Terms of Use & Privacy Policy

SECTION A — TERMS OF USE

(Enterprise AI Platform & Technology Services)

1. Acceptance of Terms

These Terms of Use (“Terms”) govern access to and use of all products, platforms, applications, APIs, software, consulting services, managed services, and technology solutions provided by TruNorAI Consultants Ltd. (“TruNorAI”, “we”, “our”, or “us”).

By accessing or using any TruNorAI service, you agree to these Terms.

If you access the Services on behalf of an organization, you represent that you have authority to bind that organization.

2. Scope of Services

These Terms apply to all current and future offerings, including but not limited to:

2.1 Software & AI Platforms

• Web-based enterprise applications
• AI-powered document intelligence systems
• Procurement and RFQ automation tools
• ERP-integrated analytics systems
• M&A and due diligence AI tools
• Knowledge management platforms
• Workflow automation systems
• Business intelligence dashboards

2.2 APIs & Integrations

• REST APIs
• AI inference services
• Data connectors
• ERP/CRM integrations
• Identity provider integrations (SSO/OIDC)
• OEM or embedded AI services

2.3 Custom & Enterprise Solutions

• Custom-developed software
• White-label deployments
• On-premise installations
• Private cloud deployments
• Managed hosting services
• AI consulting and implementation services

2.4 Mobile Applications

• iOS applications
• Android applications
• Enterprise field applications
• Companion mobile apps

Collectively referred to as the “Services.”

We may modify or expand the Services at any time.

3. Enterprise Data & Confidential Information

The Services may process sensitive enterprise information, including:

• Customer documents
• Procurement and supplier data
• Bills of materials (BOMs)
• ERP exports
• Financial records
• M&A documentation
• Corporate strategy materials
• Technical documentation
• Trade secrets

All such information is “Customer Data.”

3.1 Ownership of Customer Data

Customer retains full ownership of Customer Data.

TruNorAI does not claim ownership rights in Customer Data.

3.2 Confidentiality

TruNorAI shall:

• Treat Customer Data as confidential
• Use Customer Data solely to provide contracted Services
• Not disclose Customer Data except to authorized subprocessors or as required by law
• Maintain reasonable technical and organizational safeguards

Confidentiality obligations survive termination.

4. Data Processing Roles

Unless otherwise agreed in writing:

• Customer acts as Data Controller (or Business under U.S. law).
• TruNorAI acts as Data Processor (or Service Provider).

Processing activities may be governed by:

• These Terms
• A Data Processing Agreement (DPA)
• Enterprise Master Service Agreements

Where required, appropriate safeguards such as Standard Contractual Clauses will apply.

5. AI Processing & Model Usage

5.1 Enterprise Data Segregation

Customer Data:

• Is logically segregated by tenant
• Is not shared between customers
• Is not used for generalized AI model training without written authorization
• Is processed only to deliver the Services

5.2 AI Output Disclaimer

AI-generated outputs:

• May contain inaccuracies
• Require human validation
• Are provided as decision-support tools

Customers remain responsible for verifying outputs before reliance.

6. Security & Safeguards

TruNorAI implements enterprise-grade security practices aligned with industry standards.

6.1 Technical Controls

• Encryption in transit (TLS 1.2+)
• Encryption at rest (AES-256 or equivalent)
• Role-based access controls
• Secure authentication mechanisms
• Audit logging
• Tenant isolation
• Secure key management

6.2 Organizational Controls

• Confidentiality obligations for personnel
• Security awareness training
• Access review procedures
• Vendor risk management
• Incident response framework

6.3 Infrastructure Controls

• Secure cloud environments
• Network segmentation
• Continuous monitoring
• Regular patching and updates

No system is entirely secure, but we apply commercially reasonable safeguards.

7. Acceptable Use

You agree not to:

• Use the Services unlawfully
• Upload malicious or harmful content
• Attempt unauthorized system access
• Reverse engineer proprietary models
• Circumvent security mechanisms

8. Intellectual Property

TruNorAI retains ownership of:

• Software
• AI models
• Algorithms
• Documentation
• Branding

Customers retain ownership of Customer Data.

Custom IP ownership terms are governed by separate agreements where applicable.

9. Enterprise Integrations

The Services may integrate with third-party systems. TruNorAI is not responsible for third-party service availability or compliance.

Customers are responsible for lawful data transfers into the Services.

10. Fees & Subscriptions

Where applicable:

• Fees are billed in advance
• Fees are non-refundable unless required by law
• Taxes are customer responsibility

Enterprise agreements may specify alternative terms.

11. Limitation of Liability

To the maximum extent permitted by law:

• Services are provided “as is”
• TruNorAI disclaims implied warranties
• Liability is limited to fees paid in the preceding 12 months

Nothing excludes liability that cannot legally be excluded.

12. Termination & Data Return

Upon termination:

• Customer Data may be exported within a defined period
• Data may be securely deleted thereafter
• Secure deletion procedures apply

13. Governing Law

Governing law shall be as specified in enterprise agreements, or otherwise determined by applicable jurisdiction.

SECTION B — PRIVACY POLICY

(Enterprise AI & Technology Services)

1. Overview

This Privacy Policy applies globally to all TruNorAI Services.

We aim to comply with:

• GDPR (EU)
• UK GDPR
• CCPA / CPRA
• PIPEDA (Canada)
• Singapore PDPA
• Hong Kong PDPO
• Japan APPI
• Other applicable privacy laws

2. Information We Process

2.1 Enterprise Customer Data

May include:

• Employee contact details
• Supplier and procurement information
• Contractual documentation
• Financial and transactional records
• Technical files

2.2 Account Information

• Name
• Business email
• Login credentials
• Role and access permissions
• Audit logs

2.3 Technical Data

• IP address
• Device identifiers
• Usage logs
• API activity

2.4 Mobile Application Data

Where mobile applications are used:

• Device identifiers
• Push notification tokens
• Crash reports
• Permission-based access (camera, storage, etc.)
• Background session data

Permissions can be managed in device settings.

3. Legal Basis for Processing (GDPR)

We process personal data based on:

• Contract performance
• Legitimate interests (security, fraud prevention)
• Legal obligations
• Consent (where required)

4. AI & Automated Processing

AI systems may analyze documents and generate structured outputs.

Human oversight is recommended for material decisions.

5. Data Sharing

We may share data with:

• Cloud infrastructure providers
• Authentication providers
• Analytics providers
• Enterprise subprocessors

All subprocessors are contractually obligated to safeguard data.

We do not sell personal information.

6. International Data Transfers

Where personal data is transferred internationally, we implement appropriate safeguards such as:

• Standard Contractual Clauses
• Adequacy mechanisms
• Contractual safeguards

7. Data Retention

We retain data:

• For the duration of contractual relationships
• As required by law
• For legitimate operational needs

Data may be anonymized or securely deleted thereafter.

8. Security Measures

We apply:

• Encryption
• Access controls
• Monitoring and logging
• Vulnerability management
• Incident response procedures

9. User Rights

EU / UK

Access, correction, deletion, restriction, portability, objection.

United States (CCPA/CPRA)

Access, deletion, correction, opt-out of sale/sharing (we do not sell data).

Canada (PIPEDA)

Access, correction, withdrawal of consent.

APAC

Rights under applicable local laws.

Requests may be directed to our Privacy Officer.

10. Data Breach Notification

In the event of a confirmed breach:

• We will investigate promptly
• Notify affected customers
• Notify regulators where required
• Provide mitigation guidance

11. Children’s Privacy

Services are not intended for minors.

12. Privacy Officer Contact

Privacy Officer

TruNorAI Consultants Ltd.

Website: https://trunorai.com

Email: privacy@trunorai.com

13. Changes to This Policy

We may update this Policy from time to time.