Terms of Use | vCISO Aegis AI™

Plain-language summary. vCISO Aegis AI™ is an AI-Native AI Agent-as-a-Service (AaaS) product. Every output — scores, evidence, alerts, reports — is derived from live telemetry collected from systems you authorize. We do not use checklists, surveys, or questionnaires to produce compliance output. If live telemetry is not flowing, no output is produced for that control. These Terms explain what you're agreeing to when you subscribe, what we will and won't do, how we handle your data, and what happens if something goes wrong. Your attorney should review these Terms before you sign up for a paid plan. Nothing on this page is legal, financial, or compliance advice.

Best efforts — no guarantees. vCISO Aegis AI™ is an AI-native product. AI agents can make mistakes, especially early in their lifecycle as they learn and evolve into mature technologies. We test and update our agents on a weekly cadence at minimum to keep them as current as possible, and we are committed to continuous improvement. The Services are provided on a best-efforts basis. We make no guarantees. We cannot fix everything for everyone. Service availability may be affected by unforeseen events, including telemetry loss, upstream outages, collector failures, and third-party source failures. You remain responsible for your own compliance decisions. See also Section 11 (Limitation of Liability), Section 6 (How the Services Work), and Reflex AI™ — Telemetry Continuity.

1. Acceptance of Terms

By accessing or using the vCISO Aegis AI™ website, APIs, dashboards, agents, or any related service (collectively, the "Services"), you agree to be bound by these Terms of Use (the "Terms") and by our Privacy Policy. If you do not agree to these Terms, do not use the Services.

If you are using the Services on behalf of an organization, you represent that you have authority to bind that organization, and "you" refers to both you personally and that organization.

2. About Us

vCISO Aegis AI™ is an AI-Native AI Agent-as-a-Service (AaaS) product offered by ElasticD3M, LLC, a limited liability company (the "Company," "we," "our," or "us"). The Services consist of autonomous and supervised AI agents that ingest live telemetry from systems you authorize and produce compliance evidence, risk signals, and operational reports. The Services do not rely on manual checklists, surveys, or questionnaires. Our registered office is at:

[REGISTERED BUSINESS ADDRESS — TO BE INSERTED]

You can contact us at support@ai4ciso.ai.

3. Eligibility and Account Registration

You must be at least eighteen (18) years old and legally able to enter into a binding contract to use the Services. The Services are intended for use by businesses and their authorized personnel. When you create an account, you agree to provide accurate, current, and complete information and to keep it up to date.

You are responsible for safeguarding your account credentials and for any activity that occurs under your account. Notify us immediately at support@ai4ciso.ai if you suspect unauthorized access.

4. Subscription Plans, Billing, and Cancellation

4.1 Plans

We offer subscription plans at tiers including Watchman, Sentinel, Guardian, Vanguard, Fortress, and Sovereign. Each plan is described on our pricing page. We reserve the right to modify plans, features, and pricing; material changes will be communicated before they take effect.

4.2 Billing

Subscriptions are billed in advance on a recurring basis (typically monthly) through our payment processor, Stripe, Inc. You authorize us (via Stripe) to charge your payment method each billing period until you cancel. All fees are in U.S. dollars unless otherwise stated and are exclusive of taxes. You are responsible for any applicable taxes.

We do not store your full payment card information. Payment details are captured and stored by Stripe in accordance with its own terms and security standards.

4.3 Free Pilot

If we offer a free pilot period, the pilot terms (including length and scope) will be communicated at signup. At the end of the pilot, the subscription will convert to the selected paid plan unless you cancel before the pilot ends.

4.4 Cancellation and Refunds

You may cancel your subscription at any time through the Stripe-hosted Customer Portal. Cancellation takes effect at the end of the current billing period; you will continue to have access through that date. Except where required by law, fees already paid are non-refundable.

4.5 Failed Payments and Suspension

If a payment fails, we may suspend your access until payment is resolved. Continued non-payment may result in termination of your subscription and deletion of data subject to the retention terms below.

5. Acceptable Use

You agree not to, and not to permit any third party to:

use the Services in violation of any applicable law, regulation, contract, or third-party right;
reverse engineer, decompile, or attempt to derive the source code of the Services, except to the extent permitted by applicable law;
interfere with, disrupt, or circumvent any security or access control of the Services;
upload or transmit malicious code, viruses, or anything designed to harm or probe the Services;
use the Services to develop a competing product or to benchmark the Services without our prior written consent;
resell, sublicense, or make the Services available to third parties except as expressly permitted; or
use the Services to process data that you are not legally authorized to process.

We may suspend or terminate access for any violation of this Section.

6. Customer Data and Telemetry

6.1 Your Data

"Customer Data" means the telemetry, configuration, user directory information, logs, and other data you or your systems send to the Services. As between you and us, you retain all rights to your Customer Data. You grant us a limited license to process, transmit, store, and display Customer Data solely to deliver and improve the Services.

6.2 Telemetry-Only Operation

The Services operate exclusively on live telemetry from systems you own or operate. You represent that you have the rights and authorizations necessary to provide this telemetry to us for processing. We do not produce compliance output from manually submitted questionnaires, checklists, or self-attestations; if telemetry for a control is not flowing, the Services will mark that control as "unknown" or "stale" rather than produce a synthesized answer.

6.3 Telemetry Continuity and Customer Obligations

Because the Services are telemetry-only, you are responsible for maintaining the connectivity and health of the collectors, agents, and integrations that feed the Services. If telemetry from a given source stops, the Services will (a) raise an alert identifying the affected control scope, (b) freeze the last known good evidence for that scope, and (c) continue reporting the freeze condition until telemetry resumes. Stale or missing telemetry may impact your ability to produce current compliance evidence, and we are not liable for any regulatory, contractual, or commercial consequences of such gaps.

6.4 Bridge Services During Telemetry Loss

Where commercially available and agreed in your order form or a separate statement of work, we may offer optional bridge services during a telemetry outage, including expedited collector re-deployment, read-only fallback sources, or a human-assisted continuity package. Bridge services are not included by default and do not change the telemetry-only nature of the compliance output.

6.3 Security

We maintain administrative, technical, and physical safeguards designed to protect Customer Data. No system is perfectly secure, and you are responsible for configuring your environment and access controls appropriately.

6.5 Data Export and Deletion

Upon termination of your subscription, you may request export of your Customer Data for a period of thirty (30) days. After that period, we may delete Customer Data from our production systems, subject to backup retention and legal hold obligations described in our Privacy Policy.

7. License Grant to You

Subject to these Terms and your payment of applicable fees, the Company grants you a limited, revocable, non-exclusive, non-transferable, non-sublicensable right to access and use the Services for your internal business purposes during your active subscription term. This is a license, not a sale. Any rights not expressly granted are reserved. See Section 19 for the Company's retained intellectual property rights.

8. Feedback

See Section 18.3 for the license you grant the Company in any Feedback you provide.

9. Third-Party Services

The Services may integrate with or link to third-party services (including Stripe, cloud providers, and telemetry sources). We are not responsible for third-party services, and your use of them is governed by their own terms and privacy policies.

10. Disclaimers

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.

The Services do not constitute legal, financial, compliance, or professional advice. Outputs of the Services — including compliance scores, evidence packages, risk assessments, and recommendations — are informational tools that must be reviewed and validated by qualified personnel before relying on them for regulatory or legal purposes. A human in the loop is always required for executive decision-making.

Best efforts — no guarantees. vCISO Aegis AI™ is an AI-native product. AI agents can make mistakes, especially early in their lifecycle as they learn and evolve into mature technologies. We test and update our agents on a weekly cadence at minimum to keep them as current as possible. The Services are provided on a best-efforts basis. We make no guarantees of accuracy, completeness, fitness for any particular regulatory outcome, or uninterrupted availability. We cannot fix everything for everyone. Service availability is subject to unforeseen events, including but not limited to telemetry loss, upstream outages, collector failures, and third-party source failures. The handling of telemetry loss is described in Sections 6.2 through 6.4 and in Reflex AI™ — Telemetry Continuity.

Roadmap features. Features labeled "Coming Soon," "Roadmap," or "In Development" on the site or in the Services are forward-looking and are not yet generally available. Nothing in these Terms obligates us to ship any roadmap feature on any particular timeline, and you should not rely on the availability of a roadmap feature in making a purchase decision.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, (a) IN NO EVENT SHALL ELASTICD3M, LLC, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, CONTRACTORS, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, LOST REVENUE, LOST DATA, LOST BUSINESS, LOST GOODWILL, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATING TO YOUR USE OF THE SERVICES, WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND (b) OUR TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICES, OR ANY CLAIM SHALL NOT EXCEED THE LESSER OF (i) THE AMOUNT YOU PAID US FOR THE SERVICES IN THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM OR (ii) ONE THOUSAND U.S. DOLLARS (US$1,000).

THIS LIMITATION IS A BARGAINED-FOR ALLOCATION OF RISK BETWEEN YOU AND THE COMPANY AND IS AN ESSENTIAL BASIS OF THESE TERMS. THE LIMITATION APPLIES EVEN IF A LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES; IN SUCH JURISDICTIONS, OUR LIABILITY IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

12. Indemnification

You agree to indemnify, defend, and hold harmless ElasticD3M, LLC and its affiliates, officers, employees, and agents from and against any claims, damages, liabilities, and expenses (including reasonable attorneys' fees) arising out of or related to (a) your use of the Services, (b) your breach of these Terms, (c) your Customer Data, or (d) your violation of any law or the rights of a third party.

13. Term and Termination

These Terms remain in effect while you use the Services. We may suspend or terminate your access at any time, with or without cause, and with or without notice, for any material breach of these Terms or as otherwise permitted by law. You may terminate by cancelling your subscription through the Customer Portal. Sections that by their nature should survive termination will survive, including without limitation Sections 4.4 (no refunds), 6.3–6.5, 7, 8, 10, 11, 12, 14, 15, 18.2, 18.3, 19, 20, 21, 22, 23, 24, 25, and 26.

14. Governing Law and Dispute Resolution

These Terms are governed by the laws of the [STATE OF GOVERNING LAW — TO BE INSERTED], without regard to conflict-of-law principles. You agree that any dispute arising out of or relating to these Terms or the Services will be resolved exclusively in the state or federal courts located in [VENUE — TO BE INSERTED], and you consent to the personal jurisdiction of those courts. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

If either party prefers binding arbitration, the parties may mutually agree in writing to submit the dispute to arbitration administered by a recognized U.S. arbitration body.

15. Changes to These Terms

We may update these Terms from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email or an in-product notice. Your continued use of the Services after the effective date of the updated Terms constitutes your acceptance of those changes.

16. DMCA / Copyright Notices

If you believe content on our site infringes your copyright, please send a notice containing the information required by 17 U.S.C. § 512(c)(3) to support@ai4ciso.ai.

17. Export Controls and Government Use

The Services may be subject to U.S. export control laws, including the Export Administration Regulations. You may not use, export, or re-export the Services in violation of any U.S. or foreign export law. If you are a U.S. Government end user, the Services are "commercial computer software" and "commercial computer software documentation" as defined in the FAR and DFARS, and rights are limited to those granted by these Terms.

18. Support and No Customer Rights

18.1 Support Scope

Support for the Services is provided exclusively through the methods listed on the Site or designated in an order form, which will typically be an in-product help surface or an email address. The Company does not offer telephone support and does not guarantee a response within any particular timeframe. You are not entitled to phone calls, video calls, meetings, on-site visits, executive escalations, success management, training sessions, or any other form of human support beyond what is explicitly stated in your order form. All support is provided on a best-efforts basis.

18.2 No Development Rights

The Services are offered "as is" and "as available." You acknowledge and agree that you have no right, now or in the future, to direct, influence, require, or receive any feature, modification, enhancement, bug fix, configuration change, custom development, API extension, integration, data export format, or roadmap decision of any kind. Feature requests, feedback, and suggestions may be submitted but are not binding on the Company. Roadmap items described on the Site or in any marketing material are forward-looking, may change without notice, and are not a commitment. Items marked "Coming Soon," "Roadmap," or "In Development" are not generally available and you may not rely on them in making a purchase decision.

18.3 Feedback License

If you provide the Company with any feedback, suggestions, ideas, or requests regarding the Services (collectively, "Feedback"), you hereby grant the Company a perpetual, irrevocable, worldwide, royalty-free, sublicensable, transferable license to use, modify, reproduce, prepare derivative works of, distribute, display, perform, and otherwise exploit the Feedback in any form and for any purpose, commercial or otherwise, without any obligation, compensation, attribution, or notice to you.

19. Intellectual Property — Exclusive Retention by ElasticD3M, LLC

All right, title, and interest in and to the Services, including without limitation all software, source code, object code, models, model weights, training data, prompts, agents, evidence schemas, telemetry adapters, collectors, dashboards, APIs, documentation, trademarks (including vCISO Aegis AI™ and Reflex AI™), service marks, trade names, logos, visual design, look and feel, and any derivative works, and all patents, copyrights, trade secrets, know-how, and other intellectual property rights therein, are and shall remain the exclusive property of ElasticD3M, LLC and its licensors, now and in perpetuity. Nothing in these Terms grants you any ownership, license, or other right in any of the foregoing except for the limited, revocable, non-exclusive, non-transferable, non-sublicensable right to use the Services as expressly set forth in these Terms and your order form. Any rights not expressly granted are reserved. You shall not, and shall not permit any third party to, copy, modify, reverse engineer, decompile, disassemble, create derivative works of, or attempt to derive the source code, models, or training data of the Services, except to the minimum extent permitted by applicable law notwithstanding this prohibition.

You grant the Company a limited, non-exclusive, royalty-free, worldwide license to access, collect, process, transmit, store, analyze, and otherwise use your telemetry, configuration, and logs (collectively, "Customer Content") solely for the purpose of providing the Services to you and improving the Services in de-identified and aggregated form. You retain ownership of your Customer Content.

20. Customer Certification Responsibility

You are solely responsible for any certification, attestation, or representation you make to any government agency, regulator, auditor, assessor, contracting officer, or counterparty regarding your compliance posture. The Services provide informational tools derived from live telemetry. Outputs of the Services are not certifications and do not constitute an attestation or representation by the Company. You acknowledge that any filing, submission, or representation you make under the False Claims Act (31 U.S.C. § 3729), DFARS 252.204-7012 or 252.204-7021, 32 CFR Part 170, HIPAA, GLBA, SOX, or any similar authority is your sole responsibility, and the Company shall have no liability for any such filing, submission, or representation.

21. Force Majeure

The Company shall not be liable for any failure or delay in performance to the extent caused by events beyond its reasonable control, including without limitation acts of God, natural disasters, war, terrorism, riot, civil unrest, strike or labor dispute, pandemic or public health emergency, power or telecommunications failure, internet disturbance, cyber attack, failure of third-party infrastructure or service providers (including cloud providers, identity providers, telemetry sources, or payment processors), changes in law or regulation, or any other event of force majeure. Telemetry loss, upstream outages, collector failures, and third-party source failures are expressly included as force majeure events.

22. Assignment

You may not assign, transfer, or delegate these Terms or any of your rights or obligations under them without the Company's prior written consent, and any attempted assignment without consent is void. The Company may freely assign or transfer these Terms in whole or in part, including in connection with a merger, acquisition, reorganization, financing, or sale of assets, without your consent and without notice.

23. No Third-Party Beneficiaries

These Terms are for the benefit of you and the Company only. No person or entity who is not a party to these Terms shall have any right to enforce them.

24. Jury Trial and Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY IRREVOCABLY WAIVES ANY RIGHT TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES. YOU AND THE COMPANY EACH AGREE THAT ANY DISPUTE WILL BE BROUGHT ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING. NO ARBITRATOR OR COURT MAY CONSOLIDATE OR JOIN THE CLAIMS OF ANY OTHER PERSON.

25. Severability, Waiver, Headings

If any provision of these Terms is found to be unenforceable, the remaining provisions shall remain in full force and effect and the unenforceable provision shall be modified to the minimum extent necessary to make it enforceable. The Company's failure to enforce any provision of these Terms is not a waiver of its right to do so later. Section headings are for convenience only and have no legal effect.

26. Entire Agreement; No Oral Modification

These Terms, together with the Privacy Policy, the Reflex AI™ Telemetry Continuity Plan, and any order form signed by both parties, constitute the entire agreement between you and the Company regarding the Services and supersede all prior or contemporaneous communications, proposals, and representations, whether oral or written. No modification, amendment, or waiver of these Terms shall be effective unless in writing and signed by an authorized representative of the Company. No oral statement, email, support message, chat transcript, marketing material, or Company employee or contractor statement modifies these Terms.

27. Contact

Questions about these Terms? Contact us at support@ai4ciso.ai or at the registered office listed in Section 2.