Customer Terms of Service

These Customer Terms of Service (“Customer Terms”) govern the terms on which Embroidery AS, reg. no. 937476965, Frydenlundgata 1, 0169 Oslo, Norway (“Embroidery”) makes the Embroidery Platform available to customers (“Customer”). These Customer Terms apply to all Customers, whether access is obtained directly from Embroidery or through an Embroidery partner.

By signing an Order Form or Special Arrangement referencing these Customer Terms, or by accessing the Embroidery Platform and accepting these terms as part of the signup flow, the individual doing so confirms they have authority to bind the Customer as a legal entity, and that the Customer has read, understood, and accepted these Customer Terms.

1. DEFINITIONS

“Data Processing Agreement” means Embroidery’s standard data processing agreement governing Embroidery’s processing of personal data on behalf of the Customer.

“Effective Date” means the date the Customer first gains access to the Platform.

“Embroidery Platform” means Embroidery’s cloud platform, endpoint applications, integrations, dashboards, APIs, detection systems, and related services made available by Embroidery.

“Endpoint Application” means Embroidery’s signed endpoint application installed on Customer-controlled devices to collect telemetry and security-relevant activity data for use with the Platform.

“Intellectual Property Rights” means all intellectual property rights worldwide, whether registered or unregistered, including copyright, trademarks, patents, trade secrets, database rights, design rights, and know-how.

“Platform” means the Embroidery Platform.

“Subscription Term” means the duration during which the Customer is authorized to access and use the Platform.

“Telemetry Data” means data collected through the Platform, including audit logs, prompts, reasoning, tool calls, command execution metadata, configuration data, API interactions, security events, and related operational metadata generated through Customer systems, integrations, AI agents, or Users. For the purposes of these Customer Terms, Telemetry Data includes the “activity data” described in Embroidery’s Privacy Policy.

“Users” means individuals authorized by the Customer to access or use the Platform on the Customer’s behalf.

2. USE OF THE PLATFORM

2.1 License grant. Subject to these Customer Terms, Embroidery grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Platform solely for the Customer’s internal business purposes. Rights to access and use the Platform are licensed, not sold.

2.2 Availability. Embroidery targets commercially reasonable availability of the Platform and may perform planned or emergency maintenance at any time. Embroidery does not guarantee uninterrupted or error-free operation.

2.3 Restrictions. Except as expressly permitted under these Customer Terms, the Customer and its Users may not:

  • resell, sublicense, distribute, or make the Platform available to third parties;
  • use the Platform unlawfully or in violation of applicable regulations;
  • attempt to reverse engineer, decompile, or replicate the Platform;
  • use the Platform to develop competing systems or models;
  • use the Platform for malware development, offensive cyber operations, or unlawful surveillance;
  • interfere with or circumvent security protections or access controls.

2.4 Account security. The Customer is responsible for maintaining the confidentiality and security of its credentials and for all activity conducted through its accounts. The Customer must notify Embroidery promptly upon becoming aware of any unauthorised access or suspected compromise of the Platform.

2.5 Data collection and analysis. The Customer acknowledges and agrees that the Platform operates by collecting, transmitting, storing, processing, and analysing Telemetry Data and related activity data. Depending on the integrations and functionality enabled by the Customer, such data may include:

  • user data such as name,email address, job title, department, phone number, country and language, and account identifiers;
  • group or directory membership information;
  • audit logs and activity records;
  • prompts, reasoning, and tool calls generated through AI systems;
  • command execution metadata;
  • API interactions;
  • configuration and environment metadata;
  • login and authentication events.

2.6 Data collection purpose. Embroidery processes such data for the purposes of:

  • providing and operating the Platform;
  • threat detection, monitoring, and analysis;
  • troubleshooting and customer support;
  • maintaining and improving the Platform;
  • security research using aggregated and anonymised data;
  • complying with legal obligations.

Embroidery processes personal data in accordance with the applicable Data Processing Agreement and Privacy Policy.

2.7 Customer responsibilities. The Customer is solely responsible for:

  • determining whether use of the Platform is lawful in its jurisdiction;
  • providing any legally required notices to employees, contractors, or Users;
  • obtaining any necessary consents or approvals;
  • conducting any required works council or employee representative consultations;
  • ensuring that use of the Platform complies with applicable employment, privacy, monitoring, and AI regulations.

2.8 Customer data ownership. As between the parties, the Customer retains ownership of Customer data and Telemetry Data processed through the Platform. Embroidery may use aggregated and anonymised data for analytics, benchmarking, security research, and improvement of the Platform.

2.9 Platform modifications. Embroidery may update, modify, improve, or discontinue portions of the Platform at any time.

2.10 Support. Embroidery may provide support through email, chat, documentation, or other channels made available by Embroidery.

3. BILLING AND COMMERCIAL TERMS

3.1 Subscription model. Unless otherwise agreed in writing, access to the Platform is provided on a month-to-month basis.

3.2 Usage-based pricing. Fees are based on Customer usage of the Platform, which may include telemetry volume, endpoints, API usage, storage, processing volume, or other usage metrics determined by Embroidery.

3.3 Billing. Unless otherwise agreed, Embroidery invoices monthly in arrears. Invoices are payable within fourteen (14) calendar days.

3.4 Price changes. Embroidery may update pricing on thirty (30) days’ written notice.

3.5 Taxes. All fees are exclusive of VAT and similar taxes.

3.6 Late payment. Embroidery may suspend access to the Platform for overdue invoices following written notice.

4. INTELLECTUAL PROPERTY

4.1 Ownership. Embroidery and its licensors retain all Intellectual Property Rights in and to the Platform. Except for the limited rights expressly granted under these Customer Terms, no rights are transferred to the Customer.

4.2 Feedback. The Customer grants Embroidery a perpetual, irrevocable, worldwide right to use feedback, suggestions, or improvement ideas relating to the Platform without restriction or compensation.

5. CONFIDENTIALITY

Each party shall keep confidential all non-public information disclosed by the other party that would reasonably be understood to be confidential. Confidential information may only be used for purposes connected with these Customer Terms.

6. DISCLAIMER AND LIMITATION OF LIABILITY

6.1 No security guarantee. The Platform is designed to assist with security monitoring and threat detection but does not guarantee detection of all threats, attacks, vulnerabilities, policy violations, or unsafe behaviour. AI-generated detections, classifications, summaries, and alerts are probabilistic in nature and may produce false positives or false negatives. The Customer remains solely responsible for security decisions, investigations, incident response, compliance obligations, and operational actions taken based on output generated by the Platform.

6.2 Disclaimer. The Platform is provided “as is” and “as available” without warranties of any kind, whether express, implied, statutory, or otherwise.

6.3 Limitation of liability. To the maximum extent permitted by law:

  • neither party is liable for indirect, consequential, incidental, special, punitive, or exemplary damages, including loss of profits, revenue, business, goodwill, or data;
  • Embroidery’s total aggregate liability under these Customer Terms shall not exceed the fees paid by the Customer to Embroidery during the twelve (12) months preceding the event giving rise to the claim.

6.4 Non-excludable liability. Nothing in these Customer Terms limits liability that cannot lawfully be excluded.

7. DATA PROTECTION

7.1 Processor relationship. Where Embroidery processes personal data on behalf of the Customer, Embroidery acts as a data processor.

7.2 Controller relationship. Embroidery acts as an independent controller for business contact data, billing data, analytics, fraud prevention, legal compliance, and Platform security purposes.

7.3 Security measures. Embroidery implements commercially reasonable technical and organisational security measures designed to protect Customer data.

7.4 Breach notification. Each party shall notify the other without undue delay upon becoming aware of a personal data breach affecting the other party’s data.

7.5 Data retention. Unless otherwise agreed in writing, Embroidery retains activity data for sixty (60) days, after which it is automatically deleted. Where the Platform generates alerts or detections, Embroidery may retain limited data associated with those alerts for as long as the Customer remains active and for up to twelve (12) months thereafter for security, audit, support, and operational purposes.

7.6 Data hosting and transfers. Embroidery stores Customer data using infrastructure located within Europe. Embroidery does not transfer personal data outside the European Economic Area except where necessary to provide the Platform or comply with applicable law.

7.7 Privacy Policy. Embroidery’s Privacy Policy forms part of these Customer Terms. The Customer is responsible for ensuring that its Users are made aware of the Privacy Policy where required by applicable law.

8. TERM AND TERMINATION

8.1 Termination for convenience. Either party may terminate the Subscription Term at any time by providing written notice prior to the next billing cycle.

8.2 Termination for cause. Either party may terminate these Customer Terms immediately if the other party materially breaches these Customer Terms and fails to cure the breach within thirty (30) days of written notice.

8.3 Suspension. Embroidery may suspend access immediately if:

  • continued access poses a security risk;
  • the Customer is using the Platform unlawfully;
  • the Customer is in material breach of these Customer Terms;
  • Embroidery reasonably believes the Platform is being used for offensive cyber activity, abuse, or unlawful conduct.

8.4 Effect of termination. Upon termination, the Customer’s right to access the Platform immediately ceases. Termination does not affect accrued rights or liabilities.

9. PUBLICITY

Unless otherwise agreed in writing, Embroidery may identify the Customer as a customer of Embroidery using the Customer’s name and logo. The Customer may withdraw this permission at any time by written notice.

10. GENERAL

10.1 Governing law. These Customer Terms and any non-contractual obligations arising out of or in connection with them are governed by the laws of England and Wales.

10.2 Venue. The courts of England and Wales shall have exclusive jurisdiction over any dispute arising out of or in connection with these Customer Terms, including any question regarding their existence, validity, or termination.

10.3 Assignment. Embroidery may assign these Customer Terms in connection with a merger, acquisition, financing, or sale of assets.

10.4 Amendments. Any amendment or modification to these Customer Terms must be agreed in writing by both parties.

10.5 Severability. If any provision of these Customer Terms is held unenforceable, the remaining provisions remain in full force and effect.

10.6 Entire agreement. These Customer Terms, together with any applicable Order Form, Special Arrangements, Privacy Policy, and Data Processing Agreement, constitute the entire agreement between the parties.

11. COMPLIANCE

11.1 Export controls and sanctions. The Customer may not access or use the Platform in violation of applicable export control or sanctions laws.

11.2 Acceptable conduct. The Customer may not use the Platform:

  • to violate applicable law;
  • to infringe third-party rights;
  • for unlawful monitoring or surveillance;
  • to support offensive cyber operations;
  • to develop malicious software or malware.