The Shop is the consumer-facing surface of Heista, providing individual creative tools ("Heists") as separate subscriptions with a complete user interface. The Service includes, but is not limited to:

• Heists: Individual AI-powered creative tools available as separate subscriptions, covering jobs such as ad decoding, script generation, image creation, creator briefs, brand intelligence, competitive analysis, and visual production.
• Decoded Library: A continuously expanding catalogue of decoded ads with structural analysis, browseable by all users.
• Creative Strategy (Power Sources): Brand intelligence layer that extracts positioning, voice, audience, and competitive context from your website and loads it into every Heist output.
• PatternMap: Proprietary decoding engine that analyses winning ads into structural intelligence including hooks, beats, psychology, and visual grammar.
• Ad Intelligence: Meta (Facebook/Instagram) advertising account integration that decodes your running ads, compares them against category benchmarks, and generates strategic briefs.
• Creative Director: AI-powered strategic assistant with access to your decoded library, brand intelligence, and creative tools.

Heista provides a public API for programmatic access to creative intelligence capabilities. The API exposes atomic endpoints (such as Decode, Brand Find, and others as they become available) that developers can compose into custom workflows and integrate into their own products and services.

• API access requires an API key issued through the Heista API Console.
• API usage is billed through prepaid API credits, which are separate from Shop subscription credits.
• The API is subject to rate limits, usage caps, and availability constraints as described in the API documentation and these Terms.
• API documentation, endpoint specifications, and pricing are available through the API Console at heista.co/api-console.

Heista capabilities may be made available as skills, plugins, or integrations within third-party AI platforms (such as Claude, ChatGPT, or other AI surfaces). Skills are free to install from their respective marketplaces. Usage of Skills consumes credits from your Heista account.

• Using a Skill requires authentication with your Heista account. First-time use will prompt you to create an account or sign in via your browser.
• Skills are subject to both these Terms and the terms of the third-party platform through which the Skill is accessed.
• Skill functionality may differ from the Shop experience depending on the capabilities of the host platform.

Heista is a competitive intelligence and strategic analysis platform. It provides research-derived structural frameworks ("Heists") based on independent analysis of publicly available communication patterns. Heista does not sell, host, or redistribute original copyrighted creative assets. The Service provides functional logic and structural templates derived from our proprietary analysis.

The Service provides strategic intelligence tools and AI-generated content frameworks across all surfaces (Shop, API, and Skills). It does not constitute and should not be relied upon as legal advice, financial advice, marketing compliance advice, medical or health claims guidance, or any other form of professional service. Outputs may be used in regulated contexts (including health, finance, and advertising), and you are solely responsible for ensuring that any content you publish complies with applicable laws, regulations, industry codes, and advertising standards in your jurisdiction. Where professional advice is required, you should consult an appropriately qualified professional.

To access certain features of the Service, you must register for an account. You agree to:

• Provide accurate, current, and complete information during registration.
• Maintain and promptly update your account information.
• Maintain the security and confidentiality of your password and account credentials.
• Accept responsibility for all activities that occur under your account.
• Notify us immediately of any unauthorised use of your account.

Heista supports individual operator accounts and, where applicable, agency or team accounts. Agency accounts may manage multiple Power Sources and client workspaces under a single billing relationship. Your account may be used to access the Service through the Shop interface, the API, and/or third-party Skills. The account holder is responsible for all activity conducted under their account, including by any team members or sub-users granted access, and including all activity conducted using API keys issued to the account.

You must be at least 18 years of age to use the Service. By creating an account, you represent and warrant that you meet this age requirement and have the legal capacity to enter into these Terms.

If you use the Heista API, you are responsible for maintaining the security of your API keys. You agree to:

• Keep your API keys confidential and not share them with unauthorised third parties.
• Not embed API keys in client-side code, public repositories, or any publicly accessible location.
• Revoke any API key immediately if you believe it has been compromised, through the API Console.
• Accept responsibility for all activity conducted using your API keys, whether or not authorised by you.

Heista stores API keys as one-way cryptographic hashes. The full key is displayed once at creation and cannot be recovered. You are responsible for storing your key securely.

You acknowledge that the frameworks in the Heist Library are the result of independent signal-mapping and the reverse-engineering of publicly available data. Heista conducts proprietary research and algorithmic analysis; it does not distribute or authorise access to third-party copyrighted works.

Heista is not affiliated with, endorsed by, or sponsored by any creators, brands, or entities referenced in the Heist Library or Scan Intelligence outputs. Their public success is our research subject; their observable patterns are our data inputs. References to specific individuals or brands are made in good faith solely for the purpose of identifying the source of the analysed patterns. No suggestion of endorsement or commercial association is intended.

You agree to use Heisted frameworks to generate original, transformative content that belongs to your brand. You provide the brand variables; we provide the extracted structural framework. You are solely responsible for ensuring your final published output does not infringe on any third-party rights in your specific jurisdiction.

Your acceptance of the Operator Protocol is logged with a timestamp, operator ID, and associated metadata. This record constitutes evidence of your agreement and is maintained for compliance, verification, and legal defence purposes.

You retain full ownership of any content, brand data, or materials you provide to the Service ("Inputs"). By uploading or submitting Inputs, you represent and warrant that:

• You own all necessary rights, or have obtained explicit permission from the relevant rights holder, to perform structural analysis and generate derivative works from your Inputs.
• Your Inputs do not include third-party confidential, proprietary, or non-public materials for which you lack authorisation.
• Where you provide URLs from third-party platforms (including TikTok, Instagram, YouTube, Facebook, and others), you have complied with the applicable terms of service of those platforms in obtaining or referencing such content.

You grant Heista a limited, non-exclusive licence to process your Inputs solely for the purpose of delivering the Service (generating outputs, building Power Sources, and running Heists). We do not use your Inputs to train our proprietary models or share them with other users unless you explicitly opt in to aggregated, anonymised data sharing. Your Inputs may be processed by third-party AI sub-processors as described in our Privacy Policy.

The Service, including its original code, design, features, Heist Library frameworks, PatternMap visualisations, API endpoint designs, response schemas, documentation, and all associated materials, is owned by Mighty Lucky Ventures Pty Ltd and protected by applicable intellectual property laws. You may not reproduce, distribute, modify, or create derivative works of our platform, proprietary frameworks, or API infrastructure without express written permission.

Content generated by the Service ("Outputs"), whether through the Shop, API, or Skills, is provided to you for your use. You are responsible for reviewing, editing, and ensuring the accuracy, originality, and legal compliance of all Outputs before publication or commercial use. Heista does not guarantee that Outputs will be free of similarities to existing market content.

Heista provides a platform for the analysis and reverse-engineering of public communication patterns, marketing frameworks, and strategic structures. Our Heist cards and frameworks are the result of independent research and algorithmic analysis of publicly available data.

We do not sell, host, or redistribute original copyrighted creative assets such as videos, scripts, or images. We aim to provide functional logic and structural templates derived from our analysis. To the extent permitted by applicable law, we believe these functional elements represent unprotectable ideas, methods, and processes rather than copyrightable expression. However, the legal treatment of such analysis may vary across jurisdictions, and we do not make any absolute legal determination regarding copyright status.

Heista is designed to extract underlying logic, psychological frameworks, and structural patterns from publicly available content, rather than copying or reproducing the protected expression (video, audio, or specific text) of any creator. All scripts and content generated by the "Run Heist" function are intended to be original works created by the combination of our analysed logic models and specific user-provided brand inputs. Notwithstanding, you acknowledge that copyright law varies by jurisdiction, and you bear responsibility for ensuring your use of any Output complies with applicable laws.

Any product names, logos, brands, or other trademarks featured or referred to within the Heista platform are the property of their respective trademark holders. These trademark holders are not affiliated with Heista, our products, or our website. They do not sponsor or endorse Heista or any of our services.

We reference these names in good faith solely for the purpose of identifying the source of the strategic patterns we have analysed. We use only so much of the name as is reasonably necessary for identification and do not use third-party logos or branding where avoidable. We aim to operate within applicable trademark law defences, including good faith descriptive use under the Trade Marks Act 1995 (Cth) (Australia) and equivalent provisions in other jurisdictions.

In order to perform our strategic analysis, Heista may conduct intermediate processing of publicly available content, including transcriptions and structural scans. This processing is conducted for the purpose of extracting functional elements and strategic logic. We may retain limited copies of processed content for as long as reasonably necessary to provide the Service, prevent abuse, comply with legal obligations, or resolve disputes. Specific retention periods are described in our Privacy Policy. We do not maintain permanent public-facing archives of original third-party copyrighted content.

When you submit content for decoding through any surface (Shop, API, or Skills), the resulting structural intelligence becomes part of the Heista Decoded Library. This intelligence includes PatternMap analysis, beat structures, psychological classifications, format classifications, and ad formula data. It is derived from publicly available content and does not contain your proprietary brand data, API key information, or account details.

The Decoded Library is a shared intelligence resource. Decoded structural patterns may be made available to other Heista users through the Library, Intelligence features, or future API endpoints. You do not retain exclusive rights to decoded intelligence derived from publicly available content.

Your proprietary data (Power Sources, brand inputs, generated scripts, custom frameworks, and account data) is never shared with other users and remains exclusively associated with your account.

You may use outputs generated through the Heista API in products, services, and applications you build. You may incorporate API outputs into your own offerings that add value beyond the raw output. We encourage developers to build on the Heista API.

• Attribution to Heista is not required but is appreciated.
• You may not use Heista's name, logo, or branding to imply that your product is Heista, is part of Heista, or is officially endorsed by Heista without our prior written permission.
• Products, services, and applications you build using the Heista API are your property. The Heista API itself, including its infrastructure, intelligence layer, and documentation, remains ours.

When using the API or Skills, you additionally agree not to:

• Use Heista's name, logo, or branding in any way that implies your product is Heista, is part of Heista, or is officially endorsed by Heista, without our prior written permission.
• Share API keys with third parties or embed them in publicly accessible code, repositories, or client-side applications.
• Circumvent or attempt to circumvent rate limits, authentication mechanisms, or billing systems.
• Use automated means to systematically download, scrape, or cache API responses beyond what is reasonably necessary for your application's normal operation.

For clarity: we encourage developers to build products and services on the Heista API, including products that may overlap with Heista's own features. You pay for credits, and you may use them in whatever way serves your business, subject to the restrictions above.

You acknowledge that Heista provides competitive intelligence tools across multiple surfaces. You are an independent operator and are solely responsible for:

• The legality and appropriateness of all Inputs you provide to the Service, whether through the Shop, API, or Skills.
• Reviewing and editing all Outputs before publication or commercial use.
• Ensuring your final published content does not infringe on any third-party trademarks, copyrights, or rights of publicity in your specific jurisdiction.
• Compliance with all applicable laws, regulations, advertising standards, and platform-specific terms of service where you publish content.
• Ensuring that any claims made in published content (including health, financial, or performance claims) are substantiated and compliant with applicable consumer protection laws.
• The legality and appropriateness of any products, services, or applications you build using the Heista API.

To the extent permitted by applicable law, you agree to indemnify, defend, and hold harmless Mighty Lucky Ventures Pty Ltd (trading as Heista), its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from or related to:

• Your use of the Service or any Outputs generated through the Service, whether via the Shop, API, or Skills.
• Your breach of these Terms or the Operator Protocol.
• Your violation of any applicable law or third-party right.
• Any claim that your published content infringes upon the intellectual property or other rights of a third party.
• Any claim arising from products, services, or applications you build using the Heista API.

This indemnification obligation does not apply to the extent that a claim arises from our negligence, wilful misconduct, or breach of a non-excludable statutory guarantee.

We respect the intellectual property rights of others. If you believe that any content, framework, or output available through the Service infringes your intellectual property rights, please submit a written notice to support@heista.co containing:

• Your full name and contact information (or the name and contact information of the rights holder you represent).
• A description of the copyrighted work, trademark, or other intellectual property you claim has been infringed.
• A description of the material on our platform that you believe is infringing, with sufficient detail for us to locate it.
• A statement that you have a good faith belief that the use of the material is not authorised by the rights holder, its agent, or the law.
• A statement, made under penalty of perjury (where applicable), that the information in your notice is accurate and that you are the rights holder or authorised to act on behalf of the rights holder.
• Your physical or electronic signature (or that of the authorised agent).

Upon receipt of a valid IP complaint, we will:

• Acknowledge receipt within 5 business days.
• Investigate the claim in good faith.
• Where appropriate, disable access to or remove the allegedly infringing material.
• Notify the affected user of the complaint and any action taken.

If you believe that material was removed or disabled as a result of a mistake or misidentification, you may submit a counter-notice to support@heista.co explaining why you believe the material is not infringing and requesting restoration. We will evaluate counter-notices in good faith and, where appropriate, restore access.

We maintain a policy of terminating the accounts of users who are repeat infringers of third-party intellectual property rights. Users who receive multiple valid IP complaints may have their accounts suspended or permanently terminated at our discretion.

The Shop is offered through individual Heist subscriptions, pre-designed Stacks (bundles of Heists), build-your-own bundles, and a Full Shop subscription. Each Heist is a separate subscription with its own pricing tier based on complexity. Current Heists, Stacks, pricing, and included Credits are displayed on the Heista shop page and may be updated from time to time. Heists may be added to or removed from your account at any time.

The Heista Shop and Skills operate on a usage-based currency called Credits. Every generative action within the platform consumes Credits. Key provisions:

• Subscription Credits reset at the beginning of each billing cycle and do not roll over to the next cycle.
• Credit Packs (one-time purchases) provide additional Credits that do not expire for as long as your account remains active.
• Different actions consume different amounts of Credits (e.g., Video Scans and Architect builds consume more than standard text generation).
• Credits consumed through Skills are drawn from the same balance as Shop Credits. The same consumption rates apply regardless of surface.
• Upon account deletion or termination for cause, all unused Credits (including both subscription allocations and purchased Credit Packs) are forfeited and are non-refundable except as required by applicable law.

The Heista API operates on a separate prepaid credit system, denominated in cents. API Credits are distinct from in-app Credits. Key provisions:

• API Credits are purchased as one-time credit packs through the API Console or Stripe checkout.
• API Credits do not expire for as long as your account remains active.
• Pricing for each API endpoint is displayed in the API Console and API documentation. We reserve the right to adjust API pricing; changes apply to future usage only.
• API Credits must be purchased before use. No free credits are granted.
• If you enable auto-recharge, we may charge your saved payment method when your API balance falls below a threshold you specify.
• Upon account deletion or termination for cause, unused API Credits are forfeited, subject to the Service Discontinuation provisions in Section 12A.

Subscription fees for each Heist or bundle are billed in advance on a recurring monthly basis. API Credits are billed as one-time purchases at the time of purchase. You agree to pay all fees associated with your active Heist subscriptions, Credit Pack purchases, and API Credit purchases.

Subscription fees are generally non-refundable except as required by applicable law, including the Australian Consumer Law. Unused Credits from subscription allocations are not refundable. Credit Pack purchases are non-refundable once consumed. API Credit refunds are provided at our sole discretion on a case-by-case basis. If you are unsatisfied with the Service, you may cancel your subscription at any time; cancellation takes effect at the end of the current billing period.

We reserve the right to change our pricing with at least 30 days' written notice. Price changes will take effect at the start of your next billing cycle following the notice period. API pricing changes apply to future usage only and do not affect your existing credit balance. Continued use of the Service after a price change constitutes acceptance of the new pricing.

All fees are exclusive of applicable taxes (including GST). You are responsible for any taxes associated with your use of the Service, unless otherwise stated.

The Ads Intelligence module allows you to connect your Meta advertising account(s) to Heista. By connecting your Meta account, you:

• Authorise Heista to access your ad account data, including campaigns, ad sets, ads, creatives, and performance insights, via the Meta Marketing API.
• Acknowledge that your use of the Meta integration is subject to both these Terms and the Meta Platform Terms.
• Agree that you have the authority to grant access to the ad accounts you connect (you are an admin or advertiser on those accounts).
• Understand that Heista uses this data to decode your ad creatives, compare performance against category benchmarks in your Heist Library, and generate strategic recommendations.

You may disconnect your Meta account at any time by:

• Removing the connection from your Heista account settings.
• Removing the Heista app from your Facebook Settings > Business Integrations.

Upon disconnection, we will delete your stored Meta platform data within 30 days, including access tokens, ad account data, and cached creatives. Any decoded frameworks or briefs generated from your ads will be retained in your account as Heista-generated intelligence (they do not contain raw Meta platform data).

We comply with all applicable Meta Platform Terms and Developer Policies, including:

• We do not sell, license, or transfer Meta platform data to any third party.
• We do not use Meta platform data for purposes unrelated to the Service you have authorised.
• We do not use Meta platform data to build or augment user profiles for advertising or data brokerage.
• We honour all data deletion callbacks from Meta when users remove our app from their Facebook settings.

When you submit URLs for decoding through the Shop or API, you are solely responsible for ensuring your access to that content complies with the relevant platform's terms of service. When using Skills within third-party AI platforms, you must also comply with that platform's terms of service.

Heista is not responsible for your violations of third-party platform terms. The availability of decoded content depends on the continued public availability of the source material, which we do not control.

Heista Skills available through third-party AI marketplaces (such as Claude or ChatGPT) are subject to both these Terms and the terms of the respective marketplace. The authentication flow for Skills involves a browser redirect to Heista for account creation or sign-in. Third-party platforms may have their own data practices separate from ours, which are governed by their own privacy policies.

The Service depends on third-party data providers, AI model providers, and infrastructure services to deliver its capabilities. The availability of specific features depends on continued access to these upstream services. We are not liable for disruptions, changes, or restrictions imposed by upstream providers that affect the Service's availability or functionality.

The Service, including the Shop, API, and Skills, is provided without uptime guarantees unless separately agreed in writing. We strive to maintain high availability but do not guarantee uninterrupted access to any part of the Service.

API endpoints may be modified, deprecated, or removed. We will provide reasonable notice where practicable but are not obligated to maintain backward compatibility. Features and capabilities available through the Shop may change as Heists are added, modified, or retired. Skills availability depends on third-party marketplace policies, which we do not control.

External data sources (including ad libraries and social media platforms) may change or restrict access at any time, affecting the availability and accuracy of decoded intelligence. We are not responsible for lost business, revenue, or data arising from service interruptions, API changes, or third-party platform restrictions.

The Service, including the Shop, API, and Skills, is provided on an "AS IS" and "AS AVAILABLE" basis. To the maximum extent permitted by applicable law, we disclaim all warranties, whether express, implied, or statutory, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement.

Heista provides structural frameworks and strategic intelligence tools. We do not guarantee that use of the Service will result in viral content, increased sales, audience growth, or any other specific commercial outcome. Past performance of analysed content is not a guarantee of future results. This applies equally to outputs generated through the Shop, API, and Skills.

AI-generated Outputs, whether delivered through the Shop, API, or Skills, are provided for your consideration and editing. We do not guarantee the accuracy, completeness, originality, or legal compliance of any Output. You retain full editorial responsibility for all content you publish. API response schemas and data structures may change over time.

Heista analyses publicly available content created by third parties. We make no representations or warranties regarding the accuracy of our analysis, the continued public availability of analysed content, or the legal status of any third-party material.

Decoded intelligence is based on analysis of publicly available content at a point in time. We do not guarantee the accuracy, completeness, or continued relevance of decoded data. API rate limits, pricing, and endpoint specifications may change. Skills depend on third-party AI platforms we do not control, and their functionality may differ from the Shop experience. We do not guarantee compatibility with all AI platforms or continuous availability of Skills.

Nothing in these Terms is intended to exclude, restrict, or modify any consumer guarantees, rights, or remedies that cannot be excluded under the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) or any other applicable law that cannot be excluded by agreement. To the extent that our liability cannot be excluded, our liability is limited to, at our election: re-supply of the services, or payment of the cost of having the services re-supplied.

You may cancel your subscription and terminate your account at any time through your account settings or by contacting us at support@heista.co. Cancellation takes effect at the end of your current billing period. You will retain access to the Service until the end of the paid period.

We may suspend or restrict your access to the Service where we reasonably believe you have breached these Terms or the Operator Protocol, or where your conduct is harmful to other users, to us, or to third parties. Where practicable, we will:

• Provide you with written notice of the alleged breach.
• Give you a reasonable opportunity (not less than 7 days) to remedy the breach, where the breach is capable of remedy.

If the breach is not remedied within the cure period, or if the breach is not capable of remedy, we may terminate your account.

Immediate suspension or termination without notice: We reserve the right to immediately suspend or terminate your account without prior notice in cases of suspected fraud, illegal activity, serious abuse of the Service, or activity that poses an imminent risk to the security or integrity of the platform or its users. In such cases, we will provide written reasons for the termination as soon as reasonably practicable.

API keys may be individually revoked by us if we detect misuse, without necessarily affecting your Shop access. API access may be suspended separately from Shop access if API-specific terms are violated (such as rate limit circumvention or key sharing). Upon any account termination, all API keys are immediately and automatically revoked.

Upon termination:

• Your right to access and use the Service ceases immediately (or at the end of your billing period, for voluntary cancellation).
• All API keys are immediately revoked.
• Your Vault data and Power Sources will be retained for 30 days following termination, after which they may be permanently deleted. You may request an export of your data during this period.
• All unused in-app Credits (both subscription allocations and purchased Credit Packs) are forfeited upon account deletion, except as required by applicable law.
• All unused API Credits are forfeited upon account deletion, subject to the Service Discontinuation provisions in Section 12A and except as required by applicable law.
• Decoded intelligence that has been incorporated into the Decoded Library is not deleted, as it constitutes independently derived analysis of publicly available content.
• Provisions of these Terms that by their nature should survive termination (including Sections 6, 8, 9, 13, 14, and 17) shall survive.

Removal of Skills from third-party marketplaces does not entitle you to a refund of credits. Skills access depends on both your Heista account status and the policies of the third-party platform. If your Heista account is terminated, all Skills will cease to function.

These Terms shall be governed by and construed in accordance with the laws of the State of South Australia and the Commonwealth of Australia, without regard to conflict of law principles.

In the event of any dispute arising out of or in connection with these Terms, the parties agree to first attempt to resolve the dispute through good faith negotiation. If the dispute cannot be resolved through negotiation within 30 days, either party may submit the dispute to mediation administered by the Resolution Institute (Australia). If mediation is unsuccessful, either party may pursue resolution through the courts of South Australia.

You submit to the non-exclusive jurisdiction of the courts of South Australia for any dispute arising under these Terms. Nothing in this clause limits the right of any party to seek interim or injunctive relief in any court of competent jurisdiction, or limits any non-excludable rights available to consumers under applicable law, including the right to bring proceedings in any jurisdiction permitted by law.

These Terms, together with the Operator Protocol (Shadow Protocols), our Privacy Policy, and any applicable API documentation or Skills documentation referenced herein, constitute the entire agreement between you and Heista regarding your use of the Service and supersede all prior agreements, negotiations, and communications.

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

Our failure to exercise or enforce any right or provision of these Terms shall not constitute a waiver of that right or provision. Any waiver must be in writing and signed by an authorised representative of Heista.

You may not assign or transfer these Terms or your rights under them without our prior written consent. We may assign our rights and obligations under these Terms without restriction, including in connection with a merger, acquisition, or sale of assets, provided the assignee agrees to be bound by these Terms.

Heista shall not be liable for any failure or delay in performance due to circumstances beyond our reasonable control, including but not limited to natural disasters, war, terrorism, pandemic, government actions, power failures, internet disruptions, or third-party service outages.

All notices to Heista must be sent to support@heista.co or to our registered business address. We may provide notices to you via the email address associated with your account or through in-platform notifications.