Search My Data ← Back to home

SEARCH MY DATA — TERMS OF SERVICE

Effective Date: [TO BE SET ON LAUNCH] Last Updated: [TO BE SET ON LAUNCH] Legal Entity: Brightstead Technologies, Inc., a Delaware corporation (“Brightstead,” “Search My Data,” “we,” “us,” or “our”)

DRAFTING NOTE FOR JASON AUFDERMAUR (Wyatt & Aufdermaur):

This is a sophisticated starting draft modeled on the structure that a top-tier firm (Skadden, Wilson Sonsini, Cooley) would produce for a sovereign-data SaaS product. It draws on patterns from Notion, Linear, Vercel, Anthropic, and 1Password ToS as comparable enterprise/privacy-focused offerings.

Critical sections requiring focused review (search for [REVIEW] tags):

  1. Section 4 (Data Encryption and Sovereignty) — the “we cannot decrypt your data” language is novel and creates legal exposure if not carefully calibrated. We must distinguish convenience mode (technically we could brute-force) from zero-knowledge mode (we genuinely cannot).

  2. Section 5 (Subprocessors) — RunPod, Vercel, Cloudflare, Stripe, Resend disclosure. Defense Production Act / CLOUD Act exposure should be addressed.

  3. Section 6 (No AI Training) — explicit anti-training commitments. We must verify every subprocessor’s commitments match before signing this clause.

  4. Section 9 (Limitation of Liability) — standard but the cap should be calibrated to our pricing tiers and insurance.

  5. Section 11 (Indemnification) — mutual indemnification for IP claims; protective for both parties given our deterministic AI claims.

  6. Section 14 (Compliance) — HIPAA BAA reference (separate doc), GDPR/CCPA basics, SOC 2 trajectory.

  7. Section 18 (Dispute Resolution) — arbitration clause needs Texas vs. Delaware decision. Recommended Delaware given C-Corp formation.

Items marked [REVIEW] are highest risk. Items marked [CONFIRM] are factual statements that need Sam’s confirmation. Items marked [TBD] need a decision before launch.

1. Acceptance of Terms

These Terms of Service (“Terms”) constitute a legally binding agreement between you (“Customer,” “you,” or “your”) and Brightstead Technologies, Inc. (“Brightstead”) governing your access to and use of the Search My Data service, including the website at searchmydata.com, the application at app.searchmydata.com, the application programming interfaces, the Sovereign Drive and Sovereign Bundle hardware products, and any related services (collectively, the “Service”).

By accessing or using the Service, by clicking “I agree” or a similar acknowledgment, by signing an order form referencing these Terms, or by otherwise indicating your acceptance, you represent and warrant that: (a) you have the authority to bind yourself or the entity you represent to these Terms; (b) you are at least eighteen (18) years of age or the age of majority in your jurisdiction, whichever is greater; and (c) your use of the Service complies with all applicable laws.

If you do not agree to these Terms, you may not access or use the Service.

If you are accepting these Terms on behalf of an organization (an “Organization”), you represent that you have legal authority to bind that Organization. In that case, “Customer,” “you,” and “your” refer to the Organization.

2. Definitions

“Account” means the registered account through which you access the Service.

“Customer Content” means all data, documents, files, queries, search results, communications, and other materials you upload to, generate within, or transmit through the Service.

“Encrypted Vault” refers to optional remote backup service offered by Brightstead.

“Sovereign Cloud” means the SaaS offering hosted on Brightstead-controlled infrastructure.

“Sovereign Drive” means the encrypted hardware drive product shipped by Brightstead.

“Sovereign Bundle” means the combined hardware offering including a pre-configured Mac server and Sovereign Drive.

“Subprocessor” means a third party engaged by Brightstead to process Customer Content on its behalf.

“Documentation” means the user guides, help materials, and other documentation made available by Brightstead at docs.searchmydata.com or otherwise.

“Order Form” means a written or electronic ordering document signed by both parties that references these Terms.

“User” means an individual authorized by Customer to use the Service under Customer’s Account.

3. The Service

3.1 General Description

The Service provides AI-powered document search, including: (a) document upload, ingestion, and indexing; (b) vector embedding generation; (c) deterministic verified question-answering powered by the ZH Standard verification engine; (d) audit logging; and (e) related administrative and billing functions.

3.2 Plan Tiers

The Service is offered in tiers (“Plans”) including Solo, Team, Practice, Firm, and Enterprise, plus Sovereign Drive and Sovereign Bundle hardware offerings. Specifications and pricing for each Plan are described at searchmydata.com/pricing or in an Order Form.

3.3 Beta and Early Access Features

We may offer features designated as “beta,” “alpha,” “early access,” or “preview” (collectively, “Beta Features”). Beta Features are provided “AS IS,” may be modified or discontinued at any time, and are excluded from any service-level commitments. You acknowledge that Beta Features may contain bugs, errors, or unexpected behavior.

3.4 Service Modifications

We may modify, update, or discontinue the Service or any feature thereof. We will provide reasonable notice of material adverse changes to paid Customers via email or in-product notification.

3.5 No Reliance for Critical Decisions [REVIEW]

The Service produces deterministic answers verified against your documents. While we believe these answers are highly accurate, you acknowledge that no AI system is infallible and the Service is not a substitute for professional advice. You should not rely solely on Service output for medical, legal, financial, regulatory, or other consequential decisions without independent verification by qualified professionals.

4. Data Encryption and Sovereignty [REVIEW — entire section]

4.1 Encryption Modes

The Service offers two encryption modes:

(a) Convenience Mode (Default). Customer Content is encrypted at rest using AES-256-GCM. Encryption keys are derived from your password via Argon2id and a server-side pepper. Brightstead retains the technical capability to assist with password recovery through email-based reset flows. Convenience Mode provides industry-standard SaaS encryption.

(b) Zero-Knowledge Mode (Opt-In). Encryption keys are derived in your browser from a passphrase that is never transmitted to Brightstead. Brightstead receives and stores only encrypted bytes. In Zero-Knowledge Mode, Brightstead does not have the technical capability to decrypt your Customer Content, reset your passphrase, or recover your data without your passphrase or recovery phrase.

4.2 Customer Responsibility for Keys

In Zero-Knowledge Mode:

  1. You are solely responsible for safeguarding your passphrase and recovery phrase.

  2. You acknowledge that loss of both your passphrase and recovery phrase will result in permanent and irreversible loss of your Customer Content. Brightstead cannot and will not recover such Customer Content.

  3. You agree that Brightstead’s inability to decrypt Customer Content in Zero-Knowledge Mode is a feature, not a defect, and is essential to the sovereignty guarantees of the Service.

  4. During onboarding, you must complete an explicit acknowledgment of the foregoing.

4.3 Encryption in Transit

All transmissions between your devices and Brightstead infrastructure use TLS 1.3 or equivalent. Communications between Brightstead infrastructure and Subprocessors providing inference compute use mutual TLS (mTLS) with certificate pinning where technically applicable.

4.4 Where Customer Content Resides

  1. Persistent Customer Content (documents, embeddings, audit logs, and account data) resides on Brightstead-controlled infrastructure (“Sovereign Rail”) located in the United States. [CONFIRM: Texas data center / location TBD]

  2. Inference Compute (the transient processing of queries and chunks to produce answers) is performed on Sovereign Rail by default. When Sovereign Rail capacity is exceeded, inference may be routed to dedicated GPU pods provisioned through our Subprocessor RunPod, Inc. (“RunPod”). RunPod inference pods are network-locked, use ephemeral storage only, and clear memory between requests. RunPod sees only transient query content and retrieved chunks for the duration of a single request; it does not store or have persistent access to Customer Content, account data, or audit logs.

  3. Sovereign-Only Mode is available as a premium service tier in which 100% of inference compute is performed on Sovereign Rail and never routed to third-party GPU pods. Sovereign-Only Mode may result in slower response times during peak demand.

4.5 Hardware Products (Sovereign Drive and Sovereign Bundle)

For Customers using Sovereign Drive or Sovereign Bundle hardware products:

  1. Customer Content stored on the hardware is encrypted at rest using hardware-level AES-256 encryption.

  2. Customer Content does not transmit to Brightstead infrastructure during ordinary operation.

  3. Brightstead may receive limited operational telemetry (system health, version, error counts) — never Customer Content — solely to provide support and updates. Telemetry is open-source and auditable. [CONFIRM]

  4. Customers may opt out of telemetry by configuring the device for fully air-gapped operation.

5. Subprocessors [REVIEW]

5.1 Engagement of Subprocessors

We engage Subprocessors to provide certain functions of the Service. Each Subprocessor is bound by data protection terms substantially as protective as those in these Terms.

5.2 Current Subprocessors

Subprocessor Function Location
RunPod, Inc. Burst GPU compute for inference United States [CONFIRM specific data center commitments]
Vercel, Inc. Frontend hosting United States
Cloudflare, Inc. Edge ingress and DDoS protection Global; primary US
Stripe, Inc. Payment processing United States
Resend Labs, Inc. Transactional email United States
Functional Software, Inc. (Sentry) Error tracking United States
Apple Inc. (for hardware procurement) Hardware sourcing for Sovereign Bundle United States

A current list of Subprocessors is maintained at searchmydata.com/subprocessors.

5.3 Notice of New Subprocessors

We will provide at least thirty (30) days’ notice before engaging a new Subprocessor that processes Customer Content. Customer may object to a new Subprocessor in good faith for material data protection reasons within fifteen (15) days of notice; we will attempt to make commercially reasonable accommodations or, if no accommodation is possible, Customer may terminate affected services with pro-rata refund.

5.4 CLOUD Act and Government Requests [REVIEW]

We are a United States entity subject to United States law, including the Stored Communications Act and the Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”). In Zero-Knowledge Mode, our technical inability to decrypt Customer Content materially limits the scope of any data we could produce in response to a lawful request. We will:

  1. Notify affected Customers of any government request for Customer Content unless prohibited by law;

  2. Challenge requests we believe are overbroad, unlawful, or violate our customers’ rights;

  3. Disclose only the minimum data legally required;

  4. Publish an annual transparency report regarding government requests received. [CONFIRM commitment]

6. No AI Training on Customer Content [REVIEW]

Brightstead does not, and will not without your explicit prior written consent: (a) use Customer Content to train, improve, or fine-tune any artificial intelligence model; (b) sell, rent, or share Customer Content with third parties for advertising, marketing, model training, or any commercial purpose unrelated to providing the Service to you; or (c) permit any Subprocessor to use Customer Content for any purpose other than providing services to Brightstead under contract.

The deterministic reasoning models and embedding models used by the Service are pre-trained on publicly available data sources before deployment. Customer Content is processed at inference time only and is not retained for model improvement. [CONFIRM with each Subprocessor’s commitment]

7. Customer Obligations

7.1 Account Security

You are responsible for maintaining the confidentiality of your Account credentials and for all activities under your Account. You must notify us immediately of any unauthorized access. You are solely responsible for safeguarding your encryption passphrase and recovery phrase, particularly in Zero-Knowledge Mode.

7.2 Acceptable Use

You agree not to: (a) use the Service in violation of applicable law; (b) upload Customer Content that infringes third-party rights or that you are not authorized to upload; (c) attempt to circumvent technical access controls or rate limits; (d) reverse engineer, decompile, or disassemble the Service except as permitted by law; (e) use the Service to develop a competing product; (f) upload malware, viruses, or other harmful code; or (g) use the Service to violate the privacy or security of any individual.

7.3 Customer Content Compliance

You represent and warrant that you have all necessary rights, consents, and permissions to upload Customer Content to the Service, and that your upload and use of Customer Content does not violate any law or third-party right.

7.4 Special Categories of Data

If you upload Customer Content containing protected health information (“PHI”) subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), you must execute a separate Business Associate Agreement (“BAA”) with Brightstead before uploading such PHI. If you upload Customer Content containing payment card data subject to PCI-DSS, you must obtain prior written approval from Brightstead. We do not authorize the upload of classified information or controlled defense information without a separately executed agreement specifying additional safeguards. [REVIEW — CUI/ITAR provisions]

7.5 No Automated Scraping or Resale

You may not use the Service to provide a substantially similar service to third parties without a separate written agreement with Brightstead.

8. Fees and Payment

8.1 Subscription Fees

Subscription fees are payable in advance per the Plan you select. Monthly subscriptions auto-renew monthly; annual subscriptions auto-renew annually. You may cancel via the billing portal at any time; cancellation takes effect at the end of the current billing period.

8.2 Hardware Fees

Sovereign Drive and Sovereign Bundle hardware fees are payable in full upon order. Hardware orders are non-refundable once the unit has been provisioned and shipped, except for verified manufacturing defects.

8.3 Trial Periods

Free trials of fourteen (14) days are offered for Sovereign Cloud Plans. Trial accounts may be subject to feature limitations. We may revoke trial access for abuse or violation of these Terms.

8.4 Taxes

Fees do not include taxes, levies, duties, or similar governmental assessments, including value-added, sales, use, or withholding taxes (collectively, “Taxes”). You are responsible for paying all Taxes associated with your purchases.

8.5 Late Payment

Fees not paid when due may accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law, plus all reasonable collection costs.

8.6 Suspension for Non-Payment

We may suspend access to the Service for non-payment after at least ten (10) days’ written notice. Customer Content remains stored during suspension but inaccessible until payment is resolved.

9. Limitation of Liability [REVIEW]

9.1 Disclaimer of Warranties

EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE.” BRIGHTSTEAD DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF SECURITY BREACHES.

9.2 Limitation of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL BRIGHTSTEAD’S AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE EXCEED THE GREATER OF (A) THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO BRIGHTSTEAD UNDER THESE TERMS DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100.00).

9.3 Exclusion of Indirect Damages

IN NO EVENT WILL BRIGHTSTEAD BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, REGARDLESS OF THE CAUSE AND WHETHER ARISING IN CONTRACT, TORT, OR ANY OTHER LEGAL THEORY, AND EVEN IF BRIGHTSTEAD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9.4 Customer Content Loss [REVIEW]

WITHOUT LIMITING THE FOREGOING, BRIGHTSTEAD IS NOT LIABLE FOR LOSS OF CUSTOMER CONTENT RESULTING FROM: (A) CUSTOMER’S LOSS OF ENCRYPTION PASSPHRASE OR RECOVERY PHRASE IN ZERO-KNOWLEDGE MODE; (B) CUSTOMER’S DELETION OF CONTENT; (C) THIRD-PARTY UNAUTHORIZED ACCESS RESULTING FROM COMPROMISED CUSTOMER CREDENTIALS; OR (D) HARDWARE LOSS, THEFT, OR DESTRUCTION FOR SOVEREIGN DRIVE AND SOVEREIGN BUNDLE PRODUCTS.

9.5 Essential Basis

THE LIMITATIONS IN THIS SECTION 9 ARE A FUNDAMENTAL BASIS OF THE BARGAIN BETWEEN THE PARTIES AND APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

10. Term and Termination

10.1 Term

These Terms commence on the Effective Date and continue until terminated as set forth herein.

10.2 Termination for Convenience

Either party may terminate these Terms for convenience at the end of the then-current subscription period by canceling through the billing portal or providing thirty (30) days’ written notice for annual subscriptions.

10.3 Termination for Cause

Either party may terminate these Terms immediately upon written notice if the other party: (a) materially breaches these Terms and fails to cure within thirty (30) days of notice; (b) becomes insolvent or files for bankruptcy; or (c) ceases its business operations.

10.4 Effect of Termination

Upon termination: (a) Customer’s access to the Service ceases; (b) Customer may export Customer Content for thirty (30) days following termination via the export tools provided in the Service; (c) after the export period, Brightstead will permanently delete Customer Content from active systems within ninety (90) days, except as required by law or for backup retention as described in our Privacy Policy; (d) all accrued fees become immediately due.

10.5 Surviving Sections

Sections 4 (Data Encryption and Sovereignty, with respect to surviving obligations), 7 (Customer Obligations, with respect to past acts), 9 (Limitation of Liability), 10.4 (Effect of Termination), 11 (Indemnification), 12 (Confidentiality), 17 (Governing Law), and 18 (Dispute Resolution) survive termination.

11. Indemnification [REVIEW]

11.1 Brightstead Indemnification

We will defend Customer against any third-party claim alleging that the Service, as provided by us and used in accordance with these Terms, infringes a valid United States patent, copyright, or trademark, and we will pay damages finally awarded against Customer or agreed to in settlement; provided that Customer (a) promptly notifies us of the claim in writing, (b) gives us sole control over the defense and settlement, and (c) provides reasonable cooperation. If the Service becomes, or in our opinion is likely to become, the subject of an infringement claim, we may at our option: (i) procure for Customer the right to continue using the Service; (ii) modify the Service to make it non-infringing; or (iii) terminate the affected Service and refund any prepaid fees for the unused portion of the term.

11.2 Customer Indemnification

Customer will defend Brightstead, its affiliates, and their respective officers, directors, employees, and agents against any third-party claim arising out of or related to: (a) Customer Content (including claims of infringement, defamation, or violation of privacy); (b) Customer’s violation of these Terms; (c) Customer’s violation of applicable law; or (d) Customer’s gross negligence or willful misconduct. Customer will pay damages finally awarded against Brightstead or agreed in settlement.

11.3 Exclusions

The Brightstead indemnification in Section 11.1 does not apply to claims arising from: (a) Customer Content; (b) Customer’s modification of the Service; (c) Customer’s combination of the Service with third-party products not authorized by Brightstead; or (d) use of the Service in violation of these Terms.

12. Confidentiality

12.1 Confidential Information

Each party may have access to confidential information of the other party (“Confidential Information”), which includes information disclosed in writing, orally, or visually, that is identified as confidential or that should reasonably be understood as confidential given its nature. Customer Content is Customer’s Confidential Information.

12.2 Obligations

The receiving party will: (a) use Confidential Information only to perform its obligations or exercise its rights under these Terms; (b) protect Confidential Information with the same degree of care it uses for its own confidential information of like importance, but in no event less than reasonable care; and (c) not disclose Confidential Information to third parties except as expressly permitted in these Terms.

12.3 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available without breach; (b) was known to the receiving party prior to disclosure; (c) is independently developed; or (d) is rightfully received from a third party without confidentiality obligation.

12.4 Required Disclosure

The receiving party may disclose Confidential Information if required by law, provided it gives the disclosing party reasonable advance notice (where legally permitted) and cooperates with efforts to seek a protective order.

13. Intellectual Property

13.1 Brightstead IP

The Service, including all software, design, content, and underlying technology (including ZH Standard, ZH-Embeddings, and patent-pending innovations), is the property of Brightstead and its licensors and is protected by intellectual property laws. We grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service per these Terms.

13.2 Customer Content

You retain all ownership rights in Customer Content. You grant Brightstead a non-exclusive, worldwide, royalty-free license to use, reproduce, transmit, and process Customer Content solely as necessary to provide the Service to you. This license terminates when Customer Content is deleted from the Service.

13.3 Feedback

If you provide feedback, suggestions, or feature requests (“Feedback”), you grant Brightstead an unlimited, irrevocable, royalty-free license to use such Feedback for any purpose. Feedback is provided voluntarily and is not Confidential Information.

13.4 Patent-Pending Technologies

The Service incorporates patent-pending technologies including the ZH-Embeddings module and the ZH Standard verification framework. References to “patent-pending” reflect filings as of the Effective Date and do not constitute a warranty of patent issuance.

14. Compliance and Certifications [REVIEW]

14.1 Privacy

Our Privacy Policy at searchmydata.com/privacy describes how we collect, use, and protect personal information.

14.2 GDPR

For Customers subject to the European Union General Data Protection Regulation, the Data Processing Addendum at searchmydata.com/dpa is incorporated by reference. [TBD: Draft DPA]

14.3 CCPA / CPRA

We comply with applicable California Consumer Privacy Act / California Privacy Rights Act requirements. California residents may exercise rights as described in our Privacy Policy.

14.4 HIPAA

A Business Associate Agreement is available for Customers handling Protected Health Information. Contact hello@searchmydata.com to request the BAA template. [TBD: Draft BAA]

14.5 SOC 2

[CONFIRM: Are we committing to SOC 2 Type I within 12 months / Type II within 18 months? This is a typical commitment; pull only if Sam wants to make this a public claim.]

14.6 Export Controls

The Service is subject to U.S. export control laws. You may not access the Service if you are located in or are a national of any country subject to comprehensive U.S. trade sanctions (currently including Cuba, Iran, North Korea, Syria, and the Crimea/Donetsk/Luhansk regions of Ukraine), or if you are listed on any U.S. government denied-party list.

15. Service Levels [REVIEW]

15.1 Uptime Target

We target 99.5% monthly uptime for Sovereign Cloud, measured at the API endpoint, excluding scheduled maintenance and force majeure events. [CONFIRM]

15.2 Maintenance

Scheduled maintenance windows are communicated at least seventy-two (72) hours in advance via the status page at status.searchmydata.com.

15.3 No SLA Commitments for Trial / Free Tiers

Service-level commitments do not apply to trial accounts, beta features, or any unpaid usage.

15.4 Enterprise SLAs

Enterprise Plans may include written SLA commitments in the Order Form, which supersede this Section 15.

16. Force Majeure

Neither party is liable for any failure or delay in performance due to causes beyond its reasonable control, including acts of God, war, terrorism, civil unrest, government action, pandemic, internet outages, denial-of-service attacks, or third-party infrastructure failures. The affected party will use commercially reasonable efforts to resume performance.

17. Governing Law [REVIEW]

These Terms are governed by the laws of the State of Delaware, without regard to conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

18. Dispute Resolution [REVIEW]

18.1 Informal Resolution

Before initiating any formal proceeding, the parties agree to attempt good-faith resolution through direct discussion for at least thirty (30) days following written notice of the dispute.

18.2 Arbitration

Any dispute not resolved through informal resolution will be settled by binding arbitration administered by JAMS under its Comprehensive Arbitration Rules. Arbitration will occur in Wilmington, Delaware. The arbitrator’s award is final and may be entered in any court of competent jurisdiction.

18.3 Exceptions

Notwithstanding Section 18.2: (a) either party may seek injunctive or other equitable relief in court for matters involving intellectual property, confidentiality, or unauthorized access; (b) Customer may bring qualifying claims in small claims court.

18.4 Class Action Waiver

THE PARTIES AGREE TO BRING DISPUTES ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING. The arbitrator may not consolidate claims or preside over class proceedings.

19. General Provisions

19.1 Assignment

Customer may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, sale of assets, or by operation of law without notice.

19.2 Entire Agreement

These Terms, together with any Order Form, the Privacy Policy, the DPA (if applicable), the BAA (if applicable), and any incorporated documents, constitute the entire agreement between the parties and supersede all prior agreements regarding the subject matter.

19.3 Order of Precedence

In case of conflict: (a) Order Form prevails over these Terms; (b) DPA / BAA prevails over these Terms with respect to data protection; (c) these Terms prevail over Documentation.

19.4 No Waiver

A waiver of any provision is effective only if in writing and signed by the waiving party. No failure or delay constitutes a waiver.

19.5 Severability

If any provision is held unenforceable, the remaining provisions remain in effect, and the unenforceable provision will be replaced by an enforceable provision closest to the parties’ original intent.

19.6 Notices

Notices to Brightstead must be sent to legal@searchmydata.com or to Brightstead Technologies, Inc., [ADDRESS TBD], Attn: Legal. Notices to Customer may be sent to the email address associated with the Account.

19.7 Independent Contractors

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship.

19.8 No Third-Party Beneficiaries

Except as expressly provided, these Terms do not confer any rights on third parties.

19.9 Modifications

We may modify these Terms by posting an updated version. Material adverse modifications take effect thirty (30) days after notice for paid Customers. Continued use of the Service after the effective date constitutes acceptance.

19.10 Headings

Section headings are for convenience and do not affect interpretation.

Contact

Brightstead Technologies, Inc. [ADDRESS TBD] hello@searchmydata.com legal@searchmydata.com

END OF TERMS DRAFT — JASON’S REVIEW QUEUE:

  1. Section 4 — encryption / zero-knowledge language
  2. Section 5 — Subprocessor disclosures and CLOUD Act
  3. Section 6 — no-AI-training commitments (verify each Subprocessor)
  4. Section 9 — liability cap calibration
  5. Section 11 — indemnification scope (especially for AI output)
  6. Section 14 — HIPAA BAA, GDPR DPA references
  7. Section 17/18 — Delaware law + JAMS arbitration
  8. Section 7.4 — controlled defense info / ITAR

Items marked [CONFIRM]: - Texas data center / Sovereign Rail location - Specific RunPod data center commitments - Telemetry open-source commitment - Annual transparency report commitment - SOC 2 timeline commitment - 99.5% uptime target

Items marked [TBD]: - GDPR DPA template - HIPAA BAA template - Brightstead corporate address for notices - Effective date / launch date