Terms of Service - Critical Context

1. Acceptance of Terms

By accessing or using Critical Context, you agree to be bound by these Terms of Service and our Privacy Policy. If you do not agree to these Terms, you may not use the Service.

If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

You must be at least 16 years old to use this Service. By using the Service, you represent that you meet this requirement.

2. Description of Service

Critical Context is a code intelligence platform that enables team members to ask questions about codebases using AI-powered analysis. The Service includes:

Code Analysis: AI-powered analysis of connected repositories to answer questions
Slack Integration: Bot that responds to code-related questions in Slack
Embedded Chat: Widgets you can embed on your websites
API Access: Webhook endpoints and API for programmatic access
Scheduled Prompts: Automated recurring code analysis

The Service uses artificial intelligence to generate responses. AI-generated content may contain errors, inaccuracies, or incomplete information. You should verify important information independently.

3. Shared Infrastructure and Multi-Tenant Architecture

IMPORTANT: PLEASE READ THIS SECTION CAREFULLY BEFORE USING THE SERVICE.

3.1 Multi-Tenant Architecture

The Service operates on shared infrastructure using a multi-tenant architecture. This means that multiple customers' data is stored and processed on the same servers, databases, and computing resources. While we implement technical and organizational measures to logically separate customer data, you acknowledge and accept that:

Your data is not physically isolated from other customers' data
Background processing jobs run in shared worker environments
Repository analysis occurs on shared computing infrastructure
Network, storage, and compute resources are shared among customers

3.2 Data Isolation Measures

We implement the following measures to isolate customer data:

Database-level access controls and foreign key constraints
Encryption of sensitive data at rest and in transit
Account-scoped authentication and authorization
Logical separation of repository storage paths

However, we do not guarantee complete isolation of Your Content from other customers' content. Technical vulnerabilities, software bugs, misconfigurations, or other factors could potentially result in unauthorized access to Your Content by other customers or third parties.

3.3 No Guarantee of Isolation

BY USING THE SERVICE, YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT:

We cannot and do not warrant that Your Content will never be accessible to other customers
We cannot and do not warrant that other customers' content will never be accessible to you
Data isolation is implemented on a "best efforts" basis, not as a guarantee
You assume the risk inherent in using shared infrastructure

3.4 Sensitive Data Recommendation

If your organization requires complete data isolation for regulatory, compliance, or security reasons, we strongly recommend:

Using our self-hosted deployment option where available
Not connecting repositories containing highly sensitive intellectual property, trade secrets, or regulated data (such as PCI, HIPAA, or classified information)
Implementing additional security controls on your end

3.5 Your Assumption of Risk

By using the shared Service, you acknowledge that you have evaluated the risks of multi-tenant architecture and determined that they are acceptable for your use case. You assume all risks associated with the shared infrastructure model.

4. Account Registration

4.1 Account Creation

To use most features of the Service, you must create an account. You agree to:

Provide accurate, current, and complete registration information
Maintain and promptly update your account information
Keep your password secure and confidential
Notify us immediately of any unauthorized access
Accept responsibility for all activities under your account

4.2 Account Security

You are responsible for maintaining the security of your account credentials, API tokens, and connected service authorizations. We are not liable for any loss or damage arising from unauthorized access to your account.

4.3 Team Accounts

Account administrators may invite team members. Administrators are responsible for managing team member access and ensuring team members comply with these Terms.

5. Your Content and Data

5.1 Ownership

You retain all ownership rights to your code, data, and content ("Your Content"). These Terms do not grant us any ownership rights to Your Content.

5.2 License Grant

By using the Service, you grant us a limited, non-exclusive, worldwide license to:

Access, store, and process Your Content to provide the Service
Transmit Your Content to third-party AI providers for analysis
Create and store copies of your repositories for analysis purposes
Display Your Content back to you and authorized team members

This license exists solely to operate and improve the Service and terminates when you delete Your Content or close your account.

5.3 Your Responsibilities

You represent and warrant that:

You have the right to grant the licenses described above
Your Content does not violate any third-party rights
You have obtained necessary permissions to connect repositories
Your use complies with all applicable laws and regulations

5.4 Confidential Information

We understand your code may contain sensitive information. We implement security measures to protect Your Content as described in our Privacy Policy. However, you should:

Avoid including secrets, credentials, or API keys in connected repositories
Use environment variables and secure secret management practices
Review what data you share through chat interactions

5.5 AI Training

Your Content is not used to train AI models. When your code is sent to AI providers for analysis, it is processed according to their data handling policies, which typically exclude training on customer data.

6. Acceptable Use Policy

You agree not to use the Service to:

6.1 Prohibited Activities

Violate any applicable laws or regulations
Infringe upon intellectual property rights of others
Upload malicious code, viruses, or harmful content
Attempt to gain unauthorized access to the Service or other accounts
Interfere with or disrupt the Service or servers
Circumvent usage limits, rate limits, or security measures
Use the Service for illegal activities
Reverse engineer, decompile, or disassemble the Service
Resell or redistribute the Service without authorization
Use automated scripts to collect information or interact with the Service
Impersonate another person or entity
Harass, abuse, or harm others

6.2 Content Restrictions

You may not use the Service to analyze, store, or transmit:

Content that violates others' intellectual property rights
Illegal content or content that promotes illegal activities
Malware, exploits, or code designed to harm systems
Content that violates export control laws

6.3 Enforcement

We reserve the right to investigate violations and take appropriate action, including suspending or terminating accounts, removing content, and reporting to law enforcement.

7. Third-Party Services

7.1 Connected Services

The Service integrates with third-party services including GitHub, Slack, and AI providers. Your use of these services is subject to their respective terms and policies.

7.2 AI Providers

Questions and code context are sent to AI providers (Anthropic, AWS Bedrock, or Google Vertex AI) for analysis. By using the Service, you acknowledge and accept that:

Your Content may be processed by these providers
AI responses may be inaccurate or incomplete
You are responsible for verifying AI-generated information
These providers have their own terms of service and privacy policies

7.3 API Credentials

You may provide your own API credentials for AI providers. You are responsible for:

Complying with the provider's terms of service
Any charges incurred through your API keys
Keeping your credentials secure

8. Payment and Billing

8.1 Subscription Plans

The Service offers various subscription plans. By subscribing to a paid plan, you agree to pay the applicable fees.

8.2 Billing

Payments are processed through Stripe. By providing payment information, you authorize us to charge the applicable fees to your payment method.

Subscriptions are billed in advance on a recurring basis
All fees are non-refundable except as required by law
We may change pricing with notice to you

8.3 Free Trials

We may offer free trials. At the end of a trial, you will be charged unless you cancel. Trial terms will be specified at sign-up.

8.4 Cancellation

You may cancel your subscription at any time. Cancellation takes effect at the end of the current billing period. You will continue to have access until then.

8.5 Taxes

Fees do not include taxes. You are responsible for any applicable taxes based on your location.

9. Intellectual Property

9.1 Our Intellectual Property

The Service, including its design, features, functionality, and content (excluding Your Content), is owned by Critical Context and protected by intellectual property laws.

9.2 Limited License

We grant you a limited, non-exclusive, non-transferable license to access and use the Service for your internal business purposes, subject to these Terms.

9.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, we may use them without restriction or compensation to you.

9.4 Trademarks

"Critical Context" and related logos are our trademarks. You may not use them without our written permission.

10. Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED.

We disclaim all warranties including:

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT
That the Service will be uninterrupted, error-free, or secure
That AI-generated content will be accurate, complete, or reliable
That the Service will meet your specific requirements
That defects will be corrected

10.1 AI Limitations

AI-generated responses may contain:

Factual errors or "hallucinations"
Outdated information
Incomplete or misleading analysis
Code suggestions that may not work or may introduce bugs

You are solely responsible for reviewing and verifying any AI-generated content before relying on it.

10.2 Data Isolation Disclaimer

WE MAKE NO WARRANTY REGARDING DATA ISOLATION. Specifically, we disclaim any warranty that:

Your Content will be completely isolated from other customers' content
Other customers will not be able to access Your Content through any means
Security vulnerabilities will not expose Your Content to unauthorized parties
The shared infrastructure will be free from cross-tenant data leakage

10.3 Security Disclaimer

NO SECURITY SYSTEM IS IMPENETRABLE. While we implement industry-standard security measures, we cannot and do not warrant that:

The Service will be free from security vulnerabilities
Your Content will not be accessed by unauthorized parties
Data breaches will not occur
Our security measures will prevent all attacks or unauthorized access

By using the Service, you acknowledge that you understand and accept these security limitations.

10.4 Third-Party Provider Disclaimer

Your Content is transmitted to third-party AI providers for analysis. We disclaim all responsibility for:

How third-party providers handle, store, or process Your Content
Security breaches or data incidents at third-party providers
Third-party providers' compliance with their own terms and policies
Any use of Your Content by third-party providers beyond our control

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CRITICAL CONTEXT SHALL NOT BE LIABLE FOR:

Any indirect, incidental, special, consequential, or punitive damages
Loss of profits, revenue, data, or business opportunities
Damages arising from reliance on AI-generated content
Damages arising from third-party services or content
Damages arising from unauthorized access to your account

11.1 Data Breach and Security Incident Liability Exclusion

WE ARE NOT LIABLE FOR ANY DATA BREACH, SECURITY INCIDENT, OR UNAUTHORIZED ACCESS TO YOUR CONTENT, REGARDLESS OF CAUSE. This exclusion applies to, but is not limited to:

Vulnerabilities in shared infrastructure or multi-tenant architecture
Cross-tenant data exposure or leakage
Security breaches at third-party service providers
Sophisticated attacks that circumvent our security measures
Insider threats or unauthorized employee access
Software bugs, misconfigurations, or human error
Data exposure resulting from your failure to secure your own systems

11.2 Aggregate Liability Cap

OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS PRECEDING THE FIRST CLAIM.

This cap applies regardless of the form of action, whether in contract, tort (including negligence), strict liability, or otherwise, and regardless of the number of claims.

11.3 Essential Purpose

The limitations in this section shall apply even if any limited remedy fails of its essential purpose. You acknowledge that the fees charged reflect the allocation of risk set forth in this agreement and that we would not enter into this agreement without these limitations.

11.4 Jurisdictional Limitations

Some jurisdictions do not allow limitation of liability for certain damages. In such cases, our liability is limited to the greatest extent permitted by law.

12. Security Incidents

12.1 Definition

A "Security Incident" means any unauthorized access to, acquisition of, or disclosure of Your Content or personal data stored in the Service.

12.2 Our Response

In the event of a Security Incident affecting Your Content, we will:

Take reasonable steps to investigate and contain the incident
Notify you as required by applicable law
Provide information about the incident as reasonably practicable
Cooperate with your reasonable requests for information

12.3 Notification Timeline

We will provide notification of Security Incidents as required by applicable data protection laws. We do not guarantee any specific notification timeline beyond legal requirements. Factors affecting notification timing include:

Time required to investigate and confirm the incident
Time required to identify affected customers
Coordination with law enforcement if applicable
Complexity of the incident

12.4 Your Obligations

You agree to:

Maintain accurate contact information for security notifications
Report any suspected Security Incidents to us promptly
Cooperate with our investigation of Security Incidents
Not disclose details of Security Incidents except as required by law

12.5 Remedies

In the event of a Security Incident, your sole and exclusive remedies are:

Receipt of notification as required by applicable law
A pro-rata credit for the affected period (at our sole discretion)
Termination of your account

You expressly waive any claim for damages, including consequential, special, or punitive damages, arising from Security Incidents.

13. Indemnification

You agree to indemnify, defend, and hold harmless Critical Context and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

Your use of the Service
Your violation of these Terms
Your violation of any third-party rights
Your Content
Your interaction with connected third-party services
Claims by your end users, customers, or employees related to Your Content or your use of the Service
Your failure to comply with applicable data protection laws
Security incidents resulting from your failure to maintain adequate security controls

14. Termination

14.1 Termination by You

You may terminate your account at any time by contacting us or using the account deletion feature (if available).

14.2 Termination by Us

We may suspend or terminate your account at any time for any reason, including:

Violation of these Terms
Suspected fraudulent or illegal activity
Extended inactivity
Non-payment of fees
Discontinuation of the Service

14.3 Effect of Termination

Upon termination:

Your right to access the Service immediately ceases
We may delete your account and data (subject to our data retention policies)
Provisions that should survive termination (such as limitation of liability and indemnification) will continue in effect

14.4 Data Export

Before terminating your account, you should export any data you wish to retain. We are not obligated to provide data exports after termination.

15. Modifications to Terms

We may modify these Terms at any time. We will provide notice of material changes by:

Posting the updated Terms on this page
Updating the "Effective Date"
Sending email notification for significant changes

Your continued use of the Service after changes constitutes acceptance. If you do not agree to the modified Terms, you must stop using the Service.

16. Governing Law and Disputes

16.1 Governing Law

These Terms are governed by the laws of the State of California, United States, without regard to conflict of law principles.

16.2 Dispute Resolution

Any disputes arising from these Terms or the Service shall be resolved through:

Informal Resolution: First, contact us to attempt informal resolution
Arbitration: If informal resolution fails, disputes will be resolved through binding arbitration

16.3 Class Action Waiver

You agree to resolve disputes on an individual basis and waive any right to participate in class actions.

16.4 Exceptions

Either party may seek injunctive relief in court for intellectual property infringement or breach of confidentiality.

17. Contact Information

If you have questions about these Terms, please contact us:

Email: legal@critical.cx
Website: https://critical.cx

18. General Provisions

18.1 Entire Agreement

These Terms, together with our Privacy Policy and Data Processing Agreement, constitute the entire agreement between you and Critical Context regarding the Service.

18.2 Severability

If any provision of these Terms is found unenforceable, the remaining provisions will continue in effect.

18.3 Waiver

Our failure to enforce any provision does not waive our right to enforce it later.

18.4 Assignment

You may not assign these Terms without our consent. We may assign our rights and obligations without restriction.

18.5 Force Majeure

We are not liable for delays or failures due to circumstances beyond our reasonable control.