Terms of Service

ChronoMind, Inc. provides a cloud-based Software-as-a-Service (“SaaS”) AI governance platform designed to assist organizations in documenting, assessing, and managing artificial intelligence systems in accordance with applicable regulatory frameworks including, but not limited to, the NIST AI Risk Management Framework, ISO/IEC 42001, the EU AI Act, GDPR, SOC 2, and the U.S. AI Bill of Rights.

1.1 Platform Services

The Platform provides the following core services:

• AI Use Case Registry: Documentation and cataloging of AI systems deployed within Customer’s organization
• Risk Assessment Engine: Structured risk identification, scoring, and mitigation workflow tools
• Controls Management: Control library mapping to regulatory frameworks with evidence management
• AI Governance Chat: AI-assisted guidance for governance workflows using large language model technology
• Policy Generator: AI-assisted drafting of governance policies and procedures
• Document Analyzer: AI-powered analysis of uploaded governance documentation
• Compliance Checker: Automated gap analysis against selected regulatory frameworks
• Executive Reporting: Board-level and executive dashboard reporting tools
• Audit Log Management: Immutable audit trail for all platform activities

1.2 Service Availability

Company will use commercially reasonable efforts to maintain Platform availability of 99.5% uptime, excluding scheduled maintenance windows communicated at least 48 hours in advance. Company does not guarantee uninterrupted access and shall not be liable for downtime caused by factors outside its reasonable control.

1.3 Updates and Modifications

Company reserves the right to modify, update, or discontinue features of the Platform at any time. Material changes to core functionality will be communicated to Customers with at least 30 days’ notice. Company will not materially reduce the core functionality of a paid subscription tier during an active subscription term without providing a pro-rated refund for the affected period.

2.1 Permitted Uses

Customer may use the Platform solely for its internal business purposes related to AI governance, risk management, and regulatory compliance. Permitted uses include:

• Documenting and managing AI systems within Customer’s organization
• Conducting risk assessments and impact analyses on AI deployments
• Generating governance documentation, policies, and reports for internal use
• Training authorized personnel on AI governance practices using Platform tools
• Exporting data and reports for regulatory submissions and audit purposes
• Integrating Platform APIs with Customer’s internal systems pursuant to applicable API terms

2.2 Prohibited Uses

Customer shall not, and shall ensure its authorized users do not:

• Reverse engineer, decompile, disassemble, or attempt to derive source code from the Platform
• Sublicense, resell, or provide access to the Platform to third parties not authorized under this Agreement
• Use the Platform to develop competing products or services
• Upload content that infringes third-party intellectual property rights or violates applicable law
• Attempt to circumvent security controls, access controls, or rate limiting mechanisms
• Use AI features to generate content intended to deceive regulators or auditors
• Upload personally identifiable information beyond what is necessary for governance documentation purposes
• Use the Platform in connection with activities that violate applicable export control laws
• Conduct automated scraping, crawling, or bulk data extraction beyond authorized API usage

2.3 AI Feature Acceptable Use

When using AI-powered features (Governance Chat, Policy Generator, Document Analyzer, Auto-Assessment, Compliance Checker), Customer acknowledges:

• AI-generated outputs are drafts and recommendations only, requiring human review before use
• Customer is solely responsible for reviewing, validating, and approving all AI-generated content
• AI features shall not be used as a substitute for qualified legal, compliance, or regulatory counsel
• Customer shall not represent AI-generated governance documentation as independently certified or legally validated

3.1 Subscription Tiers

The Platform is offered in the following subscription tiers, each with defined feature access and usage limits as specified in the applicable Order Form or pricing page:

3.2 Payment Terms

All fees are due in advance. Monthly subscriptions are billed on the same calendar date each month. Annual subscriptions are billed annually in advance. All fees are non-refundable except as expressly provided in Section 3.4. Fees are exclusive of applicable taxes, which Customer is responsible for paying.

3.3 Price Changes

Company may adjust subscription pricing with at least 60 days’ written notice prior to the next renewal period. Price changes do not apply to the current subscription term. Customer’s continued use of the Platform after the effective date of a price change constitutes acceptance of the new pricing.

3.4 Refund Policy

Company offers the following refund provisions:

• New Subscriptions: A 14-day money-back guarantee applies to first-time subscriptions at the Starter and Professional tiers. Refund requests must be submitted within 14 days of initial subscription activation.
• Annual Plans: Pro-rated refunds for unused complete months may be issued at Company’s discretion for annual plan cancellations after the 14-day period, subject to a 10% administrative fee.
• Enterprise Plans: Refund terms for Enterprise subscriptions are governed by the applicable Order Form or Master Service Agreement.
• Service Outages: Service credits may be issued for verified downtime exceeding SLA thresholds as specified in the applicable SLA addendum.

3.5 Auto-Renewal

Subscriptions automatically renew at the end of each billing period unless Customer provides written cancellation notice at least 30 days prior to renewal. Cancellation takes effect at the end of the current billing period; Customer retains access through the paid period.

3.6 Overages and Usage Limits

AI feature usage (tokens, API calls, document analyses) is subject to tier-based monthly limits. Overages beyond included limits will be billed at published overage rates or may result in temporary feature throttling, at Company’s discretion. Enterprise customers may negotiate custom usage budgets.

4.1 Customer Data Ownership

Customer retains full ownership of all data, content, and information submitted to or processed by the Platform (“Customer Data”), including AI use case descriptions, risk assessments, governance documents, organizational information, and any other content uploaded by Customer or its authorized users. Company acquires no ownership rights in Customer Data.

4.2 License to Process Customer Data

Customer grants Company a limited, non-exclusive, non-transferable license to process Customer Data solely as necessary to provide the Platform services, fulfill obligations under this Agreement, and comply with applicable law. Company will not use Customer Data for any purpose beyond service delivery without Customer’s express written consent.

4.3 AI Training Prohibition

Company expressly prohibits the use of Customer Data to train, fine-tune, or improve AI models. Documents uploaded for analysis, governance queries, and assessment data are processed in real-time and are not retained by AI service providers (OpenAI, Anthropic) beyond the duration of the API request. Company maintains data processing agreements with all AI service providers that include explicit prohibitions on training data use.

4.4 Data Security

Company implements and maintains commercially reasonable security measures including:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Row-level security (RLS) policies enforcing strict multi-tenant data isolation
• Role-based access control (RBAC) with principle of least privilege
• Multi-factor authentication (MFA/2FA) support for all user accounts
• Immutable audit logging of all data access and modification events
• Regular security assessments and penetration testing
• SOC 2 Type II compliance program (certification in progress)

4.5 Data Export and Portability

Customer may export Customer Data at any time through Platform export tools in standard formats (CSV, JSON, PDF). Company will provide reasonable assistance with data export requests submitted in writing.

4.6 Data Retention Upon Termination

Following termination or expiration of this Agreement, Company will retain Customer Data for 90 days to allow Customer to export data. After the 90-day period, Customer Data will be securely deleted from production systems. Backup copies may persist for up to 180 days before deletion. Customer may request immediate deletion in writing, subject to legal retention obligations.

5.1 Nature of AI Features

The Platform’s AI-powered features (including Governance Chat, Policy Generator, Document Analyzer, Auto-Assessment, and Compliance Checker) utilize large language model technology to assist with governance workflows. These features:

• Generate probabilistic outputs that may contain errors, omissions, or inaccuracies
• Do not have access to real-time regulatory updates unless explicitly stated
• Cannot account for jurisdiction-specific nuances without explicit configuration
• May produce outputs that are inconsistent across sessions due to the stochastic nature of language models
• Are not a substitute for qualified legal counsel, certified compliance professionals, or accredited auditors

5.2 Framework Mapping Limitations

Regulatory framework mappings (NIST AI RMF, ISO/IEC 42001, EU AI Act, GDPR, SOC 2, CCPA, and others) are provided as informational references based on publicly available framework documentation. These mappings are not official interpretations by regulatory bodies, do not constitute certification or audit findings, may not reflect the most current regulatory guidance, and require validation by qualified professionals for use in regulatory submissions.

5.3 Customer Responsibility for AI Outputs

Customer is solely responsible for reviewing, validating, and approving all AI-generated content before use. Customer shall not submit AI-generated governance documentation to regulators, auditors, or third parties without independent professional review. Company shall not be liable for any regulatory action, fine, penalty, or adverse outcome arising from Customer’s reliance on AI-generated outputs.

5.4 AI Provider Dependencies

AI features depend on third-party AI service providers (currently OpenAI and Anthropic). Company does not guarantee the availability, accuracy, or performance of third-party AI services. Company may substitute AI providers at its discretion to maintain service quality and compliance with applicable law.

6.1 Company IP

Company retains all right, title, and interest in and to the Platform, including all software, algorithms, models, interfaces, documentation, and improvements thereto. Nothing in this Agreement transfers any ownership rights in the Platform to Customer.

6.2 Customer IP

Customer retains all right, title, and interest in Customer Data and any governance documentation created by Customer using Platform tools. AI-generated outputs produced in response to Customer inputs are owned by Customer, subject to applicable AI provider terms and applicable law.

6.3 Feedback

If Customer provides feedback, suggestions, or recommendations regarding the Platform, Customer grants Company a perpetual, irrevocable, royalty-free license to use such feedback for any purpose, including improving the Platform, without obligation to Customer.

7.1 Mutual Confidentiality

Each party agrees to maintain the confidentiality of the other party’s non-public information disclosed in connection with this Agreement (“Confidential Information”) using at least the same degree of care used to protect its own confidential information, but no less than reasonable care. Neither party shall disclose Confidential Information to third parties without prior written consent, except as required by law.

7.2 Exclusions

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, regulation, or court order, provided the disclosing party receives prompt written notice.

7.3 Duration

Confidentiality obligations survive termination of this Agreement for a period of five (5) years, except for trade secrets which are protected indefinitely.

8.1 Disclaimer of Warranties

THE PLATFORM IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE PLATFORM WILL MEET CUSTOMER’S SPECIFIC COMPLIANCE REQUIREMENTS. COMPANY DOES NOT WARRANT THAT THE PLATFORM WILL BE ERROR-FREE, UNINTERRUPTED, OR FREE FROM SECURITY VULNERABILITIES.

8.2 Limitation of Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL COMPANY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, LOSS OF BUSINESS OPPORTUNITY, REGULATORY FINES OR PENALTIES, OR COST OF SUBSTITUTE SERVICES, EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.3 Aggregate Liability Cap

COMPANY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY CUSTOMER TO COMPANY IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE THOUSAND U.S. DOLLARS ($1,000). THIS LIMITATION APPLIES REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE.

8.4 Essential Basis

The parties acknowledge that the limitations of liability in this Section reflect a reasonable allocation of risk and are an essential element of the basis of the bargain between the parties. Company would not provide the Platform without these limitations.

9.1 Customer Indemnification

Customer shall indemnify, defend, and hold harmless Company and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to: (a) Customer’s use of the Platform in violation of this Agreement; (b) Customer Data, including any claim that Customer Data infringes third-party rights; (c) Customer’s violation of applicable law; or (d) Customer’s reliance on AI-generated outputs without independent professional review.

9.2 Company Indemnification

Company shall indemnify, defend, and hold harmless Customer from and against third-party claims alleging that the Platform, as provided by Company and used in accordance with this Agreement, infringes any U.S. patent, copyright, trademark, or trade secret. Company’s indemnification obligations do not apply to claims arising from Customer modifications, Customer Data, or use of the Platform in combination with third-party products not authorized by Company.

10.1 Termination for Convenience

Either party may terminate this Agreement for convenience upon 30 days’ written notice. Customer’s access to the Platform will continue through the end of the current paid billing period. No refunds are provided for termination for convenience except as specified in Section 3.4.

10.2 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if the other party: (a) materially breaches this Agreement and fails to cure such breach within 30 days of written notice; (b) becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to bankruptcy proceedings; or (c) violates applicable law in connection with this Agreement.

10.3 Effect of Termination

Upon termination or expiration of this Agreement:

• Customer’s access to the Platform will be suspended at the end of the applicable notice or paid period
• Customer Data will be retained for 90 days to allow export, then securely deleted
• All licenses granted under this Agreement will terminate
• Provisions that by their nature should survive (including Sections 4, 6, 7, 8, 9, 11, and 12) will survive termination
• Customer remains responsible for all fees accrued prior to termination

10.4 Data Access Post-Termination

During the 90-day post-termination retention period, Customer may request read-only access to export Customer Data. Company will provide reasonable assistance with data export at no additional charge. After the retention period, Customer Data cannot be recovered.

11.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.

11.2 Dispute Resolution

The parties agree to attempt to resolve any dispute arising out of or related to this Agreement through good-faith negotiation for a period of 30 days following written notice of the dispute. If the dispute is not resolved through negotiation, the parties agree to submit to binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules.

11.3 Arbitration Terms

Arbitration shall be conducted by a single arbitrator in Wilmington, Delaware, or via remote proceedings by mutual agreement. The arbitrator’s decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction. Each party shall bear its own costs of arbitration, with arbitrator fees shared equally, unless the arbitrator determines otherwise.

11.4 Class Action Waiver

CUSTOMER WAIVES ANY RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION AGAINST COMPANY. ALL DISPUTES MUST BE BROUGHT IN CUSTOMER’S INDIVIDUAL CAPACITY.

11.5 Federal Agency Customers

For U.S. federal agency customers, this Agreement is subject to applicable federal procurement regulations. In the event of conflict between this Agreement and applicable federal law or regulation, federal law or regulation shall govern. Disputes involving federal agencies may be subject to the Contract Disputes Act or other applicable federal dispute resolution mechanisms.

12.1 Entire Agreement

This Agreement, together with any applicable Order Forms, Master Service Agreements, and addenda, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, representations, and understandings.

12.2 Amendments

Company may update these Terms of Service by posting revised terms at this URL with at least 30 days’ notice for material changes. Customer’s continued use of the Platform after the effective date of changes constitutes acceptance. Enterprise customers with active Master Service Agreements are governed by their MSA terms.

12.3 Severability

If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will continue in full force and effect.

12.4 Waiver

No waiver of any provision of this Agreement shall be effective unless in writing. Failure to enforce any provision shall not constitute a waiver of future enforcement rights.

12.5 Assignment

Customer may not assign this Agreement or any rights hereunder without Company’s prior written consent. Company may assign this Agreement in connection with a merger, acquisition, or sale of substantially all of its assets. Any attempted assignment in violation of this section is void.

12.6 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, government actions, internet outages, or third-party service failures, provided the affected party provides prompt written notice and uses reasonable efforts to mitigate the impact.

12.7 Notices

Legal notices under this Agreement must be in writing and delivered to: ChronoMind, Inc., Legal Department, legal@chronomind.ai. Notices are effective upon confirmed email delivery or three business days after mailing by certified mail.

12.8 Contact Information