Privacy & Terms

1. At a glance

This is the short version. The rest of the policy fills in the detail.

• We are a B2B SaaS company. Our customers are organizations; the people we collect personal data about are their employees, contractors, and the prospects who reach out to us through this website.
• We collect only what we need — sign-in identifiers, contact details from the pilot form, security/cost data from your cloud accounts (only what's required to run posture analysis), and operational telemetry. We do not sell personal information.
• Customer data lives on Supabase (PostgreSQL). Row-level security isolates each tenant. Cloud credentials and webhook URLs are AES-256-GCM encrypted at rest. Customer data is never used to train AI models — when AI features are used, the customer brings their own LLM API key.
• You have rights — access, correction, deletion, portability, the right to object, and rights specific to your region (GDPR, UK GDPR, CCPA/CPRA, PIPEDA). See sections 11–14 for how to exercise them.
• Questions? Email support@aivons.com and we respond within five business days.

2. Who we are

AIVONS Systems is the legal entity behind CloudTrust360. For the purposes of this policy:

• Legal name: AIVONS Systems [CONFIRM exact registered name and entity type — e.g., "AIVONS Systems, Inc."]
• Jurisdiction of incorporation: State of Delaware, United States of America
• Registered address: [CONFIRM full registered office street address for legal notices], Delaware, USA
• Trading as: CloudTrust360 — the multi-cloud security, FinOps, and executive trust reporting platform available at console.cloudtrust360.com
• Primary contact: support@aivons.com

For visitors and prospects (people who use this marketing website or submit our pilot form), AIVONS Systems is the data controller. For customers using the CloudTrust360 product, AIVONS Systems acts as a data processor with respect to data the customer routes through the platform — this distinction is set out in our Data Processing Addendum (available on request).

3. Information we collect

From visitors to this website

When you browse cloudtrust360.com, your browser sends standard request metadata. We log a minimum:

• IP address (for security and abuse prevention; truncated where possible)
• User-agent string (browser, OS)
• Referring page
• Pages visited and the time of visit

We do not use third-party advertising trackers, behavioral analytics, or session-replay tools on this site.

From the pilot request form

If you submit a pilot request, we collect what you provide:

• Work email address
• First and last name
• Company name and your role
• Cloud environment focus (AWS, Azure, GCP, multi-cloud)
• Approximate monthly cloud spend range
• Plan interest and any free-text message you include
• Anti-abuse metadata: submission timestamp, IP, user-agent, source page

This information is transmitted via Postmark to support@aivons.com and stored in our customer relationship system for follow-up.

From customers using the CloudTrust360 product

• Account information: name, email, organization, role, authentication identifiers (we support email/password, Google, and Microsoft sign-in).
• Cloud credentials: the AWS IAM role ARNs, Azure service principals, or GCP Workload Identity Federation configurations you connect to the platform. Stored AES-256-GCM encrypted.
• Cloud telemetry derived from your accounts: security findings, cost data, compliance scores, and other read-only signals retrieved from AWS, Azure, and GCP APIs you authorize.
• Product activity: resolutions, dismissals, comments, integration configurations, and other actions captured in the activity log.
• AI feature data: if you enable AI summaries and finding analyses, the input we send to your chosen LLM provider (Anthropic or OpenAI) using your API key. We do not retain LLM outputs beyond the cache duration described in our product documentation.
• Operational telemetry: sync run status, error logs, and feature usage statistics used to diagnose problems and improve the product.

4. How we use information

We use personal data for the following purposes only:

• Provide the service. Authenticate you, render dashboards, run sync pipelines, generate AI summaries, surface findings, compute compliance scores.
• Communicate with you. Respond to pilot requests, support tickets, and security questionnaires. Send service notifications (invoices, sync failures, breaking changes).
• Bill you. Calculate verified savings gainshare and TAU charges as described in your contract and in our pricing pages.
• Secure the platform. Detect and prevent fraud, abuse, and unauthorized access. Investigate incidents.
• Improve the product. Diagnose bugs, prioritize features. Always against aggregated or anonymized data where individual identification is not necessary.
• Comply with law. Respond to lawful requests; preserve records required by contract or statute.

We do not:

• Sell personal information.
• Use customer data to train AI models — ours or anyone else's. When you use AI features, the prompts and responses move between you and your selected LLM provider under their terms, using your API key.
• Share personal information with advertisers or data brokers.
• Use behavioral tracking pixels, fingerprinting, or session-replay tools on this website.

5. Legal bases for processing EEA · UK · CH

If you are in the European Economic Area, the United Kingdom, or Switzerland, GDPR (or its UK equivalent, "UK GDPR") requires us to identify a legal basis for each processing activity. Ours are:

Where our basis is legitimate interest, we have completed a balancing assessment and concluded that the interest does not override your fundamental rights. You can object — see Section 11.

6. How we share information

We share personal data only with:

• Service providers (subprocessors) who help us run the product — hosting, email delivery, payment processing, customer support tooling. See Section 7 for the current list. All subprocessors are bound by written agreements requiring confidentiality, security, and data-protection commitments at least equivalent to ours.
• Cloud providers you authorize. When you connect AWS, Azure, or GCP, we call their APIs on your behalf using credentials you provision. We do not share your data with cloud providers other than those you connect.
• LLM providers you authorize. When you enable AI features, the prompts we send (and responses we receive) move through Anthropic or OpenAI using your API key — they are your processor for that data flow, not ours.
• Legal and regulatory recipients when required by law, court order, or government request — and only to the extent legally compelled.
• Successor entities in the event of a merger, acquisition, or sale of assets. We will notify customers and update this policy before any such transfer takes effect.

We do not sell personal information and we do not share it with third parties for cross-context behavioral advertising as those terms are defined under California law.

7. Subprocessors

The following service providers process personal data on our behalf. We maintain written agreements with each requiring confidentiality, security, and (where applicable) GDPR Article 28 or UK GDPR equivalent compliance.

A current, dated subprocessor list is available on request to support@aivons.com. We notify customers of material changes to our subprocessor list before they take effect, in line with our Data Processing Addendum.

8. Security

Security is a product feature for CloudTrust360 — and that posture extends to how we handle data ourselves. Our current technical and organizational measures include:

• Encryption in transit: TLS 1.2 or higher on all connections to our applications and APIs.
• Encryption at rest: AES-256-GCM for cloud credentials and integration secrets stored in our database. Database storage at the infrastructure layer is also encrypted by Supabase.
• Tenant isolation: PostgreSQL Row-Level Security enforces per-organization access. Backend functions use service-role credentials that never leave our infrastructure.
• Read-only access to your cloud accounts: we request the minimum read permissions needed (AWS IAM roles, Azure service principals, GCP Workload Identity Federation). The platform does not modify or delete your cloud resources.
• No static credentials for GCP: we use Workload Identity Federation rather than long-lived service account keys.
• Audit trail: every state change in the product writes to an immutable activity log with user attribution.
• Role-based access control: CloudTrust360 supports Owner, Admin, Security Analyst, DevOps, and Viewer roles enforced at the UI, backend, and database layers.
• Vulnerability and incident response: we maintain a documented incident-response plan. Suspected vulnerabilities can be reported to support@aivons.com.
• Compliance roadmap: SOC 2 Type II audit and independent penetration testing are part of our 2026 program. A current security questionnaire is available on request.

No system is perfectly secure. If we become aware of a security incident affecting your personal data we will notify you in line with applicable law and our contractual commitments. For EEA/UK residents, our notification timing aligns with GDPR Article 33 / UK GDPR equivalents.

9. Data retention

We keep personal data only as long as needed for the purposes set out in this policy or as required by law. Specifically:

Customers can request earlier deletion of specific records at any time, subject to our legal and contractual record-keeping obligations.

10. International data transfers

AIVONS Systems and most of our subprocessors are located in the United States. If you are in the European Economic Area, the United Kingdom, Switzerland, Canada, or another jurisdiction with restrictions on cross-border transfers, your data is transferred to the US under appropriate safeguards:

• The European Commission's Standard Contractual Clauses (2021 SCCs) — Module 1 (controller-to-controller) and Module 2 (controller-to-processor) as applicable.
• The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs where data originates from the United Kingdom.
• The Swiss Federal Data Protection and Information Commissioner (FDPIC) addendum to the SCCs for Swiss data.
• For Canadian personal information, contractual safeguards consistent with PIPEDA's accountability principle and the Office of the Privacy Commissioner of Canada's transfer guidance.
• Equivalent contractual safeguards on request for other regions.

We are happy to provide our standard Data Processing Addendum, the SCCs, and the UK IDTA as part of contract review.

11. Your rights

Depending on where you live, you have one or more of the following rights regarding your personal data:

• Access — a copy of the personal data we hold about you.
• Correction — fix inaccurate or incomplete information.
• Deletion — ask us to delete your data (subject to legal retention requirements; see Section 9).
• Restriction — pause our processing while a question is resolved.
• Portability — receive your data in a portable, machine-readable format.
• Objection — object to processing we conduct on the basis of legitimate interest, including direct marketing.
• Withdraw consent — where we relied on your consent, withdraw it at any time (without affecting prior lawful processing).
• Complain — to a supervisory authority. See sections 12–14 for region-specific contacts.

To exercise any of these rights, email support@aivons.com. We will respond within 30 days (or as required by your local law — see below) and will not charge a fee unless your request is manifestly unfounded or excessive. We may ask for additional information to verify your identity before completing your request.

If our service is provided to you through your employer (you use CloudTrust360 because your organization is a customer), please direct rights requests to your employer first — they control your data within the product. We will assist them in responding.

12. UK residents UK

If you are in the United Kingdom, the UK GDPR and the Data Protection Act 2018 apply to processing of your personal data. This section sets out UK-specific points:

• Same rights as EEA residents: the rights listed in Section 11 are equally available to UK data subjects under UK GDPR Articles 15–22.
• Supervisory authority: you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Contact details and online complaint forms are at ico.org.uk. Telephone: 0303 123 1113.
• Transfers from the UK: as set out in Section 10, transfers of UK personal data to the United States are made under the UK IDTA or the UK Addendum to the 2021 EU SCCs.
• UK representative: AIVONS Systems does not currently maintain a UK representative under UK GDPR Article 27. [CONFIRM whether a UK representative will be appointed once UK customer activity exceeds the threshold or if exemptions apply.] If a representative is required by law for our processing, we will appoint one and update this policy.
• Marketing in the UK: our marketing communications comply with the Privacy and Electronic Communications Regulations (PECR), including the soft opt-in for existing customer relationships and an unsubscribe link in every marketing email.

13. California residents (CCPA / CPRA) CA

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA"):

• Right to know — the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we share it. Categories collected over the past 12 months: identifiers (name, email, IP), commercial information (pilot request details), internet activity (page views, referring page), and professional information (company, role).
• Right to delete — ask us to delete your personal information, subject to allowed exceptions.
• Right to correct — ask us to correct inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell personal information and we do not share it for cross-context behavioral advertising. There is nothing to opt out of, but the right exists.
• Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CCPA for the purpose of inferring characteristics about you.
• Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise these rights, email support@aivons.com or use the contact form on this site. An authorized agent may submit a request on your behalf with written authorization that we can verify. Verifiable consumer requests are responded to within 45 days (extendable by 45 additional days where reasonably necessary, with notice).

14. Canadian residents (PIPEDA and provincial laws) CA-N

If you are in Canada, your personal information is protected by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, by substantially similar provincial laws (Quebec's Loi 25, Alberta's PIPA, and British Columbia's PIPA).

14.1 Your PIPEDA rights

• Knowledge and consent — we obtain meaningful consent for collection, use, and disclosure of your personal information. Consent for non-essential processing (such as marketing) is opt-in.
• Access — you may request access to your personal information and how it has been used and disclosed.
• Correction — you may request correction of inaccurate personal information.
• Withdrawal of consent — you may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide the service.
• Challenge compliance — you may challenge our compliance with PIPEDA by contacting our privacy contact below.

14.2 Quebec (Law 25)

If you are in Quebec, Law 25 grants additional rights including the right to portability of computerized personal information, the right to be informed of automated decision-making, and the right to ask for de-indexing of certain information. To exercise any Law 25-specific right, email support@aivons.com and state which Quebec right you are exercising.

14.3 Cross-border transfers from Canada

Personal information collected from Canadian residents may be transferred to, processed, and stored in the United States or other jurisdictions where our service providers operate. We use contractual safeguards consistent with PIPEDA's accountability principle and the Office of the Privacy Commissioner of Canada's transfer guidance.

14.4 Complaints

If you are not satisfied with our response to a privacy concern, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca (toll-free: 1-800-282-1376). Quebec residents may also contact the Commission d'accès à l'information du Québec at cai.gouv.qc.ca. Alberta and British Columbia residents may contact their respective provincial commissioners.

15. Cookies and similar technologies

The cloudtrust360.com marketing site uses only the technologies it needs to function. Currently:

• Strictly necessary: a session cookie set on form interaction to mitigate cross-site request forgery; nothing persisted beyond the visit.
• No third-party analytics (no Google Analytics, no Mixpanel, no Segment, etc.) on this marketing site.
• No advertising or behavioral-tracking cookies.

The CloudTrust360 application (console.cloudtrust360.com) uses cookies and localStorage for authentication and product functionality. Details are available in the in-product help center.

If we begin using analytics on the marketing site in future, we will update this policy and — where required by law (including the UK's PECR and EU ePrivacy rules) — present an appropriate cookie banner with consent controls before any non-essential cookie is set.

16. Children

CloudTrust360 is a business-to-business product. Our service is not directed to children under 16 (or under 13 in jurisdictions where that is the applicable age, including under the US Children's Online Privacy Protection Act, "COPPA"), and we do not knowingly collect personal data from children. If you believe we have collected information from a child, contact support@aivons.com and we will delete it.

17. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email to active customers and through an in-product notice. The "Last updated" date at the top of this page always reflects the most recent version. Continued use of CloudTrust360 after an update means you accept the revised policy; if you do not accept it, you may stop using the service and contact us about your data.

18. Contact us

For any privacy question, request, or complaint:

We aim to respond within five business days for general inquiries and within the timeframes set by law for formal rights requests (30 days for GDPR/UK GDPR/PIPEDA; 45 days for CCPA).

1. At a glance

This is the short version. The numbered sections that follow are what actually controls.

• What this is. A contract between you (or your organization) and AIVONS Systems for use of CloudTrust360 — a multi-cloud security, FinOps, and executive trust reporting platform.
• How pricing works. Two pricing tracks. Savings track: 50% of verified savings (1-year contract) or 30% (3-year contract) for the full contract term. Non-savings track: free for the first six months; from month 7 onward, non-savings outcomes (findings resolved, compliance controls, AI summaries) bill in Trust Action Units (TAUs) at your tier's rate, with the tier monthly minimum applying.
• Verification is built in. A "verified saving" is a cost reduction that has persisted for at least 30 days at greater than or equal to 90 percent of the predicted amount. Every charge on every invoice traces to a specific event in the activity log.
• Disputes are easy. Every line item can be challenged in-app within 14 days. We respond within five business days.
• Read-only. CloudTrust360 connects to your AWS, Azure, and GCP accounts with read-only permissions. We do not modify or delete your cloud resources.
• Your data. You retain ownership of all customer data. We process it as described in our Privacy Policy and Data Processing Addendum.

2. Acceptance of these terms

These Terms of Service ("Terms") form a binding agreement between you and AIVONS Systems (a Delaware, USA corporation [CONFIRM exact entity name, e.g., "AIVONS Systems, Inc."], "AIVONS", "we", or "us") governing your use of the CloudTrust360 platform and any associated services (the "Service").

You accept these Terms when you (a) click an "I agree" or equivalent control, (b) sign an order form, statement of work, or other ordering document referencing them, or (c) access or use any part of the Service. If you accept on behalf of an organization, you represent that you have authority to bind that organization, which is then the "Customer" under these Terms.

If you do not agree to these Terms, you may not access or use the Service.

For customers on a signed order form, master subscription agreement, or enterprise contract: in case of conflict between this document and your signed agreement, the signed agreement controls.

3. Definitions

• "Customer Data" means data the Customer provides to or generates within the Service, including cloud telemetry retrieved from connected cloud accounts.
• "Connected Cloud Account" means an AWS account, Azure subscription, GCP project, or equivalent that the Customer has authorized the Service to read from.
• "Verified Savings" means a reduction in cloud cost identified by the Service, attributable to an implementation action recorded in the activity log, that persists for at least 30 calendar days at no less than 90% of the predicted reduction amount, measured against the Customer's actual cloud invoices for the affected services.
• "Trust Action Unit" or "TAU" means the unit of measurement used to price non-savings outcomes (security findings resolved, compliance controls maintained, executive AI summaries delivered, and others as published on our pricing page).
• "Gainshare" means the Customer's payment obligation calculated as a percentage of Verified Savings, as set out in Section 6.
• "Launch Plan" means either the 1-Year Launch (50% gainshare) or 3-Year Launch (30% gainshare) commitment described in Section 5.
• "Subscription Term" means the period of the Customer's commitment as set out in the applicable order form or sign-up flow.
• "Activity Log" means the immutable record of state changes maintained by the Service for every account, used as the source of truth for billing reconciliation.
• "Documentation" means our then-current user, security, and pricing documentation published at cloudtrust360.com and console.cloudtrust360.com.

4. Access and accounts

4.1 Right to use

Subject to these Terms and the Customer's payment obligations, AIVONS grants the Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to access and use the Service for the Customer's internal business purposes.

4.2 Account credentials

The Customer is responsible for keeping account credentials secure and for all activities that take place under its account. The Customer must notify us promptly at support@aivons.com if it suspects unauthorized access.

4.3 Users and roles

The Customer determines which of its personnel may access the Service and assigns them a role (Owner, Admin, Security Analyst, DevOps, Viewer). The Customer is responsible for the actions of its users.

4.4 Beta and preview features

From time to time we may make beta or preview features available. Those features are provided as-is, may be modified or discontinued at any time, and are not subject to any service-level commitment.

5. Pricing and billing

5.1 Launch Plans (default commercial model)

CloudTrust360 is sold under one of two Launch Plans selected at sign-up:

The Customer's gainshare percentage is fixed for the entire Subscription Term. Savings never convert to TAU at any point during the contract.

5.2 TAU tiers (apply from month 7)

From the seventh full month of the Subscription Term, non-savings outcomes bill in TAUs at the rate of the Customer's tier:

The Customer's tier is selected at sign-up or in the applicable order form and applies for the Subscription Term unless upgraded.

5.3 Invoicing and payment

• Frequency: invoices are issued monthly in arrears, reflecting Verified Savings persistence checks and TAUs accumulated in the preceding month.
• Due date: net 30 days from invoice date, unless otherwise stated in an order form.
• Currency: USD, unless otherwise stated in an order form.
• Payment method: credit card or ACH/wire for self-serve plans; invoiced billing for Enterprise and Suite plans.
• Late payment: overdue amounts accrue interest at 1.0% per month or the maximum permitted by applicable law, whichever is lower.
• Taxes: fees are exclusive of taxes. The Customer is responsible for all sales, use, VAT, GST, HST, QST, and similar taxes other than those based on AIVONS's net income.

5.4 No surprise charges

Every charge on every invoice traces to a specific, time-stamped event in the Activity Log. The Customer can rebuild any invoice line from its own audit data.

5.5 Price changes

The per-TAU rates and tier minimums in Section 5.2 are guaranteed for the Customer's Subscription Term. If we change published rates, the change applies only to renewals or new contracts.

6. Verified Savings and gainshare

6.1 How savings are identified

The Service identifies prospective cost-optimization actions (right-sizing recommendations, idle-resource detections, commitment opportunities, and similar). When the Customer marks an action as "Implemented" in the Service, the corresponding predicted saving enters a 30-day persistence verification window.

6.2 Verification window

During the 30-day window:

• The Service measures actual cost in the Customer's connected cloud accounts against the predicted reduction.
• The saving becomes "Verified" only if, over 30 consecutive days, the realized reduction equals or exceeds 90% of the predicted amount.
• If the realized reduction falls below the 90% threshold, the saving does not verify and no gainshare is charged for it.
• The Customer can review every persistence calculation, including the predicted amount, the daily actuals, and the verification status, in the Activity Log.

6.3 Billable amount

For each Verified Saving, the gainshare billable amount is calculated as:

The Customer pays no gainshare until savings are verified. There is no charge during the verification window.

6.4 Revoked savings

If a Verified Saving subsequently reverses (for example, because a resource is re-provisioned), the Service automatically marks it as revoked and ceases to bill against it from the date of reversion. Previously invoiced gainshare amounts on verified periods are not refunded except as set out in Section 8.

6.5 Cooperation

The Customer agrees to maintain read-only access to its connected cloud accounts sufficient for the Service to measure cost and to not deliberately mask or manipulate cost data in a way that would defeat the verification.

7. TAU outcomes

7.1 Outcomes that generate TAUs

The following non-savings outcomes generate TAUs at the rates published in the Documentation and as of the effective date of these Terms:

If the Service introduces new outcome categories during the Subscription Term, they will be priced at rates published in the Documentation and the Customer will be notified before any charges apply.

7.2 When TAU charging begins

TAU charging begins on the first day of the seventh full calendar month of the Subscription Term. During the first six months, all non-savings outcomes are free regardless of the volume generated.

7.3 Monthly minimum

From month 7, the Customer's tier monthly minimum (as listed in Section 5.2) applies. If the TAUs accumulated in a given billing month would result in fees below the tier minimum, the Customer is billed the tier minimum. If the TAUs exceed the minimum, the Customer is billed the actual TAU consumption.

8. Invoice disputes and the 14-day window

Every line item on every invoice can be disputed in-app within 14 days of the invoice issuance date.

• The Customer initiates a dispute by clicking the dispute control on the relevant invoice line in the Service.
• The dispute interface shows the exact event in the Activity Log that produced the charge.
• AIVONS responds to disputes within five business days with one of: (a) confirmation of the charge with explanatory data, (b) adjustment to the invoice, or (c) a request for additional information.
• Disputes raised after the 14-day window are at AIVONS's discretion and may not be honored.
• If a dispute results in an adjustment, AIVONS issues a credit against the next invoice. Cash refunds are at AIVONS's discretion.

The Customer must pay undisputed portions of an invoice by the due date even while a dispute is pending.

9. Customer Data and cloud account access

9.1 Ownership

As between the parties, the Customer owns all Customer Data. AIVONS does not acquire any rights in Customer Data other than those needed to provide the Service.

9.2 Read-only access

The Service requests only the cloud permissions required to read posture, cost, and configuration data — never permissions to modify or delete cloud resources. The Customer is responsible for granting (and revoking) the access the Service needs.

9.3 Encryption and isolation

Cloud credentials and integration secrets stored by the Service are encrypted at rest using AES-256-GCM. Customer Data is isolated between tenants by PostgreSQL Row-Level Security. Full security details are summarized in the Privacy Policy and available in our security questionnaire.

9.4 Data processing

To the extent AIVONS processes personal data as part of Customer Data, the processing is governed by our Data Processing Addendum, which is incorporated by reference and available on request to support@aivons.com.

9.5 Customer responsibilities

The Customer is responsible for:

• Lawful authority to connect each Cloud Account to the Service.
• The accuracy, legality, and quality of Customer Data submitted to the Service.
• Backing up its own data in the connected cloud accounts.
• Maintaining its own incident-response capability for events not caused by the Service.

9.6 Data return and deletion at the end of the contract

On termination or expiration of the Subscription Term, AIVONS will, on request, make Customer Data available for export in a standard format for up to 30 days. Thereafter, Customer Data is deleted in accordance with the retention schedule in the Privacy Policy, except where retained for legal or accounting purposes.

10. AI features and bring-your-own-key

The Service includes optional features powered by large language model providers (Anthropic and OpenAI). These features are activated only at the Customer's election. When activated:

• The Customer supplies its own API key for its chosen LLM provider. We do not supply LLM credentials.
• Customer prompts and LLM responses move directly between the Customer's account and the chosen LLM provider under that provider's terms of service. The Customer is responsible for compliance with those terms.
• The Service caches LLM outputs to reduce costs and avoid redundant calls. Cache durations are documented and configurable.
• Customer Data is never used to train AI models — neither ours, nor the LLM provider's, when standard API usage is configured. The Customer is responsible for selecting LLM provider plans that match its data-usage requirements (for example, zero-retention modes where available).

AIVONS makes no guarantee as to the accuracy of LLM outputs. The Customer is responsible for verifying any LLM-generated content before relying on it.

11. Acceptable use

The Customer agrees not to:

• Use the Service to violate any law, regulation, or third-party right.
• Attempt to reverse-engineer, decompile, or derive the source code of the Service, except to the extent expressly permitted by mandatory applicable law.
• Resell, sublicense, or make the Service available to third parties as a service bureau.
• Use the Service to develop a competing product.
• Interfere with or disrupt the Service, including by introducing malware, attempting unauthorized access, or running denial-of-service attacks.
• Submit data to the Service that infringes third-party IP, violates privacy law, or is otherwise unlawful.
• Bypass any access controls, rate limits, or technical restrictions.

12. Confidentiality

"Confidential Information" means non-public information disclosed by one party to the other that is marked or that a reasonable person would understand to be confidential, including these Terms, pricing, security architecture, and Customer Data. Each party agrees to:

• Use Confidential Information of the other only to perform under these Terms.
• Protect Confidential Information with at least the degree of care it uses for its own confidential information, and in no event less than reasonable care.
• Not disclose Confidential Information except to employees, agents, advisors, and subprocessors with a need to know, who are bound by equivalent confidentiality obligations.

These obligations do not apply to information that is publicly available without breach, was rightfully known before disclosure, is independently developed, or is required to be disclosed by law (with prompt notice where lawful).

13. Intellectual property

AIVONS retains all right, title, and interest in and to the Service, including all software, content, technology, and documentation, and all improvements thereto. No license is granted by implication, estoppel, or otherwise except those expressly stated in these Terms.

The Customer retains all right, title, and interest in Customer Data. The Customer grants AIVONS a limited, non-exclusive, royalty-free license to use Customer Data solely as required to provide, secure, support, and improve the Service.

If the Customer provides feedback about the Service, AIVONS may use it without restriction.

14. Warranties

14.1 Mutual

Each party represents that (a) it has authority to enter into and perform under these Terms, and (b) its performance will not violate any other agreement.

14.2 AIVONS warranty

AIVONS warrants that, during the Subscription Term, the Service will perform substantially as described in the Documentation. If it does not and the Customer notifies us in writing with reasonable detail, AIVONS will use commercially reasonable efforts to correct the deficiency. If we cannot correct the deficiency within 30 days of the Customer's notice, the Customer may terminate the affected portion of the Service and receive a pro-rated refund of pre-paid fees for the unused portion of the Subscription Term.

Except as expressly stated in this Section 14, the Service is provided "as is" and AIVONS disclaims all other warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement, to the maximum extent permitted by applicable law.

15. Limitation of liability

To the maximum extent permitted by applicable law:

Neither party will be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for loss of profits, revenue, data, or business opportunity, even if advised of the possibility of such damages and even if a remedy in these Terms fails of its essential purpose.

Each party's total cumulative liability under or in connection with these Terms is limited to the fees actually paid by the Customer to AIVONS in the 12-month period preceding the event giving rise to the claim.

The limitations in this Section 15 do not apply to: (a) breach of the confidentiality obligations in Section 12, (b) breach of Section 11 (acceptable use), (c) a party's indemnification obligations in Section 16, or (d) damages that cannot be limited under applicable law (such as liability for gross negligence, willful misconduct, fraud, or personal injury under some jurisdictions).

16. Indemnification

16.1 By AIVONS

AIVONS will defend the Customer against any third-party claim that the Service, as provided by AIVONS and used as authorized in these Terms, infringes a third party's patent, copyright, or trademark, and will pay damages and reasonable attorneys' fees finally awarded or agreed in settlement, provided that the Customer (a) gives prompt written notice, (b) gives AIVONS sole control of the defense, and (c) cooperates as reasonably requested.

If the Service is held or, in AIVONS's reasonable opinion, may be held to infringe, AIVONS may at its option (i) procure for the Customer the right to continue using the Service, (ii) modify the Service to be non-infringing without materially diminishing functionality, or (iii) terminate the affected portion of the Service and refund pre-paid unused fees.

AIVONS has no liability under this Section for claims arising from (a) modifications to the Service not made by AIVONS, (b) combination of the Service with products or data not provided by AIVONS where infringement would not have arisen but for the combination, or (c) Customer Data.

16.2 By Customer

The Customer will defend AIVONS against any third-party claim arising out of (a) Customer Data, (b) the Customer's use of the Service in breach of these Terms or applicable law, or (c) the Customer's failure to maintain appropriate authority over a Connected Cloud Account, and will pay damages and reasonable attorneys' fees finally awarded or agreed in settlement.

16.3 Exclusive remedy

This Section 16 states each party's exclusive remedy and the other party's exclusive liability for third-party intellectual-property infringement claims.

17. Term and termination

17.1 Subscription Term

The Subscription Term runs from the activation date through the term length selected at sign-up (12 months for 1-Year Launch; 36 months for 3-Year Launch; or as set out in an order form). Subscriptions auto-renew for successive 12-month terms unless either party gives at least 30 days' written notice of non-renewal before the end of the then-current term.

17.2 Termination for cause

Either party may terminate these Terms for cause on 30 days' written notice if the other party materially breaches and fails to cure the breach within the 30-day period. AIVONS may terminate immediately on written notice if the Customer (a) fails to pay undisputed fees within 30 days after a payment-due reminder, or (b) breaches Section 11 (acceptable use) in a manner not curable in 30 days.

17.3 Effects of termination

• The Customer's right to access the Service ends immediately on termination.
• The Customer remains obligated to pay all fees accrued through the effective date of termination, including gainshare on Verified Savings whose persistence-verification window completes after the termination date but covers a period that includes time before the termination date.
• Sections that by their nature should survive (definitions, fees accrued, confidentiality, IP, warranty disclaimers, liability limits, indemnification, governing law, general) survive termination.

17.4 Effect of early termination by the Customer without cause

If the Customer terminates without cause before the end of the Subscription Term, the Customer remains liable for the remainder of the Subscription Term's monthly minimums (where the tier has a monthly minimum) and any gainshare that would have accrued during the verification window that started before the termination date. AIVONS may agree in writing to waive part of this obligation on a case-by-case basis.

18. Suspension

AIVONS may suspend the Customer's access to the Service on prior written notice (or, if a delay would create material risk, immediately with notice as soon as practicable) if:

• The Customer is materially in breach of these Terms.
• The Customer's use is causing imminent harm to the Service or its other customers.
• The Customer fails to pay undisputed fees after 15 days from the original due date.
• AIVONS reasonably believes the Customer's use violates law.

AIVONS will restore access promptly when the cause of the suspension is resolved.

19. Changes to the Service and to these Terms

We may improve, modify, and expand the Service from time to time. We will not materially decrease the core functionality of the Service during the Customer's Subscription Term without offering the Customer the option to terminate without cause and receive a pro-rated refund of pre-paid unused fees.

We may update these Terms by posting a new version with an updated "Last updated" date. Material changes will be announced by email to active customers at least 30 days before they take effect. Continued use of the Service after a change takes effect constitutes acceptance.

20. Governing law and dispute resolution

These Terms are governed by the laws of the State of Delaware, USA, without regard to its conflict-of-laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Any dispute arising out of or relating to these Terms or the Service that cannot be resolved through good-faith negotiation will be submitted to binding arbitration administered by [CONFIRM — common choices: JAMS or AAA] under its then-current commercial arbitration rules, conducted in English in [CONFIRM — typically Wilmington, Delaware]. Judgment on the award may be entered in any court of competent jurisdiction.

Notwithstanding the above, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent infringement of intellectual property or breach of confidentiality.

To the maximum extent permitted by law, any dispute will be brought on an individual basis only and not as a class, collective, or representative action.

21. General

• Assignment. The Customer may not assign these Terms without AIVONS's prior written consent, except to a successor in a merger, acquisition, or sale of substantially all assets. AIVONS may assign these Terms in connection with a change of control.
• Notices. Notices to AIVONS must be sent to support@aivons.com with a copy to support@aivons.com. Notices to the Customer will be sent to the email address associated with the Customer's account.
• Force majeure. Neither party is liable for failure to perform due to causes beyond its reasonable control (natural disasters, war, terrorism, government action, large-scale infrastructure outages), provided the affected party uses reasonable efforts to mitigate.
• Independent contractors. The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, or agency relationship.
• Severability. If any provision is held unenforceable, the remaining provisions remain in full force.
• Waiver. Failure to enforce any right is not a waiver of it.
• Entire agreement. These Terms, together with any signed order form, the Privacy Policy, and the Data Processing Addendum, constitute the entire agreement between the parties regarding the subject matter and supersede prior or contemporaneous agreements on the subject. In case of conflict, a signed order form controls over these Terms, which control over the Documentation.
• Headings. Section headings are for convenience and do not affect interpretation.

22. Contact us