Legal Disclaimer

ProlixoTech Inc. — Solymus CPCSC Readiness & AI Governance Platform
Effective Date: March 15, 2026

1. General Disclaimer

The information, services, and outputs provided by ProlixoTech Inc. (“ProlixoTech,” “we,” “us,” or “our”) through the Solymus platform, the prolixotech.com website, associated APIs, and all related documentation (collectively, the “Services”) are provided on an “as is” and “as available” basis without warranties of any kind, whether express, implied, or statutory.

To the fullest extent permitted by applicable law, ProlixoTech disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and completeness of any information or output generated by the Services.

2. Not Legal, Regulatory, or Compliance Advice

Important Notice: Nothing provided by ProlixoTech — including platform outputs, evidence reports, control mappings, readiness assessments, export binders, or documentation — constitutes legal advice, regulatory guidance, or professional compliance consulting. ProlixoTech is not a law firm and does not provide legal services.

The Services are designed to support your organization’s compliance efforts by automating evidence collection, cryptographic integrity verification, and documentation assembly. They do not replace qualified legal counsel, Standards Council of Canada (SCC)-accredited CPCSC assessors, Certified CMMC Assessors (CCAs), Certified CMMC Professionals (CCPs), Third-Party Assessment Organizations (3PAOs), privacy officers, AI governance specialists, or other accredited compliance professionals.

You should consult qualified professionals before making any decisions based on information produced by the Services, including but not limited to decisions relating to:

Canadian Defence Compliance: CPCSC (Canadian Program for Cyber Security Certification), ITSP.10.171, the Controlled Goods Program (CGP), and the Defence Production Act;
AI Governance: the EU AI Act (Regulation (EU) 2024/1689), ISO/IEC 42001 (AI Management System), NIST AI RMF, and the Colorado AI Act;
Privacy: Quebec Law 25, PIPEDA, the forthcoming Consumer Privacy Protection Act (CPPA), GDPR, and ISO/IEC 27701;
Information Security: ISO/IEC 27001:2022, SOC 2 Type II, and related standards;
Cross-Border Defence: CMMC 2.0, DFARS, FedRAMP, ITAR, and NATO STANAG requirements;
Supply Chain Security: the EU Cyber Resilience Act (CRA), SBOM requirements, and CPCSC Level 3 supply chain controls.

3. No Guarantee of Certification or Audit Outcomes

Use of the Services does not guarantee, and should not be construed as guaranteeing:

Successful completion of any certification, authorization, or accreditation process, including but not limited to CPCSC Level 1 self-assessment, CPCSC Level 2 or Level 3 third-party certification, CMMC certification, FedRAMP Authorization, ISO 27001 certification, ISO 42001 certification, or SOC 2 Type II attestation;
A favourable assessment outcome from any auditor, SCC-accredited assessor, regulatory body, or certification body;
Compliance with any specific law, regulation, standard, or contractual requirement, including Canadian, provincial, European Union, or United States requirements;
Admissibility of any evidence, report, or attestation in any legal, administrative, or regulatory proceeding;
Registration or continued registration under the Controlled Goods Program.

ProlixoTech supports audit-ready evidence — it does not certify your organization or guarantee any particular regulatory outcome. The term “readiness” as used in our marketing and platform refers to documentation and evidence preparation, not a determination or prediction of certification success.

4. Cryptographic Evidence & Integrity Limitations

The Solymus platform employs cryptographic mechanisms including SHA-256 hashing, AWS KMS digital signatures (ECDSA_SHA_256), and Merkle tree structures to produce tamper-evident evidence records. These mechanisms are designed to detect unauthorized modification of evidence after ingestion.

You acknowledge and agree that:

Tamper-evident records are not tamper-proof. Cryptographic signatures verify integrity at the time of signing and do not prevent all forms of data corruption, loss, or unauthorized access.
Cryptographic verification confirms that a specific payload existed at a specific point in time and has not been altered since signing. It does not verify the truthfulness, accuracy, or completeness of the underlying evidence content. The platform records what you submit — it does not validate the substance of that submission.
Merkle root attestations represent the integrity of a shard chain at the time of attestation. They do not independently validate the provenance or authenticity of source artifacts.
Public verification URLs confirm cryptographic integrity only. A verified receipt means the evidence has not been tampered with since ingestion — it does not constitute an endorsement, certification, or validation of the underlying compliance posture.
Digital signatures depend on the continued security of underlying infrastructure (AWS KMS, TLS, etc.). ProlixoTech is not liable for vulnerabilities, compromises, or failures in third-party infrastructure beyond its reasonable control.

5. Automated Control Mappings & Framework Coverage

The Services may automatically map uploaded artifacts to compliance framework controls (e.g., ITSP.10.171, NIST SP 800-171, EU AI Act articles, ISO 27001 Annex A). These mappings are generated algorithmically based on metadata, evidence type, and tagging heuristics.

Automated mappings are suggestions and carry associated confidence scores. They are not authoritative determinations of control satisfaction. Your organization is solely responsible for validating that each mapping is accurate and that sufficient evidence exists to satisfy each control requirement in your specific operational context.

Cross-framework bridge mappings (e.g., CPCSC to CMMC, EU AI Act to ISO 42001) are provided as a convenience and do not constitute a professional opinion that satisfying one framework’s control inherently satisfies another.

6. AI Governance Disclaimer

The platform’s AI governance features — including EU AI Act readiness tracking, ISO 42001 alignment, NIST AI RMF mapping, and Colorado AI Act compliance workflows — are documentation and evidence management tools. They do not:

Constitute a conformity assessment under the EU AI Act;
Replace the role of a notified body for high-risk AI system certification;
Provide a legal determination of whether your AI system qualifies as “high-risk” under any jurisdiction;
Generate legally binding Declarations of Conformity — exported declarations are templates that require review and execution by your authorized representative.

7. Roadmap & Forward-Looking Statements

Certain content on our website and within our platform may contain forward-looking statements regarding planned features, integrations, frameworks, or capabilities. Items labelled “Roadmap,” “Beta,” or “Coming Soon” — including but not limited to ISO 42001, Controlled Goods Program (CGP), Quebec Law 25, ISO 27001, SOC 2, ISO 27701, GDPR, EU Cyber Resilience Act, SBOM management, NATO STANAG, AWS GovCloud, and GCC High integrations — reflect current intentions and are subject to change without notice.

ProlixoTech makes no commitment that any forward-looking feature will be delivered in any particular form, timeframe, or at all. Do not make purchasing, procurement, or compliance planning decisions in reliance on roadmap items. Subscription pricing reflects currently available functionality only.

8. Data Retention & Legal Hold

Evidence retention within the Services is governed by your subscription plan and the applicable data lifecycle policies (which may include tiered storage transitions from Standard to Glacier to Deep Archive). Retention periods offered by the platform do not constitute compliance with any legal hold, litigation preservation, or regulatory retention obligation that may apply to your organization under Canadian, provincial, or international law.

You are solely responsible for independently maintaining copies of all evidence, records, and documentation necessary to meet your organization’s legal, contractual, and regulatory retention requirements, including those under the Defence Production Act, PIPEDA, Quebec Law 25, and any applicable provincial privacy legislation.

9. Third-Party Services & Integrations

The Services may integrate with or rely upon third-party platforms including, but not limited to, Amazon Web Services (AWS), Microsoft 365 / GCC High, Clerk (authentication), and Stripe (billing). ProlixoTech does not control, endorse, or assume liability for the availability, accuracy, security, or performance of any third-party service.

10. Limitation of Liability

To the maximum extent permitted by applicable law, in no event shall ProlixoTech, its officers, directors, employees, agents, affiliates, or licensors be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of data, loss of business opportunity, cost of procurement of substitute goods or services, or any damages arising from:

Your use of, or inability to use, the Services;
Any failure to achieve certification, authorization, registration, or compliance under any framework;
Any unauthorized access to, or alteration of, your data or evidence;
Any reliance on automated control mappings, cross-framework bridges, export binders, readiness scores, or verification outputs;
Any loss of a government contract, security clearance, or Controlled Goods Program registration;
Any regulatory penalty, fine, or enforcement action;
Any interruption, suspension, or termination of the Services.

In all cases, ProlixoTech’s total aggregate liability shall not exceed the amounts actually paid by you to ProlixoTech during the twelve (12) months immediately preceding the event giving rise to the claim.

11. Indemnification

You agree to indemnify, defend, and hold harmless ProlixoTech and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or in any way connected with: (a) your use of the Services; (b) your violation of these terms or any applicable law or regulation; (c) your reliance on any output of the Services for regulatory, legal, or business decisions; (d) any third-party claim related to evidence or documentation you generated, stored, or distributed through the Services; or (e) any misrepresentation of your compliance or certification status based on platform outputs.

12. Governing Law & Dispute Resolution

This Disclaimer and any disputes arising out of or related to the Services shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict-of-law provisions. Any legal action or proceeding shall be brought exclusively in the courts of competent jurisdiction in the Province of Ontario, and you consent to the personal jurisdiction of such courts.

13. Severability

If any provision of this Disclaimer is found to be unenforceable or invalid by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The unenforceable provision shall be modified to the minimum extent necessary to make it enforceable while preserving its original intent.

14. Modifications to This Disclaimer

ProlixoTech reserves the right to update or modify this Disclaimer at any time. Changes will be posted on this page with an updated “Effective Date.” Your continued use of the Services after any modification constitutes your acceptance of the revised Disclaimer. Material changes will be communicated via email to your account address at least thirty (30) days prior to taking effect.

Questions About This Disclaimer?

If you have questions about this Disclaimer or the Services, please contact us at legal@prolixotech.com.