Terms of service

Last updated: 2026-05-22. Plain English. Read it.

1. What we are

Phantom is an anonymous proxy to TEE-attested AI inference. You pay in Monero. You receive an API key. The key burns down as you spend it. We forward your requests to Phala Confidential AI (Intel TDX + NVIDIA Confidential Computing). We do not store the contents of your prompts or completions.

Phantom is operated by an individual operator, not a registered company. The service is provided as-is, with no contractual relationship beyond these terms.

2. Payment, credit, refunds

• Monero only. Pay the exact amount shown to the address shown, within the validity window.
• Credit is non-refundable. Once your key is issued, the credit balance is locked to that key. We do not store return addresses. We cannot send funds back even if we wanted to.
• Overpayment is not returned. Send the exact amount. Overpayment is treated as a donation to the operator.
• Underpayment expires. If you send less than the requested amount, the payment expires and the funds remain at the subaddress (operator may sweep).
• Key issued exactly once. If you lose the API key after we display it, recovery is impossible by design. We store only the SHA-256 hash.
• Validity windows. Each key expires after the bundle's validity period (small/medium: 90 days, large: 180, whale: 365, custom: 90). Unspent credit at expiry is forfeit.

3. Acceptable use

You may use Phantom for any purpose lawful in your jurisdiction. You may not use it for:

• Generating, soliciting, or distributing sexual content involving minors (CSAM).
• Targeted harassment, stalking, or doxxing of specific individuals.
• Generating content used to commit financial fraud (phishing kits, impersonation of real persons or businesses for fraud).
• Material designed to plan or facilitate violence against specific persons or groups.
• Activity prohibited by U.S. export controls (e.g., weapons of mass destruction, ITAR-controlled defense articles).
• Automated scraping that violates the target site's terms (the inference layer doesn't see this, but you accept legal responsibility).

We do not read prompts. Enforcement is reactive: if a credible report reaches us, we may revoke the offending key. We have no way to refund the remaining balance on a revoked key.

Some models in our catalog are intentionally uncensored (Venice Uncensored 24B). They do not refuse requests on content-policy grounds. You remain responsible for the lawfulness of your use.

4. Privacy commitments

These are the commitments we make in code, not just policy. Inspect the operator-published source if you want to verify.

• No IP logs. Caddy access logs are discarded. Uvicorn access logs are disabled. Rate-limit buckets key off a SHA-256 hash of the API key or client IP, kept in memory only, never persisted.
• No prompt or completion logs. Our database stores token counts only, never request bodies, never response bodies.
• No account. We collect no email, name, phone, billing address, country, or other personal identifier.
• Encrypted database at rest. SQLCipher (AES-256). Passphrase loaded from tmpfs at boot, never written to persistent disk.
• Hashed keys. Plaintext API keys leave our server exactly once at issuance. We store only SHA-256(key).
• Body whitelist. Only a strict set of fields is forwarded to Phala. Identifying fields (user, metadata, etc.) are dropped before forwarding.
• Wallet privacy. Monero addresses are fresh subaddresses, unlinkable on-chain. Our wallet RPC runs on a separate machine reachable only via a Tor hidden service.

Things we do not control:

• Phala's TEE inference receives the cleaned prompt body. Phala's attested binary is open and can be verified per request via /v1/inference-attest.
• Your network path to api.phantom.codes is visible to your ISP unless you use Tor or a trusted VPN.

5. No warranty, limited liability

Service is provided as-is. No uptime guarantee. No availability SLA. No guarantee that any specific model remains in the catalog. Operator may discontinue the service at any time. Any unspent credit at discontinuation is forfeit.

To the extent permitted by law, operator's total liability to you under these terms is capped at the unspent credit balance on your API key at the time of the claim.

6. Changes

These terms may change. Existing keys continue under the terms in effect at issuance for the duration of the validity period. Material changes will be noted on this page with an updated date at the top.

7. Contact

Encrypted contact only. PGP public key published at /pgp.txt (fingerprint 09654A79076956E6042D11946296DEC4E954FC76). Send abuse reports or operational issues encrypted to this key. We don't maintain plaintext support channels because they would create customer-identifying logs.

<< back to home