Skip to main content

Terms of Service

Privacy

Terms of Service

Version 4.0, Effective 2 June 2026

Alter Meridian Pty Ltd T/A True Alter (ACN 696 662 049, ABN 54 696 662 049)

Parties and Scope

These Terms are between you and Alter Meridian Pty Ltd T/A True Alter (ACN 696 662 049, ABN 54 696 662 049), a company registered in Queensland, Australia ("ALTER", "we", "us"). ALTER operates identity infrastructure at truealter.com: a protocol on which people are recognised on their own terms, with their own records, under their own control. ALTER attests and verifies identity; it is the rails other agents read identity on. ALTER is not a marketing service, a data broker, a scoring bureau, or an agent that acts for you. We do not represent you, negotiate for you, transact for you, or otherwise act on your behalf; your identity record is yours to hold and to allow others to read.
These Terms take effect when you accept them during account sign-in (see §3) and continue for as long as you hold an account with us. They should be read together with our Privacy Policy and Cookie Policy. Where a clause in these Terms conflicts with the Privacy Policy on a question of how we handle your data, the Privacy Policy prevails.

What the Service Is at This Release

This release ships the ALTER identity protocol: a Model Context Protocol (MCP) server that agents query to verify and read identity, together with the public "alter" command-line interface (distributed via npm) and a small number of public web pages. The Service is the sum of those surfaces and the identity primitives they carry. Everything in these Terms describes that surface and only that surface.
  • ~handleYour sovereign identifier: the stable address under which your identity is recognised across contexts. Your handle is bound to your account when you sign in and is the address other parties query against
  • Identity record and durable substrateA per-handle, append-only record of what you have paired, attested, and consented to. You read your own state from the command line (for example "alter whoami", "alter status", "alter traits", "alter portfolio"); the record is the part of you that handles being known, held by you, not an agent that acts
  • DiscoveryThe pairing flow through which you connect third-party data streams to your identity record, initiated from the command line by running "alter discover" and the per-connector pairing commands. Pairing a connector authorises ALTER to receive the scoped data that connector exposes under your consent. A short member-only question-and-answer seed also runs under Discovery so you can ground your own record. Discovery is not a test, quiz, clinical diagnosis, contracted assessment service, or decision tool for workplace or educational outcomes
  • Peer alignment queriesAnother member, or an authorised agent acting for another member, may query the alignment between your identity record and theirs, but only after you have granted that consent ("alter alignment grant"), and you may revoke it at any time. The query returns alignment tier labels and complementarity bands, never numeric scores
  • Alter-to-Alter messagingA direct messaging surface between handles. Messaging is closed by default: another handle can reach your inbox only after you grant it ("alter msg grant"), and you may revoke that grant at any time
  • Identity Income and the query railWhen a paid agent query runs against your identity record, the payment is settled over the x402 protocol and your share is routed to you. The economics and the live/forthcoming state of each part of this rail are set out in §10
Participation in Discovery and every other surface is voluntary. You may pair or unpair any stream at any time from the command line, and unpairing ends ALTER's ongoing receipt of data from that stream. Capabilities that are not part of this release (including a contracted psychometric or LLM-based profiling service, a consumer matching or Belonging Probability feature, and employer or workforce contracting) are not offered by these Terms and create no obligation under them. If any such surface opens in future, it will be governed by the version of these Terms in force when that surface opens, published before it opens.

Contract Formation and Your Account

Your account exists to carry your identity across the Service. You hold it; we operate it.
  • You enter into these Terms by signing in and binding a handle to your account, which requires you to affirmatively accept these Terms and the Privacy Policy. Acceptance is opt-in: if you do not accept, no account is created and no personal data is retained
  • By accepting, you confirm that you are at least 18 years old, that the information you provide is accurate at the time you provide it, and that you agree to these Terms and the Privacy Policy as they stand on the date of acceptance
  • Keep your account credentials and keys confidential and tell us promptly if you suspect unauthorised access at security@truealter.com
  • Session management is command-line driven: "alter login" opens a session; "alter logout" closes it; "alter whoami" and "alter status" report the identity you are signed in as; and the session commands let you review and revoke outstanding sessions
You may close your account at any time from the command-line client by running "alter forget", which starts a 30-day grace period during which the account is deactivated but recoverable by the account holder; you can cancel within that period by running "alter forget --cancel". After the grace period, personal data is permanently erased in line with the retention table in our Privacy Policy. If you have lost access to your account and cannot run the command, you may request closure by emailing support@truealter.com from the email address on record, and we will process the request within two business days of receipt.

Pairing

Pairing is designed to be honest about what each connector contributes. Before you pair a stream, the Service shows you what shape of signal that stream exposes, what the Service will and will not do with it, and how to reverse the pairing. The friction at that step is deliberate.
  • Each connector is described before you authorise it. No OAuth grant is sought without the description being shown in the command line, and the same per-connector information (reads, refusals, what the Service cannot do with the pairing, storage, how to revoke) is reachable in our connector documentation
  • Pairing is a scoped read commitment, not delegation. For OAuth-class connectors, the Service requests the smallest read-only scope the provider supports for the recognition pattern and never receives write power; the Service cannot post, message, push, comment, merge, modify settings, or change membership on the upstream account by any means, including any later expansion of the granted scope
  • For attestation-class connectors (DNS records, .well-known files, wallet attestations), the proof is a public artefact you create yourself. The Service never holds write credentials, registrar control, or wallet signing material; wallet attestations are one-shot identity signatures, not session keys
  • Pairing alone does not enrol you in any downstream surface. Peer alignment queries, agent queries against your record, and any third-party recipient each require a separate, deliberate consent scoped to that recipient. Sharing is never transitive, and granting recognition to the Service does not grant it to anyone else
  • Pairing is reversible from the command line at any time, and unpairing ends the Service's ongoing receipt of data from that stream. Where the upstream provider supports OAuth revocation, the Service revokes the grant on the upstream side as part of the unpair, destroys the access and refresh tokens on its side within 24 hours, and writes a tamper-evident audit row. Data already received is governed by the retention rules in the Privacy Policy
  • Integrity checks run on ingested stream data. These checks produce confidence signals, not scores about you; they affect whether a given signal is used, not whether you "pass"
  • You are never penalised for wellbeing-adjacent signals. If a pattern in ingested data suggests distress, our policy is to de-weight or pause, not to judge
The friction here is deliberate. A frictionless consent flow does not produce a record that honestly reflects the person. Procedurally-fair but substantively-asymmetric dealings are not adequate; pairing exists so that what the Service receives about you is substantively, not just procedurally, yours. The per-connector documentation is part of these Terms by reference; the more restrictive description governs in any conflict between this section, a per-connector page, and a downstream consuming surface.

Consent Architecture

Consent on ALTER is layered, granular, and symmetric. Each category of processing requires its own explicit consent; no category opts you into any other category.
  • GranularityYou grant or withdraw each consent independently. There is no bundled "accept all"
  • Explicit basis for sensitive dataWhere any processing would draw on special-category data, we rely on explicit consent (GDPR Art 9(2)(a) where applicable) for that processing, not on a general service-terms acceptance. Non-sensitive processing is grounded in the bases set out in Art 6(1)(a) to (f) as applicable, and the mapping is recorded in the Privacy Policy
  • Stream-specific lawful basisWhen you connect a third-party data stream to the Service, the OAuth or URL grant authorises the Service to receive the scoped data that stream exposes. That authorisation is not, on its own, consent for the Service to infer identity traits from the received data. Every stream requires its own explicit, revocable, documented consent to inference, recorded separately from the connection itself. Where inference on a stream would draw on special-category data, we rely on explicit consent under GDPR Art 9(2)(a) for that stream where applicable
  • Per-recipient consentPeer alignment queries and agent queries against your record each run only after you have granted a consent scoped to that recipient, and each grant is independently revocable from the command line ("alter alignment grant" / "alter alignment revoke"; "alter msg grant" / "alter msg revoke"). Revoking closes future access; it does not retroactively unwind a query that has already settled
  • Withdrawal symmetryWithdrawing a consent is at least as easy as giving it. Connection and grant withdrawal are self-serve from the command line. For any consent that does not yet have a self-serve surface, the authoritative withdrawal channel is privacy@truealter.com; we action withdrawals on the date we receive them. Withdrawal is effective from that date and does not affect the lawfulness of processing carried out before withdrawal
An "I agree" checkbox does not make an asymmetric transaction fair. Express consent is not a substitute for a consent surface you can actually navigate; cosmetic layers of disclosure do not cure structural asymmetry. That is the reason our consent surfaces are designed the way they are: plain language, granular grants, symmetrical withdrawal, and no dark patterns.

Prohibited Inferences: EU AI Act Art 5(1)(d) Carve-out

Some inferences are categorically off the table, regardless of consent.
  • We do not infer emotion or affect from any paired stream, any connected source, or any other signal for use in a workplace context or an education context. This carve-out is modelled on EU AI Act Art 5(1)(d), which prohibits the placing on the market, putting into service, or use of AI systems to infer emotions of a natural person in the areas of workplace and education institutions. We apply the carve-out globally, not only to data subjects inside the European Union
  • The prohibition binds our own agents as well as any third party that queries the Service. It is a prohibition on the inference-and-use pair, not only on the collection
  • We do not infer a trait to use against you in a prohibited context even where the underlying data was received with consent
If we ever release a feature that could read as workplace or education affect inference, that feature is either not shipping or it is built outside this carve-out and separately disclosed. These Terms bind us on this point.

Automated Decisions and Human Review

The Service uses automated processes to derive observations from paired data streams, compute alignment indicators between consenting members, and run integrity checks. None of these processes produces a decision that is solely automated in the sense of GDPR Art 22 where that Article applies to you, and none produces an employment, education, credit, or comparable legal-or-significant-effect decision about you.
  • You may request human review of any automated observation that materially affects you. The authoritative channel for a review request at this release is an email to privacy@truealter.com with the subject "Human Review Request", identifying the observation or outcome you want reviewed
  • A review may confirm the automated outcome, adjust it, invalidate it and re-run the relevant process, or flag the underlying model for correction
  • You may submit written points that we will consider as part of the review
  • We aim to complete reviews promptly and within the timeframes required by applicable law
You also have the right to an export of your identity record (GDPR Art 20 where applicable). At this release the export channel is also an email to privacy@truealter.com; a self-serve export command will be added to the command-line interface in a later release. Other rights under the Australian Privacy Act, the GDPR, and the CCPA are set out in the Privacy Policy.

Bias Governance

Fairness on ALTER is audited, not asserted. The audit is run against what we ship, not against what we say.
  • Adverse-impact monitoring on outcomes that affect natural persons follows the four-fifths rule across the protected attributes set out in the ALTER bias-governance policy. Intersectional analysis is part of the audit, not an extra
  • Audit records are held in a separately credentialed store with an independent retention boundary described in the Privacy Policy
  • Where an audit identifies an issue, our response is to pause the surface, correct the issue, and document the correction, not to retroactively re-score you
We do not currently publish a public audit export and we will not make a promise to that effect until the export surface has shipped. You can always request the audit record relevant to your own account through the human-review channel above.

Intellectual Property and Commons Stewardship

You own your identity data. We operate the methodology that reads it. We keep the two separate.
  • You own the data you pair into the Service, the observations derived from what you have paired, your identity record, and any identity summary the Service returns to you. We hold a limited, revocable licence to process those for the purpose of operating the Service
  • Our methodology, our models, our taxonomies, and the software that implements them are the proprietary intellectual property of Alter Meridian Pty Ltd T/A True Alter
  • You must not scrape or systematically harvest content from the Service, including connector descriptions or methodology documentation
  • You must not attempt to misappropriate our methodology, including by replicating our models through coordinated probing of the Service, and you must not use the Service to operate, train, or benchmark a system that competes by misappropriating our methodology
  • Nothing in this section restricts you from building any system you like that does not depend on misappropriated ALTER methodology. We do not assert any general non-compete against you as a person, a researcher, or a builder

Reverse-engineering carve-outs

The general prohibition on reverse-engineering in this section does not apply where reverse-engineering is permitted by mandatory law: (a) interoperability as provided by Directive 2009/24/EC Art 5(3) and Art 6 (EU Software Directive) for lawful users; and (b) good-faith computer security research and interoperability testing as provided by s 47D of the Copyright Act 1968 (Cth) and comparable provisions in your jurisdiction. Where those laws apply, they override any stricter reading of this clause. We will not treat a clause of this contract as a remedy for conduct the law of your jurisdiction authorises. We do not use "claim your profile" or "claim your identity" language anywhere on the Service in the sense of a marketing claim; the identity-claim flow at "alter claim" is a cryptographic redemption of an invitation, not a marketing claim. Identity on ALTER is recognised, not asserted by declaration.

Identity Income

ALTER operates a protocol in which the payment for a paid query against your identity record is routed largely to you. This section describes the commitment that attaches to any such payment. The rail is designed to settle paid agent queries over the x402 protocol in USDC on the Base network. At this release, your share accrues to your account as earnings the moment a paid query runs; live settlement and earnings withdrawal open in a later release, and we will notify you under §14 before they do. Once withdrawal opens, it will be available to members at engagement level 3 and above who connect a payout method; below that level, earnings accrue and become withdrawable once you reach it. ALTER is the debtor that owes you your share; it is not a custodian of your funds and does not hold them as a broker.
  • Your share75 per cent of the payment for a given query is routed to the subject of that query: to you. This share is enforced in code and is the minimum we commit to in these Terms
  • RemainderThe remaining 25 per cent is allocated 15 per cent to operating the ALTER network, 5 per cent to a shared cooperative facilitation pool, and 5 per cent to a shared treasury held for the member community, separate from ALTER. The composition of the remainder is kept under review; we will notify you in advance of any change and you will have the opportunity to review the updated version of these Terms before it takes effect
  • Query pricingEach query type has a fixed published price (for example, a peer alignment query is priced at USD $0.30). The schedule is fixed, not set by us per transaction, and any change to it is notified in advance under §14. Free, no-charge query types (including identity verification) remain free
  • Withdrawal and revocationEarning is opt-in and revocable. You choose whether to connect a payout method and may disconnect it at any time; you may revoke any consent that makes your record queryable, which stops future earning queries against that surface. Before you revoke, the Service shows you what the revocation will stop. Revocation does not unwind a query that has already run

Per-stream return binding

For every stream of identity data we process, you receive a return whose total value to you materially exceeds the value we extract from that stream. This is enforced per stream, not aggregated across streams. If any stream ceases to meet the return test, we pause processing on that stream until the return side is restored.

Liability

To the extent permitted by law:
  • The Service is provided "as is" and "as available" with no warranty beyond those the law implies
  • ALTER is not liable for indirect, consequential, special, or incidental damages arising from your use of the Service
  • Our aggregate liability arising out of or in connection with the Service, across all claims, is limited to the greater of (a) the total amounts you have paid ALTER, and the total Identity Income earnings ALTER owed you, in the 12 months preceding the claim and (b) AUD $500

Australian Consumer Law saver

Nothing in these Terms excludes, restricts, or modifies any consumer guarantee, right, or remedy you have under the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)), including the non-excludable guarantees in ss 51 to 63 and the non-exclusion rule in s 64. In particular, nothing in this clause operates to exclude or limit liability for: (a) death or personal injury caused by our negligence; (b) fraud or fraudulent misrepresentation; (c) gross negligence or wilful misconduct; (d) any liability that cannot be excluded under consumer-protection legislation in your jurisdiction. Where a limitation in this clause conflicts with a non-excludable consumer right, the limitation is read down to the minimum extent necessary to preserve that right.

Governing Law and Forum

These Terms are governed by the laws of Queensland, Australia. The courts of Queensland, Australia are the primary forum for disputes arising out of or in connection with these Terms.

Consumer-jurisdiction savers

If you are a consumer resident in the European Union, nothing in this clause deprives you of the protection of mandatory provisions of the law of your country of residence (Regulation (EC) No 593/2008 (Rome I), Art 6(2)), and you may bring proceedings against us in the courts of your Member State of domicile and may be sued by us only in those courts (Regulation (EU) No 1215/2012 (Brussels I-bis), Arts 17 to 19). If you are a consumer resident in the United Kingdom, the equivalent retained-law position applies. If you are a consumer resident in Australia, nothing limits your right to bring proceedings in the court for the area in which you reside. The mediation preference described below does not apply to small claims or to urgent injunctive relief.

Cross-border Data Transfers

ALTER operates from Australia. Where your personal data is transferred from the European Economic Area, the United Kingdom, or another jurisdiction with adequacy or transfer requirements, we rely on the transfer mechanisms set out in our Privacy Policy.
  • EEA to AustraliaThe European Commission Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, Module 2, as applicable) are incorporated into the processing arrangement by reference
  • UK to AustraliaThe UK International Data Transfer Addendum to the EU SCCs, issued by the Information Commissioner's Office under s 119A of the Data Protection Act 2018, is incorporated by reference
  • Other transfersWe rely on your explicit consent to the transfer or another lawful mechanism identified in the Privacy Policy

Transfer impact assessment

Where a transfer relies on SCCs or an equivalent, we maintain a transfer impact assessment that addresses the considerations set out in Schrems II (CJEU C-311/18). The full mechanism description and the current assessment live in the Privacy Policy. Changes to the underlying SCC or IDTA text are incorporated automatically when the issuing authority updates them.

Changes, Termination, and Contact

These Terms may change. Change is a contract event, not a product event, and is treated accordingly.
  • Material changes (including any change to the query-pricing schedule, the Identity Income split, or the surfaces these Terms cover) are notified at least 30 days in advance by email and by notice within the Service before the change takes effect. Non-material changes (clarifications, typographical corrections) may be made by updating the "Last Updated" date without advance notice
  • Right to reject by closing: for any material change, you may reject the change by closing your account before the change takes effect. Any Identity Income earnings already owed to you at closure remain payable to you
  • Continued use after the notice period constitutes acceptance of the material change
  • You may close your account at any time under §3. We may suspend or terminate your account for material breach of these Terms (14-day cure period where the breach is curable), for fraudulent or harmful conduct (immediate suspension permitted), or where legally required
  • On termination, your data is held for 30 days (deactivated but exportable by you on request) and then permanently erased, subject to the audit retention described in the Privacy Policy

Age gate and contact

You must be at least 18 to open an account. We do not knowingly collect or process the personal information of any person under 18.

Contact

Postal address available on written request to legal@truealter.com.