SOFTWARE-AS-A-SERVICE (SaaS) AGREEMENT
Effective July 30, 2025
Hello and welcome! This Software-as-a-Service (SaaS) Agreement (“Agreement”) sets out the rules of the road for using Fortifai’s services. It explains how we work with you—our Customer and your End Users—and what you can expect from us.
By using our Services, you’re letting us know that you’ve read, understood, and agreed to everything in this Agreement. That includes any relevant Supplemental Terms, and if applicable, our Data Processing Agreement. If you don’t agree, that’s totally okay—but please reach out and don’t use the Services.
1. INTRODUCTION
This Agreement outlines the general terms under which Fortifai provides its Services and how you, as the Customer (and your End Users), may use them. It’s important to us that everything is clear and fair.
1.1 Authority
By accepting this Agreement, the individual doing so confirms they have the legal authority to bind the Customer and any of its Affiliates. If that’s you—thank you for taking responsibility.
1.2 Age Requirement
To use the Services, you must be at least eighteen (18) years old—or the age of majority in your location, whichever is higher. As the Customer, you’re responsible for ensuring that all End Users meet this requirement. In addition, our Services shouldn’t be used with or embedded into products, services, or websites that are aimed at, or likely to be used by, individuals under the minimum age. If you’re working with minors, you’ll need to make sure they have consent from a parent or legal guardian, where appropriate.
1.3 Customer and End User Roles
If you’re the administrator of your organization’s Fortifai account, you’ll be able to assign or update End User roles and manage your account permissions. If your organization decides to switch administrators, the new person will need to cooperate reasonably with Fortifai and the Customer to make the handoff smooth and secure.
2. USE AND ACCESS TO THE SERVICES
2.1 Access and Use of the Services
We’re happy to grant you—the Customer—a non-transferable, non-exclusive, and revocable right to access and use Fortifai’s Services, in line with this Agreement and our Documentation. Please note that each End User Account is meant for one individual only during the Subscription Term.
2.2 Customer and End User Responsibilities
Your Responsibilities
We count on you to help keep things running smoothly. As the Customer, you're responsible for:
Making sure your systems and devices are secure and up to date.
1. Ensuring that you and your End Users follow our End User Conduct & Content Policy and any other Fortifai terms or policies.
2. Informing End Users and individuals whose data you process about how their information is handled, and securing any required permissions.
3. Handling any user questions or disputes related to data access or privacy.
4. Complying with all applicable laws, including those around privacy, consumer rights, and competition.
2.3 General Restrictions
Just a few ground rules to protect everyone involved. Unless we’ve said otherwise in writing, neither you nor your End Users may:
1. Reproduce, copy, sell, sublicense, or commercially exploit any part of Fortifai’s technology without our written permission.
2. Try to reverse engineer, decompile, or otherwise access our source code, object code, or hidden APIs—unless you're clearly allowed to by law and you've let us know in writing first.
3. Modify, translate, or create any derivative works based on Fortifai’s technology.
4. Use our Services—or anything derived from them, including AI features—to train machine learning models or build competing services.
5. Use the Services to benchmark or analyze Fortifai as a competitor.
6. Remove or hide any proprietary notices or branding.
2.4 Login Credentials
Your Fortifai login credentials are like keys to your house—please keep them safe! You and your End Users are responsible for keeping them secure and confidential. Sharing credentials is not allowed. If you suspect unauthorized access, let us know right away at info@fortifai.co. We’ll do our best to help, but we can’t be held responsible if access was compromised due to mishandled credentials.
2.5 Export Compliance and Local Trade Laws
We all need to follow the rules. You and your End Users agree to comply with all applicable import and export laws and regulations, including those of the EU and its Member States. You also confirm that neither you nor your End Users appear on any EU or U.S. sanctions lists.
Please ensure End Users do not:
1. Use the Services from countries subject to embargoes or sanctions;
2. Upload content that’s subject to export restrictions without telling us first;
3. Violate dual-use or export control regulations applicable in the EU.
Fortifai can’t be held liable if access to the Services is restricted due to trade laws or regulatory enforcement. Also, we can’t promise that cross-border access will always be available.
2.6 Data Protection and Processing
We take data privacy seriously—and we know you do too. Fortifai and the Customer agree to uphold their respective responsibilities under applicable data protection and privacy laws.
When Fortifai processes personal data on your behalf, this will be governed by a separate Data Processing Agreement (DPA) (link here), which is automatically part of this Agreement by reference.
Fortifai is proud to be ISO 27001 and SOC 2 compliant, and we follow industry best practices to help ensure your data stays safe, secure, and handled responsibly.
2.7 Support and Maintenance
We’re committed to keeping things running smoothly, with a target of 99% monthly uptime, excluding scheduled maintenance, force majeure events, or third-party outages. While uninterrupted access isn’t guaranteed, we strive to be transparent and responsive.
For major incidents or planned maintenance, we’ll keep you informed. For support response times and service details, please see our Service Level Agreement (SLA).
2.8 Modifications
Fortifai is always working to improve the Services, and we may introduce updates, enhancements, or other changes during your Subscription Term.
If any of those changes materially reduce the functionality of the Services you rely on, we’ll give you reasonable prior notice. If the changes negatively and significantly affect how you use the Services, you’ll have the right to terminate the affected portion.
2.9 Excessive Use
To ensure the best experience for all our users, we monitor for usage that goes significantly beyond normal or documented thresholds. If your usage is affecting performance—for yourself or others—we may need to step in.
Before taking any action, we’ll give you a heads-up and work with you in good faith to address the issue within ten (10) days. If everything is resolved and usage returns to acceptable levels, we’ll gladly reinstate access.
2.10 Governing Law and Jurisdiction (New Clause)
We aim to make this partnership clear and fair for everyone. This Agreement will be governed by, and interpreted in accordance with, the laws of Norway, regardless of where you’re located.
If a dispute arises under this Agreement, it will fall under the exclusive jurisdiction of the Norwegian courts, unless mandatory local laws require otherwise.
3. CONFIDENTIALITY
3.1 Protection of Confidential Information
Let’s keep things respectful and secure. If either of us shares something confidential (“Confidential Information”), the other party (the “Receiving Party”) agrees to:
1. protect it with the same care used for their own confidential information—and never less than a reasonable standard of care, and
2. not share it with anyone else unless it’s necessary to deliver the Services or otherwise allowed under this Agreement, and only with the express, prior written permission of the party who shared it (the “Disclosing Party”).
The Receiving Party can share Confidential Information with its team—such as employees, affiliates, advisors, or subcontractors (“Representatives”)—but only on a need-to-know basis and only if those Representatives are bound by confidentiality commitments that are just as strong as those in this Agreement.
3.2 Compelled Disclosure
Sometimes, the law steps in. If the Receiving Party is legally required to disclose Confidential Information—whether by law, regulation, or an official request from a court or regulatory authority (including EU or Member State bodies)—they agree to:
(i) let the Disclosing Party know in writing beforehand, if legally allowed, so that the Disclosing Party can try to put protective measures in place;
(ii) only share what’s strictly required; and
(iii) use reasonable efforts to maintain confidentiality, even during the disclosure.
If Fortifai is the one receiving the request, we’ll handle it in line with our Law Enforcement Data Request Guidelinesand in accordance with applicable EU data protection laws.
3.3 Equitable Relief
We both agree that if Confidential Information is misused or disclosed without permission, the harm can be serious—and not always something money alone can fix. So, if that happens, the Disclosing Party has the right to seek immediate legal remedies (like an injunction or court order), without needing to post a bond or other security, in addition to any other legal rights.
4. DATA PROTECTION, OWNERSHIP, AND USAGE
4.1 Data Protection
At Fortifai, protecting your data is a top priority. We maintain robust technical and organizational safeguards designed to keep your data safe, secure, and available at all times. Our practices are aligned with leading industry standards, and our commitment to data protection is independently verified through SOC 2 and ISO 27001 certifications, audited by a third party.
If we’re processing personal data on your behalf, the details are outlined in our Data Processing Agreement (DPA)—which is incorporated by reference into this Agreement. The DPA covers important areas such as:
1. The roles and responsibilities between Fortifai and you
2. Handling of data transfers and subprocessors
3. Breach notification procedures
4. Individual data access and rightsWe aim to make compliance easy and transparent, without unnecessary complexity.
4.2 Ownership
Let’s clarify who owns what:
(i) You (the Customer) retain full ownership and all intellectual property rights in and to our Customer Data—that includes anything you upload or provide through the Services.
(ii) You also confirm that you have the necessary rights, permissions, and legal basis to share that data with us and allow us to process it under this Agreement.
(iii) Fortifai owns all rights, title, and interest in and to the Fortifai platform, including all underlying software, technology, workflows, tools, designs, documentation, and any improvements or enhancements developed over time.
We may also generate aggregated or anonymized analytics and insights from how the Services are used—these are Fortifai’s property, as long as they don’t include your personal or identifiable data.
Use of the Services gives you a limited, non-exclusive, non-transferable, and non-sublicensable license to access and use Fortifai’s platform during your Subscription Term—only as permitted under this Agreement.
No ownership or other rights are transferred to you, and no licenses are granted by implication, estoppel, or otherwise, except as expressly stated here.
4.3 Data Use
To deliver and maintain the Services, you grant Fortifai a limited, non-exclusive, revocable license to process Customer Data solely for the following purposes:
(i) Operating, supporting, and improving the Services
(ii) Meeting our legal obligations and responding to lawful requests
(iii) Troubleshooting, technical support, and security monitoring
(iv) Enforcing this Agreement and our related policies
(v) Any other use clearly authorized by you in writing
We may also use aggregated or anonymized Usage Data (which contains no personal data) to develop insights, improve our platform, and generate market trends or benchmarking reports. This data will never identify you or any individual.
Fortifai will never:
(i) Use your data for advertising or marketing
(ii) Sell your data to third parties
(iii) Keep your data longer than necessary or beyond what’s required by law
4.4 Sensitive Personal Data
Unless we've explicitly agreed to it in writing (e.g., through a signed addendum or classification policy), please do notupload or store sensitive data, such as:
(i) Health information, biometric data, or political views
(ii) Criminal conviction data
(iii) Payment card data (PCI-DSS)
Fortifai’s Services aren’t designed or certified to handle this type of data, and we cannot take responsibility for unauthorized use involving such content.
5. FEEDBACK
We love hearing from you—your feedback helps us improve! If you send us ideas, suggestions, or evaluations, you’re giving Fortifai permission to use that input.
Specifically, you grant Fortifai a non-exclusive, worldwide, royalty-free license (with rights to sublicense) to use, adapt, and build upon feedback for any lawful purpose.
However, this doesn’t apply to proprietary inventions or internal business information you clearly mark as “confidential” or that a reasonable person would understand as protected. Feedback must not include code, inventions, or IP unless explicitly shared for that purpose.
6. FEES AND PAYMENT
6.1 How Subscription Charges Work
You can subscribe to Fortifai either directly on our website or by signing an Order Form. In either case, a Subscription Plan is required for each individual who uses the Services through an End User Account.
If you purchase through an Order Form, your payment terms will follow the details in that document. Subscription Charges are billed upfront and are generally non-refundable, unless otherwise noted in this Agreement or required by law (including mandatory consumer rights in the EU, where applicable).
If you go beyond your purchased number of End User Accounts, continue using the Services after your subscription ends, or trigger any additional fees (as outlined in this Agreement), you’ll be responsible for those charges. Unless we’ve agreed differently in writing, any renewals or extra purchases will follow our then-current pricing listed on our website.
6.2 Payment and Billing
Unless otherwise specified in your Order Form, Subscription Charges are due in full at the beginning of your Subscription Term. By signing up, you agree to provide accurate billing information and authorize Fortifai to automatically charge your selected payment method for any recurring fees—unless you cancel as outlined in Section 7.2. If we invoice you instead, payment is due within thirty (30) days of the invoice date.
If payment is late, we may apply the following remedies:
(i) Interest charges as allowed under Directive 2011/7/EU on late payment in commercial transactions, or under applicable local law; and/or
(ii) Temporary suspension of Services, with at least five (5) days written notice and a chance to resolve the issue during that time.
To keep things running smoothly, please be sure to keep your billing and payment information up to date (for example, if your credit card expires or your billing address changes)..
6.3 Taxes
Unless otherwise specified in your Order Form, Fortifai’s prices do not include VAT, GST, or any other indirect taxes. If you’re located in the European Union, you’ll need to provide a valid VAT number (or an equivalent tax registration number). Where required by law, we’ll add applicable taxes to your invoice, and you agree to pay those amounts. If you’re VAT-exempt or eligible for reverse-charge VAT under EU regulations, be sure to submit valid documentation at the time of purchase. Without it, Fortifai may be unable to apply the exemption.
6.4 Billing Disputes
If something on your invoice doesn’t look right, let us know! Please reach out in writing within thirty (30) days of the invoice date. We’ll review the issue in good faith and, if appropriate, issue a credit.
Just note: even if you’re disputing part of the invoice, the rest (the undisputed amount) still needs to be paid on time. For billing inquiries, you can contact us at: billing@fortifai.com
6.5 Upgrades
If you decide to upgrade your Subscription Plan or add more End Users during your current term, here’s how it works:
(i) Additional fees will be based on the then-current pricing.
(ii) The added users will follow the same renewal schedule as your existing subscription.
(iii) Any introductory discounts you received won’t automatically apply to upgrades or renewals unless we’ve agreed otherwise in writing.
6.6 Downgrades
Reducing your number of End User licenses or switching to a lower plan can’t be done mid-term. If you’d like to make changes for the next subscription cycle, just let us know in writing at least thirty (30) days before renewal.
Please note that downgrading may reduce your access to certain features or data—and we don’t offer refunds or credits for unused or underused licenses.
7. TERM AND TERMINATION
7.1 How Long Your Subscription Lasts
Your Fortifai subscription starts on the date listed in your Order Form or shown at checkout, and runs for the length of time you chose (your Subscription Term).
Unless either of us says otherwise, your subscription will automatically renew for the same duration once the term ends.
If you’re based in the EU, we’ll send you a quick reminder at least 30 days before renewal, just to keep everything transparent and easy to manage.
7.2 Ending the Agreement
If you ever need to cancel, no problem—you or Fortifai can end the Agreement by giving 30 days’ written notice before the end of your current Subscription Term.
Either party can also end the Agreement right away if:
(i) One of us seriously breaks the terms and doesn’t fix it within 30 days of being notified; or
(ii) One of us goes out of business, becomes insolvent, or shuts down operations. When the Agreement ends:
(iii) We’ll deactivate your Customer and End User accounts
(iv) You’ll remain responsible for any unpaid fees that accrued up to the termination date—unless the cancellation was caused by a material breach on Fortifai’s side
(v) Refunds will not be issued for cancellations initiated by you before the end of your Subscription Term, unless we’ve expressly agreed otherwise in writing or where required by law
(vi) If Fortifai ends the Agreement due to a significant functionality reduction that we can't reasonably fix (see Section 8.1), we’ll issue a pro-rated refund for any unused, prepaid fees related to the affected portion
7.3 Accessing Your Data After Termination
Need your data after ending your subscription? No problem. We’ll give you 30 days to securely download your Customer Data in a standard format (like CSV or JSON), unless we’ve agreed on something different in writing.
After that, your data will be safely deleted following our internal data retention and deletion policies—unless we’re required to keep it for legal reasons.
7.4 Temporary Suspension of Services
We hope it never comes to this, but Fortifai may temporarily suspend or limit your access to the Services—without liability—if:
(i) You or your End Users breach this Agreement, including non-payment of fees, violations of our End User Conduct and Content Policy, or unauthorized use of the Services
(ii) Continued use creates a risk to the security, integrity, or performance of the
platform or other users
(iii) We're legally required to suspend access by law or a regulatory authority Wherever possible, we’ll give you reasonable notice and a chance to fix the issue before taking action.
If the issue is urgent or presents a risk (like a security threat), we may need to act immediately. We’ll gladly reinstate your access once the underlying issue is resolved and any required
8. WARRANTIES AND DISCLAIMER
8.1 Fortifai’s Warranty to You
We want you to feel confident using Fortifai. That’s why we promise that, during your Subscription Term, the Services will work in line with the Documentation we’ve provided. If something doesn’t quite match up and you let us know, we’ll make commercially reasonable efforts to fix the issue. If we determine that a fix just isn’t feasible, either of us can choose to terminate the affected part of the Agreement—and you’ll receive a pro-rated refund for any pre-paid, unused subscription fees tied to that portion.
Just a quick note: This warranty doesn’t apply if the issue is caused by:
(i) Use of the Services that goes against the terms of this Agreement
(ii) Modifications that weren’t authorized by us
(iii) Using the Services with incompatible systems, software, or tools
8.2 What We Both Promise
Both you and Fortifai make a few important commitments here:
(i) We each have the legal right and authority to enter into this Agreement
(ii) The Agreement is valid, binding, and properly signed
(iii) Nothing about signing or performing under this Agreement breaks any laws, regulations, or existing contracts on either side
8.3 Legal Disclaimer
Aside from what’s clearly stated in this Agreement, the Services are provided on an “as is” and “as available” basis. That means we don’t make any broad guarantees about performance—though we’re always working to deliver the best experience possible. To the fullest extent allowed by law, Fortifai disclaims all implied warranties, including:
A. Merchantability
B. Fitness for a particular purpose
C. Accuracy or reliability
D. Non-infringement
E. Compliance with local or national standards (unless we’ve specifically promised that)
We also can’t promise that the Services will be free of bugs, always available, or that your data won’t ever be lost or affected. Things like internet outages, third-party messaging apps, or other systems outside our control can occasionally cause disruptions—and we appreciate your understanding when they do. For customers in the European Economic Area (EEA): Nothing in this section
overrides your mandatory consumer rights under local law.
9. INDEMNIFICATION
9.1 If Someone Makes a Claim Against You (Fortifai’s Responsibility)
We’ve got your back. If a third party claims that your use of Fortifai’s Services (when used as allowed under this Agreement) infringes their intellectual property rights in the EEA, UK, or Switzerland, we’ll step in to defend you.
Specifically, Fortifai will:
(i) Cover any damages awarded to the third party in a final court decision or a
settlement (as long as we’ve approved it), and
(ii) Pay for reasonable legal costs—as long as Fortifai leads the defense.
There are a few situations where this doesn’t apply. Fortifai isn’t responsible if the claim
is due to:
(i) Use of the Services that breaks the terms of this Agreement
(ii) Customer or End User making unauthorized modifications
(iii) Using the Services with unsupported third-party tools or systems
(iv) The claim being based on your Customer Data or content from a third party
9.2 If Someone Makes a Claim Against Us (Customer’s Responsibility)
In return, you agree to defend and protect Fortifai (and our team, including officers,directors, and employees) if a third party brings a claim related to:
(i) Your or your End Users’ use of the Services in a way that breaks the law or this Agreement
(ii) Any Customer Data you submit or process—especially if it violates someone else’s intellectual property, data rights, or privacy You agree to cover any damages, settlements, and reasonable legal fees that come out of such claims.
9.3 What Happens If There's a Potential IP Issue
If it turns out that the Services (or a part of them) might infringe someone’s intellectual
property—or we believe a claim is likely—Fortifai may:
(i) Modify the Services so they’re no longer infringing, without reducing functionality in any significant way
(ii) Secure a license so you can keep using the Services
(iii) If neither option works, end the affected part of the Service and give you a refund for any unused, prepaid amounts This section (along with 9.1) explains Fortifai’s full responsibility and your exclusive remedy when it comes to IP-related claims.
9.4 How the Indemnification Process Works
If either of us needs to be indemnified (legally protected), here’s how it works:
(i) The party seeking protection must notify the other in writing as soon as possible. (A delay won’t affect the obligation unless it causes serious harm.)
(ii) The indemnified party agrees to cooperate reasonably with the process.
(iii) The indemnifying party takes full control of the defense, including legal strategy and settlement decisions.
However, if any settlement involves costs or obligations for the other party, written
approval is needed—and that approval won’t be unreasonably withheld.
10. LIMITATION OF LIABILITY
10.1 What We're Not Responsible For
Let’s keep things fair and transparent. To the extent allowed by law, neither Fortifai nor you (nor our respective teams, affiliates, or partners) will be held responsible for indirect or unexpected losses. That means we’re not liable for things like:
(i) Lost profits or revenue
(ii) Lost business opportunities or data
(iii) Inability to use the Services
(iv) Business interruptions
(v) Damage to reputation
(vi) Costs of replacement tools or services
This applies no matter the legal basis—whether it’s contract, negligence, or something else—and even if someone warned that the loss might happen, or a limited remedy didn’t work out as planned.
That said, this exclusion doesn’t apply to:
(i) Intentional misconduct, gross negligence, or fraud
(ii) Death or personal injury caused by negligence (where the law doesn’t allow limitation)
10.2 Cap on Liability
Unless we’ve stated otherwise in this section—or the law requires something different—Fortifai’s total liability for any claim under this Agreement (no matter the type of legal claim) is limited to the total amount you’ve paid to Fortifai in the 12 months before the issue started. This includes both Subscription Charges and any Professional Services Fees.
A few more things to clarify:
(i) This cap applies across all claims made by you and your affiliates
(ii) It reflects how both parties have chosen to share risk fairly
(iii) It’s a key part of what both sides agreed to when entering into this Agreement
This limitation does not apply to:
1. Either party’s indemnification obligations (see Section 9)
2. Your obligation to pay any undisputed fees
3. Any liability that cannot be limited by law
10.3 Jurisdiction-Specific Exclusions
Laws vary from place to place—and some jurisdictions (including certain EU Member States) don’t allow the exclusion of certain warranties or limitations on damages, especially when it comes to things like gross negligence or personal injury. If that’s the case for you, the limitations in this section will apply only to the extent permitted by law, and your statutory rights remain fully intact.
10.4 Who You Can Hold Responsible
If you ever need to bring a claim under this Agreement, it will be against Fortifai as a company, not against any individual team members, directors, employees, or affiliates—unless the law requires otherwise.
We’re all about accountability, but it’s important to keep it at the company level unless there's a legal reason not to.
10.5 Why These Limits Exist
The limits and protections in this section weren’t just thrown in—they’ve been mutually agreed upon and reflect a fair balance of risk between both sides. These terms were part of how we decided on pricing and whether the partnership made sense in the first place. They help create a solid foundation for a relationship that’s fair, sustainable, and clear for everyone involved.
11. POTENTIAL USE OF THIRD-PARTY SERVICES
11.1 Future Integrations
While Fortifai doesn’t currently offer integrations with third-party tools or platforms, we may support them in the future to enhance the value of the Services. If and when those integrations become available, and you choose to enable them, you agree that:
(i) Fortifai may allow those Third-Party Services to access or process your data, solely as needed to make the integration work
(ii) Any use of a Third-Party Service will be entirely between you and the provider of that service
Please note that Fortifai doesn’t control those third parties and can’t guarantee their availability, security, or compliance practices. “Fortifai reserves the right to evaluate and approve Third-Party Services before integration to ensure appropriate security and compliance.
11.2 Responsibility and Risk
If you decide to use any future Third-Party Services with Fortifai, you’ll be doing so at your own discretion and risk. Fortifai won’t be responsible for:
(i) Any data loss, misuse, or corruption that happens through a third-party integration
(ii) Any service disruptions or feature limitations caused by changes in the Third-Party Service
(iii) Any harm or losses caused by relying on those services or their features
We also reserve the right to disable access to any integration if it becomes legallyrequired, technically unfeasible, or commercially unreasonable to continue supporting it.
11.3 Your Role
If you choose to use a future Third-Party Service, you’ll be responsible for:
(i) Reviewing and agreeing to the third party’s terms and privacy policies
(ii) Making sure your use of the service complies with applicable data protection laws, including handling notices or consents
(iii) Ensuring the third party is authorized to process the relevant data in line with your obligations
You also agree not to hold Fortifai responsible for anything the Third-Party Service does (or fails to do).
12. MISCELLANEOUS
12.1 Governing Law & Jurisdiction
This Agreement—and any legal questions or claims that come up around it, including ones not strictly based on the contract—will be governed by the laws of Norway, without taking into account any rules about conflicting laws unless otherwise mutually agreed in writing.
If there’s ever a dispute, both you and Fortifai agree that it will be handled exclusively by the courts in Oslo, Norway, and we each agree to submit to that venue.
Just a note: The United Nations Convention on Contracts for the International Sale of Goods (CISG) doesn’t apply to this Agreement.
12.2 Optional Arbitration (for International Customers)
If you're based outside Norway and a serious dispute ever comes up, either of us can choose to resolve it through confidential arbitration instead of going to court.
(i) Arbitration will be held in English, following the rules of either the London Court of International Arbitration (LCIA) or the International Chamber of Commerce (ICC)—whichever we both agree makes sense.
(ii) Unless we decide otherwise, the arbitration will take place in Oslo, Norway.
(iii) Of course, if either of us needs to act quickly to protect things like confidential information or intellectual property, we can still go straight to court for urgent help. We hope it never comes to that—but it's good to have a clear, fair path forward just in case.
12.3 Resolving Disagreements
If something does come up, we’d much rather work things out together first. So, if there’s a disagreement, both parties agree to try to resolve it amicably and in good faith with remediation.
If we’re unable to find a solution within 30 days of written notice, either side may bring the issue to the courts in Oslo, Norway. Unless we’ve agreed otherwise in writing, this Agreement does not include arbitration—and we both agree to waive any rights to bring class actions or
collective lawsuits, unless the law specifically requires it. That said, if either party needs to act quickly to protect their rights—for example, to safeguard confidential information or intellectual property—this section doesn’t stop you from going directly to court to seek urgent help, like an injunction.
12.4 How to Send Legal Notices
If we ever need to send each other formal legal notices under this Agreement, here’s how to do it—unless we’ve agreed on something else in writing:
(i) By email, as long as there’s electronic confirmation of delivery
(ii) By first-class mail or courier to the recipient’s registered business address
(iii) Through secure digital channels we both agree on—like eID or Digipost if you're in Norway
Notices to Fortifai should be sent to:
Fortifai AS
Attn: Legal Department
SEB Scale Center
Filipstad Brygge 10, 0252 Oslo, Norway
Email: abbey@fortifai.co
12.5 Use of Name and Logo
We’d love to celebrate working with you—but only in a respectful and accurate way. Unless you ask us not to, Fortifai may use your company name and logo on our website or in marketing materials to highlight our partnership. If you're open to it, we’d also be happy to collaborate on a joint press release when you launch, but only with your full approval beforehand.
12.6 If Something Doesn’t Hold Up
If any part of this Agreement turns out to be legally invalid or can’t be enforced, the rest still stands. We'll interpret the affected part as closely as possible to what we both originally intended, while staying within the law. Also, just because one of us doesn’t enforce a clause right away doesn’t mean we’ve waived our right to enforce it (or any other clause) later.
12.7 Assigning This Agreement
Neither of us can transfer or assign this Agreement to someone else without written consent from the other—unless:
(i) It’s to an Affiliate, or
(ii) It happens as part of a merger, acquisition, or sale of all or nearly all assets That said, consent shouldn’t be unreasonably withheld. But if you assign this Agreement to a direct competitor of Fortifai, we reserve the right to terminate the Agreement with written notice.
12.8 Events Outside Our Control (Force Majeure)
Sometimes, things happen that are totally beyond our control—like:
(i) Natural disasters
(ii) War, terrorism, or civil unrest
(iii) Strikes or labor disputes
(iv) Major internet or utility outages
(v) Government-imposed restrictions
If either of us is affected by something like this, we’ll let the other know as soon as possible and do our best to resume service quickly. If the disruption continues for more than 60 days, the other party may have the right to terminate the affected portion of the Agreement.
12.9 Relationship Between Us
Fortifai and the Customer are independent contractors—we’re working together, but we’re not creating a partnership, joint venture, agency, franchise, employment, or fiduciary relationship.
That means neither of us can make promises or commitments on behalf of the other unless we’ve agreed to that in writing. Also, this Agreement doesn’t grant any rights to third parties.
12.10 Use by Affiliates
You’re welcome to extend access to your Affiliates, as long as:
(i) Each Affiliate agrees to the terms of this Agreement, and
(ii) You remain responsible for how they use the Services and whether they stay in compliance In other words, we’re happy to support your broader team—but the original Customer stays accountable.
12.11 Trials and Beta Features
If you’re trying out a Trial or using Beta features:
(i) The Services are offered “as is”, without warranties or guarantees
(ii) Any data you enter may be lost unless you export it before the trial ends
(iii) We may review usage or Customer Data (even manually) to help us improve these early-access features Beta and Trial access can be ended by Fortifai at any time. These features are still in development, so using them is at your own risk—but we always appreciate your
feedback!
12.12 Compliance and Ethical Conduct
We’re committed to doing business the right way—and we expect the same from our partners. Both parties confirm that they have not and will not offer or accept any bribes or improper payments related to this Agreement.
We each agree to comply with:
(i) Relevant anti-corruption laws, including the Norwegian Penal Code §§
387–389,
(ii) Applicable competition laws and trade control regulations
(iii) Sanctions issued by the EU, Norway, or the UN Security Council
12.13 Language
This Agreement is made in English. While translations may be provided for convenience, if there’s ever a conflict between versions, the English version is the official one.
12.14 This Is the Entire Agreement
This Agreement—including your Order Form, Data Processing Agreement, and any supplemental terms or policies we reference—represents the full understanding between you and Fortifai. It replaces any earlier conversations, proposals, or agreements we might have had. If there’s ever a conflict between documents, we’ll follow this order of priority:
1. Your Order Form
2. The Data Processing Agreement
3. Any Supplemental Terms
4. Our End User Conduct and Content Policy
5. This SaaS Agreement
12.15 Headings Are Just for Clarity
The section headings in this Agreement are just there to make things easier to read.
They don’t affect how any part of the Agreement is interpreted.
12.16 What Stays in Place After Termination
Even after your subscription ends, certain parts of this Agreement will continue to apply—especially those that deal with responsibilities, rights, and protections. This includes: Sections 2.2, 2.3, 2.5, and all of Sections 3 through 12—along with any other clauses that are naturally meant to survive.
12.17 Changes to This Agreement
We may update this Agreement from time to time to reflect changes in the law, our Services, or best practices. If there’s a material change, we’ll let you know at least 30 days in advance—unless a change needs to happen sooner for legal reasons. If you continue using the Services after the update takes effect, that means you’re agreeing to the new terms. But if you’re not comfortable with the changes, you can choose to terminate before the effective date—no hard feelings.
13. DATA PROCESSING AGREEMENT (DPA)
Effective Date: June 2025
This Data Processing Agreement ("DPA") is entered into by and between you (the "Customer") and Fortifai AS ("Fortifai"), a company registered in Norway with its principal office at SEB Scale Center, Filipstad Brygge 10, 0252 Oslo, Norway. This DPA forms part of the Fortifai Terms of Service or other written or electronic agreement between the Customer and Fortifai (the "Agreement").
We want to keep this clear and helpful—just like our product. This DPA outlines how we handle and protect your data in accordance with Norwegian law, the GDPR, and other applicable privacy regulations.
1. Roles and Responsibilities
(i) Customer acts as the Data Controller.
(ii) Fortifai acts as the Data Processor.
(iii) Each party will comply with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Norway's implementation thereof.
(iv) The Customer warrants that it has all necessary rights to provide Personal Data to Fortifai and that such processing will not violate any applicable law or third-party rights.
2. Purpose of Processing
Fortifai processes Customer Personal Data solely to provide and improve the Services described in the Agreement, and only on documented instructions from the Customer unless required by law. Fortifai shall not be liable for any processing carried out in accordance with such instructions. Where Fortifai believes an instruction may violate applicable law, it shall inform the Customer, but shall not be obligated to perform such processing until the matter is resolved.
3. Types of Data and Data Subjects
Types of Personal Data:
(i) Names, email addresses, and business contact information
(ii) Job titles, system usage, and communication logs
Data Subjects:
Customer's employees, contractors, or other authorized users
Note: Fortifai does not require or process special categories of data unless explicitly agreed in writing.
4. Security Measures
Fortifai implements appropriate technical and organizational measures to protect Personal Data, in accordance with Article 32 of the GDPR. We are proudly SOC 2 Type II and ISO/IEC 27001 certified, with annual audits conducted by external, independent firms to validate our security practices.
Key security practices include:
(i) Data encryption at rest and in transit
(ii) Access controls and authentication
(iii) Regular security assessments and penetration testing
(iv) Role-based access and monitoring
5. Subprocessors
Fortifai uses trusted Subprocessors to help deliver the Services. A current list is available upon request or as listed at Fortifai.com/subprocessors.
Fortifai ensures all Subprocessors meet equivalent data protection obligations and signs written agreements with them as required by Article 28 of the GDPR. Fortifai remains liable for the actions of its Subprocessors to the same extent Fortifai would be liable under this DPA if performing the services directly, unless such Subprocessor acts outside Fortifai’s instructions.
6. Data Transfers
Fortifai may transfer personal data outside the EEA, including to the United States. Where we do, we use appropriate safeguards such as:
(i) Standard Contractual Clauses (SCCs)
(ii) Data Processing Addenda with Subprocessors
(iii) Supplementary security measures when necessary
7. Assistance to the Customer
Fortifai will assist the Customer in fulfilling data subject rights requests, data protection impact assessments (DPIAs), and incident responses, in line with GDPR obligations.
8. Incident Notification
In the unlikely event of a Personal Data Breach, Fortifai will notify the Customer without undue delay and provide relevant information to support compliance and response efforts.
9. Data Retention and Deletion
Upon termination of the Agreement, Fortifai will delete or return all Customer Data, at the Customer's choice, unless legal retention requirements apply. We provide a 30-day window post-termination for data export in a commonly used format.
10. Audit Rights
Fortifai will make available relevant documentation to demonstrate compliance. Upon written request, Fortifai will cooperate with audits conducted by the Customer or a mutually agreed auditor, not more than once annually. Audits must be conducted during regular business hours, with reasonable advance notice, and in a manner that does not unreasonably interfere with Fortifai’s operations.
11. Liability
Liability under this DPA is subject to the limitations and exclusions set out in the Agreement, except where explicitly overridden by mandatory data protection laws. Fortifai’s total aggregate liability under this DPA shall not exceed the amounts paid by Customer to Fortifai in the twelve (12) months preceding the event giving rise to the liability, except where such limitation is prohibited by applicable law.
12. Miscellaneous
(i) This DPA is governed by the laws of Norway.
(ii) Disputes shall be resolved by the courts of Oslo, unless otherwise required by applicable law.
(iii) If any provision of this DPA is held unenforceable, the remainder will remain in effect.
By continuing to use the Services, the Customer agrees to the terms of this Data Processing Agreement.
14. Service Level Agreement (SLA)
We want Fortifai to feel reliable, responsive, and easy to work with. This SLA outlines what you can expect from us in terms of service availability, support, and how we handle disruptions. We believe in transparency and fairness—and we’re always open to feedback.
Effective Date: June 2025
1. Service Availability
We aim to keep Fortifai running smoothly and reliably. Our internal goal is to maintain at least 99% uptime for our core Services each month, excluding the following:
(i) Scheduled maintenance (we’ll give you at least 48 hours’ notice when possible)
(ii) Emergency updates (to address security or stability issues)
(ii) Outages caused by things outside our control (like problems with third-party providers or force majeure events)
This uptime target reflects our internal commitment—but it’s not a formal guarantee. This is because we’ve intentionally priced Fortifai to be accessible—especially for smaller teams and fast movers—we currently don’t offer formal financial remedies for downtime. That said, we take service reliability seriously. If something goes wrong, we’ll communicate clearly, fix it quickly, and work with you to make things right.
As we grow, we’ll keep improving our infrastructure and support to match your evolving
needs.
2. Maintenance and Updates
To keep Fortifai secure and up to date, we occasionally need to do maintenance or push new updates. Here's how we approach it:
(i) We aim to give at least 48 hours’ notice for planned maintenance.
(ii) Updates are typically scheduled during low-traffic times.
(iii) Urgent security or stability fixes may be rolled out without prior notice to protect your data and ensure platform integrity.
3. Support Response Times
Need help? We’re here. During standard business hours (CET), our target response times are:
Issue Severity Response Time Target
General/Low Within 1 business day
Medium/Urgent Within 5 business hours
Critical Outage Within 3 business hours (best effort)
15. End User Conduct & Content Policy
Last updated: June 2025
At Fortifai AS("Fortifai," "we," "us"), we’re committed tomaintaining a professional, respectful, and safe platform for everyone. ThisEnd User Conduct and Content Policy ("Policy") is here to make surethat all users of our Services—whether you’re a Customer or an EndUser—understand what’s acceptable and what isn’t.
This Policy is part of ourSaaS Agreement. If there’s a serious violation, Fortifai may suspend orterminate an account immediately, even without prior notice—and also reservesthe right to take appropriate legal action where applicable.
If you believe someone ismisusing our Services, you can report it to support@fortifai.co. Pleaseinclude as much detail as possible to help us investigate.
1. Security and Integrity
Users may not:
1) Try to access Fortifai’s systems or those of our providers without authorization.
2) Distribute viruses, malware, or send harmful automated traffic.
3) Scan or probe our platform for vulnerabilities.
4) Reverse engineer or attempt to uncover source code or algorithms.
5) Tamper with or attempt to bypass service restrictions or licensing.
6) Use Fortifai for timesharing, sublicensing, or reselling unless explicitly permitted.
7) Scrape or index our Services by means not provided by Fortifai.
8) Interfere with other users’ access or experience.
2. Spam and Unwanted Contact
Please don’t:
1) Send bulk, unsolicited, or commercial messages.
2) Try to bypass spam filters or contact restrictions.
3) Engage in behavior that disrupts or overloads the Services.
3. Hate and Violence
We don’t allow:
1) Use by groups that promote hate, discrimination, or violence.
2) Uploading or distributing content that supports terrorism or incites harm.
3) Services hosting user-generated content must have reasonable moderation practices, such as content flagging, prompt removal of hate speech or harmful material, and the ability to block or suspend abusive users. Refer to our Content Moderation Guidelines for recommended best practices.
4. Illegal or Fraudulent Use
Our Services must not beused to:
1) Violate privacy, intellectual property, or local laws.
2) Support pyramid schemes or fraudulent financial practices.
3) Share someone else’s private data without permission.
5. Misleading or Harmful Behavior
You must not:
1) Impersonate others or misrepresent your identity.
2) Create subdomains that infringe on other brands or entities.
3) Gain unauthorized access to other users’ accounts.
6. Child Safety and Human Rights
We have zero tolerancefor:
1) Any form of child exploitation or abuse imagery.
2) Content promoting or enabling human trafficking.
3) Such content will be removed, reported to authorities, and accounts terminated.
7. Inappropriate Content
Please do not use ourServices to:
1) Share explicit sexual content or graphic media.
2) Harass, bully, or abuse others.
8. Responsible Use
1) Don’t pretend to be affiliated with Fortifai when you’re not.
2) Don’t use false sender info or try to mislead others.
9. Age Requirements
Fortifai is only for usersaged 16 and over. Customers are responsible for ensuring that allEnd Users meet this age requirement. If Fortifai becomes aware of any accountsin violation of this policy, we may suspend or terminate those accounts andtake additional action as needed to maintain compliance. Customers areresponsible for ensuring that all End Users meet this minimum age.
This Policy applies to alluse of Fortifai’s Services. If you have any questions or want to flag concerns,email us at support@fortifai.co.pplies to alluse of Fortifai’s Services. If you have any questions or want to flag concerns,email us at support@fortifai.co.
