min2315
EnterpriseCustomUnlimited23 + customUnlimited

All paid plans (Starter, Business, Enterprise) include a 7-day free Trial — no credit card required. At the end of the Trial, accounts that have not subscribed revert automatically to the Free tier with all settings preserved. See the definition of “Trial” in Section 2.

7.2 Add-Ons

The following add-ons are available for additional fees:

  • M-Pesa Data Retention: KES 2,000 per Paybill per month
  • Email Archive (Outlook): KES 1,500 per mailbox per month
  • Extended Retention (12 months): 50% surcharge on retention fees
  • Custom Connector Development: Contact support@msharti.dev for a quote
  • Dedicated Instance: Custom pricing
  • White-Label Dashboard: Custom pricing

7.3 Billing and Payment

  • Subscription fees are billed monthly in advance
  • Payment is due within 7 days of invoice
  • We accept payment via bank transfer, M-Pesa Paybill, and card (Paystack)
  • All fees are quoted in Kenyan Shillings (KES) and are inclusive of applicable taxes
  • Failure to pay within 30 days may result in suspension of Service

7.4 Refunds

  • No refunds are provided for partial months
  • If you downgrade your plan, the new rate applies at the start of the next billing cycle
  • If we terminate your Account for breach of these Terms, no refund will be issued

7.5 Price Changes

We may adjust pricing with 30 days’ written notice. Price changes do not affect active subscriptions until the next renewal date.


8. Intellectual Property

8.1 Our IP

Msharti retains all rights, title, and interest in and to the Platform, including all software, code, designs, logos, trademarks, and documentation. These Terms do not grant you any licence to our intellectual property except as necessary to use the Service.

8.2 Your IP

You retain all rights to your Customer Data and any content you create using the Service. You grant us a limited, non-exclusive, revocable licence to use your Customer Data solely to provide the Service.

8.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, royalty-free licence to use and incorporate that feedback into the Platform without obligation to compensate you.


9. Confidentiality

9.1 Confidential Information

“Confidential Information” means any non-public information disclosed by one party to the other, including but not limited to:

  • Credentials and API keys
  • Business data and transaction records
  • Technical architecture and security measures
  • Pricing and commercial terms

9.2 Obligations

Each party agrees to:

  • Keep the other’s Confidential Information strictly confidential
  • Use Confidential Information only for the purpose of exercising rights under these Terms
  • Not disclose Confidential Information to third parties without prior written consent
  • Protect Confidential Information with at least the same degree of care used to protect its own confidential information

9.3 Exceptions

Confidentiality obligations do not apply to information that:

  • Is or becomes publicly available through no breach of these Terms
  • Was already known to the receiving party before disclosure
  • Is independently developed by the receiving party without use of the disclosing party’s Confidential Information
  • Is required to be disclosed by law or court order, provided prompt notice is given

10. Security and Compliance

10.1 Our Security Commitments

We implement the following security measures:

  • AES-256-GCM encryption for all stored Credentials
  • TLS 1.3 for all data in transit
  • Tenant isolation via JWT-based access control
  • Prompt injection detection and blocking
  • Automatic secret stripping from API responses
  • Role-based access control (RBAC)
  • Comprehensive audit logging
  • Regular security assessments and penetration testing

10.2 Your Security Obligations

You agree to:

  • Use strong passwords and enable two-factor authentication
  • Keep your Credentials confidential and secure
  • Report any suspected security incidents within 24 hours
  • Ensure your Users understand and comply with security policies
  • Not share Account access with unauthorised individuals

10.3 Compliance

Msharti is committed to compliance with:

  • The Data Protection Act, 2019 (Kenya)
  • The Computer Misuse and Cybercrimes Act, 2018 (Kenya)
  • The Kenya Information and Communications Act, 1998
  • The National Payment System Act, 2011 (as applicable)

10.4 Regulatory Cooperation

We cooperate with lawful requests from:

  • The Office of the Data Protection Commissioner (ODPC)
  • The Communications Authority of Kenya (CA)
  • The Central Bank of Kenya (CBK)
  • The Kenya Revenue Authority (KRA)
  • Law enforcement agencies with valid legal authority

11. Warranties and Disclaimers

11.1 Our Warranties

We warrant that:

  • The Service will materially conform to the documentation provided
  • We will use commercially reasonable efforts to maintain the availability of the Service
  • We will process your data in accordance with our Privacy Policy and applicable law

11.2 Disclaimer of Warranties

EXCEPT AS EXPRESSLY STATED IN SECTION 11.1, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

  • WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT
  • WARRANTIES THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE
  • WARRANTIES REGARDING THE ACCURACY, COMPLETENESS, OR TIMELINESS OF DATA FROM THIRD-PARTY SERVICES
  • WARRANTIES THAT THE SERVICE WILL MEET YOUR SPECIFIC REQUIREMENTS OR EXPECTATIONS

Msharti does not provide financial, tax, legal, or accounting advice. Any data or insights provided through the Service are for informational purposes only. You should consult qualified professionals before making financial, tax, or legal decisions.


12. Limitation of Liability

12.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MSHTARI AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

  • LOSS OF PROFITS, REVENUE, OR BUSINESS
  • LOSS OF DATA OR GOODWILL
  • BUSINESS INTERRUPTION
  • COST OF SUBSTITUTE SERVICES
  • ANY DAMAGES ARISING FROM RELIANCE ON DATA PROVIDED BY THIRD-PARTY SERVICES

12.2 Cap on Liability

OUR TOTAL AGGREGATE LIABILITY FOR ANY CLAIM ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE TOTAL AMOUNT YOU PAID TO US IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR KES 50,000, WHICHEVER IS GREATER.

12.3 Exceptions

The limitations in Sections 12.1 and 12.2 do not apply to:

  • Death or personal injury caused by our negligence
  • Fraud or fraudulent misrepresentation
  • Any liability that cannot be excluded under applicable law

13. Indemnification

You agree to indemnify, defend, and hold harmless Msharti and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or in any way connected with:

  • Your use of the Service
  • Your violation of these Terms
  • Your violation of any third-party rights, including intellectual property or privacy rights
  • Your violation of any applicable law or regulation
  • Your connection of unauthorised or improperly licensed Third-Party Services

14. Term and Termination

14.1 Term

These Terms commence on the date you first access the Service and continue until terminated in accordance with this Section.

14.2 Termination by You

You may terminate your Account at any time by:

  • Cancelling your subscription in the dashboard, or
  • Emailing us at support@msharti.dev with 30 days’ notice

14.3 Termination by Us

We may suspend or terminate your Account immediately if:

  • You breach these Terms
  • You fail to pay fees when due
  • Your use of the Service poses a security risk or legal liability
  • You engage in fraudulent, abusive, or illegal activity
  • We are required to do so by law or regulatory authority

14.4 Effect of Termination

Upon termination:

  • Your right to access the Service ceases immediately
  • All outstanding fees become due and payable
  • We will delete your Account Data and Customer Data within 30 days, subject to legal retention requirements
  • Sections 8 (Intellectual Property), 9 (Confidentiality), 11 (Warranties), 12 (Limitation of Liability), 13 (Indemnification), and 15 (Dispute Resolution) survive termination

15. Dispute Resolution

15.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the Republic of Kenya.

15.2 Jurisdiction

Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Kenya.

15.3 Alternative Dispute Resolution

Before commencing litigation, the parties agree to attempt to resolve disputes through good-faith negotiation. If negotiation fails within 30 days, either party may escalate to mediation under the rules of the Chartered Institute of Arbitrators (Kenya Branch). If mediation fails, either party may proceed to litigation.

15.4 Injunctive Relief

Nothing in this Section prevents either party from seeking injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm.


16. General Provisions

16.1 Entire Agreement

These Terms, together with our Privacy Policy and any other policies referenced herein, constitute the entire agreement between you and Msharti regarding the Service and supersede all prior agreements, understandings, and representations.

16.2 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.

16.3 Waiver

Our failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

16.4 Assignment

You may not assign or transfer these Terms without our prior written consent. We may assign these Terms without restriction.

16.5 Force Majeure

We are not liable for any failure or delay in performance due to causes beyond our reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, labour disputes, utility failures, internet outages, or government action.

16.6 Notices

All notices under these Terms must be in writing and sent to:

  • For Msharti: support@msharti.dev or Outlook Innovations Limited, Nairobi, Kenya
  • For you: The email address associated with your Account

16.7 Third-Party Beneficiaries

These Terms do not confer any rights on third parties except as expressly stated.


17. Contact Information

If you have any questions about these Terms, please contact us:

Outlook Innovations Limited
Trading as: Msharti
Email: legal@msharti.dev
Support: support@msharti.dev
Website: https://msharti.dev
Address: Nairobi, Kenya


END OF TERMS AND CONDITIONS

For our Privacy Policy, see https://msharti.dev/privacy