Terms of Service

Effective date: 2026-05-24 · Last updated: 2026-05-24 · Operator: My Compliance Citadel, LLC

These Terms of Service (“Terms”) govern your access to and use of the my-cc.io AI Agent Trust Citadel platform (the “Service”) operated by My Compliance Citadel, LLC (“My Compliance Citadel”, “we”, “us”). By creating an account, subscribing, or otherwise using the Service, you agree to these Terms on behalf of yourself and the organization you represent.

1. The Service

my-cc.io provides governance, observability, and compliance enforcement for AI agents deployed by customer organizations. The Service includes a runtime SDK, a governance proxy, a compliance pack catalog, an audit chain, a TAC Score (Trusted Agent Citascore), and an administrative dashboard. The Service is sold to enterprise organizations and to authorized partners that resell to their end-client organizations under a separately executed partner agreement.

2. Customer Tiers and Subscription Model

Subscriptions are sold on two layers, which may be purchased together or independently:

All prices are quoted in US dollars, exclusive of applicable taxes. Subscriptions renew automatically until cancelled. Payment is processed by Stripe, Inc. on our behalf; your card details are never stored on our infrastructure.

3. Acceptable Use

You agree not to use the Service to:

4. Customer Data and Privacy

You retain ownership of all data you submit to the Service (“Customer Data”). My Compliance Citadel processes Customer Data only as described in our Privacy Policy and any applicable Data Processing Addendum. My Compliance Citadel is the data processor; the customer organization (or partner’s end-client organization, as applicable) is the data controller. Customer Data is isolated by tenant via PostgreSQL row-level security and a three-tier API key hierarchy (Platform Key > Partner Key > Organization Key); cross-tier access is structurally prohibited.

5. Compliance Frameworks

Compliance packs available through the Service implement controls aligned to published frameworks (for example HIPAA, SOC 2, GDPR, PCI DSS, ISO 27001, ISO 42001, and others). Pack activation provides enforcement and audit-trail support; it does not constitute legal certification of compliance with any framework. Customers remain responsible for their own regulatory posture and for executing any required Business Associate Agreement, Data Processing Agreement, or vendor risk assessment with us prior to processing regulated data.

6. Audit Trail and Retention

The Service maintains an immutable audit chain of governance events. Default retention is the longer of (a) the period required by the customer’s active compliance packs and (b) seven years from the date of the event. Audit data may be exported by the customer at any time during the subscription term. On termination, audit data is retained for the legally-required minimum and then deleted; the customer may request earlier deletion subject to legal hold and pack-specific minimums.

7. Partner Program (B2B2C)

Consultancies and managed service providers may resell the Service to end-client organizations under the my-cc.io Partner Program. Partners receive a Partner Key that provisions sub-organizations under their workspace; cross-partner visibility is structurally prohibited. Partners are responsible for ensuring each end-client agrees to terms equivalent to these Terms before activation. Partner-specific commercial terms (revenue share, branding, support escalation) are governed by a separately executed Partner Agreement.

8. Service Availability

We will use commercially reasonable efforts to make the Service available 24/7, excluding scheduled maintenance and force majeure events. The runtime SDK is designed to degrade gracefully: if the Service is unreachable, agents continue to operate under the customer’s local cached policies. We do not guarantee any specific uptime percentage outside of an Enterprise Service Level Agreement, which is sold separately.

9. Fees, Taxes, Refunds

You authorize us (via Stripe) to charge the payment method on file for all fees due. Fees are non-refundable except where required by law, or where we materially fail to deliver the Service after a thirty-day cure period. Pre-paid annual fees are refunded pro-rata only in the case of our material breach. You are responsible for all taxes other than taxes imposed on My Compliance Citadel’s net income.

10. Confidentiality

Each party will protect the other’s confidential information using the same degree of care it uses to protect its own confidential information, and at minimum a reasonable degree of care. Confidential information does not include information that is publicly available, independently developed, or rightfully obtained from a third party without a duty of confidentiality.

11. Intellectual Property

The Service, including all software, documentation, compliance packs, and TAC Score methodology, is and remains the exclusive property of My Compliance Citadel. You are granted a non-exclusive, non-transferable, revocable license to use the Service during your subscription term. You may not sublicense the Service or distribute compliance pack contents outside your authorized agents and recipients. Any feedback you provide may be used by My Compliance Citadel without restriction.

12. Disclaimers

EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND. WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL PREVENT ALL COMPLIANCE VIOLATIONS OR THAT IT WILL OPERATE WITHOUT INTERRUPTION.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUE, OR DATA, ARISING OUT OF OR RELATED TO THESE TERMS. EACH PARTY’S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED THE FEES PAID OR PAYABLE BY YOU TO CONNEXUM IN THE TWELVE MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

14. Indemnification

You will defend and indemnify My Compliance Citadel against third-party claims arising from your violation of these Terms, your Customer Data, or your use of the Service in violation of applicable law. My Compliance Citadel will defend you against third-party claims that the Service, as provided and used in accordance with these Terms, infringes a US patent, copyright, or trademark, and will pay damages finally awarded by a court of competent jurisdiction in connection with such claim.

15. Termination

Either party may terminate these Terms for the other party’s material breach if such breach is not cured within thirty days of written notice. On termination, your access to the Service ends; pre-paid fees are non-refundable except as set forth in Section 9. Sections 4-6, 9-15, and 17 survive termination.

16. Changes to the Service or these Terms

We may modify the Service or these Terms from time to time. Material changes will be announced at least thirty days in advance via email to the primary contact on the account. Continued use of the Service after the effective date constitutes acceptance of the revised Terms.

17. Governing Law and Disputes

These Terms are governed by the laws of the State of Florida, USA, without regard to its conflict of laws principles. Any dispute will be resolved exclusively in the state or federal courts located in Alachua County, Florida, and the parties consent to the personal jurisdiction of those courts. Each party waives any right to a jury trial.

18. Contact

Questions about these Terms: [email protected]. Mailing address: My Compliance Citadel, LLC, Gainesville, Florida, USA.