Terms of Service

These Terms of Service (“Terms”) are a binding agreement between Briefcase AI(“Briefcase AI,” “we,” “us,” or “our”) and the person or entity that accesses or uses the Briefcase AI Scan software-as-a-service offering, including the web application at seetheblindspot.com, the API at api.seetheblindspot.com, the scanners, command-line utilities, documentation, and any related materials (collectively, the “Service”). By clicking a button or checking a box indicating acceptance, by signing an order form referencing these Terms, by paying us for the Service, or by otherwise accessing or using the Service, you (“Customer,” “you”) agree to these Terms on behalf of yourself and the organization you represent. If you do not have authority to bind that organization, or you do not accept these Terms in full, you must not access or use the Service.

These Terms include and incorporate by reference the Privacy Policy, the Acceptable Use Policy, the Data Processing Addendum, and, where executed, the Business Associate Agreement, each as amended from time to time.

1. Definitions

• “Authorized User” means an individual whom Customer authorizes to use the Service under Customer’s account.
• “Customer Data” means data, scan targets, configurations, artifacts, findings, and other content submitted by Customer or its Authorized Users to, or generated within, the Service.
• “Documentation” means the user-facing and developer-facing documentation Briefcase AI makes generally available with the Service.
• “Order” means an online plan selection, ordering page, or written order form referencing these Terms.
• “Subscription Term” means the period for which Customer has purchased the Service, as set forth in the Order.

2. The Service

Subject to Customer’s continuous compliance with these Terms and timely payment of fees, Briefcase AI grants Customer a worldwide, non-exclusive, non-transferable, non-sublicensable, revocable right to access and use the Service and Documentation during the Subscription Term solely for Customer’s own internal business purposes. The license excludes any use that violates Section 5 or the Acceptable Use Policy.

Briefcase AI may update, enhance, or change features of the Service from time to time and may discontinue features that are not part of the contracted core functionality. Briefcase AI will not materially degrade the core functionality of the Service during a paid Subscription Term.

3. Accounts and Authorized Users

Customer must be at least eighteen (18) years old and capable of forming a binding contract. Customer is responsible for (a) maintaining the confidentiality of credentials, (b) keeping account information accurate, (c) all activities that occur under the account, and (d) promptly notifying us at support@briefcaseai.org of any unauthorized access or suspected compromise. Customer is responsible for the acts and omissions of Authorized Users as if they were Customer’s own. Account sharing, sale, or transfer is prohibited. Briefcase AI may require multi-factor authentication for high-risk actions and may deny access where signals indicate material risk.

4. Plans, Fees, Auto-Renewal, and Taxes

Fees are stated in U.S. dollars on the pricing page or in the Order and are non-cancelable and non-refundable except as expressly stated below or required by applicable law. Fixed subscription fees are billed in advance for each billing cycle. Metered or overage charges (including additional scans, additional surfaces, or additional storage) are billed in arrears based on Briefcase AI’s metering records, which are deemed accurate absent manifest error.

Unless cancelled at least thirty (30) days before the end of the then-current Subscription Term, the subscription automatically renews for a successive term equal in length to the prior term at the then-current list price. Cancellation takes effect at the end of the current term; cancellation does not entitle Customer to a refund for the current term.

Late payments accrue interest at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by law, plus reasonable costs of collection (including attorneys’ fees). Briefcase AI may suspend the Service if any undisputed amount is more than ten (10) days past due. Fees do not include any taxes, levies, or duties of any nature, and Customer is responsible for all such amounts (other than taxes on Briefcase AI’s net income). Where required, Briefcase AI will collect applicable U.S. sales tax and remit it to the relevant jurisdiction.

Payment processing is provided by Stripe, Inc. Customer authorizes Briefcase AI and Stripe to charge the designated payment method for all fees, including renewals, overages, and applicable taxes. Customer’s use of Stripe is governed by Stripe’s terms; Briefcase AI is not responsible for the acts or omissions of Stripe.

5. Customer Data and Customer Warranties

As between the parties, Customer owns Customer Data. Customer grants Briefcase AI a worldwide, royalty-free, non-exclusive license to host, copy, transmit, display, modify, process, and otherwise use Customer Data solely (i) to provide, secure, and improve the Service, (ii) to comply with applicable law and valid legal process, and (iii) to enforce these Terms. Briefcase AI may create and retain aggregated, de-identified, statistical, anonymized, or synthetic data derived from the operation of the Service for any lawful purpose, provided that such data does not identify Customer, an Authorized User, or any individual.

Customer represents, warrants, and covenants that:

1. it has all rights, licenses, consents, and authority necessary to submit Customer Data to the Service and to authorize Briefcase AI to process Customer Data as set forth in these Terms;
2. Customer Data and Customer’s use of the Service do not and will not (a) violate any law, regulation, court order, or contract, (b) infringe or misappropriate any third party’s intellectual property, privacy, publicity, or contractual rights, (c) contain malicious code, or (d) cause Briefcase AI or any subprocessor to breach an obligation owed to a third party;
3. Customer has scanned only surfaces it owns or is authorized in writing to scan, and Customer will produce evidence of such authorization within five (5) business days upon Briefcase AI’s reasonable request; and
4. Customer will not submit protected health information, payment card data, financial account credentials, or government-issued identification numbers to the Service unless Customer is operating in a deployment governed by a countersigned Business Associate Agreement (for PHI) or has otherwise obtained Briefcase AI’s prior written consent.

6. Acceptable Use

Customer’s use of the Service is subject to the Acceptable Use Policy, the violation of which is a material breach of these Terms. Without limiting that policy, Customer will not, and will not permit any third party to:

• scan, probe, test, or attack any system Customer does not own or is not authorized in writing to scan;
• attempt to gain unauthorized access to any part of the Service, to other Customers’ data, or to non-public Briefcase AI systems;
• reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code or underlying ideas of the Service, except to the extent expressly permitted by mandatory law;
• remove, obscure, or alter any proprietary or trademark notice;
• circumvent, disable, or interfere with any security feature, attestation gate, rate limit, or content filter of the Service;
• use the Service to develop, train, or improve a competing product or service or to benchmark for the purpose of competitive disclosure;
• resell, sublicense, white-label, or otherwise commercially exploit the Service without Briefcase AI’s prior written consent.

7. Attestations

Scans against well-known production AI surfaces require an on-screen attestation in which the signing user (i) confirms authority to scan the surface, (ii) commits not to use the scan for denial-of-service, harassment, vulnerability research without permission, or any malicious purpose, and (iii) accepts responsibility for third-party terms-of-service implications. Each attestation is a binding representation by Customer for the entire organization. Customer agrees to defend, indemnify, and hold harmless Briefcase AI against any claim arising from a scan authorized by an attestation, including third-party claims alleging breach of terms of service, unauthorized access, or intellectual-property infringement. Attestations expire after thirty (30) days and may be revoked by an administrator at any time.

8. Intellectual Property

Briefcase AI and its licensors retain all right, title, and interest in and to the Service, the Documentation, all detectors, rules, models, software, scoring methodology, algorithms, user interfaces, design elements, trademarks, service marks, trade dress, logos, and the underlying technology, including all derivative works and any feedback or suggestions provided by Customer (which Customer hereby assigns to Briefcase AI to the extent of any rights Customer would otherwise have). No license is granted by implication, estoppel, or otherwise. The Briefcase AI and Briefcase AI Scan word marks, logos, and trade dress are the trademarks of Briefcase AI and may not be used without prior written consent.

9. Third-Party Services

The Service may interoperate with third-party services, including identity providers, payment processors, cloud storage, AI APIs, analytics platforms, and communications services. Customer’s use of any third-party service is governed by the third party’s terms, not these Terms. Briefcase AI is not responsible for, and disclaims all liability arising out of, the availability, accuracy, content, products, services, security, or privacy practices of any third-party service.

10. Confidentiality

Each party may receive non-public, confidential, or proprietary information of the other (“Confidential Information”), including Customer Data, the Service’s non-public functionality, detection rules, pricing, and roadmap. The receiving party will (i) use Confidential Information only to exercise rights and perform obligations under these Terms, (ii) protect Confidential Information with at least the same degree of care it uses for its own Confidential Information of similar importance, and in no event less than reasonable care, and (iii) limit access to those who have a need to know and are bound by written confidentiality obligations no less protective than those in this Section. Confidential Information does not include information that, as evidenced by written records, is or becomes public through no fault of the receiver, was rightfully known to the receiver without confidentiality obligation prior to disclosure, is rightfully received from a third party without confidentiality obligation, or is independently developed without use of or reference to the discloser’s Confidential Information. The obligations in this Section survive termination for three (3) years; trade secrets are protected for as long as they qualify as trade secrets under applicable law.

11. Privacy and Data Protection

Briefcase AI processes personal data in accordance with the Privacy Policy. Where required by GDPR, UK GDPR, the California Consumer Privacy Act / Privacy Rights Act, or substantively similar law, the parties’ Data Processing Addendum is incorporated into these Terms. For HIPAA-regulated deployments, the Business Associate Agreement governs the handling of PHI and is incorporated into these Terms with respect to HIPAA-regulated processing.

12. Availability and Support

Briefcase AI uses commercially reasonable efforts to make the Service available. Briefcase AI does not offer a contractual service-level commitment for non-enterprise plans; service-level commitments, if any, are stated only in an executed Order or service-level addendum and apply only to the extent so stated. Planned maintenance windows and emergency maintenance may affect availability. Briefcase AI is not liable for unavailability caused by factors outside its reasonable control, including force majeure events and acts or omissions of third-party subprocessors.

13. Disclaimer of Warranties

THE SERVICE AND DOCUMENTATION ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, BRIEFCASE AI AND ITS LICENSORS DISCLAIM ALL EXPRESS, IMPLIED, AND STATUTORY WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. WITHOUT LIMITING THE FOREGOING, BRIEFCASE AI DOES NOT WARRANT THAT (A) THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE FROM HARMFUL CODE; (B) FINDINGS, SCORES, DETECTORS, OR REPORTS WILL BE ACCURATE, COMPLETE, TIMELY, OR APPROPRIATE FOR ANY USE; (C) THE SERVICE WILL IDENTIFY ALL TRACKERS, VULNERABILITIES, OR INSTANCES OF NON-COMPLIANCE; OR (D) THE SERVICE WILL MEET CUSTOMER’S REQUIREMENTS. CUSTOMER IS SOLELY RESPONSIBLE FOR DETERMINING WHETHER, AND TO WHAT EXTENT, TO RELY ON THE SERVICE. CUSTOMER’S USE OF THE SERVICE IS AT CUSTOMER’S OWN RISK.

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL BRIEFCASE AI OR ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY (A) INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES; (B) LOSS OF PROFITS, REVENUE, GOODWILL, REPUTATION, BUSINESS, OR ANTICIPATED SAVINGS; OR (C) LOSS, CORRUPTION, OR UNAUTHORIZED DISCLOSURE OF DATA, EVEN IF ADVISED OF THE POSSIBILITY AND EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

EXCEPT FOR THE EXCLUDED CLAIMS BELOW, EACH PARTY’S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, STATUTE, OR ANY OTHER THEORY, WILL NOT EXCEED THE GREATER OF (i) THE FEES PAID BY CUSTOMER TO BRIEFCASE AI UNDER THESE TERMS DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR (ii) ONE HUNDRED U.S. DOLLARS (USD $100). The parties acknowledge that the fees reflect the allocation of risk in these Terms and that the foregoing limitations are an essential element of the bargain.

Excluded Claims. The liability cap in the preceding paragraph does not apply to (a) Customer’s payment obligations; (b) Customer’s indemnification obligations under Section 15; (c) violations of Section 5 (Customer Data and warranties), Section 6 (Acceptable Use), Section 7 (Attestations), Section 8 (Intellectual Property), or Section 10 (Confidentiality); or (d) liability that cannot be limited under applicable law, including liability for gross negligence, willful misconduct, or fraud.

15. Indemnification

By Customer. Customer will defend, indemnify, and hold harmless Briefcase AI, its affiliates, and their respective officers, directors, employees, agents, contractors, successors, and assigns from and against any and all third-party claims, demands, actions, losses, damages, fines, penalties, judgments, settlements, costs, and expenses (including reasonable attorneys’ fees and expert fees) arising out of or related to (i) Customer Data, including allegations of privacy violation, breach of contract, or intellectual-property infringement; (ii) Customer’s use of the Service in violation of these Terms, the Acceptable Use Policy, or applicable law; (iii) any scan Customer authorizes, including any attestation Customer signs, and any claim by an operator of a scanned surface; (iv) Customer’s breach of Section 5; (v) Customer’s gross negligence, willful misconduct, or fraud; or (vi) the acts or omissions of Customer’s Authorized Users.

By Briefcase AI. Briefcase AI will defend Customer against any third-party claim alleging that the Service, as provided by Briefcase AI and used by Customer in accordance with these Terms, directly infringes a U.S. intellectual-property right of the third party, and will pay any damages or settlement amounts approved in writing by Briefcase AI. Briefcase AI has no obligation for any claim arising from (a) Customer Data; (b) Customer’s combination of the Service with anything not provided by Briefcase AI; (c) modifications to the Service by anyone other than Briefcase AI; (d) Customer’s use of a non-current version of the Service after Briefcase AI has made a non-infringing version available; or (e) Customer’s use in violation of these Terms. If the Service becomes the subject of an infringement claim, Briefcase AI may, at its option, (i) procure for Customer the right to continue using the Service, (ii) modify the Service to be non-infringing while substantially preserving its functionality, or (iii) terminate the affected portion of the Service and refund the prorated portion of prepaid fees. This Section states Briefcase AI’s sole and exclusive liability, and Customer’s sole and exclusive remedy, for any allegation of infringement.

Procedure. The indemnified party will (a) promptly notify the indemnifying party of the claim, (b) tender control of the defense and settlement to the indemnifying party (provided that no settlement requiring admission of liability or imposing obligations on the indemnified party may be entered without the indemnified party’s prior written consent), and (c) reasonably cooperate at the indemnifying party’s expense.

16. Term, Suspension, and Termination

These Terms apply for so long as Customer has an active account or Subscription Term. Either party may terminate for material breach if the other party fails to cure the breach within thirty (30) days after written notice describing the breach. Briefcase AI may suspend Customer’s access immediately, without prior notice, if Briefcase AI reasonably believes that (a) Customer has materially violated the Acceptable Use Policy, (b) Customer’s use poses a security, legal, or operational risk to Briefcase AI or others, (c) any payment obligation is past due, or (d) suspension is required by law or legal process.

Upon termination or expiration, Customer’s right to access the Service ceases, and Customer will pay all amounts accrued. Briefcase AI will make Customer Data available for export in a machine-readable format for thirty (30) days after termination, after which Briefcase AI may delete or anonymize Customer Data, except as needed for archival backups, legal hold, or compliance.

The following Sections survive termination: 1, 4 (with respect to accrued obligations), 5 (with respect to the data-use license to enforce these Terms and comply with law), 8, 10, 13, 14, 15, 16, 17, and 18.

17. Governing Law and Dispute Resolution

These Terms are governed by the laws of the State of Delaware, without regard to its conflict-of-laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

17.1 Informal resolution. The parties will attempt in good faith to resolve any dispute by written notice to the other party at the contact addresses set forth in Section 18, followed by reasonable negotiation for at least sixty (60) days before initiating any binding proceeding.

17.2 Binding arbitration. Any dispute, controversy, or claim arising out of or relating to these Terms, the Service, or the parties’ relationship that is not resolved through informal resolution will be finally resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, before a single arbitrator selected in accordance with those rules. The seat of arbitration is Wilmington, Delaware, and the proceedings will be conducted in English. The arbitrator may award any relief that a court of competent jurisdiction could award, including injunctive relief on an individual basis. Judgment on the award may be entered in any court of competent jurisdiction.

17.3 Class-action waiver. EACH PARTY WAIVES ANY RIGHT TO A JURY TRIAL AND ANY RIGHT TO ASSERT CLAIMS AS A REPRESENTATIVE OR MEMBER OF A CLASS OR ON A CONSOLIDATED OR REPRESENTATIVE BASIS. DISPUTES WILL BE BROUGHT ONLY ON AN INDIVIDUAL BASIS. If a court of competent jurisdiction finds this class-action waiver unenforceable as to a particular claim, that claim will be severed and adjudicated in court; all other claims remain subject to arbitration.

17.4 Mass-arbitration protocol. If twenty-five (25) or more substantially similar arbitration demands are filed against Briefcase AI by or with the assistance of the same law firm or coordinated group within a sixty (60)-day window, the demands will be administered as a single coordinated batch. Each side will select up to ten (10) bellwether cases to be heard first; the remaining cases will be stayed pending resolution of the bellwethers. The parties will meet and confer in good faith about applying the bellwether outcomes to remaining cases. Filing fees, administrative fees, and arbitrator compensation will be allocated as set forth in the AAA rules applicable to mass arbitrations.

17.5 Carve-outs. Notwithstanding the arbitration agreement, either party may (a) seek injunctive or equitable relief in a court of competent jurisdiction to prevent the infringement or misuse of its intellectual property, Confidential Information, or to enforce Section 5 or 6; (b) bring an individual claim in a small-claims court of competent jurisdiction if the claim qualifies; and (c) participate in collection actions for unpaid fees.

17.6 Opt-out. Customer may opt out of the arbitration agreement and class-action waiver by sending written notice to support@briefcaseai.org within thirty (30) days after first accepting these Terms.

18. General

• Notices. Briefcase AI may give notice by posting in the Service, by email to the administrator address on file, or by other reasonable means. Customer notices to Briefcase AI must be sent to support@briefcaseai.org with a copy by certified mail to Briefcase AI’s registered agent in the State of Delaware.
• Force majeure. Neither party is liable for failure or delay caused by events outside its reasonable control, including acts of God, war, terrorism, civil unrest, labor disputes, governmental action, embargoes, internet or telecommunications failures, supply-chain disruption, pandemics, or material outages of a subprocessor. The affected party will resume performance as soon as commercially practicable.
• Assignment. Customer may not assign these Terms or any rights under them, by operation of law or otherwise, without Briefcase AI’s prior written consent. Briefcase AI may assign these Terms without consent in connection with a merger, acquisition, reorganization, financing, or sale of all or substantially all of its assets.
• No waiver. A party’s failure to enforce any right is not a waiver of that right.
• Severability. If a provision is held unenforceable, the remaining provisions remain in full force, and the unenforceable provision will be reformed to the minimum extent necessary to make it enforceable while preserving the original intent.
• No agency. The parties are independent contractors; no agency, partnership, joint venture, franchise, or employment relationship is created. Neither party may bind the other.
• Government users. The Service is “commercial computer software” within the meaning of FAR 12.212 and DFARS 227.7202 and is provided to U.S. government end users with only the rights granted to commercial end users in these Terms.
• Export and sanctions. Customer represents that it is not located in, and will not access the Service from, a U.S.-embargoed country, and that it is not listed on any U.S. or applicable foreign sanctions or denied-persons list. Customer will comply with U.S. and applicable foreign export control, sanctions, and anti-corruption laws, including the U.S. Foreign Corrupt Practices Act and the UK Bribery Act.
• Publicity. Briefcase AI may identify Customer by name and logo as a customer on its website and in marketing materials; Customer may revoke this permission at any time by written notice, effective on a going-forward basis.
• Anti-circumvention. Customer will not probe, scan, test, breach, or circumvent any security or authentication measure of the Service, except under an authorized security-research engagement with Briefcase AI.
• DMCA. Notices of alleged copyright infringement should be sent to the designated agent at support@briefcaseai.org. Repeat infringers will have their accounts terminated.
• Modifications. Briefcase AI may modify these Terms by posting an updated version and updating the effective date. Material changes will be communicated by email to administrators and/or in-product notice at least thirty (30) days before the change becomes effective, except where shorter notice is required by law, regulation, or an active security incident. Continued use after the effective date constitutes acceptance.
• Order of precedence. In the event of conflict among documents, the order of precedence is (1) a fully executed Order or addendum (including the Business Associate Agreement, where applicable), (2) the Data Processing Addendum, (3) these Terms, and (4) the Acceptable Use Policy and Privacy Policy.
• Entire agreement. These Terms, together with the Privacy Policy, the Acceptable Use Policy, any executed Order, Data Processing Addendum, and Business Associate Agreement, constitute the entire agreement between the parties and supersede all prior agreements, representations, and understandings concerning the subject matter.