Terms of Service

This Agreement consists of these Terms of Service and the Common Paper Cloud Service Agreement Standard Terms Version 1.1, which is incorporated by reference. If there is any inconsistency, these Terms will control. Capitalized words have the meanings given on this page or in the Standard Terms.

eesel AI is an AI teammate platform that lets you build and deploy AI agents trained on your company's knowledge. These agents can answer questions, write content, triage and respond to support tickets, and perform actions across your connected apps — including helpdesks, communication tools, knowledge bases, CRMs, and more.

Provider will use commercially reasonable efforts to provide and maintain the Cloud Service without excessive errors and interruptions. If Provider does not meet the SLA in two consecutive months or over three months in any 12-month period, then Customer may, as its only remedy, terminate the subscription upon notice and receive a prorated refund of prepaid fees for the remainder of the billing period.

Provider Covered Claims: Any action, proceeding, or claim that the Cloud Service, when used by Customer according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon anyone else's intellectual property or other proprietary rights.

Customer Covered Claims: Any action, proceeding, or claim that (1) the Customer Content, when used according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon anyone else's intellectual property or other proprietary rights; or (2) results from Customer's breach or alleged breach of Section 2.1 (Restrictions on Customer).

1.0 times the fees paid or payable by Customer to Provider in the 12 month period immediately preceding the claim.

By Provider:

1. Security Measures: Provider warrants it will implement, maintain, and comply with any technical and/or organizational measures required to ensure the security and confidentiality of the Customer's information, as outlined in the Security Policy below.
2. Deliverables free of malicious code: Provider warrants that Deliverables do not contain, and Provider will not insert into any Deliverable, any lock, dongle, clock, timer, counter, hardware key, copy protection feature, replication device, virus, or worm that may (a) lock, disable, or erase any Deliverable or data, (b) limit or prevent full use or copying of Deliverables, (c) harm or interfere with Company's servers or hardware, or (d) require action by Provider to allow use of the Deliverables.

For Provider: 651 N Broad St, Middletown, Delaware 19709, United States of America

For Customer: The main email address on Customer's account

Except as expressly permitted by this Agreement, Customer will not (and will not allow anyone else to):

• Reverse engineer, decompile, or attempt to discover any source code or underlying algorithms of the Product (except to the extent applicable laws prohibit this restriction).
• Provide, sell, transfer, sublicense, lend, distribute, rent, or otherwise allow others to access or use the Product.
• Remove any proprietary notices or labels.
• Copy, modify, or create derivative works of the Product.
• Conduct security or vulnerability tests on, interfere with the operation of, cause performance degradation of, or circumvent access restrictions of the Product.
• Access accounts, information, data, or portions of the Product to which Customer does not have explicit authorization.
• Use the Product to develop a competing service or product.
• Use the Product with any high-risk activities (where failure could lead to death, bodily injury, or environmental damage) or activity prohibited by applicable laws.
• Use the Product to obtain unauthorized access to anyone else's networks or equipment.
• Upload or submit any Customer Content to which Customer and its users do not have the proper rights.

Customer will not submit the following categories of data to the Product unless explicitly authorized in writing:

• Patient, medical, or other protected health information regulated by HIPAA.
• Credit, debit, bank account, or other financial account numbers.
• Social security numbers, driver's license numbers, or other government-issued ID numbers.
• Special categories of data as defined in Article 9 of the GDPR.
• Other similar categories of sensitive information as defined by applicable data protection laws.

Provider may temporarily suspend Customer's access to the Product if Customer (a) has an outstanding, undisputed balance for more than 30 days after the payment period; (b) breaches the restrictions above; or (c) uses the Product in a way that materially and negatively impacts the Product or others. Provider will try to inform Customer before suspending access when practical, and will reinstate access once the underlying issue is resolved.

Subscriptions automatically renew at the end of each billing period unless Customer cancels before the renewal date. Customer may cancel at any time through their account settings or by contacting Provider.

Either party may terminate this Agreement if the other party:

• Fails to cure a material breach within 30 days after receiving notice.
• Materially breaches the Agreement in a manner that cannot be cured.
• Dissolves or stops conducting business without a successor.
• Makes an assignment for the benefit of creditors.
• Becomes the debtor in insolvency, receivership, or bankruptcy proceedings that continue for more than 60 days.

Upon expiration or termination:

• Customer will no longer have any right to use the Product.
• Upon Customer's request, Provider will delete Customer Content within 60 days.
• Each party will return or destroy the other party's confidential information.

Each party's total cumulative liability for all claims arising out of or relating to this Agreement will not exceed the General Cap Amount (1.0 times the fees paid or payable by Customer to Provider in the 12-month period immediately preceding the claim).

Under no circumstances will either party be liable to the other for lost profits or revenues, or for consequential, special, indirect, exemplary, punitive, or incidental damages relating to this Agreement, even if the party is informed of the possibility of such damages in advance.

The liability cap and damages waiver do not apply to: (a) a party's indemnification obligations for Covered Claims; (b) a party's breach of confidentiality obligations; or (c) either party's willful misconduct.

Provider will use commercially reasonable efforts to secure the Cloud Service from unauthorized access, alteration, or use and other unlawful tampering.

• Information Security Management System: eesel Inc maintains a comprehensive Information Security Management System (ISMS) with stringent controls including policies, processes, software, and hardware functions that are monitored, reviewed, and improved to meet security and business objectives.
• Human Resource Security: Pre-employment screening per local laws, confidentiality clauses in employee and vendor contracts, disciplinary processes for non-compliance, and immediate access revocation upon termination of employment.
• Asset Management & Data Security: Information assets are identified and inventoried, classified per an Information Classification & Data Management Policy, and stored in SOC2 Type II certified data centers. Customer data is segregated using unique identifiers with proper data isolation on multi-tenant environments. Data retention policies align with GDPR and the Data Protection Act, and media is destroyed per NIST or similar standards.
• Access Control: Role-Based Access Control (RBAC) on a need-to-know basis, separation of duties, least privilege principles, privileged access via separate elevated accounts, periodic access rights reviews, strong password policies, multifactor authentication (MFA) on all accounts, and SSO enforcement where possible.
• Cryptography: AES 256-bit encryption or higher for data at rest, TLS 1.2+ for data in transit, authentication on all public API endpoints and buckets, and all backups encrypted at rest.
• Operations Security: Controlled and documented production changes, malware detection and prevention on all endpoints and servers, comprehensive patch management with monthly or more frequent updates, a technical vulnerability management program with internal/external infrastructure scans, SAC/DAST scans, configuration tests, and annual penetration testing by accredited independent testers.
• Logging, Monitoring & Incident Management: Event logging of user activities, exceptions, faults, and audit trails retained for at least 1 year and protected from tampering. Security incident response and mitigation with proper root cause analysis, and breach notification within 72 hours.
• Communication & Network Security: Network segmentation, firewalls, access management, logging and monitoring, dedicated VPCs and Security Groups for environment segregation (Prod, Dev, Staging), and WAF and DDoS protections on production environments.
• Physical Security: Manned reception, CCTV at building access points, restricted entry to authorized individuals, supervised visitors with maintained visitor logs for offices, server rooms, and data centers.
• Software Development: Secure Software Development Lifecycle (S-SDLC) policy following OWASP, NIST, or similar best practices, ongoing code review using SAST, DAST, and other methodologies covering open source, IaC, and others.
• Supplier Relationships: Due diligence on all direct suppliers covering Information Security, Data Protection, Business Continuity, with annual reviews, approved certifications, independent audit reports, and independent penetration tests. Suppliers are subject to confidentiality, security, and right to audit clauses.
• Business Continuity & Disaster Recovery: Annually reviewed and exercised business continuity plans, annual Business Impact Analysis, secure and independent backups, minimum RTO of 4 hours and RPO of 24 hours, with periodic backup testing.
• Information Security Risk: A security risk management program covering identification and assessment of risks from periodic activities and planned/unplanned changes, with risks prioritized, treated/accepted, and approved in a timely manner.

Provider will maintain annually updated reports or annual certifications of compliance with the following: Penetration Testing and SOC 2 Type II (in progress — view our Trust Center for current status).

View our Trust Center for current status.

Provider maintains commercial general liability, professional liability (errors and omissions), and cyber liability insurance coverage. Details of insurance minimums are available upon request for Enterprise customers.

The following Data Processing Agreement is incorporated into this Agreement. The DPA is based on the Common Paper DPA Standard Terms Version 1.0 and covers the processing of Customer Personal Data in accordance with applicable data protection laws, including GDPR and CCPA.

To the extent the CCPA applies, Provider is a service provider receiving Personal Data from Customer to provide the Service for a limited and specified business purpose. Provider will not sell or share any Personal Data provided by Customer.

For additional details on data collection, international transfers, and data subject rights, see our Privacy Policy.

The following sub-processors are authorized to process Customer Personal Data.

We support EU data residency for Amazon Web Services and Pinecone upon request. Contact hi@eesel.app for details.