Master Subscription Terms

"Affiliate" means an entity that controls, is controlled by, or is under common control with a party.

"Customer Data" means data submitted to the Services by Customer or on Customer’s behalf.

"Action Certificates" means cryptographic attestations produced by the TrustPlane control plane documenting policy approvals, Learning Controls, and metadata for Certified Writes.

"Order" means an ordering document executed by the parties that specifies subscription quantities, term, and fees.

• Subject to these Terms and timely payment of fees, TrustPlane grants Customer and its Affiliates a non-exclusive, non-transferable right to deploy and use the Services within Customer-controlled cloud environments solely for Customer’s internal business purposes during the Subscription Term defined in the applicable Order.
• Customer may permit Authorized Users (employees and contractors) to access the Services, provided they comply with these Terms. Customer is responsible for its Authorized Users’ actions and any Customer Data they submit.

• Configure and maintain SSO/SCIM, network controls, and BYOK/KMS consistent with Customer policies.
• Ensure Customer Data is collected and processed lawfully and that disclosures to TrustPlane are permitted.
• Maintain security of access credentials and promptly notify TrustPlane of any unauthorized use or security incident involving the Services.
• Use the Services in compliance with all applicable laws, including export, privacy, and industry regulations.

• Do not sublicense, sell, or provide the Services to third parties (except to provide outputs to end customers).
• Do not reverse engineer, decompile, or attempt to derive source code from any component of the Services.
• Do not use the Services to develop competing products or to violate third-party rights, including privacy, IP, or contractual obligations.
• Unless explicitly permitted in an Order, do not use the TrustPlane-managed verifier or proxy to process regulated data outside Customer’s approved residency or data boundary configuration.

• Fees are invoiced as described in the Order (e.g., Platform subscription plus prepaid Certified Write blocks). Except as stated in the Order or these Terms, fees are non-cancellable and non-refundable.
• Payments are due within 30 days of invoice date unless otherwise specified. Late payments may accrue interest at the lesser of 1.5% per month or the maximum permitted by law. Customer is responsible for taxes (excluding TrustPlane’s income taxes).
• Upon request, TrustPlane will support procurement through private offers on AWS, Azure, or Google Cloud marketplaces. Marketplace transactions remain subject to these Terms.

• TrustPlane implements administrative, technical, and physical safeguards described on our Security page and in the Security, Risk & Audit evidence bundles.
• Processing of Customer Data is governed by the TrustPlane Data Processing Addendum and Standard Contractual Clauses, which are incorporated by reference. Signed copies are available upon request at trustplane.cloud/contact.
• TrustPlane will use Customer Data only to provide the Services, prevent or address technical issues, or comply with legal obligations. TrustPlane does not train foundation models on Customer Data unless Customer opts in.

Each party may receive Confidential Information from the other. The receiving party will protect Confidential Information with the same degree of care it uses to protect its own confidential information (and at least reasonable care). Confidential Information may be used only to perform obligations under these Terms and will not be disclosed to third parties except to Affiliates, employees, contractors, or advisors who need to know and are bound by written confidentiality obligations. The receiving party may disclose Confidential Information if required by law, provided it gives prompt notice (where legally permitted) and cooperates with efforts to seek protective measures.

TrustPlane and its licensors retain all right, title, and interest in the Services, including improvements, derivatives, and feedback. Customer retains all right, title, and interest in Customer Data. No rights are granted other than as expressly stated in these Terms. Customer grants TrustPlane a limited license to use Customer trademarks solely to identify Customer within the Services or case studies with Customer consent.

• TrustPlane warrants that it will provide the Services in accordance with the documentation and industry-standard security practices.
• Customer warrants that it has obtained necessary rights to provide Customer Data and that its use of the Services will comply with applicable law.
• Except as expressly stated in these Terms, the Services are provided "as is" and TrustPlane disclaims all other warranties, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

• TrustPlane will defend Customer against third-party claims alleging that the Services infringe intellectual property rights, and will indemnify Customer for resulting damages and costs awarded by a court or agreed in settlement, provided Customer promptly notifies TrustPlane and cooperates with the defense. TrustPlane may, at its option, modify the Services to avoid infringement or terminate the affected Order with a refund of prepaid fees.
• Customer will defend TrustPlane against third-party claims arising from Customer Data or Customer’s breach of these Terms, and will indemnify TrustPlane for resulting damages and costs.

Except for each party’s indemnification obligations, breach of confidentiality, or Customer’s payment obligations, neither party’s aggregate liability will exceed the fees paid or payable under the applicable Order in the twelve months preceding the event giving rise to the claim. Neither party will be liable for indirect, incidental, consequential, special, or exemplary damages, including lost profits, even if advised of the possibility of such damages.

• Each Order remains in effect for the Subscription Term specified therein.
• Either party may terminate an Order for material breach if the breach is not cured within 30 days after written notice. Upon termination, Customer will cease using the Services and delete any TrustPlane materials marked confidential. Sections that by their nature should survive (including fees, confidentiality, IP, indemnification, limitations of liability, and governing law) will survive termination.

TrustPlane will provide documentation reasonably requested by Customer’s security, audit, or regulatory teams, including evidence bundles, penetration test summaries, and SOC 2 Type II reports when available. Customer may conduct audits of TrustPlane’s controls no more than once per year with reasonable notice, subject to confidentiality and the shared responsibility model.

These Terms and any disputes arising out of or relating to them are governed by the laws of the State of Delaware, without regard to conflicts of laws principles. The parties consent to exclusive jurisdiction and venue in the state and federal courts located in San Francisco County, California, for matters not subject to arbitration.

TrustPlane may update these Terms to reflect changes in the Services or legal requirements. Material changes will be communicated via email or the admin console at least 30 days before they take effect. If Customer objects to the updated Terms, Customer may terminate the affected Order by providing written notice prior to the effective date of the change.

• The parties are independent contractors; these Terms do not create an agency, partnership, or joint venture.
• Neither party may assign these Terms without the other’s consent, except to an Affiliate or in connection with a merger, acquisition, or sale of assets (with notice).
• Notices must be in writing and sent to the contacts specified in the Order, with a copy to legal@trustplane.cloud.
• If any provision is held unenforceable, the remaining provisions will remain in effect.