Terms of Use

At FortaTech Security, LLC ("we," "us," or "FortaTech Security"), we believe in clear communication and want to make sure you feel confident using our Services. These Terms of Use ("Terms") outline the terms and conditions that apply when you use our Services, like BastionGPT.

By using our Services, you're entering into an agreement with us. If you're accessing our Services through your employer or another organization enrolled in a FortaTech Security licensed program, additional terms may apply as agreed between us and that organization.

Section 1: Introduction

1.1 Definitions

To keep things clear, here are some key terms we'll use throughout these Terms:

• "You" or "User": This refers to you, the individual or entity accessing or using our Services.
• "Services": All the products and services provided by FortaTech Security, including but not limited to BastionGPT and any other platforms, software, or services we offer.
• "Content": All text, information, data, graphics, images, and other material provided through the Services.
• "Account": The account you create to access certain features of the Services.
• "Applicable Data Protection Law": All laws and regulations applicable to our processing of personal data under these Terms, including those in the United States, Canada, and Australia.
• "Personal Data": Any information relating to an identified or identifiable natural person.

‍

1.2 Acceptance of Terms

By accessing or using our Services, you're agreeing to these Terms, our Privacy Policy, and any additional terms that might apply to specific Services. We encourage you to read them carefully. If there's anything you're unsure about, please feel free to reach out to us. If you don't agree with these Terms, we kindly ask that you refrain from using our Services.

1.3 Scope of Agreement

These Terms apply to all users of our Services, whether you've created an Account or not. If you're using the Services on behalf of an organization, you confirm that you have the authority to bind that organization to these Terms. Sometimes, if you're accessing the Services through your employer or another entity that has its own agreement with us, additional terms may apply.

Section 2: Use of Services

2.1 No Medical Advice, Diagnosis, or Treatment

Our Services, including BastionGPT, are provided for informational purposes only and are not a substitute for professional medical advice, diagnosis, or treatment. The Content should not be relied upon as comprehensive or as a replacement for consultation with qualified healthcare professionals. Always seek the advice of a physician or other qualified healthcare provider with any questions you may have regarding a medical condition. Do not disregard professional medical advice or delay seeking it because of something you have read in our Services.

2.2 User Responsibilities and Conduct

By using our Services, you agree to:

• Provide Accurate Information: Ensure that all information you provide is truthful, accurate, and current.
• Maintain Confidentiality: Keep your Account credentials secure and notify us immediately of any unauthorized use or security breach.
• Comply with Laws: Use the Services in accordance with all applicable laws and regulations.
• Respectful Use: Refrain from using the Services for any unlawful, harmful, or abusive purposes.
• No Interference: Do not interfere with or disrupt the operation of the Services or servers and networks connected to the Services.
• Unauthorized Access: Do not attempt to gain unauthorized access to any part of the Services, other users' accounts, or any systems or networks.

2.3 Accounts and Registration

To access certain features of our Services, you may be required to create an Account by:

• Registration: Providing a unique username, password, and other requested information.
• Account Information: Agreeing to maintain and promptly update your Account information to keep it accurate and complete.
• Responsibility: Acknowledging that you are responsible for all activities that occur under your Account.
• Security: Accepting that you are responsible for maintaining the confidentiality of your login credentials.

We reserve the right to suspend or terminate your Account if any information provided during the registration process or thereafter proves to be inaccurate, false, or misleading.

2.4 License to Use Services

Subject to your compliance with these Terms, FortaTech Security grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Services for your personal or internal business purposes. You agree not to:

• Commercial Exploitation: Sell, resell, distribute, or exploit any portion of the Services for commercial purposes.
• Modification: Modify, adapt, translate, reverse engineer, decompile, or disassemble any portion of the Services.
• Unauthorized Access: Use any manual or automated means to access the Services for any purpose other than those permitted under these Terms.
• Competitive Use: Access the Services to build a similar or competitive product or service.

2.5 Age Restrictions

Our Services are intended for users who are at least 18 years old. By accessing or using the Services, you represent and warrant that you are at least 18 years of age. If you are under 18, you must not use our Services. We do not knowingly collect personal information from individuals under 18. If we become aware that a person under 18 has provided us with personal information, we will take steps to delete such information.

Section 3: Privacy and Data Protection

3.1 Handling of Personal Information

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. For details on how we collect, use, store, and protect your personal information, please refer to our Privacy Policy, which is incorporated by reference into these Terms.

3.2 Privacy Policy Reference

Our Privacy Policy explains our practices regarding the collection, use, and disclosure of your personal information when you use our Services. By using our Services, you agree to the collection and use of information in accordance with the Privacy Policy.

3.3 Data Protection Compliance

We comply with all Applicable Data Protection Laws relevant to our processing of personal data under these Terms. This includes laws and regulations in the United States, Canada, Australia, and any other jurisdictions where we operate.

3.4 Sub-processors and Third Parties

We may engage third-party service providers ("sub-processors") to assist in providing our Services. We ensure that any sub-processors we engage are bound by contractual obligations to protect your personal data to at least the same standard as provided in these Terms and in compliance with Applicable Data Protection Laws. Our current sub-processors include:

• Microsoft Corporation: Used to process and store user data.
• Amazon Web Services, Inc.: Used to process and store user data.
• Google LLC: Used to process and store user data.

3.5 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes encryption technologies, secure data storage facilities, access controls, and regular security assessments. For more details, please see our Security Page.

3.6 Data Retention and Deletion

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Upon termination of your Account or upon your request, we will delete or anonymize your personal data, unless we are legally required to retain certain data. Specific retention periods are outlined in our Privacy Policy and Schedule 1 (Details of Processing).

3.7 Confidentiality Obligations

We maintain the confidentiality of your personal data and ensure that our employees, agents, and sub-processors who have access to your personal data are subject to strict confidentiality obligations. We will not disclose your personal data to third parties except as outlined in these Terms or our Privacy Policy.

3.8 Data Subject Rights

You have certain rights regarding your personal data under Applicable Data Protection Laws, which may include the right to access, correct, or delete your personal data, or to restrict or object to our processing of your personal data. To exercise these rights, please contact us as outlined in Section 16: Contact Information.

Section 4: Intellectual Property Rights

4.1 Ownership of Services and Content

All intellectual property rights in the Services and the Content are owned by FortaTech Security or its licensors. This includes, but is not limited to:

• Software and algorithms underlying the operation of the Services.
• Designs, text, graphics, logos, and trademarks.
• Any other proprietary content provided through the Services.

Nothing in these Terms grants you any rights to use any of our intellectual property except as expressly provided in these Terms. Unauthorized use of our intellectual property is prohibited.

4.2 User Content and Feedback

By submitting any content, feedback, suggestions, or ideas ("User Content") to us, you agree to the following:

• License Grant: You grant FortaTech Security a perpetual, irrevocable, worldwide, non-exclusive, royalty-free, fully paid-up, and sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display such User Content in any media.
• Representation and Warranty: You represent and warrant that you have all necessary rights to grant the above license and that your User Content does not violate any third-party rights, including intellectual property rights.
• Moral Rights: To the extent permitted by law, you waive any moral rights you may have in the User Content.

4.3 DMCA Notice and Copyright Policy

We respect the intellectual property rights of others and expect our users to do the same. If you believe that any content on our Services infringes your copyright, you may submit a notification pursuant to the Digital Millennium Copyright Act ("DMCA") by providing our designated agent with the following information in writing:

1. Identification of the Infringed Work: A description of the copyrighted work or other intellectual property that you claim has been infringed.
2. Identification of the Infringing Material: A description of where the material that you claim is infringing is located on the Services, including a URL or screenshot if possible.
3. Your Contact Information: Your address, telephone number, and email address.
4. Statement of Good Faith: A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law.
5. Statement of Accuracy: A statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner's behalf.
6. Signature: An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest.

Designated Agent for DMCA Notices:

Joshua Spencer
11816 Inwood Rd # 3181
Dallas, TX 75244
Email: legal@forta.tech

Upon receipt of a valid DMCA notice, we will respond promptly to remove or disable access to the allegedly infringing material.

Section 5: Third-Party Services

5.1 Access to External Services

Our Services may contain links to or allow you to access third-party websites, applications, or services ("Third-Party Services") that are not owned or controlled by FortaTech Security. These Third-Party Services are provided solely as a convenience to you and are not endorsed by us.

5.2 Third-Party Payment Processors

We may use third-party payment processors to handle payment transactions for our Services. Your use of such payment processing services is subject to the terms and conditions and privacy policies of the respective third-party payment processors. We are not responsible for any actions or omissions of such third parties.

5.3 Disclaimers Regarding Third Parties

• No Endorsement: We do not endorse, recommend, or make any representations or warranties regarding any Third-Party Services.
• User Responsibility: Your use of Third-Party Services is at your own risk, and you are responsible for reviewing and complying with any terms and conditions and privacy policies of those third parties.
• Liability: We are not liable for any loss or damage that may arise from your use of Third-Party Services, including any reliance on the content, products, or services available on or through such Third-Party Services.

5.4 Interaction with Third Parties

Any interactions, transactions, or dealings you have with third parties found on or through our Services are solely between you and the third party. You agree that FortaTech Security shall not be responsible or liable for any loss or damage of any sort incurred as a result of any such dealings.

Section 6: Disclaimers and Limitation of Liability

6.1 Disclaimers

Your use of the Services is at your sole risk. The Services are provided on an "as is" and "as available" basis, without warranties of any kind, either express or implied. To the fullest extent permissible pursuant to applicable law, FortaTech Security disclaims all warranties, express or implied, including but not limited to implied warranties of merchantability, non-infringement, and fitness for a particular purpose. We do not warrant that:

• The Services will meet your requirements.
• The Services will be uninterrupted, timely, secure, or error-free.
• The results that may be obtained from the use of the Services will be accurate or reliable.
• Any errors in the Services will be corrected.

No advice or information, whether oral or written, obtained by you from FortaTech Security or through the Services shall create any warranty not expressly stated in these Terms.

6.2 Limitation of Liability

To the maximum extent permitted by applicable law, FortaTech Security and its affiliates, officers, employees, agents, partners, and licensors ("FortaTech Security Parties") shall not be liable for any indirect, incidental, special, consequential, or exemplary damages, including but not limited to:

• Loss of profits, revenue, data, or other intangible losses.
• Damages resulting from the use or the inability to use the Services.
• Unauthorized access to or alteration of your transmissions or data.
• Statements or conduct of any third party on the Services.
• Any other matter relating to the Services.

6.3 Cap on Liability

In no event shall the total liability of the FortaTech Security Parties to you for all damages, losses, and causes of action exceed the amount you have paid to FortaTech Security in the last six (6) months, or, if greater, one hundred U.S. dollars (USD $100).

6.4 Indemnification

You agree to indemnify, defend, and hold harmless the FortaTech Security Parties from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from or relating to:

• Your use of the Services.
• Your violation of these Terms.
• Your violation of any rights of another party, including other users.
• Your violation of any applicable laws, rules, or regulations.

FortaTech Security reserves the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of these claims.

Section 7: Modifications and Updates

7.1 Changes to Terms and Services

FortaTech Security reserves the right to modify these Terms at any time. If we make material changes to these Terms, we will notify you by:

• Updating the "Effective Date" at the top of these Terms.
• Providing notice through the Services or by other means, such as email if you have provided it to us.

Your continued use of the Services after the effective date of the revised Terms constitutes your acceptance of the revised Terms. If you do not agree to the new Terms, you must stop using the Services.

7.2 Modification of Services

We reserve the right to modify, suspend, or discontinue, temporarily or permanently, the Services or any part thereof, with or without notice. You agree that FortaTech Security shall not be liable to you or any third party for any modification, suspension, or discontinuance of the Services.

Section 8: Termination

8.1 Term and Termination

These Terms will remain in full force and effect while you use the Services. We may suspend or terminate your rights to use the Services (including your Account) at any time for any reason at our sole discretion, including for any use of the Services in violation of these Terms. Upon termination of your rights under these Terms, your Account and right to access and use the Services will terminate immediately.

8.2 Effect of Termination

Upon termination:

• You must cease all use of the Services and delete any copies of the Services or Content in your possession.
• Any provisions of these Terms that by their nature should survive termination shall survive, including but not limited to ownership provisions, warranty disclaimers, indemnity, and limitations of liability.

We shall not be liable to you or any third party for any termination of your access to the Services.

Section 9: Dispute Resolution and Governing Law

9.1 Governing Law

These Terms and any dispute or claim arising out of or relating to these Terms or the Services shall be governed by and construed in accordance with the laws of the State of Texas, United States, without regard to its conflict of law provisions.

9.2 Informal Dispute Resolution

Before initiating any legal proceedings, you agree to attempt to resolve any dispute informally by contacting FortaTech Security at legal@forta.tech. We will attempt to resolve the dispute informally by contacting you via email or other means. If a dispute is not resolved within thirty (30) days of submission, either party may proceed to formal proceedings.

9.3 Arbitration Agreement

You agree that any dispute or claim arising out of or in connection with your use of the Services or these Terms shall be resolved by binding arbitration, rather than in court, except for matters that may be taken to small claims court or for equitable relief in relation to intellectual property rights.

• Arbitration Rules: The arbitration will be conducted by the American Arbitration Association ("AAA") under its rules, including the AAA's Consumer Arbitration Rules.
• Arbitration Location: The arbitration shall take place in Dallas County, Texas, or at another mutually agreed location.
• Arbitrator's Authority: The arbitrator has the authority to grant any remedy that would otherwise be available in court.
• Final and Binding: The arbitrator's award shall be final and binding on all parties.

9.4 Class Action Waiver

All claims and disputes within the scope of this arbitration agreement must be arbitrated on an individual basis and not on a class, collective, or representative basis. You agree not to participate in a class action, a class-wide arbitration, claims brought in a private attorney general or representative capacity, or consolidated claims involving any other person's use of the Services.

9.5 Opt-Out Procedure

You may opt out of this arbitration agreement by sending a written notice of your decision to opt out to:

FortaTech Security Legal
11816 Inwood Rd # 3181
Dallas, TX 75244
Email: legal@forta.tech

Your opt-out notice must be postmarked or emailed no later than thirty (30) days after the date you first accept these Terms. If you opt out of arbitration, all other parts of these Terms will continue to apply to you.

9.6 Venue

If any claim proceeds in court rather than in arbitration, for any reason, you agree that such claim will be brought exclusively in the federal or state courts located in Dallas County, Texas. You and FortaTech Security consent to the jurisdiction of and venue in such courts and waive any objection as to inconvenient forum.

Section 10: General Provisions

10.1 Severability

If any provision of these Terms is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions of these Terms shall remain in full force and effect.

10.2 Entire Agreement

These Terms, along with our Privacy Policy and any additional terms to which you agree when using specific features of the Services, constitute the entire agreement between you and FortaTech Security regarding the use of the Services. They supersede all prior or contemporaneous agreements, communications, and proposals, whether oral or written, between you and us.

10.3 Assignment

You may not assign, transfer, or delegate any of your rights or obligations under these Terms without our prior written consent. Any attempted assignment or delegation without such consent will be null and void. FortaTech Security may freely assign or transfer these Terms without restriction.

10.4 Force Majeure

We shall not be liable for any failure or delay in performing our obligations under these Terms due to circumstances beyond our reasonable control. Such circumstances include, but are not limited to, acts of God, natural disasters, war, terrorism, civil unrest, governmental actions, labor disputes, and failures of public utilities or communications networks.

10.5 Notices and Electronic Communications

By using our Services, you consent to receive electronic communications from us. These communications may include notices about your Account, legal notices, and other information concerning or related to the Services. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that such communications be in writing.

10.6 Waiver

Our failure to enforce any right or provision of these Terms shall not be deemed a waiver of such right or provision. A waiver must be in writing and signed by an authorized representative of FortaTech Security to be effective.

10.7 Conflict of Terms

In the event of any conflict or inconsistency between these Terms and any other agreement you may have with FortaTech Security, the terms of that other agreement will prevail if it expressly states that it overrides these Terms with respect to the specific subject matter.

Section 11: Jurisdiction-Specific Terms

These jurisdiction-specific terms apply to users located in certain regions and are in addition to the terms set forth elsewhere in these Terms. In case of any conflict between this Section and the rest of these Terms, this Section will prevail with respect to users in the applicable jurisdictions.

11.1 United States

• California Residents

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information. These rights include the right to know about the personal information we collect, use, disclose, and sell, and the right to access and delete your personal information. For more information, please refer to our Privacy Policy.

11.2 Canada

• Data Protection Compliance

We comply with the Federal Personal Information Protection and Electronic Documents Act (PIPEDA) concerning the collection, use, and disclosure of personal information from individuals in Canada. You have the right to access your personal information and request corrections if necessary. For more details, please see our Privacy Policy and Canada Data Protection Agreement (DPA).

11.3 Australia

• Privacy Act Compliance

We adhere to the Australian Privacy Principles and the Privacy Act 1988 (Cth) in relation to the handling of personal information from individuals in Australia. You have the right to access and correct your personal information. For more information, please refer to our Privacy Policy.

Section 12: Service Level Agreement (SLA)

12.1 Uptime Commitment

FortaTech Security is committed to providing a reliable and high-quality service. We offer a Service Level Agreement ("SLA") for the BastionGPT chatbot service, guaranteeing 99.9% uptime calculated on a monthly basis.

12.2 Downtime and Service Credits

If the uptime of BastionGPT falls below the 99.9% threshold in a given month, you may be eligible for a service credit or refund. The service credit will be calculated as follows:

• For each full or partial hour of downtime beyond the agreed SLA, you will receive a credit of 5% of your monthly Service fee, up to a maximum of 100% of your monthly Service fee.

Service credits will be applied against future payments owed by you and are non-transferable. They cannot be exchanged for cash or other forms of credit.

12.3 Exclusions

The SLA does not account for any downtime caused by circumstances beyond our reasonable control, including but not limited to:

• Acts of God, natural disasters, war, terrorism, civil unrest.
• Acts of government, strikes, or other labor problems not involving our employees.
• Internet service provider failures or delays.
• Scheduled maintenance or upgrades.

12.4 Claim Procedure

To receive a service credit, you must submit a written request to us within thirty (30) days from the time the service issue occurred. Your request should include:

• Your name and account information.
• Dates and times of the downtime.
• Any relevant logs or documentation that evidence the downtime.

Please send your claim to:

FortaTech Security
11816 Inwood Rd # 3181
Dallas, TX 75244
Email: hello@forta.tech

Unless otherwise provided in the Agreement, the service credit described in this section is your sole and exclusive remedy for any unavailability or non-performance of the Services.

Section 13: HIPAA Business Associate Agreement

If you are a "covered entity" or a "business associate" and include "protected health information" ("PHI") in data provided to FortaTech Security, as those terms are defined under the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), the following terms apply:

13.1 Execution of BAA

By using our Services and providing PHI, you agree to the terms of our HIPAA Business Associate Agreement ("BAA"), which is incorporated into these Terms by reference. The full text of the BAA is available at https://forta.tech/HIPAA-BAA.pdf.

13.2 Opt-Out Procedure

If you wish to opt out of the BAA, you must send a written notice including your full legal name and any affiliated entities to:

FortaTech Security
11816 Inwood Rd # 3181
Dallas, TX 75244
Email: legal@forta.tech

Your opt-out notice must be received before you provide any PHI to us. By opting out, you acknowledge that you are responsible for ensuring that no PHI is transmitted to or through our Services.

13.3 Compliance with HIPAA

We agree to comply with all applicable requirements of HIPAA concerning the use and disclosure of PHI. You are responsible for obtaining any necessary consents or authorizations from individuals whose PHI you disclose to us and for ensuring that your use of the Services complies with HIPAA.

Section 14: FERPA Compliance

14.1 Compliance with FERPA

FortaTech Security is committed to complying with the Family Educational Rights and Privacy Act of 1974, as amended ("FERPA"), concerning the access to and handling of students' educational records.

14.2 Access Limitation

We will limit our employees' access to students' educational records to those individuals who need access to perform the Services. Access is granted on a need-to-know basis, ensuring that only authorized personnel can access sensitive educational information.

14.3 Use and Disclosure of Educational Records

We will not use or disclose students' educational records for any purpose other than as necessary to provide the Services or as required by law. We will not share these records with third parties except as permitted under FERPA and as necessary to perform the Services.

14.4 Safeguards

We will maintain appropriate administrative, physical, and technical safeguards to protect the confidentiality and integrity of students' educational records. These measures are designed to prevent unauthorized access, disclosure, alteration, and destruction of educational records in compliance with FERPA.

14.5 Compliance Assurance

We will ensure that all our employees and agents who have access to students' educational records receive training on FERPA compliance and understand their responsibilities under the law.

Section 15: Technical and Organizational Security Measures

15.1 Security Program Overview

FortaTech Security has implemented a comprehensive security program designed to protect the confidentiality, integrity, and availability of your personal data. Our security measures are aligned with industry best practices and are regularly reviewed and updated to address emerging threats and vulnerabilities.

15.2 Encryption

• Data in Transit: We use secure protocols (such as TLS 1.2 or higher) to encrypt personal data transmitted over public networks, ensuring that data remains confidential and tamper-proof during transmission.
• Data at Rest: Personal data stored on our servers is encrypted using strong encryption algorithms like AES-256, providing an additional layer of security against unauthorized access.

15.3 Access Controls

• User Authentication: Access to systems containing personal data requires robust authentication mechanisms, including the use of unique usernames and complex passwords. Multi-factor authentication (MFA) is implemented for administrative access.
• Access Authorization: Access rights are granted based on the principle of least privilege, ensuring that employees have access only to the data necessary to perform their job functions.
• Account Management: We have procedures in place for the creation, management, and termination of user accounts to prevent unauthorized access.

15.4 Monitoring and Logging

• System Monitoring: Our systems are continuously monitored to detect and respond to security incidents promptly.
• Activity Logging: Access to personal data is logged, and logs are regularly reviewed for suspicious activities or unauthorized access attempts.
• Incident Response: We have an incident response plan that outlines the procedures for handling security incidents, including detection, containment, eradication, recovery, and reporting.

15.5 Physical Security

Our data centers and facilities where personal data is processed are secured with physical controls, such as access badges, biometric scanners, surveillance cameras, and security personnel, to prevent unauthorized physical access.

15.6 Data Backup and Recovery

• Regular Backups: We perform regular backups of critical systems and data to prevent data loss.
• Disaster Recovery Plan: A disaster recovery plan is in place to ensure business continuity and rapid recovery in the event of a significant disruption or disaster.

15.7 Employee Training and Awareness

All employees undergo regular training on data privacy, security policies, and procedures to ensure they understand their responsibilities in protecting personal data.

15.8 Sub-Processor Security Measures

We require all sub-processors to implement security measures that meet or exceed the standards outlined in these Terms. We conduct due diligence on sub-processors to verify their compliance with our security requirements.

15.9 Compliance and Certifications

We regularly assess our security controls and may obtain relevant security certifications or undergo third-party audits to demonstrate our commitment to data protection.

Section 16: Contact Information

If you have any questions, concerns, or comments regarding these Terms, our Privacy Policy, or any other aspect of our Services, please feel free to contact us using the information below:

FortaTech Security, LLC

• Mailing Address:

FortaTech Security Legal
11816 Inwood Rd # 3181
Dallas, TX 75244
United States

• Email: legal@forta.tech
• Website: https://forta.tech

Customer Support

For general inquiries or technical support, please visit our Contact page where you can find answers to frequently asked questions and submit support requests.