Loading SpecStep…

Terms of Service

Last updated: 2026-05-16

These Terms of Service ("Terms") govern your access to and use of SpecStep ("the Service"), operated at specstep.com. SpecStep is owned and operated by No Compromise AI, a Delaware corporation (www.nocompromise.ai) ("we", "us", "our"). By creating an account or using the Service, you agree to these Terms and to our Privacy Policy. If you do not agree, do not use the Service.

1. Plain-language summary

This summary is a non-binding overview. The full terms below control.

  • You can use SpecStep to generate documentation packages for your software projects.
  • You retain all rights to the packages you generate. We do not claim ownership of your inputs or outputs.
  • Don't use SpecStep to generate content that's illegal, harmful, infringes someone else's rights, or attacks the Service itself.
  • The Service is provided "as is." Generated packages are starting points, not legal or compliance guarantees.
  • The Free tier has monthly usage caps. The paid Pro tier has higher caps and access to richer review profiles.
  • You can connect external storage (OneDrive, SharePoint, Google Drive), authorize third-party tools via MCP OAuth, use your own LLM API keys, and push output to source-control repositories. When you use these integrations you take on responsibility for your credentials, your connected accounts, and any costs those providers charge you.
  • You can export your data at any time and delete your account at any time. Deletion is processed within 24 hours; a default 30-day soft-delete window applies (configurable in Settings).

2. Eligibility

You must be at least 16 years old to use the Service. If you are using the Service on behalf of a company or other legal entity, you represent that you have authority to bind that entity to these Terms. One human or machine identity per account; do not share credentials.

3. Accounts

Sign-in is delegated to a third-party identity provider (Google, GitHub, or Microsoft). You are responsible for maintaining the security of the underlying provider account. Notify us at hello@specstep.com if you suspect unauthorized access. We may disable accounts engaged in abuse, fraud, or violations of these Terms; affected users are notified at the email on file.

You may also generate API keys and MCP OAuth tokens that grant access to the Service on your behalf. You are responsible for the security of those credentials. Any action taken by a third-party tool or integration using credentials you issued is deemed to be your action. Revoke compromised credentials immediately via Settings → API Keys or Settings → Connected Apps. We are not liable for unauthorized use of credentials you have not revoked.

4. Acceptable use

You agree not to:

  • Use the Service to generate content that is unlawful, defamatory, harassing, obscene, infringing, or that depicts the sexual abuse of minors.
  • Generate content intended to facilitate harm to people, property, infrastructure, or animals.
  • Attempt to reverse-engineer the Service, bypass quotas, scrape rate-limited endpoints, or interfere with other users' access.
  • Submit content for which you do not hold the necessary rights, or that violates the rights of others (intellectual property, privacy, publicity).
  • Submit personal information about identifiable third parties without lawful basis to do so.
  • Use the Service to develop a competing product, train an LLM on our outputs, or systematically extract our prompts, rubrics, or templates.
  • Use the Service in connection with high-risk activities where failure could cause death, personal injury, or severe environmental damage (e.g., life-support, nuclear facilities, critical infrastructure control).

5. Your content and our content

5.1 Your content

"Your Content" means everything you submit to the Service: interview answers, reference documents, source-control configuration, role assignments, external connector authorizations and the file contents transiently accessed through them, outbound webhook endpoint URLs, bug reports, and any other data or content you provide. You retain all rights to Your Content. You grant us a worldwide, non-exclusive, royalty-free license to host, store, process, transmit, and display Your Content solely for the purpose of operating the Service for you, including: (a) transiently reading file contents from external storage you authorize to fulfill a generation request; (b) committing Generated Output files to source-control repositories you configure; (c) dispatching webhook payloads to endpoint URLs you configure; and (d) using bug reports you submit for internal triage and quality-improvement purposes. We do not use Your Content to train LLMs.

5.2 Generated packages

The documentation packages produced by the Service ("Generated Output") belong to you. We do not claim ownership of Generated Output. You are responsible for reviewing Generated Output before relying on it. Generated Output is produced in part by large language models, which may produce inaccurate, biased, or incomplete results.

5.3 Our IP

The SpecStep platform, the Web UI, the REST API, the MCP server, the agent prompts, the rubrics, the templates, and the brand are our intellectual property. You receive a non-exclusive, non-transferable right to use the Service per these Terms. Nothing in these Terms grants you any other rights in our intellectual property.

5.5 AI-Generated Output: Limitations, Customer Validation Duty, and No Warranty of Fitness

5.5.1 Nature of Generated Output. The documentation packages, specifications, architectural decision records, runbooks, and other artifacts produced by the Service ("Generated Output") are created in whole or in part by large language model ("LLM") software operated by third-party providers (currently Anthropic and OpenAI). LLMs are probabilistic systems: they can and do produce outputs that are inaccurate, incomplete, internally inconsistent, or that omit, misstate, or contradict requirements you provided during the intake interview. This behavior is inherent to LLM technology and is not a defect in the Service.

5.5.2 No Warranty of Correctness or Fitness. SpecStep does not warrant, represent, or guarantee that any Generated Output is (a) correct, accurate, or free of errors; (b) complete or that it captures all requirements you described; (c) consistent across its component documents; (d) technically sound or architecturally appropriate for your project; (e) fit for use as a specification, design document, or implementation blueprint; or (f) capable, if followed, of producing a working, secure, reliable, or commercially viable software product.

5.5.3 Customer's Independent Validation Duty. Before using any Generated Output as the basis for engineering, architectural, product, security, legal, compliance, or any other decisions, you must independently review and validate the output for correctness, completeness, consistency, and suitability for your intended use. SpecStep is a productivity tool, not a professional services provider. Any decision you make based on Generated Output — including decisions to build, launch, invest in, or ship a product — is made at your sole risk.

5.5.4 No Responsibility for End Results. SpecStep is not responsible for, and expressly disclaims all liability for: (a) defects, failures, security vulnerabilities, or deficiencies in any product, system, or service you build using Generated Output as an input; (b) costs or losses incurred because a product built from Generated Output does not function as intended or expected; (c) any requirement, constraint, or consideration that was omitted from or incorrectly represented in Generated Output; or (d) any harm to you, your users, your customers, or any third party arising from your reliance on Generated Output without independent validation.

5.5.5 Hallucination and Factual Error Risk. LLMs can generate plausible-sounding but factually incorrect information, fabricated citations, invented technical standards, or recommendations that conflict with established engineering practice. You must not assume that any technical claim, library recommendation, API specification, version number, or factual assertion in Generated Output is accurate without independent verification.

6. Subscription and billing

Automatic renewal notice (California Bus. & Prof. Code §17601 et seq.). Your paid subscription renews automatically at the end of each billing period at the then-current price until you cancel. You may cancel at any time via the Stripe Customer Portal accessible from Settings → Billing; cancellation takes effect at the end of the current billing period. No refunds are issued for the unused portion of a billing period except where required by law.

  • Tiers: SpecStep offers a Free tier and a paid Pro tier. The current tier matrix, including monthly generation caps, concurrent-generation caps, and available review profiles, is available on the Pricing page. Additional tiers may be introduced in the future.
  • Billing: paid subscriptions are billed in advance through Stripe. By starting a paid subscription, you authorize recurring charges on your selected payment method until you cancel.
  • Automatic state changes: your subscription status (active, past due, canceled, downgraded) is updated automatically in response to events reported by Stripe, including payment failure, card expiry, and dispute. You are responsible for monitoring your billing status via the Stripe Customer Portal accessible from Settings → Billing. SpecStep is not liable for loss of access or features resulting from Stripe-initiated state changes.
  • Cancellation: you may cancel at any time via the Stripe Customer Portal. Cancellation takes effect at the end of the current billing period; you retain access until then.
  • Failed payments: if a charge fails, we may downgrade you to the Free tier or suspend the account after a reasonable grace period.
  • No refunds: subscription fees are non-refundable except where required by law. We may, at our discretion, offer credit for service outages.
  • Tax: prices do not include applicable taxes; you are responsible for any taxes that apply in your jurisdiction.
  • Bring-your-own LLM costs: if you configure your own LLM provider API key (Section 8.5.3), you are solely responsible for all costs your key incurs with that provider. SpecStep has no responsibility for your LLM provider billing. See Section 8.5.3.

7. Free tier

The Free tier is provided as a courtesy and may change or be discontinued with reasonable notice. We reserve the right to apply additional rate limits or content restrictions to the Free tier.

8. LLM provider terms

The Service routes Your Content to large language model providers (currently Anthropic and OpenAI) to produce Generated Output. Your use of the Service is also subject to the applicable provider's acceptable use policy. We pass through generation requests; we do not modify Your Content beyond redacting obvious secrets before transmission.

If you configure a bring-your-own API key (Section 8.5.3), Your Content is routed through that key and your use remains subject to the applicable provider's acceptable use policy. You are solely responsible for your account standing with that provider and for any costs your key incurs.

8.5 Third-party integrations and credentials

SpecStep supports integrations that connect the Service to external storage providers, source-control platforms, third-party developer tools, and your own LLM provider accounts. This section governs your use of those integrations.

8.5.1 External Storage Connectors (OneDrive, SharePoint, Google Drive). When you authorize an external storage connector, you grant SpecStep a delegated OAuth credential to access a specific folder within the third-party storage service you designate. SpecStep uses that credential only to read file metadata and transiently read file contents for the purpose of fulfilling generation requests you initiate. SpecStep does not write to, modify, move, or delete files in your external storage, and does not access folders or files outside the scope you authorize.

By authorizing an external storage connector, you represent and warrant that: (a) you have the right to grant SpecStep access to the files and folders you expose; (b) doing so does not violate any agreement with the storage provider or any third party; and (c) any files you expose do not contain data you are prohibited from processing through a third-party service. You are solely responsible for ensuring your use of SpecStep's connector complies with the storage provider's terms of service. SpecStep is not liable for the storage provider's availability, accuracy of data returned, or any provider-side access changes. You may revoke connector access at any time via Settings → Connected Folders.

8.5.2 MCP OAuth (Third-Party Tool Authorization). SpecStep implements an OAuth authorization server that allows third-party developer tools (including but not limited to Codex, Claude Desktop, Cursor, Continue, and Cline) to obtain bearer tokens on your behalf using the Model Context Protocol ("MCP"). A bearer token issued through this flow grants the authorized tool your full account permissions for the duration of the token (currently up to 90 days).

By authorizing a third-party tool via MCP OAuth, you: (a) authorize that tool to act on your behalf with your full account permissions for the token's validity period; (b) accept sole responsibility for all actions taken by that tool while the token is valid, whether or not those actions were intended by you; (c) represent that your use of the tool complies with these Terms and with the tool provider's own terms of service; and (d) agree to revoke the token immediately if you believe it has been compromised, via Settings → Connected Apps. SpecStep is not liable for any action taken by a third-party tool using a token you authorized and have not revoked. SpecStep is not a party to your agreement with the third-party tool provider and assumes no responsibility for the tool's behavior, security posture, or compliance.

Stale-acceptance behavior for API and MCP callers. If your acceptance of these Terms becomes stale (because we publish a new version), API and MCP OAuth callers will receive a structured 403 TOS_REACCEPTANCE_REQUIRED response on authenticated requests until you re-accept the current Terms via the web UI. Programmatic access resumes immediately after re-acceptance; no token re-issuance is required.

8.5.3 Bring-Your-Own LLM API Keys. You may configure your own API key from a supported LLM provider (currently Anthropic or OpenAI) at Settings → Provider Keys. SpecStep encrypts your key at rest and uses it solely to route your generation requests to that provider.

By configuring a bring-your-own API key, you represent and warrant that: (a) you are authorized to use the key under your agreement with the provider; (b) you have read and will comply with the provider's usage policies, including any restrictions on commercial use, content, or throughput; and (c) you accept sole responsibility for all costs your key incurs on the provider's billing surface, including any costs resulting from usage within SpecStep. SpecStep is not responsible for your relationship with your LLM provider, your account standing with that provider, or any charges your provider assesses. You may remove your key at any time via Settings → Provider Keys; removal takes effect immediately for new generation requests.

8.5.4 Source-Control Delivery (GitHub, Azure DevOps, GitLab, Bitbucket). You may configure a target repository to receive generated package files. When a delivery is triggered, SpecStep commits the Generated Output files to the repository branch you designate. SpecStep does not read source code from your repository; it writes only the files it generates.

By configuring source-control delivery, you represent and warrant that: (a) you have write access to the target repository and branch; (b) granting SpecStep write access does not violate your agreement with the source-control provider or any organizational policy governing the repository; and (c) you accept responsibility for the contents committed by SpecStep as Generated Output subject to the terms of Sections 5.2 and 5.5. You are responsible for ensuring the target repository and branch remain available and accessible. SpecStep is not liable for delivery failures caused by provider-side unavailability, repository permission changes, or branch protection rules. SpecStep's write access is limited to the commit path; it does not read repository contents.

8.5.5 Outbound Webhooks. You may configure an HTTPS endpoint URL to receive HMAC-signed event notifications about generation lifecycle events. SpecStep will attempt delivery with retries on failure; after exhausting retries, the event is dropped. Delivery is best-effort and SpecStep does not guarantee that every event will be delivered.

By configuring an outbound webhook, you represent and warrant that: (a) the destination URL is one you are authorized to receive data at; and (b) you are responsible for the security and integrity of the receiving endpoint. SpecStep is not liable for: (i) failure to deliver any event; (ii) consequences arising from dropped events; or (iii) interception or misuse of webhook payloads by any party that gains access to your endpoint. You should validate the HMAC signature on every received payload and reject payloads with invalid signatures.

9. Service level

We aim for high availability but make no formal uptime commitment for any tier. We may perform maintenance with reasonable advance notice and unscheduled emergency maintenance without notice. We are not liable for delays caused by upstream providers (LLM APIs, identity providers, DNS, payment processors, external storage providers, source-control platforms, third-party developer tools).

9.5 Preview Edition

9.5.1 Preview Status. The Service is currently offered in a "Preview" or pre-release edition. This section describes additional limitations that apply during the Preview period. The Preview period ends when SpecStep announces general availability ("GA") via the Service or by email to registered users.

9.5.2 Preview Limitations. During the Preview period, in addition to the general disclaimers in Sections 5.5 and 11:

  • (a) Service availability is not guaranteed. The Service may be unavailable, degraded, or interrupted at any time without notice, including for maintenance, infrastructure changes, or unplanned outages.
  • (b) Features may change without notice. SpecStep reserves the right to add, modify, suspend, or remove any feature, generation profile, agent, output format, or pricing tier at any time without notice during the Preview period.
  • (c) Data may be lost or reset. Interview data, generated packages, account settings, and other stored data may be deleted, reset, or migrated in ways that are incompatible with prior data, at any time during the Preview period. SpecStep has no liability for any such data loss. You should download and retain copies of any Generated Output you wish to preserve.
  • (d) Pricing is not final. Pricing, tier definitions, generation quotas, and subscription terms advertised or applied during the Preview period are provisional and subject to change at GA or at any time during Preview. Paid subscriptions during Preview may be repriced, restructured, or discontinued. We will provide reasonable advance notice of pricing changes to active paid subscribers.
  • (e) No SLA. No service level agreement, uptime commitment, or credit mechanism applies during the Preview period.

9.5.3 Survival of AI-Output Disclaimers. The limitations in 9.5.2 apply in addition to — and do not limit or replace — the permanent disclaimers in Sections 5.5 and 11. Those sections apply in full force both during and after the Preview period and are not limited to or conditioned on Preview status.

9.5.4 Sunset of This Section. This Section 9.5 ceases to apply to new use occurring after the GA announcement date. All terms in all other sections, including the AI-output disclaimers and limitation of liability, remain in full force after GA.

10. Termination and data deletion

You may delete your account at any time by submitting a deletion request via Settings → Delete Account (which calls /v1/users/me/deletion-request). Account deletion is processed within 24 hours of your request. On deletion, SpecStep cascades deletion to your generations, packages, interviews, reference documents, external connector authorizations, API keys, and MCP OAuth tokens.

Your Content is subject to soft-deletion and will be permanently purged from our systems within the retention window configured in your Settings (default: 30 days). You are responsible for setting a retention window appropriate for your use case before requesting deletion. You may export Your Content before deletion using the data export feature at Settings → Export My Data; exports are made available as a signed download link valid for 7 days.

If applicable law grants you the right to access, correct, delete, or port Your Content (including the GDPR, the UK GDPR, the California Consumer Privacy Act, and similar laws), you may exercise those rights via the data export and deletion features described above, or by contacting us at hello@specstep.com.

We will retain an audit record of your deletion request (but not Your Content) for the period required for legal, accounting, and fraud-prevention purposes.

We may suspend or terminate your account if you materially violate these Terms, if your subscription becomes delinquent, if your identity provider revokes our access, or if we are required to do so by law. We will provide notice of suspension or termination to the email address on your account unless we are prohibited from doing so by law or the violation involves fraud, illegal activity, or abuse.

11. Disclaimer of warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, AND UNINTERRUPTED AVAILABILITY. GENERATED OUTPUT IS INFORMATIONAL AND IS NOT LEGAL, FINANCIAL, MEDICAL, SECURITY, OR COMPLIANCE ADVICE. YOU ARE RESPONSIBLE FOR EVALUATING ITS SUITABILITY FOR YOUR PURPOSES.

WITHOUT LIMITING THE FOREGOING, SPECSTEP MAKES NO WARRANTY OF ANY KIND REGARDING THE AVAILABILITY, ACCURACY, OR RELIABILITY OF ANY EXTERNAL STORAGE PROVIDER, SOURCE-CONTROL PLATFORM, LLM PROVIDER, THIRD-PARTY DEVELOPER TOOL, OR OTHER THIRD-PARTY SERVICE ACCESSIBLE THROUGH OR IN CONNECTION WITH THE SERVICE. YOUR USE OF THIRD-PARTY INTEGRATIONS IS AT YOUR SOLE RISK.

12. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL SPECSTEP, ITS AFFILIATES, OFFICERS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUES, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH THE SERVICE OR THESE TERMS, WHETHER BASED ON CONTRACT, TORT, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Our total cumulative liability arising out of or related to these Terms or the Service shall not exceed the greater of (a) the amount you paid us for the Service in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) one hundred US dollars ($100).

13. Indemnification

You agree to defend, indemnify, and hold harmless SpecStep, its affiliates, officers, employees, and agents from and against any claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

  • (i) Your Content;
  • (ii) your use of the Service in violation of these Terms or applicable law;
  • (iii) your infringement of any third-party intellectual property, privacy, or publicity right;
  • (iv) your breach of any representation or warranty you make under Section 8.5 (including unauthorized exposure of files through an external connector, unauthorized use of a third-party tool via MCP OAuth, use of an LLM API key in violation of the provider's terms, or unauthorized source-control delivery); or
  • (v) any action taken by a third-party tool or integration using credentials, tokens, or access you authorized.

14. Governing law and disputes

These Terms are governed by the laws of the State of Texas, USA, without regard to its conflict-of-laws principles. SpecStep is incorporated in the State of Delaware; this governing-law selection reflects our principal place of business and operations and is not altered by the state of incorporation. Any dispute arising out of or relating to these Terms or the Service will be resolved exclusively in the state or federal courts located in Travis County, Texas. You waive any objection to venue in those courts. If you reside in a jurisdiction with mandatory consumer-protection rules that override this clause, those rules apply to the extent required by law.

15. Changes to these Terms

We may update these Terms as the Service evolves. The "Last updated" date at the top of this page reflects the current version. When we publish a material change, we update an internal version stamp; the Service will then prompt you to re-accept the updated Terms on your next authenticated visit. Continued use of the Service after the re-acceptance prompt is shown constitutes acceptance of the updated Terms. We may also notify you of changes by email at the address on your account, at our discretion.

16. Miscellaneous

  • Entire agreement: these Terms together with the Privacy Policy constitute the entire agreement between you and SpecStep regarding the Service, including your use of all integrations described in Section 8.5. No separate integration-specific agreement governs your use of third-party connectors, MCP OAuth, bring-your-own API keys, or webhook features unless expressly agreed in writing.
  • Feedback license: if you provide feedback, suggestions, or bug reports about the Service, you grant us an irrevocable, royalty-free license to use that feedback for any purpose, including incorporating it into the Service, without obligation to you.
  • Severability: if any provision is held unenforceable, the remaining provisions remain in effect.
  • Waiver: our failure to enforce any provision is not a waiver of our right to do so later.
  • Assignment: you may not assign these Terms without our consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.
  • Notices: legal notices to us must be sent to hello@specstep.com. Notices to you may be sent to the email address on your account.

17. Contact

Questions about these Terms: hello@specstep.com. SpecStep is operated by No Compromise AI, a Delaware corporation — learn more at www.nocompromise.ai. Legal notices must be sent to hello@specstep.com and are effective upon receipt.