Terms of Service

These Terms of Service ("Terms") constitute a legally binding contract executed by and between InsureAudit, Inc. ("InsureAudit", "We", "Us", or "Our") and the legal entity or cybersecurity practice initializing an active workspace subscription ("Firm", "vCISO", "User", or "You"). By establishing an account, deploying an evidence workspace, or utilizing any component of our automated harvesting infrastructure, you unconditionally accept and agree to be bound by these Terms.

1. Scope of Service and Automated Architecture

InsureAudit provides a multi-tenant, cloud-based platform engineered to automate the collection, aggregation, verification tracking, and cryptographic hashing of cybersecurity compliance data (the "Service").

• The Service is designed strictly as an administrative efficiency tool for qualified risk professionals and vCISOs.
• InsureAudit does not perform independent clinical cybersecurity validations, nor do we issue formal legal opinions or absolute compliance certifications.
• Final professional review, evaluation, and verification of all generated report metrics remain the sole responsibility of the User.

2. Global Reseller and Merchant of Record Framework

To maintain seamless international billing operations, global sales tax administration, and compliance management, InsureAudit utilizes a managed Merchant of Record (MoR) architecture powered by Paddle and Stripe. By initiating a paid subscription, you explicitly acknowledge and agree that the MoR acts as the direct legal reseller of the software access tokens. Consequently, all transaction mechanics, invoicing parameters, and chargeback protocols are governed directly by these Terms in conjunction with the Paddle Buyer Terms and the companion Stripe Billing Services Agreement. All payment disputes or account billing adjustments must be addressed via our designated MoR billing pipeline.

3. Multi-Tenant Operational Parameters & Subscription Tiers

• Account Integration: Subscriptions are billed in advance on a recurring monthly or annual basis based on the operational tier selected within your vCISO cockpit.
• Workspace Isolation: Access rights are strictly bound via database Row-Level Security (RLS) policies pinned to your unique authenticated session token. Users are strictly prohibited from attempting to bypass, test, scan, or intersect data arrays belonging to alternative system tenants.
• Overages and Account Capacity: Account limits regarding active client directories and automated evidence request volumes are calculated dynamically. Any system overages will be explicitly tracked and displayed transparently in your billing portal prior to processing.

4. Evidence Integrity and Mutual Indemnification

• Data Ownership: The User retains all standard rights, titles, and legal interests in the structural files, metadata, configurations, and evidence artifacts routed through our platform.
• The Authenticity Mandate: You warrant that all documentation uploaded to the secure client portals (/portal/:clientId)—whether initiated directly by your team or asynchronously by your end-user SMB clients—reflects true, unaltered production postures.
• Hold Harmless Protection: The User agrees to defend, indemnify, and hold completely harmless InsureAudit, Inc., its software engineers, and its financial partners from any third-party claims, underwriter disputes, insurance fraud investigations, or legal actions resulting from falsified, manipulated, or inaccurate data artifacts introduced into the system.

5. Explicit Underwriting and Liability Disclaimers

• NO ASSURANCE OF COVERAGE: INSUREAUDIT IS NOT AN INSURANCE UNDERWRITER, REGULATORY AUDITOR, OR LEGAL COUNSEL. THE EXPORTED PACKETS AND CRYPTOGRAPHIC VALIDATION SCHEMAS ARE ADMINISTRATIVE VERIFICATION AIDS ONLY. WE PROVIDE ABSOLUTELY NO GUARANTEE, WARRANTY, OR ASSURANCE THAT ANY COMMERCIAL CARRIER WILL APPROVE, ISSUE, RENEW, OR REIMBURSE A CYBER INSURANCE POLICY BASED ON THE PLATFORM'S METRICS.
• "AS IS" WARRANTY EXCLUSION: THE SERVICE IS OPERATED ON AN "AS IS" AND "AS AVAILABLE" BASELINE WITHOUT WARRANTIES OF ANY KIND, EXPRESSED OR IMPLIED.
• LIMITATION OF CONSEQUENTIAL DAMAGES: TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL INSUREAUDIT, INC. BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF BUSINESS PROFITS, EXPOSURE TO RANSOMWARE BREACHES, DATA EXFILTRATION EXPENSES, OR CYBER INSURANCE POLICY CORRECTION LOSSES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Our maximum aggregate liability shall never exceed the absolute cash fees paid by you to the Service over the twelve (12) months immediately preceding the event.

6. Governing Law & Dispute Resolution

These Terms, along with all operational infrastructure relations, shall be governed by and interpreted under the strict laws of the State of Delaware, USA, completely excluding any conflict-of-laws principles. Any formal legal action, dispute, or lawsuit arising out of this platform architecture must be filed exclusively within the state or federal courts located in Wilmington, Delaware.

7. Operational Contact Desk

All formal inquiries regarding these system constraints, compliance policies, or legal interpretations must be directed via our secure support form.