Terms of Service

Version 1.0.2 — Last updated: May 1, 2026

1. Acceptance of Terms

By accessing or using the Aqvori platform ("Service"), you agree to be bound by these Terms of Service. If you do not agree, do not use the Service.

Aqvori is a product of Pontos Platforms LLC, a limited liability company. Throughout these Terms, "Aqvori" or "the Service" refers to the platform itself, while "Company," "we," "us," and "our" refer to Pontos Platforms LLC as the legal entity providing the Service.

2. Description of Service

Aqvori is an AI-native consulting operations platform that provides client management, project tracking, document intelligence, workflow automation, meeting intelligence, compliance management, and related tools for client-facing professionals across industries. The Service includes an AI-powered assistant ("Vori") that assists with analysis, summarization, recommendations, document generation, and workflow automation.

3. Beta Disclaimer

The Service is currently in beta. During the beta period, features may be added, modified, or removed without prior notice. The Service is provided "as-is" during beta without any guarantees of feature stability, uptime, or data preservation beyond what is described in these Terms. By using the Service during beta, you acknowledge and accept these conditions.

4. Accounts and Registration

To use the Service, you must create an account with a valid work email address. You are responsible for maintaining the confidentiality of your credentials and for all activities under your account. You must notify us immediately of any unauthorized use. Personal email domains (e.g., Gmail, Yahoo, Outlook) cannot be used to create organizations but may be invited to existing ones.

5. Organizational Accounts

When creating an organization, the registrant becomes the organization owner ("Tenant Owner"). The Tenant Owner is responsible for managing their organization's users, data, and compliance settings. Each organization operates within a separate, isolated data environment.

6. Acceptable Use

You agree not to:

• Use the Service for any unlawful purpose or in violation of any applicable law
• Attempt to gain unauthorized access to other organizations' data or accounts
• Attempt to bypass, circumvent, or exploit tenant isolation boundaries
• Scrape, crawl, or programmatically extract data from the Service without written authorization
• Reverse engineer, decompile, or disassemble any part of the Service
• Upload malicious code, viruses, or harmful content
• Circumvent security measures, rate limits, or access controls
• Use the Service to store regulated data (e.g., PHI, PCI cardholder data) unless your compliance settings are appropriately configured
• Use AI features to generate content that is illegal, harmful, or violates third-party rights
• Resell or sublicense access to the Service without written authorization

7. Your Data

You retain ownership of all data you upload, create, or generate through the Service ("Your Data"). We do not sell Your Data or use it for purposes beyond providing the Service. We implement commercially reasonable security measures to protect Your Data.

8. Data Processing and Storage

Your Data is stored and processed within a multi-tenant architecture hosted in the United States (Oregon region). Each organization's data is logically isolated at the database query level, API middleware level, and session management level. Cross-tenant data access is architecturally prevented. All data is transmitted over encrypted connections (TLS) and stored on managed PostgreSQL infrastructure with encryption at rest.

9. AI Usage Disclaimer

The Service includes AI-powered features branded as "Vori." Vori operates across two processing layers:

• Local AI models operated by the Company on its own infrastructure, used for high-confidence, low-complexity tasks (categorization, simple extraction, validation, and similar deterministic operations). Your Data processed by local models stays within the Company's infrastructure and is not transmitted to any third-party AI provider.
• Anthropic Claude API (third-party), used for higher-complexity reasoning tasks (summarization, drafting, analysis, recommendations, document generation). Calls to Claude are made using your organization's own Anthropic API key under the Bring Your Own Key model described in Section 10. Your Data processed by Claude is transmitted to Anthropic and is subject to Anthropic's data handling and usage policies and your separate agreement with Anthropic.

By using AI features, you acknowledge and agree to the following:

• All AI-generated content, including summaries, recommendations, action items, drafted documents, classifications, and analysis results, is advisory only and does not constitute professional, legal, financial, medical, or any other form of regulated advice
• You are solely responsible for reviewing, verifying, and approving all AI-generated outputs before relying on them or distributing them to third parties
• AI may produce inaccurate, incomplete, or misleading results; the Company makes no representations regarding the accuracy or reliability of AI outputs from either the local models or Claude
• The Company does not use Your Data to train its local AI models
• The Company does not permit Anthropic or any third-party AI provider to use Your Data for model training (subject to your Anthropic agreement under BYOK)
• The Company is not responsible for any decisions, actions, or consequences arising from reliance on AI-generated content
• The Company is not responsible for the availability, latency, accuracy, billing, or terms of any third-party AI provider whose API key you provide under BYOK

10. Bring Your Own Key (BYOK) — Required for AI Features

To use any AI feature that depends on the Anthropic Claude API, your organization must provide a valid Anthropic API key. The Service does not provide a shared platform key as a fallback for Claude-backed features. Local AI features (Section 9) remain available without a Claude key.

• Your API key is encrypted using AES-256-GCM before storage and is never stored in plain text
• Your organization is solely responsible for all charges, usage limits, rate limits, suspensions, and fees incurred on your Anthropic key by any use of the Service. The Company does not monitor, manage, or pay any portion of your Anthropic billing
• Your organization is solely responsible for maintaining a valid agreement with Anthropic, including (where applicable) a separate Business Associate Agreement with Anthropic for any tenant processing Protected Health Information
• You may revoke or rotate your API key at any time. While no valid Anthropic key is configured, AI features that depend on Claude will be unavailable to your organization; local AI features remain available
• The Company is not liable for any disruption, data loss, or AI output gap resulting from your Anthropic key being invalid, revoked, suspended, rate-limited, or out of credits

11. Confidential Information

The Secure Vault feature stores credentials and sensitive information with PIN-based encryption. You acknowledge that the security of vault contents depends on the strength of your PIN and access controls. We are not liable for unauthorized access resulting from weak or shared PINs.

12. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted access. The Service may be temporarily unavailable due to maintenance, updates, or circumstances beyond our control. We will make reasonable efforts to provide advance notice of planned maintenance. During the beta period, unscheduled downtime may occur more frequently.

13. Termination

Either party may terminate the relationship at any time. You may request deletion of your account and associated data by contacting support@aqvori.com. Upon termination, we will delete Your Data within 30 days, except where retention is required by law or legitimate business purposes (e.g., audit logs).

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
• THE COMPANY DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, OR THAT ANY AI-GENERATED CONTENT WILL BE ACCURATE OR RELIABLE.
• IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, ARISING FROM YOUR USE OF OR INABILITY TO USE THE SERVICE.
• THE COMPANY'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE AMOUNTS PAID BY YOU TO THE COMPANY IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR ONE HUNDRED US DOLLARS ($100), WHICHEVER IS GREATER.
• SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IN SUCH JURISDICTIONS, THE LIMITATIONS ABOVE SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY LAW.

15. Indemnification

You agree to indemnify, defend, and hold harmless Pontos Platforms LLC and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, or expenses (including reasonable attorneys' fees) arising from your use of the Service, violation of these Terms, infringement of any third party's rights, or your reliance on AI-generated content.

16. Modifications

We may update these Terms at any time. Material changes will be communicated via the Service or email at least 15 days before they take effect. Continued use after changes take effect constitutes acceptance of the updated Terms.

17. Governing Law

These Terms are governed by the laws of the State of Florida, United States, without regard to conflict of law principles. Any disputes shall be resolved in the courts located in Miami-Dade County, Florida.

18. HIPAA and Protected Health Information

If your organization processes Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") through the Service, the following additional terms apply:

• Business Associate relationship: Where you are a Covered Entity or Business Associate under HIPAA, the Company will act as your Business Associate solely with respect to PHI processed by the Service. A separate Business Associate Agreement ("BAA") between you and the Company is required before any PHI is uploaded, transmitted, or processed through the Service. Use of the Service to process PHI without an executed BAA is prohibited and a material breach of these Terms.
• Subprocessors: The Company uses Anthropic (Claude API), Render (hosting), Resend (transactional email), Sentry (error tracking), and Google Workspace / Microsoft 365 (where the customer connects their own workspace). Where PHI is processed by a subprocessor, the Company will execute a downstream BAA with that subprocessor or restrict that subprocessor from PHI processing.
• BYOK and AI: Where AI features are invoked on PHI, you are responsible for ensuring that the API key in use (whether platform-provided or BYOK) is covered by a BAA with Anthropic. The Company recommends BYOK for HIPAA-regulated tenants so the Anthropic BAA is held directly by your organization.
• Breach notification: If the Company becomes aware of a Security Incident or Breach (as defined under HIPAA) involving your PHI, the Company will notify the Tenant Owner without unreasonable delay and, in any event, within sixty (60) days of discovery, in accordance with the executed BAA.
• Compliance configuration: The Service includes compliance settings (HIPAA, SOC 2, GDPR, etc.) at the Organization, Client, and Project levels. You are responsible for selecting and maintaining the compliance frameworks appropriate to your data. Failure to enable HIPAA mode while processing PHI is a violation of these Terms.
• Audit logs: The Service maintains detailed audit logs of access to PHI for the duration required by HIPAA (minimum six (6) years). These logs are available to you on request.

Nothing in these Terms is intended to override the terms of any executed BAA. In the event of a conflict between these Terms and the BAA, the BAA controls with respect to PHI.

19. Contact

For questions about these Terms, including BAA inquiries for HIPAA-regulated tenants, contact us at support@aqvori.com.