Terms of Service

1. Acceptance and Eligibility

By accessing or using the Services, you confirm that: (a) you are at least 18 years old with legal capacity to enter a binding contract; (b) if acting on behalf of an organization, you have full authority to bind it; (c) neither you nor your authorized users are located in sanctioned jurisdictions or appear on restricted-party lists; and (d) your use complies with all applicable laws.

Signed Master Services Agreements (MSAs), Data Processing Addendums (DPAs), or other executed enterprise agreements control over conflicting provisions in these Terms.

2. Definitions

• Affiliate — an entity directly or indirectly controlling or controlled by a party with >50% voting equity ownership.
• Authorized User — an employee, contractor, or agent authorized by Customer to access the Services.
• Customer Data — all data, content, and information submitted to, uploaded to, transmitted through, or generated within the Services.
• Documentation — user manuals, technical guides, API references, and release notes.
• Order Form — a written or electronic ordering document referencing these Terms, specifying subscription plan, seat count, fees, and term.
• Output — alerts, scores, dashboards, reports, and recommendations generated by the Services.
• Subscription Term — the period during which Customer may access the Services per the Order Form or signup flow, including renewals.
• Taxes — sales, use, VAT, GST, excise, withholding, and similar taxes, excluding Contrail's net-income taxes.

3. License Grant and Restrictions

Contrail grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to use the Services for internal business purposes during the Subscription Term, subject to continuous compliance with these Terms and timely payment of all fees.

3.1 Prohibited Uses

Customer and Authorized Users shall not:

• Sell, resell, sublicense, distribute, rent, or lease the Services or Output to third parties
• Use the Services to develop competing products or benchmark without written consent
• Reverse engineer, decompile, disassemble, or derive source code or non-public APIs
• Copy, modify, translate, or create derivative works of the Services
• Remove or obscure proprietary notices, labels, or marks
• Use the Services to train, fine-tune, or evaluate AI/ML systems made available outside Customer's organization
• Circumvent access controls, rate-limiting, or security controls, or probe for vulnerabilities without written authorization
• Use the Services in violation of applicable law, third-party rights, or export-control regimes

3.2 Authorized User Responsibility

Customer is responsible for all acts and omissions of its Authorized Users and all account activity. Customer must notify Contrail immediately at security@contrailllc.com upon discovering any unauthorized access or credential compromise.

4. Accounts, Credentials, and Security

Customer must provide accurate and current registration information, safeguard all passwords, API keys, session tokens, and MFA devices, require unique login credentials for each Authorized User (no account sharing), and immediately notify Contrail of any suspected compromise. Contrail may suspend or reset credentials where it reasonably believes account compromise or Terms violation has occurred.

5. Subscriptions, Free Trial, and Auto-Renewal

5.1 Free Trial

Trials last 30 days (or as stated at signup) and are provided "as is" without warranty. Contrail may modify, limit, or terminate trial access in its sole discretion. Valid payment information is required at signup.

5.2 Subscription Term and Auto-Renewal

Paid subscriptions auto-renew for successive equal-length periods unless either party provides written non-renewal notice at least 30 days before the current term ends. Renewal fees are charged at the then-current list price unless a fixed renewal rate is stated in the Order Form.

5.3 Upgrades and Downgrades

Upgrades are available at any time and are prorated to the current billing period. Downgrades take effect at the next billing period and may result in feature or allowance reductions. No refunds or credits are issued for unused portions of a higher-tier plan upon downgrade.

6. Billing, Taxes, and Refunds

All fees are payable in US dollars and are non-refundable except as expressly stated in these Terms or as required by applicable law.

• Payment processing — card payments are processed by a PCI-DSS-compliant third-party processor. Submitting payment authorizes recurring charges including subscription fees and taxes.
• Late payments — invoices are due Net 30. Past-due amounts accrue interest at 1.5% per month (or the maximum legally permitted rate). Contrail may suspend Services on 10 days' written notice of non-payment.
• Taxes — fees exclude all Taxes. Customer is responsible for all Taxes on purchases. If Contrail is required to collect Taxes, they will be invoiced.
• Disputes — customer must notify Contrail in writing of billing disputes within 30 days of the invoice. Initiating a chargeback without good-faith resolution is a material breach of these Terms.

7. Acceptable Use

Customer and Authorized Users shall not use the Services to:

• Violate applicable law, regulation, court order, or third-party rights (IP, privacy, export, sanctions)
• Transmit unlawful, defamatory, infringing, discriminatory content, or malicious code
• Gain unauthorized access to or disrupt the Services, other customer environments, or third-party systems
• Interfere with safety-of-life communications, flight operations, or air-traffic-management systems
• Upload or process Customer Data lacking legal processing authority
• Use the Services as a primary control or fail-safe in any application where failure could cause death, serious injury, or critical-infrastructure disruption

8. Customer Data and Privacy

8.1 Ownership

Customer retains all rights, title, and interest (including IP rights) in Customer Data. Contrail claims no ownership over Customer Data.

8.2 License to Contrail

Customer grants Contrail a worldwide, non-exclusive, royalty-free license to host, copy, transmit, display, and process Customer Data solely to: provide, secure, and support the Services; generate and deliver Output; comply with applicable law; and create Aggregated or De-identified Data (irreproducibly anonymized data) for product improvement, threat intelligence, benchmarking, and analytics without identifying Customer.

8.3 Customer Obligations

Customer represents and warrants that it possesses all necessary rights, consents, and legal bases to provide Customer Data, and that its provision and processing of Customer Data does not violate applicable law or third-party rights.

8.4 Privacy and Security

Personal-data processing is described in our Privacy Policy. Where Contrail acts as processor under GDPR Article 28 or as service provider under CCPA/CPRA, the parties execute a Data Processing Addendum incorporating EU Standard Contractual Clauses (Decision 2021/914) and the UK ICO International Data Transfer Addendum.

8.5 Aviation Safety Data

Where Customer Data includes safety information per ICAO Annex 19 (e.g., 49 U.S.C. § 44735 or Regulation (EU) No 376/2014), Contrail processes it in accordance with ICAO Annex 19, Appendix 3 protective principles, restricting non-safety use.

9. Contrail Intellectual Property

Contrail and its licensors retain all rights, title, and interest (patent, copyright, trademark, trade secret, and other IP) in the Services, Documentation, threat-intelligence catalogues, risk-scoring models, Aggregated or De-identified Data, and all improvements and derivative works thereof. Customer's rights are limited to the express license in Section 3. "Contrail" and related names and logos are Contrail LLC trademarks. No trademark license is granted.

10. Feedback

If Customer or Authorized Users provide suggestions, ideas, or feedback ("Feedback"), Customer grants Contrail a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, sublicensable, transferable license to use, reproduce, modify, and exploit that Feedback for any purpose without attribution or compensation.

11. Confidentiality

"Confidential Information" means non-public information designated confidential or reasonably understood as confidential given the nature and circumstances of disclosure. This includes non-public platform features and performance data (Contrail's), Customer Data (Customer's), business and financial information, security architectures, incident-response procedures, and vulnerability details.

Each party must: use Confidential Information solely for the purpose of exercising rights and obligations under these Terms; protect it with at least the same care used for its own confidential information (minimum reasonable care); and disclose it only to employees, agents, and subcontractors with equivalent written confidentiality obligations, or as legally required. Obligations survive for 5 years post-termination, except for trade secrets, which survive indefinitely.

12. Service Levels and Support

Contrail targets 99.9% monthly uptime for the production environment, subject to scheduled maintenance, emergency maintenance, and force-majeure events. Full SLA details, maintenance windows, severity definitions, response times, and service-credit calculations are published in Contrail's Service Level Agreement (available upon request). Service credits are Customer's sole and exclusive remedy for unavailability or performance shortfalls. Support is provided in English during the hours stated in your Order Form or plan description.

13. Aviation-Specific Disclaimers

The Services are decision-support and situational-awareness tools for supply-chain and cybersecurity personnel. They are NOT certified avionics, flight-critical software, a regulatory-compliance substitute, or a substitute for professional aviation judgment.

13.1 Not Flight-Critical Software

The Services were not developed to RTCA DO-178C, DO-254, DO-278A, or ARP4754A design-assurance levels. The Services must not be used for controlling, commanding, or providing primary input to flight, propulsion, navigation, surveillance, ATC, or safety-of-life systems.

13.2 Not a Safety Management System or Compliance Substitute

The Services do not replace any certified Safety Management System (SMS) per FAA 14 CFR Part 5, ICAO Annex 19, or EASA Regulation (EU) 2018/1139. They do not discharge obligations under FAA regulations (14 CFR Parts 21, 25, 33, 43, 91, 119, 121, 135, 145, and others), EASA Basic Regulation and implementing regulations, TSA regulations (49 CFR Parts 1540–1562), or equivalent national aviation authority regulations.

13.3 Operator Responsibility

Customer retains sole responsibility for airworthiness determinations; parts and materials acceptance; continuing-airworthiness management; supplier qualification and surveillance; safety risk management; mandatory occurrence reporting; and compliance with all applicable Airworthiness Directives and regulatory requirements.

13.4 Cybersecurity Scope and Limits

Cybersecurity alerting and detection rely on Customer-provided signals, third-party threat feeds, and Contrail intelligence sources, and are subject to coverage gaps, false positives, and false negatives. Contrail does not guarantee detection of any specific threat, zero-day exploit, insider action, supply-chain compromise, or targeted intrusion. Customer is responsible for maintaining defense-in-depth controls and incident-response plans.

13.5 Output Is Advisory

14. Regulatory Compliance Responsibilities

Customer is solely responsible for determining that its use of the Services complies with all applicable laws and regulations, including:

• United States: FAA 14 CFR regulations, TSA 49 CFR Parts 1540–1562, Sensitive Security Information (49 CFR Part 1520), DHS/CISA critical-infrastructure directives, DFARS/NIST SP 800-171 for CUI, and state data-breach notification laws.
• EU / UK / EEA: EASA Basic Regulation (EU) 2018/1139, EASA Part-IS (Regulation (EU) 2023/203), NIS2 Directive (EU) 2022/2555, Cyber Resilience Act (EU) 2024/2847, DORA (EU) 2022/2554 (for financial entities), UK Aviation Security Act 1982, and UK CAA cybersecurity expectations.
• International: ICAO Annexes 17 (Security) and 19 (Safety Management) as transposed to applicable Contracting State law; applicable bilateral aviation-safety agreements.

The Services do not file regulatory reports on Customer's behalf. All mandatory occurrence reports, cybersecurity-incident notifications (NIS2, TSA Security Directives, CIRCIA), and safety-data submissions remain Customer's sole responsibility.

15. Export Controls, Sanctions, and Anti-Corruption

The Services and Documentation are subject to US Export Administration Regulations (EAR) and may be subject to ITAR. Customer shall not export, re-export, or transfer the Services, Documentation, or Output to: any embargoed or comprehensively sanctioned destination (currently Cuba, Iran, North Korea, Syria, Crimea, and the Donetsk/Luhansk regions); any party on the OFAC SDN List, Commerce Denied Persons or Entity List, State Department Debarred List; or any nuclear, chemical, biological, or missile end-use without required licenses. Customer must comply with UK, EU, and UN sanctions regimes and all applicable anti-corruption laws including the US Foreign Corrupt Practices Act and UK Bribery Act 2010.

16. Third-Party Services and Open Source

The Services may interoperate with third-party products, data feeds, identity providers, and ticketing systems. Such third-party services are governed by their own terms; Contrail is not responsible or liable for them. Enabling a third-party integration authorizes Contrail to exchange Customer Data as needed for that integration. The Services incorporate open-source software components under their respective licenses; nothing in these Terms limits Customer's open-source-license rights.

17. Warranties and Disclaimers

17.1 Contrail's Limited Warranty

During the Subscription Term, Contrail warrants that: (a) the Services will materially conform to the Documentation; (b) Contrail will not materially decrease overall Services security protections; and (c) Contrail will use commercially reasonable efforts to prevent introduction of viruses or malicious code. Customer's exclusive remedy for a warranty breach is, at Contrail's option: correction of the non-conformity, or termination of the affected subscription with a refund of pre-paid unused fees.

17.2 Disclaimer

18. Indemnification

18.1 By Contrail

Subject to Sections 18.3 and 19, Contrail will defend Customer against third-party claims alleging that Customer's authorized use of the Services (unmodified and per these Terms) directly infringes a US, EU, or UK patent, copyright, trademark, or trade secret. If use becomes or is likely to become subject to an infringement claim, Contrail may, at its option and expense, procure continued-use rights, modify the Services to be non-infringing, or terminate the affected subscription with a refund of pre-paid unused fees. This Section states Contrail's sole liability and Customer's exclusive remedy for IP infringement claims.

18.2 By Customer

Customer will defend Contrail and its officers, directors, employees, and agents against third-party claims arising from or related to: Customer Data; Customer's or Authorized Users' violation of these Terms, applicable law, or export/sanctions/privacy/aviation-safety requirements; and injury, damage, or loss from Customer's operational or safety decisions relying on Output.

18.3 Procedure

The indemnified party must: promptly notify the indemnifier in writing; grant the indemnifier sole control of the defense and settlement; and provide reasonable cooperation at the indemnifier's expense. The indemnifier may not settle any claim that imposes non-monetary obligations or admissions of liability on the indemnified party without its written consent (not to be unreasonably withheld).

19. Limitation of Liability

Aggregate cap: Total cumulative liability arising from these Terms or the Services will not exceed the greater of: (i) total fees paid by Customer in the preceding 12 months, or (ii) US$1,000.

19.1 Exceptions

The limitations above do not apply to: either party's indemnification obligations under Section 18; Customer's payment obligations; breach of Sections 3.1 (Restrictions), 11 (Confidentiality), or 15 (Export Controls); either party's gross negligence, willful misconduct, or fraud; or liability that cannot be excluded under applicable law (including death or personal injury caused by negligence under the UK Unfair Contract Terms Act 1977).

20. Term, Suspension, and Termination

20.1 Term

These Terms commence when Customer first accepts them and continue until all Subscription Terms expire or are terminated.

20.2 Termination for Cause

Either party may terminate immediately on written notice if the other party materially breaches these Terms and fails to cure within 30 days after written notice; commits a non-curable material breach; or becomes insolvent, files for bankruptcy, or has a receiver appointed.

20.3 Suspension

Contrail may suspend Services access immediately (with after-the-fact notice for emergencies) if Customer's use threatens the security, integrity, or availability of the Services; if Customer breaches Sections 3, 7, or 15; if Customer has payment past due after notice; or if suspension is required by law or regulator. Access will be restored promptly once the cause is resolved.

20.4 Termination for Convenience

Monthly subscriptions may be cancelled at any billing period end via the account dashboard. Annual subscriptions are non-cancellable for convenience during the paid term and expire at term end unless a party provides timely non-renewal notice per Section 5.2.

21. Effect of Termination

Upon expiration or termination: Customer's access right ceases; Contrail makes Customer Data available for export for 30 days in a structured, machine-readable format; after the export window, Contrail deletes or de-identifies Customer Data within 60 days (except for legal-hold or accounting-retention requirements); all outstanding fees become immediately payable. Sections 3.1, 6, 8.2, 9, 10, 11, 13, 14, 15, 17.2, 18, 19, 21, 23, and 25 survive termination.

22. Modifications to Services and Terms

Contrail may modify the Services provided no modification materially reduces overall functionality or security during a paid Subscription Term. Terms modifications are posted at the current Terms URL with an updated "Last Updated" date. Material changes receive at least 30 days' advance notice via email or in-product notice. Continued use after the effective date constitutes acceptance; non-acceptance permits termination with a pro-rated refund of pre-paid unused fees.

23. Governing Law and Dispute Resolution

23.1 Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict-of-laws principles. The UN Convention on Contracts for the International Sale of Goods and the UCITA do not apply.

23.2 Informal Resolution

Parties must attempt good-faith informal resolution through negotiation for at least 30 days before initiating formal proceedings. Submit written dispute notices to legal@contrailllc.com.

23.3 Binding Arbitration

Except for Excluded Claims (Section 23.5), unresolved disputes are settled by binding arbitration administered under then-current JAMS commercial arbitration rules, conducted in English by a single arbitrator seated in Wilmington, Delaware. The award is enforceable in any competent court.

23.4 Class-Action Waiver

To the maximum extent permitted by law, each party may bring claims only in an individual capacity. The arbitrator may not consolidate multiple persons' claims or preside over any representative or class proceeding.

23.5 Excluded Claims and Injunctive Relief

Either party may seek injunctive or equitable relief in any competent court for protection of IP rights or Confidential Information, and may bring small-claims actions where permitted. EU and UK consumers protected by mandatory non-waivable consumer-protection law may bring claims in their local courts.

23.6 Arbitration Opt-Out (US Only)

New US customers may opt out of Section 23.3 arbitration by sending written notice to legal@contrailllc.com within 30 days of first accepting these Terms, stating name, account email, and "Arbitration Opt-Out."

24. DMCA and Copyright Notices

Contrail responds to alleged copyright-infringement notices under the US Digital Millennium Copyright Act (17 U.S.C. § 512). Notices and counter-notices must include all DMCA-required information and be sent to:

Contrail terminates, in appropriate circumstances, accounts of repeat infringers.

25. Force Majeure

Neither party is liable for failure or delay in performance (excluding payment obligations) caused by circumstances beyond reasonable control, including: acts of God, natural disasters, pandemic, war, terrorism, civil unrest, governmental action, embargo or sanctions, airspace or border closure, telecommunications or internet infrastructure failures, third-party cloud provider failures, denial-of-service attacks, nation-state cyber operations, or labor disputes. The affected party must use commercially reasonable mitigation efforts and resume performance as soon as reasonably practicable.

26. General Provisions

• Independent contractors. The parties are independent contractors. These Terms create no partnership, franchise, joint venture, agency, fiduciary, or employment relationship.
• Notices. Legal notices to Contrail: email legal@contrailllc.com and registered mail to our registered address. Notices to Customer: email to the primary administrator on file or in-product notice.
• Assignment. Neither party may assign these Terms without the other party's prior written consent, except that either party may assign without consent to an Affiliate or in connection with a merger, consolidation, or sale of all or substantially all assets, provided the assignee assumes all obligations.
• Severability. If any provision is held invalid or unenforceable, it will be modified to the minimum extent necessary, and the remaining provisions will remain in full force and effect.
• No waiver. Failure or delay in exercising any right does not waive that right.
• Entire Agreement. These Terms, together with any Order Form, DPA, or MSA, constitute the entire agreement and supersede all prior understandings. Precedence: MSA > Order Form > DPA > these Terms > Documentation.
• Government customers. If Customer is a US federal, state, or local government entity, the Services are "commercial products" per FAR 2.101, provided with only the rights stated in these Terms.
• Language. These Terms are in English. Translations are provided for convenience only; the English text controls.

27. Contact Information