Terms of Service

1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("you," "your," or "User") and Rivellum LLC, a Texas limited liability company doing business as ThornGrade ("ThornGrade," "we," "us," or "our"), governing your access to and use of the ThornGrade website at thorngrade.com, scanner.thorngrade.com, and all associated subdomains, applications, services, tools, reports, APIs, and content (collectively, the "Service").

By accessing, browsing, or using the Service in any manner, including but not limited to completing an assessment, viewing results, downloading reports, making a payment, creating an account, or clicking "I agree," you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy, which is incorporated herein by reference.

IF YOU DO NOT AGREE TO ALL OF THESE TERMS, YOU MUST NOT ACCESS OR USE THE SERVICE.

If you are using the Service on behalf of a company, organization, or other entity, you represent and warrant that you have the authority to bind that entity to these Terms, and "you" and "your" shall refer to both you individually and such entity.

2. Description of Service

ThornGrade provides AI-powered security risk assessment and compliance scoring tools designed to help organizations evaluate their AI security posture. The Service includes, without limitation:

• Self-service questionnaire-based risk assessments
• Automated risk scoring and analysis
• PDF report generation with recommendations
• Google Workspace security scanning (via OAuth authorization)
• Dashboard access for viewing assessment history
• Partner and affiliate program features

We reserve the right to modify, suspend, or discontinue any part of the Service at any time, with or without notice. We shall not be liable to you or any third party for any modification, suspension, or discontinuation of the Service.

3. CRITICAL DISCLAIMERS — NOT PROFESSIONAL ADVICE

Assessment Output is generated using artificial intelligence and automated analysis based on self-reported information provided by you. It may be incomplete, inaccurate, outdated, or inapplicable to your specific situation, industry, jurisdiction, or regulatory requirements.

YOU SHOULD ALWAYS CONSULT WITH QUALIFIED SECURITY PROFESSIONALS, LEGAL COUNSEL, AND COMPLIANCE EXPERTS before making decisions based on Assessment Output. Reliance on Assessment Output is at your sole risk.

ThornGrade does not certify, attest, warrant, or guarantee that your organization is secure, compliant, or free from vulnerabilities. A high score does not mean you are secure. A low score does not mean you are necessarily at risk. Assessment Output reflects only a point-in-time snapshot based on the information you provided.

4. User Accounts and Registration

Certain features of the Service may require you to create an account. When creating an account, you agree to:

• Provide accurate, current, and complete information
• Maintain and promptly update your account information
• Maintain the security and confidentiality of your login credentials
• Accept all responsibility for activity that occurs under your account
• Notify us immediately of any unauthorized use of your account

We reserve the right to suspend or terminate your account at any time for any reason, including breach of these Terms.

5. Payments, Pricing, and Refunds

5.1 Pricing

Certain tiers of the Service require payment. Current pricing is displayed on our Pricing page. All prices are in U.S. Dollars (USD) unless otherwise stated. We reserve the right to change pricing at any time; changes will not affect previously completed purchases.

5.2 Payment Processing

Payments are processed securely through Stripe, Inc. ("Stripe"). By making a purchase, you agree to Stripe's Terms of Service. ThornGrade does not store your credit card information. All payment data is handled directly by Stripe in accordance with PCI DSS standards.

5.3 Refund Policy

Due to the digital nature of our products and the immediate delivery of Assessment Output:

• Automated assessments (Starter, Professional for Teams/Agents): All sales are final. No refunds will be issued once you begin an assessment or receive Assessment Output. If you experience a technical issue preventing delivery, contact us within 7 days for resolution or credit.
• Enterprise tier: If you are dissatisfied with Enterprise services before the analyst review is completed, you may request a refund within 14 days of purchase. After the analyst review begins, no refunds will be issued.

Chargebacks or payment disputes filed without first contacting us at legal@thorngrade.com may result in immediate account termination and collection action for any amounts owed.

5.4 Taxes

Prices do not include applicable taxes. You are responsible for all applicable sales tax, VAT, GST, or other taxes imposed by your jurisdiction. We may collect and remit taxes where legally required.

6. Google Workspace Scanner — OAuth Authorization

Our Google Workspace Security Scanner ("Scanner") requires OAuth 2.0 authorization to access certain Google Workspace data. By authorizing the Scanner:

• You grant ThornGrade read-only access to the specific Google Workspace APIs required for the scan (including but not limited to Google Drive file sharing settings, Google Admin directory information, and installed third-party application data).
• You represent and warrant that you have the authority to grant this access for the Google Workspace account being scanned.
• We will NEVER modify, delete, or write to your Google Workspace data. Access is strictly read-only.
• OAuth tokens are encrypted in transit and at rest, used solely for the duration of the scan, and are not stored permanently. You may revoke access at any time via your Google Account settings at myaccount.google.com/permissions.

By using the Scanner, you acknowledge that scan results depend on the permissions granted and the state of your Google Workspace at the time of scanning. Results may not capture all security issues.

7. Acceptable Use

You agree NOT to use the Service to:

• Violate any applicable law, regulation, or third-party rights
• Submit false, misleading, or fraudulent information in assessments
• Attempt to gain unauthorized access to the Service, other accounts, or our systems
• Reverse engineer, decompile, disassemble, or attempt to derive the source code of the Service
• Use the Service to develop a competing product or service
• Scrape, crawl, or use automated means to access the Service except through our authorized APIs
• Resell, redistribute, or commercially exploit the Service or Assessment Output without authorization under a valid partner agreement
• Misrepresent Assessment Output as a professional audit, certification, or legal opinion
• Use Assessment Output to mislead investors, regulators, customers, or other third parties about your security posture
• Introduce viruses, malware, or other harmful code
• Interfere with or disrupt the Service or servers or networks connected to the Service

Violation of this section may result in immediate termination of your access and potential legal action.

8. Intellectual Property

8.1 Our IP

The Service, including all software, algorithms, scoring methodologies, assessment frameworks, report templates, designs, text, graphics, logos, trademarks ("ThornGrade" and the ThornGrade logo), and other content, is owned by or licensed to Rivellum LLC and is protected by copyright, trademark, trade secret, and other intellectual property laws. All rights not expressly granted herein are reserved.

8.2 Your Content

You retain ownership of information and data you provide through the Service ("Your Content"). By submitting Your Content, you grant ThornGrade a non-exclusive, worldwide, royalty-free license to use, process, store, and analyze Your Content solely for the purpose of providing and improving the Service. We will not share individually identifiable assessment responses with third parties except as described in our Privacy Policy.

8.3 Assessment Output

Assessment Output generated by the Service is licensed to you for your internal business use only. You may share Assessment Output with your advisors, board members, investors, and auditors. You may NOT resell, publicly distribute, or use Assessment Output for commercial purposes without our written permission or a valid partner agreement.

8.4 Aggregated Data

We may use de-identified, aggregated data derived from your use of the Service for analytics, benchmarking, research, and improvement of the Service. Such aggregated data will not identify you or your organization.

9. Limitation of Liability

10. Disclaimer of Warranties

THE SERVICE AND ALL ASSESSMENT OUTPUT ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. THORNGRADE PARTIES SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ACCURACY.

WITHOUT LIMITING THE FOREGOING, THORNGRADE PARTIES DO NOT WARRANT THAT:

• THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE
• ASSESSMENT OUTPUT WILL BE ACCURATE, COMPLETE, RELIABLE, OR CURRENT
• THE SERVICE WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS
• ANY DEFECTS IN THE SERVICE WILL BE CORRECTED
• FOLLOWING RECOMMENDATIONS IN ASSESSMENT OUTPUT WILL PREVENT SECURITY INCIDENTS
• THE SERVICE WILL IDENTIFY ALL VULNERABILITIES, RISKS, OR COMPLIANCE GAPS

11. Indemnification

You agree to indemnify, defend, and hold harmless the ThornGrade Parties from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or relating to:

• Your use of or inability to use the Service
• Your violation of these Terms
• Your violation of any applicable law or regulation
• Your violation of any third-party rights
• Any content or data you submit to the Service
• Your reliance on Assessment Output
• Any misrepresentation of Assessment Output to third parties
• Claims by your employees, customers, or partners arising from your use of the Service

We reserve the right to assume the exclusive defense and control of any matter subject to indemnification by you, in which event you will cooperate with us in asserting any available defenses.

12. Dispute Resolution and Arbitration

12.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of law principles.

12.2 Mandatory Arbitration

ANY DISPUTE, CLAIM, OR CONTROVERSY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE SHALL BE RESOLVED BY BINDING ARBITRATION administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator in Austin, Texas, or at a location mutually agreed upon. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

12.3 Class Action Waiver

YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. You waive any right to participate in a class action lawsuit or class-wide arbitration against ThornGrade.

12.4 Exceptions

Notwithstanding the above, either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property rights. Claims within the jurisdiction of small claims court may be brought in Travis County, Texas.

12.5 Time Limitation

Any claim or cause of action arising out of or related to these Terms or the Service must be filed within ONE (1) YEAR after the claim arose, or it shall be permanently barred.

13. Affiliate and Partner Program

Participation in the ThornGrade Affiliate or Channel Partner Program is subject to separate Partner Program Terms. Key provisions include:

• Partners must accurately represent ThornGrade and its Service
• Partners may NOT make claims about compliance certification, audit equivalency, or legal advice on behalf of ThornGrade
• Commission structures, payment terms, and program rules are defined in the Partner Agreement
• ThornGrade reserves the right to modify commission rates, terminate partnerships, or claw back commissions obtained through fraud or misrepresentation
• Partners are independent contractors, not employees, agents, or representatives of ThornGrade
• White-label partners must include the disclaimer that assessments are "powered by ThornGrade" and are not professional security audits

14. Confidentiality

We treat your assessment data and responses as confidential. We will not disclose your individually identifiable assessment responses to third parties except:

• With your explicit consent
• To our service providers who need access to provide the Service (subject to confidentiality obligations)
• As required by law, regulation, or legal process
• In de-identified, aggregated form that does not identify you
• To your authorized partner, if you accessed the Service through a partner link

15. Third-Party Services

The Service integrates with or links to third-party services including Stripe (payments), Google (OAuth/Workspace scanning), Supabase (data storage), and Vercel (hosting). Your use of these third-party services is subject to their respective terms and privacy policies. ThornGrade is not responsible for the practices, content, or availability of third-party services.

16. Termination

We may terminate or suspend your access to the Service immediately, without prior notice or liability, for any reason, including breach of these Terms. Upon termination:

• Your right to use the Service ceases immediately
• We may delete your account and associated data after a reasonable retention period
• Sections 3 (Disclaimers), 8 (IP), 9 (Limitation of Liability), 10 (Warranties), 11 (Indemnification), 12 (Disputes), and 14 (Confidentiality) survive termination
• No refunds will be issued for prepaid services upon termination for cause

17. Changes to Terms

We reserve the right to modify these Terms at any time. Material changes will be communicated by posting the updated Terms on this page with a new "Last Updated" date and, where feasible, by email to registered users. Your continued use of the Service after changes become effective constitutes acceptance of the revised Terms. If you do not agree to the revised Terms, you must stop using the Service.

18. Severability

If any provision of these Terms is held to be unenforceable or invalid, such provision will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force and effect.

19. Entire Agreement

These Terms, together with the Privacy Policy and any applicable Partner Agreement, constitute the entire agreement between you and ThornGrade regarding the Service and supersede all prior agreements, understandings, and communications, whether oral or written.

20. Contact Information

For questions about these Terms, please contact: