Terms of Service

Effective date: April 24, 2026 · Last updated: April 24, 2026 · Version: 3.0
Service Provider: CAI TECHNOLOGY S.R.L. · CUI 50512457 · Reg. Com. J2024020380005 · EUID ROONRC.J2024020380005 · Registered office: Str. Victor Brauner 34, Bucharest, Romania.
Contact: office@caitech.ro (general), sales@caitech.ro (commercial), tehnic@caitech.ro (technical).
EU consumer dispute resolution: ANPC SAL (anpc.ro/ce-este-sal) and the EU ODR platform (ec.europa.eu/consumers/odr).
CAI Technology S.R.L. is a private commercial entity, not a government, public, or regulatory authority.
IMPORTANT — READ CAREFULLY BEFORE USING. These Terms of Service (the "Terms") form a legally binding contract between You and CAI Technology SRL. They contain provisions that materially limit Our liability, disclaim warranties, require mandatory good-faith negotiation followed by arbitration (with a class-action and jury-trial waiver for non-European Union Users), permit Us to suspend, terminate, or modify the Service at any time, and impose broad indemnification and export-control obligations on You. By clicking "I agree", installing, activating, accessing, or otherwise using any component of the Service, You accept and are bound by these Terms. If You do not agree, You must not use the Service and must uninstall and destroy any copies within five (5) business days.

1. Acceptance of Terms; Clickwrap Consent

  1. These Terms govern Your access to and use of the CAI-AUTH (Cipher AI Authenticator) post-quantum multi-factor authentication platform, including the Android application, the Chrome browser extension, the Python software development kit, all associated application programming interfaces, server components, cryptographic modules, hosted endpoints (including, without limitation, https://auth.caitech.ro), documentation, sample code, and any updates, upgrades, patches, or successor versions (collectively, the "Service").
  2. You manifest assent to these Terms by any of the following acts, each of which constitutes a separate and independent acceptance (clickwrap, browse-wrap, and sign-in-wrap): (i) clicking, tapping, or otherwise activating any button, checkbox, link, or user-interface element labelled "I agree", "Accept", "Continue", "Install", "Enrol", "Register", "Sign up", or any substantially similar affirmation; (ii) installing, launching, or executing any application component of the Service; (iii) creating, enrolling, provisioning, or activating an Account; (iv) transmitting any request, token, or payload to an Authorized Server or to any Service endpoint; or (v) continuing to use the Service after notice of amended Terms has been posted in accordance with Section 33.
  3. You acknowledge that You have had a reasonable and sufficient opportunity to read these Terms in their entirety, to consult independent legal counsel of Your choosing, and to decline acceptance at no cost by refraining from installing or using the Service. Electronic acceptance is legally equivalent to a hand-written signature under Regulation (EU) No 910/2014 (eIDAS), the U.S. Electronic Signatures in Global and National Commerce Act (E-SIGN), the Uniform Electronic Transactions Act (UETA), and all analogous national legislation.
  4. If You are entering into these Terms on behalf of a company, governmental agency, partnership, association, or other legal entity, You represent and warrant that You possess actual, ostensible, and apparent authority to bind that entity, and the terms "You", "Your", "Customer", and "User" shall refer to both You individually and to such entity jointly and severally.

2. Definitions

In these Terms, unless the context otherwise requires, the following capitalised terms shall have the meanings set out below. Definitions apply equally to the singular and plural forms.

  1. "Account" means the enrolment record, cryptographic key pair, device binding, and associated metadata provisioned by or on behalf of You through the Service.
  2. "Affiliate" means, with respect to any entity, any other entity that directly or indirectly controls, is controlled by, or is under common control with such entity, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent.
  3. "Applicable Law" means all statutes, regulations, directives, codes, ordinances, rules, administrative orders, judicial decisions, binding guidance, and self-regulatory obligations of any competent authority applicable to a Party or to the performance of these Terms, including data-protection, export-control, sanctions, anti-bribery, and consumer-protection legislation.
  4. "Authorized Server" means any CAI-AUTH server instance that You are expressly authorised in writing to access, whether operated by the Company, by You, or by a third party holding a valid Commercial or Government/Defence Licence.
  5. "Business Day" means any day other than a Saturday, Sunday, or public holiday in Bucharest, Romania.
  6. "Company", "We", "Us", or "Our" means CAI Technology SRL, a limited-liability company duly incorporated under the laws of Romania, having its registered seat at Str. Victor Brauner 34, Bucharest, Romania, registered with the Romanian Trade Register, represented by its sole administrator and founder Gelu Constantin.
  7. "Commercial Licence" means a paid licence tier permitting production deployment, as further described in the Proprietary License Agreement.
  8. "Confidential Information" has the meaning set out in Section 24.
  9. "Consumer" means a natural person acting outside the scope of his or her trade, business, craft, or profession, within the meaning of Directive 2011/83/EU and Romanian Law no. 296/2004.
  10. "Content" means any data, metadata, audit event, enrolment record, display name, email address, public key, device identifier, log entry, or other material created, submitted, stored, transmitted, or processed through the Service.
  11. "DPA" means the Data Processing Addendum entered into or made available pursuant to Article 28 of Regulation (EU) 2016/679 (GDPR), available on written request to office@caitech.ro.
  12. "Developer Licence" means a limited, non-production licence tier permitting integration development and internal testing.
  13. "Documentation" means the user manuals, API references, integration guides, security whitepapers, and release notes published by the Company at auth.caitech.ro or delivered under a Commercial or Government/Defence Licence.
  14. "Effective Date" means the date on which You first accept these Terms pursuant to Section 1.
  15. "Evaluation Licence" means a time-limited, non-production licence tier granted for proof-of-concept evaluation, capped at ninety (90) days unless extended in writing.
  16. "Fees" means the subscription, per-seat, per-tenant, or usage-based charges payable for the Service as published on the Company's website, in a commercial order form, or in a Government/Defence Licence.
  17. "Force Majeure Event" has the meaning set out in Section 30.
  18. "Government/Defence Licence" means a bespoke licence tier for public-sector, national-security, or defence deployments, subject to export-control screening and separate commercial terms.
  19. "Intellectual Property Rights" means all patents, patent applications, utility models, copyrights and neighbouring rights, database rights, trade marks, service marks, trade names, domain names, design rights, rights in know-how, trade secrets, moral rights, rights in confidential information, and all other proprietary rights, whether registered or unregistered, anywhere in the world, together with all applications, renewals, extensions, and continuations thereof.
  20. "Party" means the Company or You; "Parties" means both collectively.
  21. "Personal Data" has the meaning given in Article 4(1) GDPR.
  22. "Privacy Policy" means the document available at /privacy, as amended from time to time.
  23. "Proprietary License Agreement" or "PLA" means the document available at /license setting out the tiered licence grants for the CAI-AUTH software.
  24. "Restricted Party" means any person, entity, or vessel (i) listed on the U.S. Treasury Department's Specially Designated Nationals and Blocked Persons List, the Entity List or Denied Persons List maintained by the U.S. Bureau of Industry and Security, the EU Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions, or any analogous list; or (ii) owned, fifty percent (50%) or more, in aggregate, by any such listed person.
  25. "Sensitive Authenticator" means the biometric-bound private key material protected by the StrongBox Keymaster, Secure Enclave, or equivalent hardware security module on Your device.
  26. "Service" has the meaning set out in Section 1(a).
  27. "Third-Party Services" means any software, service, data feed, identity provider, push-notification gateway (including Google Firebase Cloud Messaging), app store, or communication network operated by a person other than the Company and interoperating with or consumed by the Service.
  28. "User" or "You" has the meaning set out in Section 1(d).
  29. "User Content" means the subset of Content authored, uploaded, or generated by You, as distinct from Content generated by the Service itself.
  30. "Zero-Knowledge Architecture" means the Company's architectural commitment that Sensitive Authenticators and biometric templates never leave the User's device, and that the Company's servers retain only operationally necessary metadata as further described in the Privacy Policy.

3. Account Registration; Representations and Warranties

  1. Minimum age. You represent and warrant that You are at least sixteen (16) years of age, which is the minimum digital-consent age under Article 8 GDPR as transposed into Romanian law. If You are resident in a jurisdiction that imposes a higher minimum age for digital services (for example, thirteen (13) years in certain U.S. states under COPPA is lower, but certain EU Member States have set the threshold at thirteen (13), fourteen (14), fifteen (15), or sixteen (16) years), You represent that You have attained such higher threshold. The Service is not offered to children below these thresholds, and the Company will terminate any Account identified as belonging to an under-age User.
  2. Legal capacity. You represent and warrant that You have full legal capacity to enter into a binding contract under the laws of Your domicile and, where applicable, under the laws of Your place of residence and citizenship.
  3. Authority to bind organisations. Where You act on behalf of a legal entity, You further represent and warrant that (i) You are an authorised officer, employee, or duly appointed agent of that entity; (ii) You have obtained all internal approvals, board resolutions, or delegated signature authorities required to bind the entity; and (iii) no separately negotiated master agreement supersedes these Terms unless expressly executed by a duly authorised officer of the Company.
  4. Accurate information. You represent that all information supplied during enrolment, including display name, email address, organisation, telephone number (if provided), and jurisdiction of residence, is true, current, complete, and accurate. You shall promptly update such information through the Service if it becomes inaccurate or incomplete.
  5. No denied party. You represent and warrant that neither You nor any entity that You represent is a Restricted Party, is owned or controlled by a Restricted Party, or is located in, ordinarily resident in, or organised under the laws of any country or territory subject to comprehensive U.S., EU, UK, or UN sanctions (currently, without limitation, Cuba, Iran, North Korea, Syria, and the occupied regions of Crimea, Donetsk, Luhansk, Zaporizhzhia, and Kherson).
  6. One Account per person. Except where multiple Accounts are required for legitimate organisational role separation, You shall not create, operate, or control more than one Account for the same natural person.
  7. Reliance. The Company relies on the foregoing representations and warranties in granting access to the Service, and any breach thereof shall be a material breach of these Terms permitting immediate suspension or termination under Section 17.

4. Account Security; User Responsibilities

  1. You are solely and exclusively responsible for safeguarding (i) the device on which the Sensitive Authenticator is provisioned; (ii) the biometric factor (fingerprint, face, iris, or other modality) linked to the Sensitive Authenticator at the operating-system level; (iii) the device passcode or lock-screen credential; (iv) any enrolment QR code, backup phrase, recovery share, or Shamir social-recovery threshold token; and (v) any administrative credentials used to configure an Authorized Server.
  2. You shall not disclose, transfer, export, duplicate, or share the Sensitive Authenticator or any recovery material with any third party other than, where applicable, the trustees designated through the Service's Shamir social-recovery feature.
  3. You shall implement and maintain industry-standard security hygiene on Your device, including, without limitation, keeping the operating system and the CAI-AUTH application updated to the latest supported version, enabling full-disk encryption, enabling a strong lock-screen credential, refraining from rooting, jailbreaking, or otherwise tampering with the Trusted Execution Environment, and installing applications only from reputable sources.
  4. You shall notify the Company without undue delay, and in any event within twenty-four (24) hours of becoming aware, of any (i) loss, theft, or suspected compromise of the device; (ii) unauthorised use of Your Account; (iii) unusual authentication activity visible in the audit log; or (iv) receipt of a push-to-login challenge that You did not initiate. Notification shall be sent to tehnic@caitech.ro.
  5. You are liable for all authentication events, API calls, signature operations, and Fees incurred under Your Account prior to the Company's receipt and processing of a valid compromise notification. Where the compromise is attributable to Your negligence, wilful misconduct, or breach of this Section 4, You shall further be liable for any Fees, damages, or remediation costs incurred by the Company or by any relying party as a result of the unauthorised use.
  6. The Company may, but is not obligated to, impose additional authentication, geographic, velocity, or anomaly-detection controls, and may temporarily freeze an Account pending security review without thereby incurring any liability to You.

5. Description of the Service; Right to Modify

  1. The Service provides post-quantum multi-factor authentication using the NIST-standardised ML-DSA-87 digital-signature algorithm (FIPS 204) and the ML-KEM-1024 key-encapsulation mechanism (FIPS 203), each at U.S. NSA CNSA 2.0 Category 5, together with complementary hybrid-classical composite signatures, a patent-pending Time-Fused Binding (TFB), Adaptive Velocity Control (AVC), Cryptographic Behavioural Binding (CBB), and Shamir-threshold social recovery.
  2. The Service is provided on an iterative, continuously deployed basis. The Company reserves the right, in its sole discretion and at any time, to (i) add, remove, rename, redesign, deprecate, or sunset any feature, interface, API, or endpoint; (ii) change underlying cryptographic primitives, transport protocols, data schemas, or retention windows; (iii) introduce new licence tiers or reorganise existing ones; and (iv) modify, suspend, or discontinue the Service, in whole or in part, with or without cause.
  3. For material modifications that are reasonably expected to have a materially adverse effect on paying Users, the Company will use commercially reasonable efforts to provide not less than thirty (30) days' advance notice by email, in-product banner, release notes, or a notice on auth.caitech.ro, except where a shorter notice period is required to comply with Applicable Law, to remediate a security vulnerability, to prevent ongoing harm, or to respond to a Force Majeure Event.
  4. Except as expressly set out in a Commercial Licence order form or a Government/Defence Licence, no modification, suspension, or discontinuation of the Service shall give rise to any liability, refund, credit, or compensation in favour of You or any third party.
  5. The Service does not constitute, and shall not be construed as, a payment instrument, an electronic money service, a qualified trust service under eIDAS, a qualified electronic signature creation device, a medical device, an aeronautical-certified component, or a safety-critical system, unless and until explicitly certified as such in writing by the Company.

6. Licence Grant

  1. Subject to Your continuing compliance with these Terms, the Privacy Policy, the Proprietary License Agreement, and the payment of applicable Fees, the Company grants You a limited, personal, non-exclusive, non-transferable, non-sublicensable, revocable licence to install, access, and use the Service solely for Your personal use (in the case of a natural person) or Your internal business operations (in the case of a legal entity), in each case strictly within the scope of the licence tier that You have acquired.
  2. The licence is further governed by the Proprietary License Agreement, which is incorporated herein by reference. In the event of any conflict between these Terms and the Proprietary License Agreement, the Proprietary License Agreement shall prevail with respect to the scope, field of use, and permitted deployment of the licence grant, and these Terms shall prevail with respect to all other matters.
  3. All rights not expressly granted herein or in the Proprietary License Agreement are reserved to the Company and its licensors. Nothing in these Terms shall be construed, by implication, estoppel, or otherwise, as granting any right, title, interest, licence, or immunity (express or implied) to any Intellectual Property Right of the Company other than the limited licence expressly granted.

7. Acceptable Use Policy

You shall not, and shall not authorise, permit, encourage, or enable any third party to:

  1. use the Service to authenticate to, access, interrogate, or transact against any system, network, application, or resource that You are not expressly authorised to access;
  2. deploy, distribute, or execute any malware, ransomware, worm, trojan, spyware, key-logger, rootkit, botnet node, cryptocurrency miner, or other malicious code through or in connection with the Service;
  3. reverse-engineer, decompile, disassemble, translate, or otherwise attempt to derive the source code, object code, underlying algorithms, cryptographic keys, file formats, API protocols, or trade secrets of the Service, except and solely to the minimum extent that such activity is expressly permitted by Article 6 of Directive 2009/24/EC (the Computer Programs Directive) as transposed into Romanian law, and only after having first requested the necessary interoperability information in writing from office@caitech.ro;
  4. modify, adapt, translate, create derivative works of, port, or otherwise alter the Service, except as expressly permitted under the Proprietary License Agreement;
  5. distribute, sublicense, lease, rent, loan, resell, time-share, provide on a service-bureau or managed-service basis, or otherwise make the Service available to any third party, other than as expressly permitted by the licence tier that You have acquired;
  6. use the Service for benchmarking, competitive analysis, capacity testing, security red-teaming (except as expressly coordinated with the Company under a coordinated-disclosure programme), or for the design, development, training, or operation of a competing product or service, in each case without the Company's prior written consent;
  7. conduct or facilitate phishing, smishing, vishing, business-email compromise, credential stuffing, SIM-swap fraud, account-takeover attacks, adversary-in-the-middle attacks, or other social-engineering or cyber-fraud schemes;
  8. employ any bot, scraper, crawler, headless browser, or other automated means to access, probe, harvest, or index the Service, or to circumvent any access control, rate limit, CAPTCHA, bot-detection mechanism, or robots.txt directive;
  9. interfere with, disrupt, degrade, flood, overload, or impair the Service or any connected server, network, or Third-Party Service (including, without limitation, by sending malformed CBOR payloads designed to exploit parser vulnerabilities);
  10. falsify, spoof, forge, or otherwise manipulate any identifier, header, signature, timestamp, geolocation, or audit record transmitted to or from the Service;
  11. use the Service in breach of any Applicable Law, including, without limitation, export-control, sanctions, anti-money-laundering, anti-terrorism-financing, data-protection, consumer-protection, intellectual-property, or anti-discrimination legislation;
  12. use the Service to process any category of data for which the Service is not suitable, including, without limitation, classified national-security information (unless under a Government/Defence Licence), special categories of Personal Data under Article 9 GDPR (except with valid legal basis and appropriate safeguards), or data subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) (except under a validly executed Business Associate Addendum);
  13. remove, obscure, or alter any proprietary notice, copyright legend, trade mark, or attribution appearing in or on the Service;
  14. circumvent, disable, or otherwise interfere with any security feature, authentication mechanism, licence-enforcement control, rate limit, or usage quota of the Service;
  15. attempt to probe, scan, penetrate, or otherwise test the vulnerability of the Service without prior written authorisation (good-faith coordinated disclosure via tehnic@caitech.ro is welcomed and, subject to compliance with the Company's coordinated-disclosure policy, will not give rise to legal action);
  16. use the Service to produce, transmit, or store material that is unlawful, defamatory, obscene, child-sexual-abuse material, hate speech, harassment, or that infringes any Intellectual Property Right or privacy right of any third party.

8. Content and User Content; Anonymised Aggregate Use

  1. As between the Parties, You retain all right, title, and interest in and to the User Content. You hereby grant the Company a worldwide, non-exclusive, royalty-free, fully paid-up, sublicensable (solely to the Company's Affiliates, sub-processors, and infrastructure providers) licence to host, reproduce, transmit, display, process, and operate on the User Content solely to the extent necessary to (i) provide, secure, and improve the Service; (ii) comply with Applicable Law; (iii) enforce these Terms; and (iv) generate anonymised aggregate statistics in accordance with paragraph (c) below.
  2. Consistent with the Zero-Knowledge Architecture, the Company's servers store only operationally necessary metadata (including email address, display name, device binding record, public keys, and audit-log entries). The Company does not store, process, or have access to biometric templates, Sensitive Authenticator private keys, or plaintext credential material.
  3. The Company may generate and use anonymised, de-identified, aggregated statistics, telemetry, and analytics derived from Content (collectively, "Aggregated Data") for any lawful business purpose, including benchmarking, capacity planning, security research, product improvement, threat-intelligence sharing with trusted partners, and marketing. Aggregated Data shall not identify You or any other natural person, and the Company shall apply appropriate statistical-disclosure controls to prevent re-identification.
  4. You represent and warrant that (i) You own or have all necessary rights, licences, consents, and permissions in the User Content; (ii) the User Content and its processing through the Service do not and will not infringe, misappropriate, or violate any Intellectual Property Right, privacy right, publicity right, or contractual right of any third party; and (iii) the User Content does not contain any material described in Section 7(p).

9. Feedback; Irrevocable Assignment

If You provide the Company with any suggestions, enhancement requests, comments, ideas, recommendations, bug reports, benchmark results, or other feedback regarding the Service (collectively, "Feedback"), You hereby grant the Company a royalty-free, worldwide, transferable, sublicensable (through multiple tiers), irrevocable, perpetual, and unrestricted licence to use, reproduce, distribute, modify, display, perform, create derivative works of, and exploit the Feedback for any purpose, including, without limitation, the design, development, manufacture, marketing, sale, and support of any product or service. To the extent permitted by Applicable Law, You further waive any moral rights, attribution rights, and rights of integrity that You may have in the Feedback. No Feedback shall be deemed Your Confidential Information, and the Company is under no obligation to compensate You for, or to implement, any Feedback.

10. Intellectual Property; Trade Mark Restrictions

  1. The Service, the Documentation, the underlying cryptographic designs, the patent-pending innovations (including TFB, AVC, CBB, Shamir social recovery adaptation, hybrid-PQ composite signatures, and the WebAuthn post-quantum adapter), the source code, the compiled binaries, the brand elements, and all associated Intellectual Property Rights are and shall remain the sole and exclusive property of the Company and its licensors.
  2. "CAI-AUTH", "Cipher AI Authenticator", "CAI Technology", and the associated logos, glyphs, and stylised wordmarks are trade marks or registered trade marks of CAI Technology SRL. You shall not use, register, or attempt to register any of the foregoing marks, or any confusingly similar mark, in any jurisdiction, and You shall not use the marks in any manner that implies endorsement, partnership, or certification without the Company's prior written consent.
  3. Patent notices and attribution legends embedded in the Service or Documentation shall not be removed or obscured.

11. Third-Party Services; Linked Content

  1. The Service interoperates with Third-Party Services, including, without limitation, Google Firebase Cloud Messaging for push notifications, Google Play for Android distribution, the Chrome Web Store for browser-extension distribution, and, where You elect, Your own relying-party systems and identity providers.
  2. Third-Party Services are not part of the Service and are governed by the terms, conditions, and privacy policies of their respective providers. The Company does not control, endorse, or assume responsibility for any Third-Party Service, and Your use of any Third-Party Service is at Your own risk.
  3. The Company shall not be liable for any act, omission, delay, outage, security incident, data breach, or content of any Third-Party Service, including, without limitation, any failure of a push-notification gateway to deliver a time-sensitive authentication challenge.
  4. If You access external hyperlinks from the Service or the Documentation, the Company is not responsible for the accuracy, legality, or content of the destination.

12. Fees, Taxes, and Payment

  1. Fees. Fees for the Service are payable in accordance with the pricing schedule applicable to Your licence tier, as published at auth.caitech.ro or as set out in an executed order form, statement of work, or Government/Defence Licence.
  2. Taxes. All Fees are stated exclusive of value-added tax (VAT), goods-and-services tax (GST), sales tax, withholding tax, or any other transaction or income tax now or hereafter imposed. You shall bear all such taxes, duties, and levies, except for taxes imposed on the Company's net income. Where the Company is required to collect VAT or an equivalent indirect tax, such tax shall be added to the invoice at the applicable rate.
  3. Payment terms. Unless otherwise agreed in writing, Fees are invoiced in advance on a monthly or annual basis and are due within thirty (30) calendar days of the invoice date. Payment shall be made in Euro (EUR) or, at the Company's election, in U.S. Dollar (USD), by bank transfer or card payment through the Company's authorised payment processor.
  4. Late payment. Amounts not paid when due shall accrue interest at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by Applicable Law, compounding monthly, from the due date until paid in full. You shall reimburse the Company for all reasonable collection costs, including attorneys' fees and court costs.
  5. Chargebacks. If You initiate a credit-card chargeback or payment reversal for any charge that is not the subject of a bona-fide dispute notified under Section 27, the Company may (i) immediately suspend the Account; (ii) charge a chargeback-administration fee equal to fifty Euro (EUR 50) per incident; and (iii) recover all related bank or processor fees from You.
  6. No offset. You shall pay all Fees in full, without set-off, counter-claim, or withholding of any kind.
  7. Audit of usage. Where the Fees are usage-based (per-authentication, per-seat, or per-tenant), the Company may, upon reasonable notice and not more than once per calendar year, audit Your usage records to verify conformity. Under-reporting in excess of five percent (5%) shall entitle the Company to recover the audit costs in addition to the unpaid Fees.

13. Unilateral Pricing Changes

The Company may modify the Fees applicable to any licence tier or usage metric at any time. For paying Users, the Company will provide not less than thirty (30) days' prior notice by email or in-product banner, and the new Fees will take effect at the beginning of the next renewal term following the notice period. Your continued use of the Service following the effective date of the modified Fees constitutes Your acceptance. If You do not agree, You may terminate the affected subscription with effect from the end of the then-current paid term by giving written notice before the effective date. No refund shall be due in respect of Fees already paid.

14. Evaluation and Free-Tier Conditions; Conversion

  1. Evaluation Licences and free-tier usage are provided strictly "AS IS" and "AS AVAILABLE", without any commitment as to performance, availability, or feature set, and may be suspended, throttled, or terminated at any time without notice.
  2. Evaluation Licences are limited to a maximum of ninety (90) calendar days unless extended in writing by the Company, and are strictly for internal, non-production evaluation. You shall not use an Evaluation Licence to authenticate production workloads, to deliver services to third parties, or to onboard real end-users beyond the bona-fide evaluation team.
  3. Upon the expiry of the evaluation period, access may be automatically disabled. To convert to a paid tier, You must execute a Commercial Licence order form or equivalent written instrument. Content generated during the evaluation may be retained for up to thirty (30) days after expiry to facilitate conversion and shall thereafter be deleted in accordance with the Privacy Policy.
  4. The Company's warranty, indemnification, and service-level commitments, if any, do not extend to Evaluation Licences or free-tier usage, and the limitations of liability in Section 21 shall apply with the aggregate cap reduced to the greater of the Fees paid (which may be zero) or fifty Euro (EUR 50).

15. Service Availability; Downtime; Maintenance

  1. The Company targets an annual availability of ninety-nine point nine percent (99.9%) for the production tier hosted at auth.caitech.ro, calculated on a calendar-month basis and excluding Scheduled Maintenance, Emergency Maintenance, Force Majeure Events, and outages caused by Third-Party Services or by User-side connectivity.
  2. The foregoing is a target and does not constitute a Service Level Agreement. No credit, refund, or other remedy shall be due for any failure to meet the target, except where an express, contractually negotiated SLA with service credits is executed as part of a Commercial Licence or Government/Defence Licence.
  3. Scheduled Maintenance shall, where practicable, be announced not less than forty-eight (48) hours in advance by in-product banner or status-page notice, and shall be conducted, where practicable, during off-peak hours (02:00–06:00 Europe/Bucharest local time).
  4. Emergency Maintenance may be conducted at any time without prior notice where necessary to mitigate a security vulnerability, contain an ongoing incident, or comply with a regulatory or law-enforcement directive.
  5. The Company shall not be liable for any outage, degradation, delay, loss of authentication attempts, missed push notifications, or business interruption attributable to Scheduled Maintenance, Emergency Maintenance, Third-Party Services, User misconfiguration, or Force Majeure Events.

16. Modifications to the Service

Without prejudice to the generality of Section 5, the Company may at any time and from time to time, in its sole discretion, modify, enhance, restrict, discontinue, or sunset the Service or any part of it (including, without limitation, any feature, API endpoint, cryptographic algorithm, data retention window, licence tier, region of availability, or language localisation), with or without cause and, where reasonably practicable, with reasonable advance notice. Neither the Company nor its Affiliates shall be liable to You or to any third party for any modification, suspension, or discontinuation, except as expressly set out in a separately negotiated SLA.

17. Suspension and Termination by the Company

  1. The Company has the right to suspend, restrict, or terminate Your access to all or any part of the Service at any time, with or without cause, with or without notice, in its sole discretion. Without limiting the generality of the foregoing, the Company may suspend or terminate where (i) You materially or repeatedly breach these Terms, the Privacy Policy, or the Proprietary License Agreement; (ii) You fail to pay any undisputed Fee when due; (iii) the Company is required to do so to comply with Applicable Law or a court, regulatory, or law-enforcement order; (iv) Your conduct causes, or is reasonably likely to cause, harm or liability to another User, a third party, or the Company; (v) the Company reasonably suspects fraud, abuse, security compromise, or misuse of the Service; (vi) You become subject to insolvency, winding-up, administration, or equivalent proceedings; or (vii) the Company discontinues the Service or the relevant licence tier.
  2. Where the cause of suspension is capable of cure, the Company may, but is not obliged to, provide a cure period before termination.
  3. Suspension or termination under this Section 17 shall not relieve You of any accrued payment obligation and shall not entitle You to any refund, credit, damages, or compensation. The Company shall not be liable to You or to any third party for any suspension or termination.

18. Termination by You; Effect of Termination

  1. You may terminate these Terms at any time by (i) uninstalling the Android application and the Chrome extension; (ii) de-provisioning any integration code using the Python SDK or the REST API; and (iii) sending written notice of termination to office@caitech.ro. Paid subscriptions may be terminated with effect from the end of the then-current paid term by written notice given not less than thirty (30) days before the renewal date.
  2. Data export. For a period of thirty (30) days following the effective date of termination, the Company will, upon Your written request and subject to identity verification, make available a machine-readable export of Your Account metadata in JSON format. The Company shall have no obligation to provide data export for Evaluation or free-tier Accounts.
  3. Deletion. Sixty (60) days following the effective date of termination, or earlier upon Your express written request, the Company shall delete or irreversibly anonymise all Content associated with the Account, save for (i) information that the Company is required by Applicable Law to retain (including audit logs for fraud-prevention and regulatory-compliance purposes, typically retained for up to ten (10) years); (ii) routine back-ups that will be overwritten in the ordinary course; and (iii) Aggregated Data.
  4. Certificate of destruction. Upon Your written request, the Company shall issue a certificate of destruction signed by an authorised officer within thirty (30) Business Days of completion of the deletion.

19. Survival

Any provision of these Terms that by its nature or terms is intended to survive termination or expiry shall so survive, including, without limitation, Sections 2 (Definitions), 8 (Content), 9 (Feedback), 10 (Intellectual Property), 12 (Fees and Payment, with respect to accrued amounts), 19 (Survival), 20 (Warranty Disclaimer), 21 (Limitation of Liability), 22–23 (Indemnification), 24 (Confidentiality), 25 (Data Protection), 26 (Export Controls), 27 (Dispute Resolution), 28 (Governing Law), 29 (General Provisions), 32 (Notices), and 36 (Contact).

20. Disclaimer of Warranties

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

  1. THE SERVICE, THE DOCUMENTATION, AND ALL COMPONENTS, FEATURES, AND DELIVERABLES PROVIDED BY THE COMPANY ARE MADE AVAILABLE ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITH ALL FAULTS AND WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.
  2. THE COMPANY, ITS AFFILIATES, LICENSORS, AND SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, NON-INFRINGEMENT, ACCURACY, QUIET ENJOYMENT, SYSTEM INTEGRATION, AND CORRESPONDENCE TO DESCRIPTION.
  3. WITHOUT LIMITING THE FOREGOING, THE COMPANY DOES NOT WARRANT THAT (i) THE SERVICE WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS; (ii) THE SERVICE WILL OPERATE UNINTERRUPTED, TIMELY, SECURELY, OR ERROR-FREE; (iii) DEFECTS WILL BE CORRECTED; (iv) THE SERVICE OR THE SERVERS HOSTING IT ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; (v) AUTHENTICATION CHALLENGES WILL BE DELIVERED WITHIN ANY PARTICULAR TIME OR AT ALL; (vi) THE CRYPTOGRAPHIC IMPLEMENTATIONS WILL REMAIN SECURE AGAINST FUTURE CRYPTANALYTIC, SIDE-CHANNEL, OR QUANTUM ATTACKS; OR (vii) THE RESULTS OBTAINED FROM THE USE OF THE SERVICE WILL BE ACCURATE, RELIABLE, OR COMPLETE.
  4. INDEPENDENT THIRD-PARTY CRYPTOGRAPHIC AUDITS, WHERE COMMISSIONED AND PUBLISHED BY THE COMPANY, ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND DO NOT CONSTITUTE A WARRANTY OR GUARANTEE OF CRYPTOGRAPHIC CORRECTNESS OR SECURITY.
  5. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY THE COMPANY, ITS EMPLOYEES, OR ANY OF ITS AUTHORISED REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY EXPAND THE SCOPE OF THE COMPANY'S OBLIGATIONS UNDER THESE TERMS.
  6. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES. IN SUCH JURISDICTIONS, THE FOREGOING EXCLUSIONS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND IMPLIED WARRANTIES THAT CANNOT BE DISCLAIMED SHALL BE LIMITED IN DURATION TO THE MINIMUM PERIOD PERMITTED.

21. Limitation of Liability

  1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY, ITS AFFILIATES, OFFICERS, DIRECTORS, SHAREHOLDERS, EMPLOYEES, CONTRACTORS, AGENTS, LICENSORS, OR SUPPLIERS BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR ANY LOSS OF PROFITS, LOSS OF REVENUES, LOSS OF BUSINESS, LOSS OF BUSINESS OPPORTUNITIES, LOSS OF GOODWILL, LOSS OF ANTICIPATED SAVINGS, LOSS OF USE, LOSS OR CORRUPTION OF DATA OR CREDENTIAL MATERIAL, COST OF SUBSTITUTE SERVICES OR GOODS, OR FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, THE SERVICE, OR ANY AUTHENTICATION EVENT, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, STATUTE, OR OTHERWISE) AND EVEN IF THE COMPANY HAS BEEN ADVISED OF, OR SHOULD HAVE FORESEEN, THE POSSIBILITY OF SUCH DAMAGES.
  2. Aggregate cap — Consumers. WHERE YOU ARE A CONSUMER, THE AGGREGATE CUMULATIVE LIABILITY OF THE COMPANY AND ITS AFFILIATES TO YOU FOR ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE, IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED, IN THE AGGREGATE, THE GREATER OF (i) ONE HUNDRED EURO (EUR 100); OR (ii) THE TOTAL FEES ACTUALLY PAID BY YOU TO THE COMPANY DURING THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
  3. Aggregate cap — Business users. WHERE YOU ARE NOT A CONSUMER (INCLUDING, WITHOUT LIMITATION, BUSINESS, ENTERPRISE, AND GOVERNMENT USERS), THE AGGREGATE CUMULATIVE LIABILITY OF THE COMPANY AND ITS AFFILIATES FOR ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY YOU TO THE COMPANY DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
  4. Excluded heads of loss. IN NO EVENT SHALL THE COMPANY BE LIABLE FOR LOSS OF PROFITS, LOSS OF REVENUES, LOSS OF GOODWILL, LOSS OF DATA, LOSS OF BUSINESS, LOSS OF OPPORTUNITY, LOSS OF USE, BUSINESS INTERRUPTION, COST OF PROCUREMENT OF SUBSTITUTE SERVICES, OR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE, OR EXEMPLARY DAMAGES, REGARDLESS OF CAUSE OR THEORY.
  5. Carve-outs. Nothing in these Terms shall exclude or limit the liability of either Party for (i) fraud or fraudulent misrepresentation; (ii) death or personal injury caused by that Party's negligence, to the extent such exclusion is prohibited by Applicable Law; (iii) gross negligence or wilful misconduct; (iv) the indemnification obligations under Section 22 in the case of the User, or Section 23 in the case of the Company; (v) a Party's breach of Section 24 (Confidentiality); or (vi) any liability that cannot be excluded or limited under mandatory Applicable Law.
  6. Basis of the bargain. YOU ACKNOWLEDGE AND AGREE THAT THE FEES (IF ANY) REFLECT THE ALLOCATION OF RISK EXPRESSED IN THIS SECTION, THAT THE COMPANY WOULD NOT PROVIDE THE SERVICE ABSENT THIS ALLOCATION, AND THAT THE LIMITATIONS IN THIS SECTION SHALL APPLY NOTWITHSTANDING THE FAILURE OF ANY ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

22. Indemnification by You

You shall indemnify, defend (at the Company's option), and hold harmless the Company, its Affiliates, and their respective directors, officers, employees, contractors, agents, licensors, and suppliers (the "Company Indemnitees") from and against any and all third-party claims, actions, proceedings, demands, losses, damages, fines, penalties, judgments, settlements, liabilities, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or relating to (a) Your use of the Service, whether lawful or unlawful; (b) Your breach or alleged breach of these Terms, the Privacy Policy, the Proprietary License Agreement, or Applicable Law; (c) any violation by You of the Intellectual Property Rights, privacy rights, publicity rights, or other rights of any third party; (d) any User Content or any action or inaction by You in respect of the User Content; (e) any misrepresentation made by You under Section 3; (f) Your negligent or wilful act or omission; and (g) Your use of the Service to authenticate to any system, network, or resource that You were not authorised to access. The Company shall promptly notify You of any claim subject to indemnification, shall permit You to control the defence and settlement (provided that any settlement that imposes any obligation on, or admits any liability of, a Company Indemnitee requires the Company's prior written consent, not to be unreasonably withheld), and shall provide reasonable cooperation at Your expense.

23. Indemnification by the Company (Intellectual Property Only)

  1. Subject to the conditions set out below, the Company shall defend, at its own expense, any third-party claim brought against You alleging that Your use of the Service, strictly in accordance with these Terms and the Proprietary License Agreement, directly infringes a valid patent, copyright, registered trade mark, or trade secret of such third party in the Territory (the "IP Indemnity"), and shall pay any amounts finally awarded against You by a court of competent jurisdiction or agreed in settlement approved by the Company in writing.
  2. The IP Indemnity is conditioned on (i) Your giving prompt written notice of the claim to the Company; (ii) the Company having sole and exclusive control of the defence and settlement; (iii) Your providing all reasonable cooperation requested by the Company, at the Company's expense; and (iv) Your not making any admission, settlement, or compromise without the Company's prior written consent.
  3. The IP Indemnity does not apply to, and the Company shall have no liability for, any claim arising out of or relating to (i) use of the Service in combination with any hardware, software, data, service, or process not supplied or authorised by the Company, where the claim would have been avoided but for such combination; (ii) modification of the Service by any person other than the Company; (iii) use of the Service other than in accordance with the Documentation and these Terms; (iv) Your failure to use a non-infringing version made available by the Company; (v) User Content or any third-party content; (vi) compliance with Your specifications or instructions; or (vii) open-source components governed by their own licences.
  4. If the Service becomes, or in the Company's reasonable opinion is likely to become, the subject of an infringement claim, the Company may, at its option and expense, (i) procure for You the right to continue using the Service; (ii) modify or replace the Service to render it non-infringing while preserving substantially equivalent functionality; or (iii) if neither of the foregoing is commercially reasonable, terminate the affected Service and refund any pre-paid Fees covering the unused portion of the then-current term.
  5. The IP Indemnity in this Section 23 states the Company's sole and exclusive liability, and Your sole and exclusive remedy, for any claim of Intellectual Property infringement.

24. Confidentiality

  1. "Confidential Information" means any non-public information disclosed by one Party (the "Discloser") to the other (the "Recipient") that is marked or identified as confidential or that, given its nature and the circumstances of disclosure, a reasonable person would understand to be confidential, including, without limitation, the Service's source code, cryptographic designs, pricing, security architecture, roadmap, audit reports, and Personal Data.
  2. The Recipient shall (i) use the Confidential Information solely to exercise its rights and perform its obligations under these Terms; (ii) protect the Confidential Information using at least the same degree of care that it uses to protect its own confidential information of like importance, and in no event less than a reasonable standard of care; and (iii) not disclose the Confidential Information to any third party except to those of its employees, contractors, professional advisors, and Affiliates who have a need to know and who are bound by confidentiality obligations no less restrictive than those of this Section 24.
  3. The foregoing obligations shall not apply to information that (i) is or becomes publicly available without breach of these Terms; (ii) was lawfully in the Recipient's possession prior to disclosure; (iii) is rightfully obtained from a third party without confidentiality restriction; or (iv) is independently developed without use of or reference to the Confidential Information.
  4. The Recipient may disclose Confidential Information to the extent required by law, court order, or regulatory authority, provided that, where permitted, it gives the Discloser prompt written notice and reasonable cooperation to seek a protective order.
  5. The obligations of this Section 24 shall continue for five (5) years following termination, except in respect of Confidential Information constituting a trade secret, which shall be protected for so long as it retains trade-secret status under Applicable Law.

25. Data Protection

  1. The Parties shall each comply with their respective obligations under Applicable Law governing the protection of Personal Data, including, without limitation, Regulation (EU) 2016/679 (GDPR), the United Kingdom's Data Protection Act 2018 and UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's PIPEDA, Singapore's PDPA, and analogous national or sub-national legislation.
  2. Where the Company processes Personal Data relating to You or Your employees, end-users, or other data subjects in the course of providing the Service, the Company acts as Controller for the Personal Data that it processes for its own purposes (including billing, security monitoring, audit logging, and legitimate-interests analytics), and as Processor on Your behalf for the Personal Data that You direct it to process as part of the Service.
  3. Where the Company acts as Processor, the processing is governed by the DPA, which is incorporated herein by reference where executed by the Parties or, where not executed, the DPA template published at office@caitech.ro shall constitute the binding terms. The DPA incorporates Article 28 GDPR clauses, the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), and the UK International Data Transfer Addendum.
  4. Further details of the Company's privacy practices, data-subject rights, retention periods, international transfers, and contact details for the Data Protection Officer are set out in the Privacy Policy.
  5. You shall ensure that You have all lawful bases and have issued all required privacy notices and obtained all required consents before transmitting Personal Data to the Service. You shall not instruct the Company to process Personal Data in breach of Applicable Law.

26. Export Control and Sanctions

  1. The Service incorporates cryptographic technology classified as a dual-use item under Annex I of Regulation (EU) 2021/821 (the EU Dual-Use Regulation) and, in respect of any U.S.-origin components, as subject to the U.S. Export Administration Regulations (EAR) administered by the Bureau of Industry and Security under the U.S. Department of Commerce, and to the sanctions programmes administered by the U.S. Treasury's Office of Foreign Assets Control (OFAC).
  2. You shall not, and shall not authorise any third party to, export, re-export, release, transfer, make available, or otherwise deal in the Service, in whole or in part, to, in, or from any jurisdiction, person, or end-use in violation of Applicable Law, including, without limitation, (i) any Restricted Party; (ii) any country or territory subject to comprehensive U.S., EU, UK, or UN sanctions; or (iii) any end-use involving the design, development, production, or use of weapons of mass destruction (nuclear, chemical, biological, or missile) or the unauthorised interception or surveillance of communications.
  3. You represent and warrant that neither You nor any of Your principals, directors, officers, or beneficial owners is a Restricted Party, and that You will not provide access to the Service to any Restricted Party.
  4. You shall cooperate with the Company in completing any export-control screening, end-user certification, or government filing reasonably required in connection with the Service, and You shall be solely responsible for obtaining any licence, authorisation, or clearance required for Your receipt or use of the Service in Your jurisdiction.

27. Dispute Resolution; Class-Action and Jury-Trial Waiver

  1. Good-faith negotiation. Before initiating any formal proceeding, the Parties shall attempt in good faith to resolve any dispute, claim, or controversy arising out of or relating to these Terms or the Service (a "Dispute") by written notice of dispute sent to office@caitech.ro, followed by a thirty (30) day negotiation period during which senior representatives of each Party shall confer.
  2. Mediation. If the Dispute is not resolved through negotiation, the Parties shall submit it to non-binding mediation administered by the Bucharest International Arbitration Court or, for non-EU Parties, the International Chamber of Commerce (ICC) International Centre for ADR, for a further sixty (60) day period. Mediation costs shall be shared equally.
  3. Arbitration for non-EU Users. If the Dispute remains unresolved and You are not resident or established in the European Economic Area, the United Kingdom, or Switzerland, the Dispute shall be finally settled by binding arbitration under the UNCITRAL Arbitration Rules then in force, administered by the Permanent Court of Arbitration, before a single arbitrator, seated in Geneva, Switzerland, with proceedings conducted in English. The arbitrator's decision shall be final and binding on the Parties and may be entered as a judgment in any court of competent jurisdiction.
  4. Courts for EU Users. If You are resident or established in the European Economic Area, the United Kingdom, or Switzerland, the Dispute shall be submitted to the exclusive jurisdiction of the competent courts of Bucharest, Romania, without prejudice to any mandatory consumer-protection forum right under Your domestic law.
  5. CLASS-ACTION AND JURY-TRIAL WAIVER. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, YOU AND THE COMPANY AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, CONSOLIDATED, PRIVATE ATTORNEY GENERAL, OR REPRESENTATIVE PROCEEDING. EACH PARTY FURTHER KNOWINGLY, VOLUNTARILY, AND IRREVOCABLY WAIVES ANY RIGHT TO A TRIAL BY JURY. THE ARBITRATOR OR COURT MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT PRESIDE OVER ANY FORM OF REPRESENTATIVE OR CLASS PROCEEDING. THIS WAIVER DOES NOT APPLY TO THE EXTENT PROHIBITED BY MANDATORY CONSUMER-PROTECTION LAW.
  6. Opt-out. You may opt out of this Section 27 by sending written notice to office@caitech.ro within thirty (30) days of first accepting these Terms, stating Your name, Account identifier, and a clear statement of opt-out. Opt-out will not affect the validity or enforceability of any other provision of these Terms.
  7. Injunctive relief. Notwithstanding the foregoing, either Party may seek interim, preliminary, or permanent injunctive or equitable relief in any court of competent jurisdiction to prevent or restrain any threatened or actual infringement of its Intellectual Property Rights, breach of confidentiality, or violation of export-control or sanctions obligations.

28. Governing Law

  1. These Terms, and any Dispute arising out of or in connection with them (including non-contractual Disputes or claims), shall be governed by and construed in accordance with the laws of Romania for Users domiciled or established in the European Economic Area, the United Kingdom, or Switzerland.
  2. For all other Users, these Terms shall be governed by and construed in accordance with the laws of the State of New York, United States of America, without giving effect to any choice-of-law or conflict-of-law provision, with the laws of the State of Delaware applying as a secondary reference where a question of corporate governance arises.
  3. The United Nations Convention on Contracts for the International Sale of Goods (CISG, Vienna, 1980) is expressly excluded and shall not apply.
  4. Nothing in this Section 28 shall deprive a Consumer of the protection afforded by mandatory provisions of the law of his or her habitual residence.

29. General Provisions

  1. Severability. If any provision of these Terms is held invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permitted by law and the remaining provisions shall remain in full force and effect. The Parties shall in good faith negotiate a replacement provision achieving, as nearly as possible, the original economic and legal intent.
  2. No waiver. The failure or delay of either Party to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. A waiver is effective only if it is in writing and signed by an authorised representative of the waiving Party.
  3. Entire agreement. These Terms, together with the Privacy Policy, the Proprietary License Agreement, any executed order form, and, where executed, the DPA, constitute the entire agreement between the Parties concerning the subject matter hereof and supersede all prior or contemporaneous communications, proposals, representations, and agreements, whether oral or written.
  4. No agency or partnership. Nothing in these Terms shall be construed to create any agency, partnership, joint venture, employment, franchise, or fiduciary relationship between the Parties.
  5. No third-party beneficiaries. Except as expressly provided herein (including in respect of the Company Indemnitees under Section 22), these Terms confer no rights on any person other than the Parties.
  6. Counterparts and electronic execution. Any written instrument executed in connection with these Terms may be executed in counterparts, each of which shall be deemed an original, and delivered electronically (including by DocuSign, Adobe Sign, or equivalent), which shall be deemed equivalent to delivery of an original.
  7. Headings. Headings are for convenience only and shall not affect interpretation.
  8. Language. These Terms are drafted in English, which shall be the governing language. Any translation is provided for convenience only and shall not be binding.

30. Force Majeure

Neither Party shall be liable for any failure or delay in the performance of its obligations under these Terms (other than payment obligations) where such failure or delay is caused by an event beyond its reasonable control, including, without limitation, acts of God, natural disasters, fire, flood, earthquake, storm, pandemic, epidemic, or quarantine restriction; war, armed conflict, act of terrorism, civil unrest, insurrection, or sabotage; cyber attack, distributed denial-of-service attack, or zero-day exploit in a Third-Party Service; power failure, telecommunications failure, internet outage, or submarine cable cut; act or omission of a government, regulator, court, customs authority, or central bank, including the imposition of sanctions or the revocation of an export licence; strike, lockout, or labour dispute (other than involving the affected Party's own workforce); failure or delay of a Third-Party Service; or any other event or circumstance beyond the affected Party's reasonable control (each a "Force Majeure Event"). The affected Party shall give prompt notice of the Force Majeure Event, shall use reasonable efforts to mitigate its effects, and shall resume performance as soon as reasonably practicable. If a Force Majeure Event continues for more than thirty (30) consecutive days, either Party may suspend performance; if it continues for more than one hundred and twenty (120) consecutive days, either Party may terminate these Terms on written notice without liability, save for accrued payment obligations.

31. Assignment

You shall not assign, delegate, novate, or otherwise transfer these Terms or any right or obligation hereunder, whether voluntarily or by operation of law, without the Company's prior written consent. Any purported assignment in breach of this Section 31 shall be null and void. The Company may freely assign, delegate, or transfer these Terms, in whole or in part, to any Affiliate, or to any successor in connection with a merger, acquisition, corporate reorganisation, or sale of all or substantially all of its assets, in each case without Your consent and without notice. These Terms shall bind and benefit the Parties and their respective permitted successors and assigns.

32. Notices

  1. Notices to You. The Company may deliver notices to You by (i) email to the address associated with Your Account; (ii) in-product banner or pop-up; (iii) posting on auth.caitech.ro; or (iv) any other reasonable electronic means. Notices are deemed received on the date of transmission.
  2. Routine notices to the Company. You may deliver routine notices by email to office@caitech.ro, or to the specific address listed in Section 36 for the relevant subject matter.
  3. Legal notices to the Company. Notices of breach, termination, indemnification claims, opt-outs under Section 27, and other legal notices must be sent by email to office@caitech.ro and, simultaneously, by registered post or internationally recognised courier to: CAI Technology SRL, Attn.: Legal Department, Str. Victor Brauner 34, Bucharest, Romania. Legal notices are deemed received five (5) Business Days after posting or upon actual receipt, whichever is earlier.

33. Changes to These Terms

  1. The Company may amend these Terms from time to time. For material changes that materially and adversely affect Your rights, the Company will provide not less than thirty (30) days' advance notice by email, in-product banner, or posting on auth.caitech.ro. Non-material changes (including clarifications, typographical corrections, and changes required by Applicable Law) may take effect immediately upon posting.
  2. Your continued use of the Service after the effective date of an amendment constitutes Your acceptance of the amended Terms. If You do not agree, You may terminate these Terms and close Your Account, without penalty, within the thirty (30) day notice window, in which case the Company will refund any Fees pre-paid for service periods after the effective date of the amendment on a pro-rata basis.
  3. The Company shall maintain an archive of superseded versions of these Terms, available on written request to office@caitech.ro.

34. Law Enforcement; Emergency Disclosure

The Company reserves the right to access, preserve, and disclose information (including Account metadata, audit logs, and Content) to law-enforcement, regulatory, or governmental authorities, or to private litigants pursuant to valid legal process, without prior notice to You where (a) the Company is required to do so by Applicable Law, court order, subpoena, search warrant, or analogous compulsory legal process; (b) the Company determines in good faith that disclosure is necessary to prevent imminent death, serious bodily harm, or substantial property damage; (c) the Company determines in good faith that disclosure is necessary to detect, prevent, or address fraud, security, or technical issues; or (d) the Company determines in good faith that disclosure is necessary to protect its rights, property, or safety, or the rights, property, or safety of its Users or the public. Where lawfully permitted, the Company will endeavour to provide You with reasonable notice of compelled disclosure and will publish aggregate transparency statistics on a periodic basis.

35. DMCA and Copyright Takedown

  1. The Company respects the Intellectual Property Rights of others and will respond to clear and complete notices of alleged copyright infringement that comply with the U.S. Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 512, and, where applicable, Directive (EU) 2019/790 on Copyright in the Digital Single Market.
  2. Notices of alleged infringement must be sent to the Company's designated agent at office@caitech.ro and must include (i) a physical or electronic signature of the copyright owner or authorised agent; (ii) identification of the copyrighted work claimed to have been infringed; (iii) identification of the material claimed to be infringing and reasonably sufficient information to permit the Company to locate it; (iv) contact information for the notifying party; (v) a statement of good-faith belief that the use is not authorised; and (vi) a statement, under penalty of perjury, that the information is accurate and that the notifying party is authorised to act.
  3. The Company may terminate, in appropriate circumstances, the Accounts of repeat infringers. Counter-notices shall be handled in accordance with 17 U.S.C. § 512(g).

36. Contact Information

37. Miscellaneous

  1. Interpretation. The words "include", "including", and "in particular" are illustrative and shall not limit the generality of preceding words. References to statutes and regulations include any successor or amending instrument.
  2. Construction. These Terms shall be construed according to their fair meaning and not strictly for or against either Party, irrespective of which Party prepared the drafting.
  3. Electronic execution. The Parties agree that electronic acceptance, click-through consent, and electronic signature all constitute valid and binding execution of these Terms.
  4. Counterparts. These Terms, and any written instrument executed in connection herewith, may be executed in any number of counterparts, each of which shall be deemed an original and all of which, taken together, shall constitute one and the same instrument.
  5. Headings for convenience. Section headings are inserted solely for convenience and shall not affect the construction or interpretation of any provision.
  6. Further assurances. Each Party shall execute such further documents and take such further actions as may reasonably be required to give full effect to these Terms.
  7. Cumulative remedies. Except as expressly stated, the rights and remedies of the Parties are cumulative and not exclusive of any other right or remedy available at law or in equity.
Patent Notice. The Service embodies inventions for which CAI Technology SRL has filed patent applications comprising twenty (20) independent and dependent claims covering Time-Fused Binding (TFB), Adaptive Velocity Control (AVC), Cryptographic Behavioural Binding (CBB), Shamir-threshold social recovery integration, hybrid-post-quantum composite signatures, and a WebAuthn post-quantum adapter. Nothing in these Terms grants any licence under any patent except the limited implementation licence expressly provided in the Proprietary License Agreement.

© 2024–2026 CAI Technology SRL. All rights reserved.
Str. Victor Brauner 34, Bucharest, Romania
Terms of Service v3.0 · Effective: April 24, 2026

← Back to home