Terms of Service

1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "you," or "your") and Guardara AI, Inc. ("Guardara AI," "we," "us," or "our") governing your access to and use of the Guardara AI platform, website, and related services located at www.guardara.ai (collectively, the "Service").

By creating an account, subscribing to a plan, or otherwise accessing the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy, which is incorporated herein by reference. If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.

2. Description of Service

Guardara AI is a compliance automation platform designed for business-to-business (B2B) use. The Service provides the following capabilities:

• Multi-framework compliance management — Support for SOC 2, ISO 27001, NIST 800-53, and 24+ additional security and regulatory frameworks.
• AI-powered policy generation — Automated creation of audit-ready policy documents tailored to your organization using large language models.
• Evidence tracking — Collection, organization, and management of compliance evidence with file upload and approval workflows.
• Cloud integration scanning — Read-only compliance scanning of Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) accounts via OAuth 2.0 and IAM role assumption.
• Audit preparation — AI-powered Q&A assistant, change tracking, control-to-artifact mapping, and audit timeline management.
• Reporting and export — Compliance score dashboards, gap analysis, and exportable audit reports.

3. Account Registration and Security

To access the Service, you must create an account by providing accurate and complete registration information, including a valid work email address and password. You agree to:

• Provide truthful and current information during registration and keep it updated.
• Maintain the confidentiality of your account credentials and not share them with unauthorized individuals.
• Notify us immediately of any unauthorized access to or use of your account.
• Accept responsibility for all activities that occur under your account.

We reserve the right to suspend or terminate accounts that contain inaccurate information, violate these Terms, or are used for unauthorized purposes.

4. Subscription Plans and Payment

4.1 Plans and Pricing

The Service is offered through tiered subscription plans with the following AI token allocations:

Annual billing is available at a discounted rate. Additional token packs may be purchased as one-time top-ups when your monthly allocation is exhausted.

4.2 Billing and Renewal

Subscriptions are billed in advance on a monthly or annual basis through Stripe. Your subscription will automatically renew at the end of each billing period unless you cancel before the renewal date. You may manage your subscription, update payment methods, or cancel through the Settings page in your account or via the Stripe customer portal.

4.3 Refunds

Subscription fees are non-refundable except where required by applicable law. If you cancel your subscription, you will retain access to the Service through the end of your current billing period. Token top-up purchases are non-refundable once the tokens have been credited to your account.

4.4 Token Usage

AI tokens are consumed when you use AI-powered features such as policy generation, audit Q&A, compliance analysis, and cloud scanning. Token usage is tracked across three categories: LLM tokens (AI interactions), VM tokens (cloud scans and custom control execution), and third-party API tokens (external service calls). Unused tokens do not roll over between billing periods. We will notify you by email when you reach 80% of your monthly token allocation.

5. Acceptable Use

You agree to use the Service only for lawful purposes and in accordance with these Terms. You shall not:

• Use the Service to violate any applicable law, regulation, or third-party rights.
• Attempt to gain unauthorized access to any part of the Service, other users' accounts, or connected systems.
• Interfere with or disrupt the Service, servers, or networks connected to the Service.
• Reverse engineer, decompile, or disassemble any part of the Service.
• Use automated tools (bots, scrapers, crawlers) to access the Service without our prior written consent.
• Upload malicious content, malware, or any material that could harm the Service or other users.
• Resell, sublicense, or redistribute the Service or any output generated by the Service without our prior written consent.
• Use the Service to generate content that is fraudulent, misleading, or intended to deceive auditors or regulatory bodies.
• Provide cloud credentials that you are not authorized to use, or connect cloud accounts belonging to third parties without their explicit consent.

6. Cloud Integrations and Authorization

When you connect cloud accounts (AWS, Azure, or GCP) to the Service, you represent and warrant that:

• You have the authority to grant Guardara AI read-only access to the connected cloud accounts.
• The cloud accounts belong to your organization or you have explicit authorization from the account owner.
• You understand that Guardara AI will collect security and compliance metadata from your cloud resources in read-only mode.
• You can revoke access at any time through the Guardara AI dashboard or your cloud provider's console.

Guardara AI accesses your cloud accounts using the following methods:

• Google Cloud Platform — OAuth 2.0 authorization code flow via Google accounts. Scopes requested are limited to read-only access for compliance scanning.
• Microsoft Azure — OAuth 2.0 authorization code flow via Microsoft Entra ID (formerly Azure AD).
• Amazon Web Services — Cross-account IAM role assumption using CloudFormation-deployed roles with unique external IDs.

7. Intellectual Property

7.1 Our Intellectual Property

The Service, including its design, code, algorithms, AI models, documentation, trademarks, and all related intellectual property, is owned by Guardara AI, Inc. and is protected by copyright, trademark, and other intellectual property laws. These Terms do not grant you any right, title, or interest in the Service except for the limited right to use the Service as described herein.

7.2 Your Content

You retain all ownership rights to the content you upload, create, or generate through the Service, including policy documents, evidence files, and compliance data ("Your Content"). By using the Service, you grant Guardara AI a limited, non-exclusive license to process, store, and display Your Content solely for the purpose of providing the Service to you.

7.3 AI-Generated Content

Policy documents and other content generated by the AI features of the Service are provided as drafts and starting points. You are solely responsible for reviewing, editing, and approving all AI-generated content before using it for compliance purposes. Guardara AI does not guarantee that AI-generated content is accurate, complete, or suitable for any particular regulatory requirement.

8. Disclaimers

Without limiting the foregoing:

• Not legal or audit advice — The Service is a compliance management tool and does not constitute legal, accounting, or professional audit advice. You should consult qualified professionals for specific compliance requirements.
• No guarantee of compliance — Using the Service does not guarantee that your organization will pass any audit or achieve any certification. Compliance outcomes depend on many factors beyond the scope of the Service.
• AI limitations — AI-generated content may contain errors, inaccuracies, or omissions. All AI output should be reviewed by qualified personnel before use.
• Cloud scanning limitations — Compliance findings from cloud scans are based on the data available at the time of the scan and may not reflect real-time changes to your cloud environment.

9. Limitation of Liability

10. Indemnification

You agree to indemnify, defend, and hold harmless Guardara AI and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your use of the Service; (b) your violation of these Terms; (c) your violation of any third-party rights, including intellectual property rights; or (d) any content you upload or generate through the Service.

11. Termination

You may terminate your account at any time by canceling your subscription and contacting us to request account deletion. We may terminate or suspend your access to the Service immediately, without prior notice, if you breach these Terms or engage in conduct that we determine, in our sole discretion, is harmful to the Service, other users, or third parties.

Upon termination: (a) your right to use the Service will immediately cease; (b) we will delete your account data within 30 days, subject to our data retention obligations; and (c) any outstanding payment obligations will survive termination.

12. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any dispute arising out of or relating to these Terms or the Service shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, except that either party may seek injunctive or equitable relief in any court of competent jurisdiction.

You agree that any arbitration shall be conducted on an individual basis and not as a class action or representative proceeding. The arbitration shall take place in Wilmington, Delaware, or at another mutually agreed location.

13. Modifications to Terms

We reserve the right to modify these Terms at any time. We will provide notice of material changes by posting the updated Terms on this page and updating the "Last updated" date. For significant changes, we will also notify you by email. Your continued use of the Service after any modifications constitutes acceptance of the updated Terms. If you do not agree to the modified Terms, you must stop using the Service and cancel your subscription.

14. Miscellaneous

• Entire Agreement — These Terms, together with the Privacy Policy, constitute the entire agreement between you and Guardara AI regarding the Service and supersede all prior agreements and understandings.
• Severability — If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.
• Waiver — Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision.
• Assignment — You may not assign or transfer these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets.
• Force Majeure — We shall not be liable for any failure or delay in performing our obligations due to circumstances beyond our reasonable control, including natural disasters, acts of government, internet outages, or third-party service failures.

15. Contact Information

If you have any questions about these Terms of Service, please contact us: