Terms of Service
Last updated: December 28, 2025
Summary: ProlixoTech provides cryptographic compliance evidence infrastructure for frameworks including CMMC, NIST 800-171, EU AI Act, and others. By using our service, you agree to maintain your evidence chain and understand the implications of discontinuing service.
1. Acceptance of Terms
By accessing or using ProlixoTech services ("Services"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Services on behalf of an organization, you represent that you have authority to bind that organization to these Terms.
2. Description of Services
ProlixoTech provides:
- Evidence Vault: Cryptographically signed, tamper-evident evidence records for compliance programs, including artifact uploads, SDK-logged events, and API-ingested records
- Framework Modules: Configurable compliance modules (e.g., CMMC/NIST 800-171, AI Governance/EU AI Act) that determine control mappings, dashboard views, and export templates
- Verification Infrastructure: Public verification API and self-contained export bundles that allow third parties (assessors, regulators, auditors) to verify evidence independently
- Attestation Engine: Daily Merkle chain aggregation and periodic attestation documents (available on applicable plans) for board-level oversight documentation
- Evidence Preservation: Tools that capture artifact hashes, control mappings, and policy state at time of upload or decision, supporting defensibility and auditability
3. Account Registration
To use our Services, you must:
- Provide accurate and complete registration information
- Maintain the security of your API keys and credentials
- Promptly notify us of any unauthorized access
- Be at least 18 years old or have legal authority to enter contracts
4. Data and Evidence
4.1 Your Data
You retain ownership of all data you submit to ProlixoTech. By using our Services, you grant us a license to process this data solely to provide the Services.
4.2 Evidence Integrity
ProlixoTech maintains cryptographic integrity of all evidence records using:
- KMS-backed ECDSA signatures (P-256)
- Merkle tree aggregation for tamper-evident audit trails
- RFC 8785 JSON canonicalization
4.3 Data Retention
Evidence retention operates on two layers:
- Active access window: Evidence is queryable via API and dashboard for the duration of your plan's retention period (7 days for Starter, 365 days for Pro, unlimited for Enterprise). See Pricing for details.
- Archival storage: After the active window, evidence is archived to cold storage and retained for the duration of your subscription plus seven (7) years, unless you request earlier deletion in accordance with applicable law.
Upon cancellation, a 30-day export window is provided (see §5 below). After the export window, active access ceases but archival retention continues per the schedule above.
5. Evidence Portability
Your proofs survive you. Exported evidence bundles are self-contained and verify offline. They include the receipt, cryptographic signature, Merkle proof, daily root, and verification instructions—no ProlixoTech API required.
You acknowledge that:
- Exported bundles verify independently and indefinitely
- If you don't export before deletion, you lose access to raw evidence on our systems
- We provide a 30-day cooling-off period to export before permanent deletion
- New evidence records and Certificates of Truth require an active subscription
6. Service Levels
ProlixoTech commits to:
- Availability: 99.9% uptime SLA for Enterprise tier customers
- Fail-Open Design: SDK uses asynchronous background queuing so that logging failures do not block your application's main thread. In the event of a network or service outage, events are queued locally and retried. Events exceeding the retry window may be dropped.
- Data Durability: 99.999999999% (11 9s) durability for stored evidence
7. Fees and Payment
Subscription fees are billed monthly or annually in advance. All fees are non-refundable except as required by law. We may change pricing with 30 days notice.
8. Prohibited Uses
You may not use ProlixoTech to:
- Violate any applicable law or regulation
- Fabricate or falsify evidence records
- Attempt to circumvent cryptographic protections
- Interfere with service operation or security
9. Intellectual Property
ProlixoTech and its licensors retain all rights to the Services, including software, APIs, documentation, and trademarks. These Terms do not grant you any rights to use ProlixoTech branding without permission.
10. Disclaimer of Warranties
THE SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. PROLIXOTECH DOES NOT WARRANT THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR BE UNINTERRUPTED, SECURE, OR ERROR-FREE.
11. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, PROLIXOTECH'S LIABILITY SHALL NOT EXCEED THE FEES PAID BY YOU IN THE TWELVE MONTHS PRECEDING THE CLAIM. PROLIXOTECH SHALL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES.
12. Indemnification
You agree to indemnify ProlixoTech against claims arising from your use of the Services, your violation of these Terms, or your violation of any rights of another party.
13. Termination
Either party may terminate these Terms with 30 days written notice. We may suspend or terminate your access immediately for violation of these Terms. Upon termination, your right to use the Services ceases, but data retention provisions survive.
14. Governing Law
These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.
15. Changes to Terms
We may modify these Terms at any time. We will notify you of material changes via email or through the Services. Continued use after changes constitutes acceptance.
16. Contact
For questions about these Terms, contact us at:
Email: legal@prolixotech.com
Address: Prolixotech, Delaware, USA