← Back to home

Terms of Service

Privacy Automated LLC

Last updated: May 23, 2026

These Terms of Service (the "Terms" or "Agreement") are a binding contract between Privacy Automated LLC, a Florida limited liability company ("Privacy Automated," "we," "us," or "our"), and the entity or person agreeing to these Terms ("Customer," "you," or "your"). These Terms govern your access to and use of the Privacy Automated software-as-a-service platform available at privacyautomated.ai and app.privacyautomated.ai, any related APIs, integrations, documentation, and our consulting and professional services (collectively, the "Services").

By clicking "I agree," signing an order form, creating an account, or otherwise accessing or using the Services, you represent that (a) you have read and accept these Terms, (b) you are at least 18 years old, and (c) if you are entering into these Terms on behalf of a company or other legal entity, you have authority to bind that entity. If you do not agree to these Terms, do not access or use the Services.

IMPORTANT NOTICES. - These Terms contain a binding arbitration provision and class-action waiver in Section 21. Please read carefully. - The Services help you manage privacy compliance workflows. They do not constitute legal advice and are not a substitute for advice from qualified counsel. See Section 4.5. - Portions of the Services use artificial intelligence and machine learning and may produce inaccurate or incomplete output. You are responsible for reviewing outputs before relying on them. See Section 4.4.

1. Definitions

"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.

"Authorized User" means an employee, contractor, or agent of Customer who is authorized by Customer to access the Services and for whom Customer has provisioned a user account.

"Customer Data" means any data, information, content, or materials that Customer or its Authorized Users submit, upload, transmit, or otherwise make available to the Services, including Personal Data processed through the Services.

"Documentation" means the user guides, knowledge base articles, and other technical documentation made available by Privacy Automated for the Services.

"Order" or "Order Form" means an online order, subscription selection, or written ordering document (including a statement of work) referencing these Terms.

"Personal Data" means information relating to an identified or identifiable natural person, as defined under applicable Privacy Laws.

"Privacy Laws" means all data protection and privacy laws applicable to a party's processing of Personal Data under this Agreement, including, as applicable, the EU and UK General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Florida Digital Bill of Rights, and other U.S. state, federal, and non-U.S. privacy laws.

"Platform" means the Privacy Automated software-as-a-service application and related features.

"Professional Services" means consulting, advisory, implementation, training, or other professional services described in an Order or Statement of Work ("SOW").

"Subscription" means Customer's right to access and use the Platform during the term and within the limits specified in an Order or selected plan tier.

"Third-Party Services" means any third-party software, platforms, data sources, or services that Customer chooses to connect to or use in conjunction with the Services.

2. The Services

2.1 Platform Access

Subject to these Terms and any applicable Order, Privacy Automated grants Customer a non-exclusive, non-transferable, non-sublicensable, revocable right during the Subscription term to access and use the Platform solely for Customer's internal business purposes and only by Authorized Users.

2.2 Service Components

The Platform may include, depending on Customer's selected plan: privacy inquiry management, automated responses to data subject requests ("DSRs"), compliance triage and routing, vendor and third-party risk monitoring, and related analytics, reporting, and integrations.

2.3 Professional Services

Privacy Automated may provide Professional Services pursuant to a separately executed SOW or Order that references these Terms. Each SOW will describe the scope, deliverables, timeline, and fees. In the event of a conflict between an SOW and these Terms with respect to the Professional Services described therein, the SOW will control to the extent of the conflict.

2.4 Modifications and Updates

Privacy Automated may modify, update, or discontinue features of the Platform from time to time. We will not materially decrease the core functionality of a paid Subscription during the then-current Subscription term without notice and a commercially reasonable alternative.

3. Accounts and Authorized Users

3.1 Registration

To use the Services, Customer must create an account and provide accurate, current, and complete information. Customer is responsible for maintaining the confidentiality of account credentials and for all activities that occur under its account.

3.2 Authorized Users

Customer is responsible for ensuring that each Authorized User complies with these Terms. Customer is liable for all acts and omissions of its Authorized Users as if they were Customer's own.

3.3 Account Security

Customer will (a) use commercially reasonable efforts to prevent unauthorized access to the Services, (b) require strong authentication credentials, and (c) promptly notify Privacy Automated of any suspected or actual unauthorized access or use.

4. Customer Responsibilities and Acceptable Use

4.1 Compliance With Laws

Customer is solely responsible for: (a) the lawfulness of Customer Data and the means by which Customer acquired it; (b) Customer's compliance with all applicable laws, including Privacy Laws; (c) obtaining all necessary rights, consents, and authorizations to provide Customer Data to the Services and to permit Privacy Automated to process it as described in these Terms; and (d) the accuracy, quality, and integrity of Customer Data.

4.2 Data Source Connections

When Customer connects policies, procedures, contracts, notices, or other data sources to the Platform, Customer represents that it has the right to do so. Privacy Automated requests read-only, least-privilege access by default; Customer is responsible for the access levels actually granted within Customer's systems.

4.3 Acceptable Use Restrictions

Customer will not, and will not permit any Authorized User or third party to:

(a) access or use the Services except as expressly permitted by these Terms;

(b) license, sell, rent, lease, transfer, assign, distribute, host, or otherwise commercially exploit the Services to third parties (other than internal use by Customer's Authorized Users);

(c) modify, translate, adapt, or create derivative works based on the Services, or copy any portion of the Services;

(d) reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain access to any source code or underlying ideas, algorithms, file formats, or models of the Services, except to the extent expressly permitted by applicable law notwithstanding this restriction;

(e) remove or alter any proprietary notices or marks on the Services;

(f) use the Services to develop or train any competing product or service, or to benchmark the Services without our prior written consent;

(g) use the Services in any manner that violates applicable law, infringes third-party rights, or that is fraudulent, harassing, defamatory, obscene, or otherwise objectionable;

(h) introduce viruses, malware, or other harmful code into the Services, or interfere with the integrity, performance, or operation of the Services or the data of any other customer;

(i) attempt to gain unauthorized access to the Services or related systems, perform unauthorized penetration testing, scraping, or scanning, or circumvent any access or use restrictions;

(j) upload to or process through the Services any information that constitutes: (i) protected health information under HIPAA, unless the parties have executed a written Business Associate Agreement; (ii) cardholder data subject to PCI-DSS; (iii) information from children under 13 (or any higher applicable age threshold under Privacy Laws) without verifiable parental consent; or (iv) classified, export-controlled, or government-restricted information; or

(k) use the Services to make automated decisions about individuals that produce legal or similarly significant effects without appropriate human review and any required legal basis.

4.4 AI and Automated Outputs

Portions of the Services use artificial intelligence, machine learning, and large language models. Outputs may be inaccurate, incomplete, biased, or out of date. Customer acknowledges that:

(a) outputs are generated probabilistically and may not reflect current law or facts;

(b) Customer is responsible for reviewing, validating, and editing outputs before relying on, sending, or publishing them; and

(c) Privacy Automated does not warrant that any output will be free of errors, suitable for a particular regulatory requirement, or sufficient to satisfy Customer's legal obligations.

4.5 No Legal Advice

Privacy Automated is not a law firm. The Services, including any templates, content, responses, classifications, risk scores, or guidance, do not constitute legal advice and do not create an attorney-client relationship. Customer should consult qualified counsel for advice on its specific obligations under Privacy Laws and other applicable laws.

4.6 Suspension for Misuse

Privacy Automated may suspend access to the Services if, in our reasonable judgment, Customer or any Authorized User is: (a) violating Section 4.3; (b) creating a security risk to the Services or to other customers; (c) causing material harm to the Services or to others; or (d) more than thirty (30) days delinquent in payment. Where practicable, we will provide notice and an opportunity to cure.

5. Free Plan and Trials

Privacy Automated offers a no-cost "Free" plan and may offer a time-limited trial of a higher tier (such as a 14-day Growth trial) at our discretion (collectively, "Free Services"). Free Services are subject to the usage limits, feature restrictions, and any additional terms posted at sign-up, on the pricing page, or in the Platform. Free Services are provided "AS IS" without warranties of any kind, may be modified or discontinued at any time in our discretion, and we may terminate Free Services for any reason or no reason on notice. After any trial period ends, your workspace will revert to the Free plan caps unless you elect a paid tier; your data is retained either way, subject to Section 14 and Section 15.

6. Fees and Payment

6.1 Plans and Fees

The Services are offered under the following plan tiers:

  • Free — $0/month. Try the AI with capped usage (currently 50 AI ops/month, $5 LLM spend, 5 documents, 10 vendors, 1 user; Q&A only).
  • Starter — $99/month. Compliance basics, including automated DPIA & PIA generation and DSAR workflows with verification (currently 500 AI ops/month, $50 LLM spend, 50 documents, 50 vendors, 3 users).
  • Growth — $299/month. Team and external workflows, AI vendor research (Trust Center + CSA STAR), and risk-owner accountability emails (currently 2,000 AI ops/month, $200 LLM spend, 500 documents, 500 vendors, 10 users).
  • Enterprise — $999/month. Autonomous at scale, with routine auto-approval, SSO/SAML, audit-log CSV export, priority support, and unlimited users, documents, and vendors (currently 10,000 AI ops/month, $1,000 LLM spend).

Current usage limits, included features, and pricing for each plan are published on the pricing page at privacyautomated.ai and may be updated from time to time. The plan tier, entitlements, and Fees in effect when you accept these Terms or sign an Order Form will control for your then-current Subscription term. Customer will pay all fees specified in the applicable Order or selected plan tier ("Fees"). Except as expressly stated in these Terms, Fees are non-refundable and non-cancelable, and quantities purchased cannot be decreased during the relevant term.

6.2 Invoicing and Payment

Unless an Order states otherwise, Fees are due in advance and payable in U.S. dollars. For paid subscriptions billed by credit card, Customer authorizes Privacy Automated (or our payment processor) to charge the card on file for all Fees as they come due. For invoiced customers, payment is due net thirty (30) days from invoice date.

6.3 Taxes

Fees are exclusive of taxes. Customer is responsible for all sales, use, value-added, withholding, and similar taxes associated with Customer's purchases, other than taxes based on Privacy Automated's net income.

6.4 Late Payments

Overdue amounts may accrue late charges at the lesser of 1.5% per month or the maximum rate permitted by law, plus reasonable collection costs.

6.5 Price Changes

We may change Fees for renewal terms upon at least thirty (30) days' notice prior to the renewal date. New pricing for Free Services or month-to-month plans may take effect upon notice.

7. Term, Renewal, and Termination

7.1 Term

These Terms commence on the date Customer first accepts them and continue until all Subscriptions and SOWs hereunder have expired or been terminated.

7.2 Subscription Term and Renewal

Each Subscription has the term stated in the applicable Order or plan selection. Subscriptions automatically renew for successive periods of equal length unless either party provides written notice of non-renewal at least thirty (30) days before the end of the then-current term.

7.3 Termination for Cause

Either party may terminate these Terms (or any affected Order or SOW) on written notice if the other party materially breaches these Terms and fails to cure the breach within thirty (30) days after written notice describing the breach. Either party may terminate immediately on written notice if the other party becomes insolvent, makes an assignment for the benefit of creditors, files for bankruptcy, or is dissolved.

7.4 Termination for Convenience of Free Services

Either party may terminate a Free Service at any time for any reason.

7.5 Effect of Termination

Upon termination or expiration: (a) Customer's right to access the Services ceases; (b) Customer remains liable for unpaid Fees through the effective date of termination; (c) Privacy Automated will make Customer Data available for export for thirty (30) days following termination, after which we may delete Customer Data in accordance with Section 14.10; and (d) any provisions intended to survive termination will survive, including Sections 1, 4, 6, 8–12, 14, 15, 17–22.

8. Intellectual Property

8.1 Privacy Automated IP

As between the parties, Privacy Automated and its licensors own all right, title, and interest, including all intellectual property rights, in and to the Services, the Platform, the Documentation, all underlying software, models, templates, and any modifications, improvements, or derivative works thereof. No rights are granted to Customer other than as expressly set forth in these Terms.

8.2 Customer Data

As between the parties, Customer owns all right, title, and interest in and to Customer Data. Customer grants Privacy Automated a non-exclusive, worldwide, royalty-free license to host, copy, process, transmit, display, and otherwise use Customer Data solely to provide and support the Services, to comply with law, and to enforce these Terms.

8.3 Aggregated and De-Identified Data

Privacy Automated may collect, generate, and use aggregated, anonymized, and/or de-identified data derived from operation of the Services ("Aggregated Data") to operate, improve, analyze, and develop the Services and our business, provided that such Aggregated Data does not identify Customer, any Authorized User, or any data subject. Aggregated Data is not Customer Data.

8.4 Feedback

If Customer or any Authorized User provides feedback, suggestions, or ideas regarding the Services ("Feedback"), Privacy Automated may use the Feedback without restriction or obligation to Customer. Customer grants Privacy Automated a perpetual, irrevocable, worldwide, royalty-free license to use and exploit Feedback for any purpose.

8.5 Marketing

Privacy Automated may identify Customer as a customer and use Customer's name and logo on our website and marketing materials in a manner consistent with Customer's branding guidelines, subject to any written restrictions Customer provides.

9. Confidentiality

9.1 Definition

"Confidential Information" means non-public information disclosed by one party (the "Discloser") to the other (the "Recipient") that is identified as confidential or that reasonably should be understood to be confidential given its nature and the circumstances of disclosure. Confidential Information includes the Services and Documentation (Privacy Automated's Confidential Information) and Customer Data (Customer's Confidential Information). Confidential Information does not include information that: (a) is or becomes generally available to the public through no breach of these Terms; (b) was known to Recipient before receipt from Discloser without obligation of confidentiality; (c) is received from a third party without restriction; or (d) is independently developed by Recipient without use of Discloser's Confidential Information.

9.2 Obligations

Recipient will: (a) use at least the same degree of care to protect Discloser's Confidential Information as it uses to protect its own confidential information of similar importance (and in no event less than reasonable care); (b) use Confidential Information only as necessary to exercise rights or perform obligations under these Terms; and (c) disclose Confidential Information only to its employees, contractors, advisors, and Affiliates who have a need to know and are bound by confidentiality obligations no less protective than those in this Section 9.

9.3 Compelled Disclosure

Recipient may disclose Confidential Information to the extent required by law or legal process, provided that, where legally permitted, Recipient provides Discloser with prompt notice and reasonable cooperation in seeking a protective order or other appropriate remedy.

10. Data Processing Addendum (Integrated)

This Section 10 constitutes the parties' Data Processing Addendum ("DPA") and applies where Privacy Automated processes Personal Data on behalf of Customer in the course of providing the Services. In the event of a conflict between this Section 10 and other parts of these Terms with respect to processing of Personal Data, this Section 10 controls.

10.1 Roles

With respect to Personal Data within Customer Data, Customer is the "Controller" (or "Business" under CCPA/CPRA) and Privacy Automated is the "Processor" (or "Service Provider" under CCPA/CPRA). Each party will comply with its respective obligations under applicable Privacy Laws.

10.2 Scope and Purpose of Processing

  • Subject matter: Privacy Automated's provision of the Services to Customer.
  • Duration: The term of the Agreement plus any period reasonably required for return or deletion of Customer Data.
  • Nature and purpose: Hosting, storing, processing, and analyzing Customer Data to provide the Services described in Section 2, including responding to privacy inquiries and DSRs, compliance triage, and vendor monitoring.
  • Types of Personal Data: Determined by Customer; may include contact information, identifiers, employment information, account information, and other categories Customer chooses to submit.
  • Categories of data subjects: Determined by Customer; may include Customer's employees, customers, prospects, vendors, and individuals submitting privacy requests.

10.3 Customer Instructions

Privacy Automated will process Personal Data only on Customer's documented instructions, including as set forth in these Terms, in any Order or SOW, and through Customer's authorized use of the Services. Privacy Automated will inform Customer if, in its opinion, an instruction violates applicable Privacy Laws.

10.4 No Sale or Sharing

Privacy Automated will not "sell" or "share" Personal Data (as those terms are defined under CCPA/CPRA), will not retain, use, or disclose Personal Data outside the direct business relationship with Customer or for any purpose other than performing the Services and as otherwise permitted by Privacy Laws, and will not combine Personal Data received from Customer with personal information from other sources except as permitted under CCPA/CPRA regulations.

10.5 Confidentiality of Personnel

Privacy Automated will ensure that personnel authorized to process Personal Data are under appropriate confidentiality obligations.

10.6 Sub-Processors

Customer authorizes Privacy Automated to engage sub-processors to provide the Services. A current list of sub-processors is available on request or at a URL we designate. Privacy Automated will:

(a) impose data protection terms on each sub-processor that are no less protective than those in this DPA; and

(b) provide Customer with prior notice of new sub-processors. Customer may object in writing within fifteen (15) days on reasonable data protection grounds, and the parties will work in good faith to address the objection. If we cannot reasonably accommodate the objection, Customer may terminate the affected portion of the Services and receive a pro-rata refund of prepaid Fees for the unused portion.

Privacy Automated remains liable for the acts and omissions of its sub-processors with respect to Personal Data.

10.7 International Data Transfers

Where Personal Data subject to GDPR or UK GDPR is transferred to a country that has not received an adequacy decision, the parties agree that the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and, as applicable, the UK International Data Transfer Addendum, are incorporated by reference. Module Two (Controller-to-Processor) or Module Three (Processor-to-Processor) applies as appropriate, with Privacy Automated acting as data importer. The optional docking clause and Option 1 of Clause 17 (governing law of EU Member State) apply; for the UK Addendum, the laws of England and Wales govern. Customer signs as data exporter by accepting these Terms.

10.8 Security Measures

Privacy Automated will implement and maintain appropriate technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing and accidental loss, destruction, damage, alteration, or disclosure. These measures include, at a minimum: encryption of Personal Data in transit and at rest, access controls based on least-privilege principles, network and infrastructure security, secure software development practices, personnel training, vulnerability and patch management, logging and monitoring, and a documented incident response program. A summary of current security measures is available on request.

10.9 Assistance With Data Subject Rights and Compliance

Taking into account the nature of processing, Privacy Automated will provide reasonable assistance, through appropriate technical and organizational measures, to enable Customer to: (a) respond to data subject requests under Privacy Laws; and (b) fulfill Customer's obligations to conduct data protection impact assessments and prior consultations.

10.10 Personal Data Breach Notification

Privacy Automated will notify Customer without undue delay, and where feasible within seventy-two (72) hours, after becoming aware of a Personal Data Breach affecting Customer Personal Data. The notification will include the information reasonably available to Privacy Automated, which may be provided in phases as the investigation progresses.

10.11 Audits

Customer may verify Privacy Automated's compliance with this DPA by reviewing Privacy Automated's then-current certifications, audit reports, security questionnaire responses, and similar information, which Privacy Automated will make reasonably available on request under confidentiality. If Privacy Laws require an on-site audit not otherwise satisfied by such materials, the parties will agree in advance on the scope, timing, and procedures, with audits limited to once per twelve-month period (absent a Personal Data Breach), conducted during normal business hours, with at least thirty (30) days' prior written notice, and at Customer's expense.

10.12 Return and Deletion

Upon termination or expiration of the Agreement, and at Customer's choice, Privacy Automated will return or delete Personal Data within ninety (90) days, except to the extent retention is required by law or for the establishment, exercise, or defense of legal claims.

10.13 Order of Precedence

In the event of a conflict between this DPA and the EU Standard Contractual Clauses or UK Addendum, the SCCs/Addendum control with respect to processing of Personal Data subject to them.

11. Third-Party Services

The Services may interoperate with Third-Party Services that Customer chooses to connect. Customer's use of Third-Party Services is governed by the terms and privacy practices of those providers. Privacy Automated does not control, endorse, or assume responsibility for Third-Party Services. Customer authorizes Privacy Automated to access Third-Party Services on Customer's behalf as needed to provide the Services in accordance with Customer's configurations.

12. Warranties; Disclaimers

12.1 Mutual Warranties

Each party represents and warrants that it has the legal power and authority to enter into and perform these Terms.

12.2 Limited Service Warranty

Privacy Automated warrants that, during a paid Subscription term, the Platform will perform in material conformity with the Documentation. As Customer's sole and exclusive remedy and Privacy Automated's entire liability for breach of this warranty, Privacy Automated will use commercially reasonable efforts to correct the non-conformity; if Privacy Automated cannot do so within thirty (30) days, Customer may terminate the affected Subscription and receive a pro-rata refund of prepaid Fees for the unused portion of the term.

12.3 Disclaimers

EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION 12, THE SERVICES, INCLUDING ALL FREE SERVICES, ARE PROVIDED "AS IS" AND "AS AVAILABLE." PRIVACYAUTOMATED AND ITS SUPPLIERS DISCLAIM ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. PRIVACYAUTOMATED DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE; THAT OUTPUTS WILL BE ACCURATE OR COMPLETE; OR THAT THE SERVICES WILL SATISFY ANY PARTICULAR LEGAL OR REGULATORY REQUIREMENT.

13. Indemnification

13.1 By Privacy Automated

Privacy Automated will defend Customer against any third-party claim alleging that the Platform, as provided by Privacy Automated and used by Customer in accordance with these Terms, infringes a valid U.S. patent, copyright, or trademark or misappropriates a trade secret, and will indemnify Customer for damages finally awarded against Customer (or amounts in any settlement consented to by Privacy Automated) for such claim. If the Platform becomes, or in Privacy Automated's opinion is likely to become, the subject of such a claim, Privacy Automated may at its option: (a) procure the right for Customer to continue using the Platform; (b) modify or replace the Platform to make it non-infringing without material loss of functionality; or (c) terminate the affected Subscription and refund any prepaid, unused Fees. Privacy Automated has no obligation under this Section 13.1 for claims arising from: (i) Customer Data; (ii) modifications to the Platform not made by Privacy Automated; (iii) combination of the Platform with materials not provided by Privacy Automated; (iv) use of the Platform other than as permitted by these Terms; or (v) Free Services.

13.2 By Customer

Customer will defend Privacy Automated and its Affiliates, and their respective officers, directors, employees, and agents against any third-party claim arising from or relating to: (a) Customer Data, including any claim that Customer Data violates law or infringes or misappropriates the rights of any third party; (b) Customer's or any Authorized User's breach of Section 4 (Customer Responsibilities and Acceptable Use); (c) Customer's use of any outputs of the Services in violation of these Terms or applicable law; or (d) Customer's violation of Privacy Laws; and will indemnify Privacy Automated for damages finally awarded (or amounts in any settlement consented to by Customer) for such claim.

13.3 Procedure

The indemnified party will: (a) promptly notify the indemnifying party of the claim; (b) give the indemnifying party sole control of the defense and settlement (provided that any settlement requiring an admission of liability or payment by the indemnified party requires its consent, not to be unreasonably withheld); and (c) provide reasonable cooperation, at the indemnifying party's expense.

14. Limitation of Liability

14.1 Exclusion of Indirect Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, BUSINESS, GOODWILL, DATA, OR ANTICIPATED SAVINGS, ARISING OUT OF OR RELATED TO THESE TERMS, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

14.2 Cap on Direct Damages

EACH PARTY'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED THE GREATER OF (A) THE FEES PAID OR PAYABLE BY CUSTOMER TO PRIVACYAUTOMATED UNDER THESE TERMS IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR (B) ONE HUNDRED U.S. DOLLARS (US$100).

14.3 Carve-Outs

The exclusions and limitations in Sections 14.1 and 14.2 do not apply to: (a) a party's indemnification obligations under Section 13; (b) Customer's payment obligations; (c) a party's breach of its confidentiality obligations under Section 9 (excluding claims relating to Customer Data, which remain subject to the cap); (d) Customer's violation of Section 4.3 or Privacy Automated's intellectual property rights; or (e) liability that cannot be limited or excluded under applicable law (such as gross negligence or willful misconduct, where applicable).

14.4 Free Services

NOTWITHSTANDING SECTION 14.2, PRIVACYAUTOMATED'S TOTAL LIABILITY FOR FREE SERVICES WILL NOT EXCEED ONE HUNDRED U.S. DOLLARS (US$100) IN THE AGGREGATE.

14.5 Essential Purpose

The parties agree that the limitations in this Section 14 apply notwithstanding the failure of essential purpose of any limited remedy and form an essential basis of the bargain between the parties.

15. Term-Related Operational Provisions

15.1 Data Export

During a Subscription and for thirty (30) days after termination, Customer may export Customer Data using the export functionality made available in the Platform.

15.2 Data Deletion

After the export period in Section 15.1, Privacy Automated may delete Customer Data from its production systems within a commercially reasonable period, subject to backup retention cycles and any legal retention obligations.

16. Force Majeure

Neither party will be liable for any failure or delay in performance (other than payment obligations) caused by events beyond its reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, government action, labor disputes, pandemics, internet or utility outages, or failures of third-party providers.

17. Publicity and Logo Use

Other than as described in Section 8.5, neither party will issue press releases or public statements referencing the other party without prior written consent.

18. Modifications to These Terms

Privacy Automated may modify these Terms from time to time. We will post the updated Terms on the Site with a new "Last updated" date and, for material changes, will provide notice through the Platform or by email at least thirty (30) days before the changes take effect. Continued use of the Services after the effective date constitutes acceptance of the updated Terms. If Customer does not agree to a material change, Customer may terminate the affected Subscription before the change takes effect and receive a pro-rata refund of prepaid Fees for the unused portion of the then-current term.

19. Notices

Notices to Privacy Automated must be sent to info@privacyautomated.ai, with a copy to any address we designate for legal notices. Notices to Customer may be sent to the email address associated with Customer's account or, for material legal notices, to any designated notice address provided by Customer. Notices are deemed given on the date of receipt (for email, on the date sent if no bounce-back is received).

20. Governing Law and Venue

These Terms are governed by the laws of the State of Florida, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply. Subject to Section 21, the parties consent to the exclusive jurisdiction of the state and federal courts located in Volusia County, Florida, for any action not subject to arbitration, and waive any objection to venue in those courts.

21. Dispute Resolution; Arbitration; Class Action Waiver

21.1 Informal Resolution

Before initiating arbitration or litigation, the parties will attempt in good faith to resolve any dispute through informal discussion. A party initiating the process will send written notice to the other describing the dispute and the relief sought, and the parties will have thirty (30) days to resolve the dispute informally.

21.2 Binding Arbitration

Any dispute, claim, or controversy arising out of or relating to these Terms or the Services that is not resolved informally will be resolved by binding arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules (or, for disputes involving consumers as defined by AAA rules, the Consumer Arbitration Rules). The arbitration will be conducted in Volusia County, Florida, by a single arbitrator, in English. Judgment on the award may be entered in any court of competent jurisdiction.

21.3 Class Action Waiver

THE PARTIES AGREE THAT ANY DISPUTE WILL BE RESOLVED ON AN INDIVIDUAL BASIS. CLAIMS MAY NOT BE BROUGHT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING. The arbitrator may not consolidate the claims of more than one party and may not preside over any form of representative or class proceeding.

21.4 Carve-Outs

The following are excluded from arbitration and may be brought in any court of competent jurisdiction: (a) claims that qualify for small-claims court if brought there on an individual basis; and (b) claims for injunctive or other equitable relief to prevent actual or threatened infringement, misappropriation, or violation of intellectual property rights, confidentiality obligations, or Section 4.3.

21.5 Opt-Out

If you are an individual (not an entity) and do not wish to be bound by the arbitration and class-action waiver provisions in this Section 21, you may opt out by sending written notice to info@privacyautomated.ai within thirty (30) days of first accepting these Terms, stating your name, contact information, and a clear statement that you opt out of arbitration. Opting out will not affect any other provision of these Terms.

21.6 Severability of This Section

If any part of Section 21.3 is found unenforceable, that part will be severed and the remainder enforced; if Section 21.2 as a whole is found unenforceable, then disputes will be resolved in the courts identified in Section 20.

22. General Provisions

22.1 Entire Agreement

These Terms, together with any Orders, SOWs, and documents expressly incorporated by reference, constitute the entire agreement between the parties regarding the Services and supersede all prior or contemporaneous agreements, proposals, or communications on the subject. In the event of a conflict between these Terms and an Order or SOW, the Order or SOW controls only if it expressly references the provision of these Terms it modifies and is signed by both parties.

22.2 Order of Precedence

Where multiple documents apply, the order of precedence is: (a) an executed SOW or Order Form (as to its specific subject matter); (b) the DPA in Section 10 (as to Personal Data processing); (c) these Terms; and (d) the Documentation.

22.3 Assignment

Customer may not assign or transfer these Terms or any rights hereunder without Privacy Automated's prior written consent, except that either party may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, on written notice. Any unauthorized assignment is void.

22.4 Independent Contractors

The parties are independent contractors. These Terms do not create any partnership, joint venture, agency, fiduciary, or employment relationship.

22.5 No Third-Party Beneficiaries

Except as expressly stated, there are no third-party beneficiaries to these Terms.

22.6 Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions will continue in full force and effect, and the invalid provision will be modified to the minimum extent necessary to make it enforceable while preserving the parties' original intent.

22.7 Waiver

A party's failure to enforce any right or provision will not be deemed a waiver of that right or provision. Waivers must be in writing and signed by the waiving party.

22.8 Electronic Signatures and Communications

The parties consent to the use of electronic signatures and to receive communications electronically. Records sent or stored electronically have the same effect as records in writing.

22.9 Headings

Headings are for convenience only and do not affect interpretation.

22.10 Export and Sanctions Compliance

Customer will comply with all applicable export-control and economic-sanctions laws, including those of the United States. Customer represents that it is not located in, organized under the laws of, or ordinarily resident in any country or region subject to comprehensive U.S. sanctions, and is not on any U.S. government list of restricted parties.

22.11 Government End Users

The Services are "commercial items" as defined at 48 C.F.R. § 2.101. If Customer is a U.S. government end user, use, duplication, and disclosure are subject to the restrictions in these Terms.

22.12 Contact

Questions about these Terms? Contact us at info@privacyautomated.ai.

© Privacy Automated LLC. All rights reserved.