These Terms of Service (the "Terms") are between InPolicy LLC, a Delaware limited liability company ("InPolicy") and you ("You") and govern your use of InPolicy's AI-powered policy compliance and violation detection platform (the "Service"). "You" and "Your" refer to the individual accepting these Terms and, if applicable, the organization on whose behalf such individual is authorized to act. By accessing or using the Service, the individual represents and warrants that he or she has the authority to bind such organization to these Terms.
By using the Service, You agree to these Terms, our Privacy Policy, our Acceptable Use Policy, our Security Addendum, and, where applicable, our Data Processing Agreement (collectively, the "Agreement"). If you do not agree, do not use the Service.
1. Definitions
"Customer Data" means account and organizational data provided in connection with the Service, including user name, email address, role, and policy documents uploaded to configure the Service.
"Content" means Input and Output. Input is the text processed through the Service. Output is the policy violation analysis and suggestions returned by the Service.
"Policy State Summary" means a system-generated record of which policies are active and applicable to a given conversation, containing no message text or personal information. Policy State Summaries do not constitute Content.
"Tenant Knowledge Base" means the structured set of facts assembled and maintained by InPolicy for your organization solely to support effective policy enforcement decisions, as further described in Section 3.5.
"Usage Data" means information reflecting how the Service is accessed and used, including frequency, duration, feature interaction signals, and violation detection metadata. Usage Data does not include Content or Customer Data.
"Confidential Information" means all information identified as confidential at the time of disclosure or reasonably understood to be confidential. Customer Data and Content are Your Confidential Information.
"Authorized User" means an individual who is authorized by You to access and use the Service under Your account, subject to the terms and conditions of these Terms.
"Feedback" means any suggestions, ideas, enhancement requests, recommendations, or other feedback provided by You or Your Authorized Users regarding the Service.
"Order Form" means any ordering document, online registration, or similar agreement executed by the parties that references these Terms and specifies the scope of Service, fees (if any), and any additional terms.
"Applicable Law" means all laws, regulations, and governmental orders applicable to a party’s performance under these Terms, including without limitation data protection, privacy, export control, and anti-corruption laws.
2. Access and Use
2.1 InPolicy grants You a limited, non-exclusive, non-transferable, revocable, non-sublicensable right to access and use the Service solely for your internal business purposes, subject to these Terms and any applicable Order Form. This right is conditioned upon Your compliance with these Terms, and any breach may result in immediate revocation of access.
2.2 Beta Access. During the beta period, access requires a valid access code issued by InPolicy. Codes are single-use, non-transferable, and grant one individual a free account. InPolicy reserves the right to modify or terminate beta access at any time.
2.3 Access credentials may not be shared. You are responsible for all activity under your account and will promptly notify InPolicy of any unauthorized use. You shall implement reasonable security measures to protect Your access credentials, including the use of strong, unique passwords. You shall promptly disable access for any Authorized User who no longer requires access to the Service or who is no longer employed by or affiliated with Your organization.
2.4 You may not: (i) infringe any person's rights; (ii) reverse engineer the Service or underlying models; (iii) scrape Content or Output via automated means; (iv) process Protected Health Information (as defined under HIPAA and its implementing regulations); (v) resell or sublicense the Service; (vi) violate applicable law; or (vii) upload unlawful or harmful content; (viii) use the Service to develop a competing product or service; (ix) attempt to gain unauthorized access to any systems or networks connected to the Service; (x) introduce any viruses, trojan horses, worms, or other malicious code into the Service; (xi) use the Service in any manner that could damage, disable, overburden, or impair the Service or interfere with any other party’s use of the Service; or (xii) use the Service to process, store, or transmit any data that is subject to the International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR).
2.5 Geographic Restrictions. The Service is not currently available to organizations or users based in the United Kingdom. By using the Service, You represent that You and your organization are not located in the United Kingdom. InPolicy reserves the right to expand or modify geographic restrictions at any time upon reasonable notice. If geographic restrictions are expanded to include Your jurisdiction, InPolicy will provide at least thirty (30) days’ written notice, during which You may export Your Customer Data prior to termination of access.
2.6 No Business Associate Agreement. The Service is not designed for use in connection with Protected Health Information and InPolicy does not offer Business Associate Agreements. You may not use the Service to process Protected Health Information under any circumstances.
3. Customer Data and Content
3.1 You retain all right, title, and interest in Your Customer Data and Content. Nothing in these Terms shall be construed as transferring any ownership rights in Customer Data or Content to InPolicy. You grant InPolicy a limited, non-exclusive, royalty-free right to process them solely to provide the Service. This license terminates automatically upon termination of these Terms or the applicable Order Form.
3.2 No Storage of Content. InPolicy does not store Content. All Content is processed transiently and never written to persistent storage. Policy State Summaries — system-generated records of which policies are active and applicable to a given conversation, containing no message text or personal information — do not constitute Content and may be retained for the duration of an active enforcement session, subject to a maximum of 30 days.
3.3 No Training. InPolicy will not train any AI models using Your Content or Customer Data. This extends to all subprocessors.
3.4 Usage Data. InPolicy may use aggregated, anonymized Usage Data to improve the Service, provided it cannot be used to identify You or any individual. InPolicy may also generate anonymized analytical metadata from its processing — including system-generated policy categorizations — that does not reproduce Content or Customer Data.
3.5 Tenant Knowledge Base. InPolicy assembles and maintains a Tenant Knowledge Base for your organization — a structured set of facts drawn primarily from publicly available sources that InPolicy uses solely to make effective policy enforcement decisions. The Tenant Knowledge Base contains no Content and no employee communications. It constitutes Customer Data and is subject to the same protections and retention commitments that apply to Customer Data under these Terms. Your organization may review and request corrections to the Tenant Knowledge Base at any time by contacting legal@inpolicy.ai.
3.6 You represent that You have all rights necessary to provide Customer Data and Content to InPolicy and that Your use complies with applicable law.
4. Privacy and Data Protection
Your use of the Service is governed by InPolicy's Privacy Policy at https://inpolicy.ai/legal/privacy-policy, incorporated herein by reference. For enterprise customers, InPolicy's Data Processing Agreement governs personal data processing and is published at https://inpolicy.ai/legal/dpa. In the event of conflict, the DPA controls with respect to its subject matter.
5. Intellectual Property
5.1 InPolicy retains all right, title, and interest in the Service, including all software, models, algorithms, and documentation, trade secrets, know-how, inventions (whether or not patentable), and all intellectual property rights therein. No rights are granted to You hereunder other than as expressly set forth in these Terms. All rights not expressly granted are reserved by InPolicy.
5.2 To the extent You or Your Authorized Users provide Feedback to InPolicy, You hereby grant InPolicy a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, non-exclusive license to use, reproduce, modify, and incorporate such Feedback into the Service or any other InPolicy product or service without restriction or obligation of any kind. InPolicy may freely use Feedback You provide to improve the Service, provided it does not identify You, your users, Customer Data, or Content.
5.3 You own Output subject to these Terms. Output is not legal advice and may contain errors. You are solely responsible for reviewing and acting on Output.
6. Confidentiality
Each party will protect the other's Confidential Information with at least the same care it uses for its own (not less than reasonable care), and will not use it outside the scope of these Terms. If required by law to disclose Confidential Information, the Receiving Party will provide advance notice where legally permitted. Each party shall limit access to the other party’s Confidential Information to those employees, contractors, and agents who have a need to know and who are bound by confidentiality obligations no less restrictive than those contained herein. The obligations of confidentiality shall survive for a period of three (3) years following the termination or expiration of these Terms, except with respect to trade secrets, which shall be protected for so long as they remain trade secrets under Applicable Law. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure; (c) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information; or (d) is rightfully obtained from a third party without restriction on disclosure.
7. Security
InPolicy will implement and maintain appropriate technical and organizational security measures as described in the Security Addendum. InPolicy will notify You within 72 hours of becoming aware of any confirmed breach affecting Your Customer Data.
8. Fees and Payment
8.1 The Service is free during the beta period for users with valid access codes and approved design partners. InPolicy will provide at least 30 days' written notice before introducing fees. Continued use after such notice constitutes acceptance of applicable fees. If You do not agree to the applicable fees, You may terminate these Terms by providing written notice to InPolicy prior to the effective date of such fees, and InPolicy shall have no further obligation to provide the Service. All fees, once due, are non-refundable except as expressly set forth in these Terms or an applicable Order Form.
8.2 No Service Level Agreement. The Service is provided on a best-efforts basis. InPolicy makes no commitment regarding uptime, availability, or response times and provides no service level agreement during the beta period.
9. Term and Termination
9.1 These Terms take effect upon first use and remain in effect until terminated.
9.2 You may terminate at any time by discontinuing use and deleting your account.
9.3 InPolicy may suspend or terminate access at any time with reasonable notice, or immediately upon material breach including violation of Section 2.4. For any breach that is not a material breach, InPolicy shall provide written notice specifying the nature of the breach and a cure period of not less than fifteen (15) days. If the breach is not cured within such period, InPolicy may terminate these Terms effective upon written notice. InPolicy may also suspend access to the Service immediately, without prior notice, if InPolicy reasonably determines that Your use poses a security risk to the Service or any third party, or may subject InPolicy to liability.
9.4 Upon termination, all rights cease, You will stop using the Service, and InPolicy will securely delete Your Customer Data (including the Tenant Knowledge Base) within 30 days unless required by law to retain it. Upon Your written request made within thirty (30) days of the effective date of termination, InPolicy will provide You with a copy of Your Customer Data in a commonly used, machine-readable format prior to deletion. InPolicy shall provide written certification of deletion upon reasonable request. Sections 3, 5, 6, 9.4, 10, 11, 12, and 13 survive termination.
10. Warranties and Disclaimers
10.1 You warrant that You have authority to enter these Terms, Your use will comply with applicable law, and You have all rights to provide Customer Data and Content.
10.2 THE SERVICE IS PROVIDED "AS-IS" AND "AS-AVAILABLE." INPOLICY MAKES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. INPOLICY DOES NOT WARRANT THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE. THE SERVICE IS AN AI-POWERED COMPLIANCE ASSISTANCE TOOL AND IS NOT A SUBSTITUTE FOR QUALIFIED LEGAL ADVICE. OUTPUT SHOULD BE REVIEWED BY A QUALIFIED PROFESSIONAL BEFORE RELIANCE. INPOLICY MAKES NO WARRANTY REGARDING THE ACCURACY, COMPLETENESS, OR RELIABILITY OF ANY OUTPUT GENERATED BY THE SERVICE. THE SERVICE RELIES ON ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING TECHNOLOGIES THAT MAY PRODUCE INACCURATE, INCOMPLETE, OR BIASED RESULTS. INPOLICY DOES NOT WARRANT THAT THE SERVICE WILL DETECT ALL POLICY VIOLATIONS OR THAT ANY OUTPUT IS FREE FROM ERROR. YOU ACKNOWLEDGE THAT AI TECHNOLOGY IS INHERENTLY PROBABILISTIC AND THAT OUTPUT SHOULD NOT BE RELIED UPON AS THE SOLE BASIS FOR ANY COMPLIANCE, LEGAL, OR BUSINESS DECISION.
10.3 No Guarantee of Compliance or Complete Detection. INPOLICY DOES NOT GUARANTEE THE DETECTION OF ALL POLICY VIOLATIONS. THE ABSENCE OF A VIOLATION FLAG DOES NOT CONSTITUTE A REPRESENTATION THAT ANY CONTENT IS COMPLIANT WITH ANY APPLICABLE LAW, REGULATION, INTERNAL POLICY, OR OTHER REQUIREMENT. USE OF THE SERVICE DOES NOT TRANSFER COMPLIANCE RESPONSIBILITY FROM CUSTOMER TO INPOLICY. CUSTOMER REMAINS SOLELY RESPONSIBLE FOR ITS OWN COMPLIANCE PROGRAM. INPOLICY IS A DETECTION ASSISTANCE TOOL; IT IS NOT A COMPLIANCE OFFICER, LEGAL ADVISOR, OR GUARANTOR OF REGULATORY COMPLIANCE.
11. Limitation of Liability
11.1 IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, DATA, GOODWILL, REVENUE, ANTICIPATED SAVINGS, OR BUSINESS INTERRUPTION, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER ARISING UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY.
11.2 EXCEPT FOR INDEMNIFICATION OBLIGATIONS UNDER SECTION 12, WILLFUL MISCONDUCT, FRAUD, OR LIABILITY THAT CANNOT BE LIMITED BY LAW, EACH PARTY'S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE GREATER OF (A) AMOUNTS PAID IN THE TWELVE MONTHS PRECEDING THE CLAIM OR (B) $250,000.
11.3 FOR CLAIMS RELATING TO DATA BREACHES OF CUSTOMER DATA CAUSED BY INPOLICY'S BREACH OF ITS SECURITY OBLIGATIONS, TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED $500,000.
11.4 NOTWITHSTANDING SECTIONS 11.2 AND 11.3, DURING ANY PERIOD IN WHICH THE SERVICE IS PROVIDED FREE OF CHARGE (INCLUDING THE BETA PERIOD), INPOLICY'S TOTAL AGGREGATE LIABILITY TO YOU UNDER OR IN CONNECTION WITH THESE TERMS, WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE, INCLUDING ANY INDEMNIFICATION OBLIGATIONS UNDER SECTION 12, SHALL NOT EXCEED USD $500, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. FOR THE AVOIDANCE OF DOUBT, THIS CAP APPLIES TO ALL CLAIMS ARISING DURING ANY FREE OR BETA PERIOD, INCLUDING BUT NOT LIMITED TO INDEMNIFICATION CLAIMS UNDER SECTION 12, AND SUPERSEDES ANY HIGHER CAP THAT WOULD OTHERWISE APPLY UNDER SECTIONS 11.2 OR 11.3. THIS LIMITATION SHALL NOT APPLY TO LIABILITY ARISING FROM INPOLICY’S WILLFUL MISCONDUCT OR FRAUD.
12. Indemnification
12.1 By Customer. You will defend, indemnify, and hold harmless InPolicy and its officers, directors, employees, and agents from and against any third-party claims, damages, losses, and costs (including reasonable attorneys' fees) arising out of or relating to: (a) Your use of the Service in violation of these Terms or applicable law; (b) Customer Data or Content You provide to InPolicy; or (c) Your violation of any third-party right, including intellectual property or privacy rights.
12.2 By InPolicy. InPolicy will defend, indemnify, and hold harmless You and Your officers, directors, employees, and agents from and against any third-party claims, damages, losses, and costs (including reasonable attorneys' fees) arising out of or relating to: (a) any allegation that the Service, as provided by InPolicy and used by You in accordance with these Terms, infringes or misappropriates a third party's intellectual property rights; or (b) a Personal Data Breach caused by InPolicy's material breach of its obligations under the Security Addendum. InPolicy’s obligations under this Section 12.2 are subject to the liability cap set forth in Section 11.4 during any period in which the Service is provided free of charge. InPolicy’s total indemnification liability during any free or beta period shall not exceed the cap specified in Section 11.4.
12.3 Exclusions from InPolicy's Obligations. Section 12.2(a) does not apply to the extent a claim arises from: (i) Customer Data or Content; (ii) Your modification of the Service or Output; (iii) Your combination of the Service with products or services not provided by InPolicy; or (iv) Your continued use after InPolicy has provided a non-infringing workaround or replacement.
12.4 Process. The party seeking indemnification ("Indemnified Party") must: (a) promptly notify the indemnifying party ("Indemnifying Party") in writing of the claim; (b) give the Indemnifying Party sole control of the defense and settlement, provided that no settlement may impose obligations or liability on the Indemnified Party without its prior written consent; and (c) provide reasonable cooperation at the Indemnifying Party's expense. Failure to give timely notice does not relieve the Indemnifying Party of its obligations except to the extent it is materially prejudiced by the delay.
12.5 IP Remedy. If InPolicy reasonably believes the Service may infringe a third party's intellectual property rights, InPolicy may, at its option and expense: (a) obtain the right for You to continue using the Service; (b) modify the Service to be non-infringing while preserving materially equivalent functionality; or (c) terminate access to the affected portion and refund any prepaid fees for the terminated period on a pro-rata basis.
13. General Terms
13.1 Governing Law. These Terms are governed by the laws of the State of Delaware without regard to conflict of laws provisions.
13.2 Dispute Resolution. Disputes will be resolved by binding arbitration before a sole arbitrator in San Francisco, California, subject to JAMS' Streamlined Arbitration Rules. The arbitrator shall have exclusive authority to resolve any dispute relating to the interpretation, applicability, enforceability, or formation of these Terms, including any claim that all or any part of these Terms is void or voidable. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of intellectual property rights or Confidential Information. Each party waives any right to participate in a class action, collective action, or representative proceeding. EACH PARTY ACKNOWLEDGES THAT BY AGREEING TO THIS CLASS ACTION WAIVER, EACH PARTY IS WAIVING ITS RIGHT TO PARTICIPATE IN A CLASS ACTION, AND THAT THIS WAIVER IS A MATERIAL TERM OF THESE TERMS. If any court or arbitrator determines that the class action waiver set forth in this Section is void or unenforceable for any reason, or that an arbitration can proceed on a class basis, then the arbitration provisions set forth above shall be deemed null and void in their entirety and the parties shall be deemed to have not agreed to arbitrate disputes.
13.3 Assignment. Neither party may assign these Terms without prior written consent, except InPolicy may assign in connection with a merger, acquisition, or asset sale.
13.4 Notices. Notices to InPolicy: legal@inpolicy.ai. Notices to You: the email associated with Your account. All notices under these Terms shall be in writing and shall be deemed given: (a) when delivered personally; (b) when sent by confirmed electronic mail to the addresses specified herein; or (c) three (3) business days after being sent by nationally recognized overnight courier, addressed to the party at the address specified herein. Either party may change its notice address by providing written notice to the other party in accordance with this Section.
13.5 Severability. If any provision is held unenforceable, it will be limited to the minimum extent necessary and the remaining Terms will remain in effect. The parties agree that the court or arbitrator making such determination shall have the power to reduce the scope, duration, or area of such provision, to delete specific words or phrases, or to replace any invalid or unenforceable provision with a provision that is valid and enforceable and that comes closest to expressing the intention of the invalid or unenforceable provision, and these Terms shall be enforceable as so modified.
13.6 Entire Agreement. These Terms, together with the Privacy Policy, AUP, Security Addendum, and any executed DPA or Order Form, constitute the complete agreement between the parties regarding the Service. In the event of a conflict between these Terms and any other document incorporated herein by reference, the following order of precedence shall apply (in descending order): (a) the DPA (with respect to data protection matters); (b) any executed Order Form; (c) the Security Addendum; (d) these Terms; (e) the Privacy Policy; (f) the Acceptable Use Policy. These Terms supersede all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning the subject matter hereof. No modification of these Terms shall be effective unless made in writing and signed by both parties, except as otherwise provided in Section 13.9.
13.7 Future AI Regulations. If new legislation governing AI solutions is enacted that requires amendments to these Terms for legal compliance, both parties agree to negotiate in good faith any such amendments within 60 days of written notice. If the parties cannot reach agreement within that period, either party may terminate these Terms upon 30 days' written notice. For the avoidance of doubt, this Section applies only to legislation that is (a) enacted or promulgated by a governmental authority with jurisdiction over one or both parties, and (b) specifically requires amendments to the terms governing the provision or use of AI-powered services. Mere guidance, advisory opinions, or non-binding recommendations shall not trigger the obligations under this Section. During the negotiation period, both parties shall continue to perform their obligations under these Terms. Upon termination under this Section, the provisions of Section 9.4 shall apply.
13.8 Export Controls. You represent that You are not located in, under the control of, or a national or resident of any country subject to U.S. government embargo or designated as a terrorist-supporting country, and that You are not listed on any U.S. government list of prohibited or restricted parties. You will comply with all applicable export control and economic sanctions laws and regulations in connection with your use of the Service. You shall not, directly or indirectly, export, re-export, or transfer the Service, or any technical data or information obtained through the Service, to any country, entity, or person prohibited by such laws and regulations, including without limitation the U.S. Export Administration Regulations, the International Traffic in Arms Regulations, and sanctions programs administered by the Office of Foreign Assets Control (OFAC). Any violation of this Section shall constitute a material breach of these Terms.
13.9 Force Majeure. Neither party shall be liable for any failure or delay in performing its obligations under these Terms (other than payment obligations) to the extent such failure or delay results from circumstances beyond such party’s reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, epidemics, pandemics, power outages, telecommunications failures, or cyberattacks. The affected party shall provide prompt written notice to the other party and shall use commercially reasonable efforts to mitigate the effects of the force majeure event. If the force majeure event continues for more than sixty (60) consecutive days, either party may terminate these Terms upon written notice.
13.10 Waiver. The failure of either party to enforce any provision of these Terms shall not constitute a waiver of such party’s right to enforce such provision or any other provision in the future. Any waiver must be in writing and signed by the waiving party to be effective.
13.11 Independent Contractors. The parties are independent contractors. Nothing in these Terms shall be construed to create a partnership, joint venture, employment, or agency relationship between the parties. Neither party has any authority to bind or obligate the other party in any manner.
13.12 No Third-Party Beneficiaries. These Terms are for the sole benefit of the parties and their permitted assigns and do not confer any rights, benefits, or remedies on any third party, except that the indemnified persons identified in Section 12 are intended third-party beneficiaries of the applicable indemnification provisions.
13.13 Counterparts and Electronic Execution. To the extent these Terms are executed in connection with an Order Form, such Order Form may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument. Electronic signatures shall have the same legal effect as original signatures.
13.14 Changes to These Terms
InPolicy may update these Terms from time to time. We will notify You of material changes by posting an updated version with a new "Last updated" date. InPolicy will use commercially reasonable efforts to provide at least fifteen (15) days’ advance notice of material changes via email to the address associated with Your account. Continued use of the Service after changes are posted constitutes Your acceptance of the updated Terms. If You do not agree to any material changes, You must cease using the Service and terminate Your account prior to the effective date of such changes. Your sole remedy for objecting to any change to these Terms is to terminate these Terms in accordance with Section 9.2.
Notwithstanding the foregoing, InPolicy will not update these Terms in a way that:
- begins storing Content that is currently processed transiently and never written to persistent storage;
- uses Content or Customer Data to train any AI model; or
- transfers Customer Data or Content outside the United States,
without Your express written consent.
13.15 Government Users. If You are a U.S. government entity or if these Terms are being used in connection with a U.S. government contract, the Service constitutes "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. §12.212. Consistent with 48 C.F.R. §12.212 and 48 C.F.R. §§227.7202-1 through 227.7202-4, all U.S. government end users acquire the Service with only those rights set forth herein.
For questions: legal@inpolicy.ai