FIVE S LLC · LEGAL
The AssurAI software-as-a-service application accessible at getassurai.com/app, including all features, tools, and AI-generated outputs.
All data, content, and information submitted by Customer or its Authorised Users through the Platform.
Employees, contractors, or agents of Customer permitted to access the Platform under Customer's subscription.
The monthly or annual period for which Customer has paid subscription fees.
Subject to this Agreement and payment of all fees, Company grants Customer a non-exclusive, non-transferable right to access and use the Platform during the Subscription Term, solely for Customer's internal business purposes.
Starter plan: up to 3 Authorised Users. Professional and Enterprise plans: unlimited Authorised Users within Customer's organisation.
Customer shall not: (a) sublicense, resell, or provide access to third parties; (b) reverse engineer or extract source code; (c) use the Platform to build a competing product; (d) remove proprietary notices; or (e) use in violation of applicable law.
Customer is responsible for all activities under its account. Notify Company immediately of any unauthorised access at hello@getassurai.com.
All fees are in USD and non-refundable except as expressly stated. Fees are billed monthly or annually in advance. Payment is due within 7 days of invoice date.
Accounts more than 14 days past due may be suspended. Accounts more than 30 days past due may be terminated.
Company may change fees with 30 days written notice. Continued use after notice constitutes acceptance.
Stripe Managed Payments handles automatic tax calculation and remittance. Fees are exclusive of any taxes not automatically managed by Stripe.
Customer retains all right, title, and interest in Customer Data. Company claims no ownership over Customer Data.
Company processes Customer Data as a data processor on Customer's instructions. The Data Processing Addendum (Exhibit A) governs all processing of personal data and is incorporated into this Agreement by reference.
Company uses the following subprocessors, each bound by a Data Processing Agreement ensuring protection of Customer Data to no lesser standard than this Agreement:
Full DPA documentation and security posture: getassurai.com/security
Anthropic does not use Customer Data to train AI models. Company has confirmed Zero Data Retention (ZDR) in writing with Anthropic. AI-generated outputs are produced in real-time and are not stored by Anthropic.
Company implements TLS 1.2+ encryption in transit, AES-256 encryption at rest (via Supabase/AWS), access controls, row-level security, and audit logging. Company will notify Customer within 72 hours of any confirmed data breach affecting Customer Data.
Company retains Customer Data for the Subscription Term plus 60 days. Upon written request, Company will delete Customer Data within 30 days of Subscription termination. Customer may request a data export within 30 days of termination.
ASSURAI OUTPUTS DO NOT CONSTITUTE PROFESSIONAL AUDIT, LEGAL, ACCOUNTING, OR COMPLIANCE ADVICE. ALL AI-GENERATED OUTPUTS MUST BE REVIEWED AND APPROVED BY QUALIFIED PROFESSIONALS BEFORE RELIANCE. COMPANY IS NOT A LICENSED AUDIT FIRM, ACCOUNTING FIRM, OR LEGAL PRACTICE.
AI-generated workpapers, risk assessments, and compliance outputs are provided for informational and efficiency purposes only. Customer assumes full responsibility for the use of AI-generated outputs, including any submission to regulators, external auditors, or boards.
Company owns all right, title, and interest in the Platform, including all software, algorithms, AI models, user interfaces, and the AssurAI brand. "AssurAI" and "GetAssurAI" are trademarks of AssurAI Inc. (USPTO applications pending).
Customer owns all Customer Data and AI-generated outputs produced using Customer Data. Company claims no ownership of Customer's workpapers or reports.
Each party agrees to keep confidential the other party's non-public information and use it only for the purposes of this Agreement. Company Confidential Information includes Platform technology and pricing. Customer Confidential Information includes Customer Data and audit findings.
Company targets 99% monthly uptime, excluding scheduled maintenance.
Starter: 48 business hours · Professional: 24 business hours · Enterprise: 4 business hours. Contact: hello@getassurai.com
EXCEPT AS EXPRESSLY STATED, THE PLATFORM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. COMPANY DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
COMPANY'S TOTAL LIABILITY TO CUSTOMER SHALL NOT EXCEED THE TOTAL FEES PAID BY CUSTOMER IN THE 12 MONTHS PRECEDING THE CLAIM. NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES. These limitations are an essential element of this Agreement.
Customer may cancel at any time. Cancellation takes effect at end of the current billing period. No refunds for partial periods.
Company may terminate with 30 days notice, or immediately for material breach or non-payment after 30 days overdue.
Laws of the State of Delaware, USA.
Binding arbitration under JAMS rules in Santa Clara County, California.
This Agreement plus the DPA (Exhibit A) constitutes the entire agreement between the parties.
legal@getassurai.com · AssurAI Inc. · San Jose, CA, USA
Purpose: Providing AssurAI Platform services. Data types: Names, email addresses, audit data, financial control information. Data subjects: Customer employees, control owners, auditors. Duration: Subscription Term plus 60 days.
Process data only on Customer's documented instructions; ensure personnel confidentiality obligations; implement appropriate technical and organisational security measures; assist Customer with data subject rights within 30 days; notify Customer of data breaches within 72 hours; delete or return data upon termination.
TLS 1.2+ encryption in transit; AES-256 encryption at rest; access controls and authentication; audit logging; regular security assessments.
Customer Data is stored in the United States (AWS infrastructure via Supabase). For EU data subjects, transfers are made under Standard Contractual Clauses (SCCs) in accordance with GDPR Article 46.
Company will assist Customer in fulfilling data subject rights requests (access, rectification, erasure, portability) within 30 days. Submit requests to privacy@getassurai.com.
Company does not sell Customer personal information and processes data as a Service Provider under the California Consumer Privacy Act.
For enterprise agreements requiring wet signatures, contact legal@getassurai.com · DocuSign available on request.