Terms of Use.

1. Definitions

• “Artifact” — any document, report, policy, board memo, registry export, verification record, or other output generated by the Service, including the Executive Risk Report, AI Acceptable Use Policy, Board Memo, and verification URLs.
• “Customer Inputs” — any data, network logs, hostname lists, tool inventories, organizational metadata, or other information you provide to the Service.
• “Customer Organization” — the single legal entity named at checkout. The Customer Organization is the only entity authorized to use the Service under a single Subscription.
• “Methodology” — the proprietary AI endpoint registry, AI tools catalog, embedded-AI catalog, assessment prompts, scoring rubrics, regulatory clause-mapping logic, audit prompt library, and underlying analytical methods used by the Service.
• “Subscription” — an active, paid subscription to the Service.

2. Service Description and Eligibility

2.1 What the Service is

SanctumShield is a software-as-a-service platform that produces governance documentation for AI use within an organization, including an AI Acceptable Use Policy, an Executive Risk Report, a Board Memo, and supporting catalogs, registries, and verification records.

2.2 What the Service is NOT

The Service is not a runtime security tool. It does not block, prevent, detect, monitor, alert on, or respond to active threats. It is not a SIEM, SOC, EDR, DLP, CNAPP, AI-SPM, managed security service, or insurance product.

The Service does not constitute legal advice, professional consulting, formal audit certification, regulatory compliance certification, or insurance coverage. Artifacts are starting points and supporting documentation for human review by qualified legal counsel, qualified security professionals, and the Customer’s executive leadership. Customer is solely responsible for reviewing, approving, signing, and acting on every Artifact.

2.3 Eligibility

You must be at least 18 years old, capable of forming a legally binding contract with PIGENAI LLC, and authorized to bind the Customer Organization. The Service is intended for use by businesses, not consumers.

3. Per-Organization License — One Subscription, One Organization

3.1 Grant of License

Subject to your full and continuing compliance with these Terms, SanctumShield grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service for the internal business purposes of the single Customer Organization named at checkout, for the duration of an active Subscription.

3.2 Scope

Each Subscription authorizes use of the Service exclusively for the single Customer Organization named at checkout. The Service may not be used to generate Artifacts for any other entity, whether for direct compensation, as a service offering to a client, in a consulting engagement, on behalf of a third party, or otherwise.

3.3 Prohibited under a single Subscription

• Using the Service to generate Artifacts for clients of a consulting, advisory, audit, MSSP, MSP, or fractional-CISO practice.
• Using the Service to produce deliverables sold or invoiced to third parties.
• Sharing Subscription credentials or magic-link tokens outside the Customer Organization.
• Generating Artifacts in the name of, or referencing, any organization other than the Customer Organization.
• Using one Subscription for multiple distinct legal entities, even if affiliated, owned, or controlled by the Customer Organization.

3.4 Auditors, consultants, MSSPs, resellers

If you wish to use the Service to generate Artifacts on behalf of multiple client organizations, you must contact SanctumShield through /partners and execute a written Reseller / Partner Agreement.

3.5 Audit right

SanctumShield reserves the right to audit your use of the Service for compliance with this Section 3. Patterns of generating Artifacts in the names of multiple distinct organizations under a single Subscription will be deemed presumptive evidence of breach and grounds for immediate termination without refund, plus damages and remedies available at law or equity.

4. Acceptable Use

You agree not to:

1. Exceed reasonable monthly usage limits published in the Service dashboard. As of the launch effective date, each Subscription includes a soft monthly entitlement of approximately five (5) generations per artifact type (Executive Risk Report, AI Acceptable Use Policy, Board Memo) per calendar month — designed to support legitimate experimentation, refinement, and operational use by the Customer Organization. The current entitlement and remaining count is displayed in the in-app dashboard. Sustained use materially in excess of these limits, or use suggesting consulting / multi-client production rather than internal Customer Organization use, is grounds for review under Section 3.5 and may require a Reseller / Partner Agreement (see /partners).
2. Reverse engineer, decompile, disassemble, scrape, or otherwise attempt to derive the Methodology, prompts, model configurations, registry contents, scoring logic, or other proprietary aspects of the Service.
3. Use the Service or any Artifact to develop, train, fine-tune, build, market, or improve any product or service that competes with SanctumShield in the AI governance, vendor risk, agent governance, AI Acceptable Use Policy, or Shadow AI assessment categories.
4. Remove, modify, obscure, or replace any SanctumShield branding, copyright notice, footer, watermark, or verification URL contained in any Artifact, distributed copy, or derivative material.
5. Use the Service to violate any law, regulation, or third-party right.
6. Submit Customer Inputs you do not have lawful authority to submit, that contain malware, that are designed to disrupt the Service, or that violate the data warranties in Section 7.
7. Damage, disable, overburden, or impair the Service or interfere with any other user’s use.
8. Attempt unauthorized access to any portion of the Service, the underlying infrastructure, other customers’ accounts, or any related systems.
9. Use the Service to make any representation that an Artifact constitutes legal advice, formal audit certification, insurance coverage, regulatory compliance certification, or any other professional opinion that SanctumShield does not provide.

5. Intellectual Property and Trade Secrets

5.1 SanctumShield IP

SanctumShield and its licensors own all right, title, and interest in and to the Service, the Methodology, the website, all software, all documentation, and all Service-generated content (other than Customer Inputs).

5.2 Trade Secret Designation

The following are designated proprietary trade secrets of PIGENAI LLC under the Defend Trade Secrets Act of 2016 and analogous state laws:

• The AI endpoint registry
• The AI tools catalog
• The embedded-AI catalog
• The assessment prompts and prompt library
• The scoring rubrics and severity-ranking logic
• The regulatory clause-mapping logic
• The audit methodology and finding-type taxonomy
• The verification record schema and tamper-evidence design

Unauthorized use, disclosure, derivation, or reproduction is a material breach and grounds for injunctive relief and damages.

5.3 No Derivative Works

You agree not to use the Service, any Artifact, or any aspect of the Methodology to develop, train, fine-tune, evaluate, build, market, or improve any product or service that competes with SanctumShield. Outputs are licensed to you for internal Customer Organization purposes only.

5.4 Customer Inputs

Customer Inputs remain Customer property. By submitting inputs you grant SanctumShield a limited, worldwide, royalty-free license to process them solely to provide and improve the Service. Inputs are not used to train AI models in any way that would expose them to other customers or to the public.

5.5 Customer Artifacts

Once generated, you may use, copy, distribute internally, and rely on Artifacts for the internal business purposes of the Customer Organization, including submission to regulators, auditors, underwriters, board members, supply-chain partners, and counsel — subject to preservation of branding, watermarks, and verification URLs.

5.6 Feedback

Feedback you provide grants SanctumShield a perpetual, irrevocable, royalty-free, worldwide license to use it without obligation or compensation.

5.7 Public-Facing Website Content — Copyright and Permitted Use

All content published on sanctumshield.com — including the glossary (term definitions, regulatory analysis, authority references, threat-actor evidence sections), the /why-now regulatory cliff analysis, blog posts, perspectives essays, /trust content, /how-it-works walkthroughs, /sample-outputs renderings, /agent-governance and /beyond-sig analysis, and all original prose, graphics, charts, layouts, and code — is © 2026 PIGENAI LLC and protected as original literary, analytical, and visual work under U.S. copyright law and applicable international treaties.

Permitted uses (no permission required)

1. Reading the content for personal or business educational purposes.
2. Sharing via the share buttons SanctumShield provides (LinkedIn, X, email, copyable URL).
3. Linking to any sanctumshield.com page from your own website, blog, social media, board memo, or RFP response.
4. Limited fair-use quotation in academic papers, board memos, RFP responses, vendor security reviews, cyber renewal packets, articles, or industry analysis, provided the quotation does not exceed approximately 200 words per source, includes clear attribution to “SanctumShield” or “PIGENAI LLC”, and includes a clickable URL.
5. Citation in academic, regulatory, or professional contexts using the citation block published in the glossary share section.

Prohibited uses (require prior written permission)

1. Bulk copying or scraping of the glossary, regulatory analysis, threat-actor evidence, or any other section beyond fair-use.
2. Redistribution of substantial portions in any form (PDF compilation, derivative website, mirror site, internal training corpus, internal wiki population, etc.).
3. Derivative works — creating modified, adapted, translated, or restructured versions for any purpose.
4. AI model training — using site content as training data, fine-tuning data, RAG source data, or evaluation data for any AI / language model / embedding model / retrieval system, including commercial corpora, internal corporate fine-tuning, vendor LLM customization, or any other AI training use.
5. White-labeling or rebranding — reproducing content under another brand or name.
6. Removal of copyright, attribution, or branding.
7. Competing-product use — using site content to develop, train, evaluate, build, market, or improve any competing product or service.
8. Resale — selling, sublicensing, or commercially redistributing site content.

Permission requests

Contact us through /contact with subject “Content licensing request.” Reasonable academic, journalistic, regulatory, or non-competing professional requests are typically granted at no cost subject to attribution and source-URL requirements.

DMCA takedown

If you believe content on sanctumshield.com infringes your copyright, send written notice to /contact with subject “DMCA takedown” including: identification of the copyrighted work; identification of the allegedly infringing content (URL); your contact information; a good-faith-belief statement; a statement under penalty of perjury that the information is accurate and you are authorized to act; and your signature. (Formal DMCA Designated Agent registration with the U.S. Copyright Office is in process.)

Reverse-direction enforcement. SanctumShield reserves all rights to enforce its copyright in site content, including DMCA takedown notices, demands to remove unauthorized copies, and damages and injunctive relief for material infringement.

6. Subscription, Billing, and Cancellation

The full subscription terms are at /trust#subscription-terms and incorporated by reference. In summary:

• $99 per month per Customer Organization, charged immediately on subscribe through Stripe.
• Month-to-month, no commitment, no trial period.
• Cancel anytime through the in-app Manage Subscription button or your Stripe Customer Portal.
• The current billing period is non-refundable. You receive a full month of access; you keep all Artifacts.
• Stripe sends invoice receipts automatically.

For legitimate billing errors, contact us through /contact and we will resolve case-by-case.

7. Customer Inputs, Data, and Warranties

7.1 Customer warranties on inputs

You represent and warrant that:

1. You have the legal right to provide all Customer Inputs.
2. Inputs do not contain malware, illegal content, or content designed to disrupt the Service.
3. Inputs do not contain Protected Health Information (HIPAA), payment card data, US classified information, or other regulated data unless you have first executed an appropriate business associate agreement, data processing agreement, or written addendum.
4. You are responsible for sanitizing inputs before submission.

7.2 Sub-processors and data residency

Current sub-processor list, data residency, and security posture are at /trust.

7.3 Data retention

Customer Inputs are retained only as long as necessary to provide the Service. Artifacts are not stored server-side after generation. Verification metadata (short ID, generation date, model version, registry version, Customer Organization name) is retained for up to five years.

7.4 Customer indemnification

You agree to defend, indemnify, and hold harmless PIGENAI LLC, its members, officers, employees, contractors, and agents from any third-party claim, demand, suit, proceeding, loss, damage, cost, or expense (including reasonable attorneys’ fees) arising from or related to:

1. Your or your authorized users’ use or misuse of the Service.
2. Customer Inputs, including any breach of warranties in 7.1.
3. Your operational, compliance, regulatory, or business decisions made in reliance on any Artifact.
4. Your distribution or disclosure of any Artifact beyond Section 5.5.
5. Your breach of any obligation, representation, or warranty in these Terms.

This obligation survives termination.

8. Service Availability and Sole Remedy for Outages

8.1 Availability commitment

SanctumShield will use commercially reasonable efforts to make the Service available 99.5% of the time on a calendar-month basis, excluding scheduled maintenance and force majeure.

8.2 Sole remedy for outages

If the Service is unavailable for more than 72 consecutive hours during an active Subscription, or unavailable more than 7 days cumulatively in any 30-day period, your sole and exclusive remedy is, at your election:

• (a) A pro-rated service credit applied to your next Subscription period; OR
• (b) Termination of your Subscription with a refund of unused, prepaid Subscription fees only.

No other compensation, damages, consequential damages, lost profits, or remedies are available for Service unavailability.

8.3 What does not count as unavailability

Scheduled maintenance announced in advance; downtime caused by Customer’s own infrastructure, network, identity provider, or browser; downtime caused by third-party sub-processors within their own SLAs; force majeure; downtime caused by Customer breach; and downtime caused by attacks targeting the Customer’s specific account.

9. Disclaimers

9.1 As-is service

The Service and all Artifacts are provided “as is” and “as available” without warranties of any kind, express or implied. SanctumShield and its licensors disclaim all warranties, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, reliability, and any warranties arising from a course of dealing, usage, or trade practice.

9.2 No professional advice

Nothing produced by the Service constitutes legal advice, professional cybersecurity consulting, formal audit certification, regulatory compliance certification, or insurance coverage. Artifacts are supporting documentation intended for review by qualified legal counsel and qualified security professionals before being relied upon for any compliance, regulatory, audit, or operational decision. You assume all risk associated with reliance on any Artifact.

9.3 Not a security operations product

The Service is not a runtime security tool. The Service does not block, prevent, detect, monitor, alert on, or respond to active threats. Customer remains solely responsible for operational cybersecurity controls.

9.4 Not insurance, not a guarantee of compliance

Subscription does not constitute or include any cyber insurance coverage, regulatory indemnification beyond the limits stated, or warranty that any Artifact will be accepted by any regulator, auditor, underwriter, court, or other third party.

9.5 No reliance on third-party model output guarantees

The Service generates Artifacts using AI models provided by third parties. SanctumShield does not guarantee the absence of AI-generated errors, omissions, or inaccuracies. Customer is solely responsible for reviewing Artifacts before use.

10. Limitation of Liability

To the maximum extent permitted by applicable law:

10.1 Cap on direct damages

PIGENAI LLC’s total cumulative liability arising from or related to this Agreement, regardless of the form of action (contract, tort, strict liability, statute, or otherwise), and regardless of the theory of liability, shall not exceed the Subscription fees actually paid by Customer to PIGENAI LLC in the twelve (12) months preceding the event giving rise to the claim, or one hundred U.S. dollars ($100), whichever is greater.

10.2 No indirect damages

In no event shall PIGENAI LLC be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages; lost profits; lost revenue; lost business opportunity; loss of goodwill; loss of data; or cost of substitute services, even if SanctumShield has been advised of the possibility.

10.3 Application

Limitations apply notwithstanding failure of any limited remedy of its essential purpose. Some jurisdictions do not allow certain limitations; in such jurisdictions, our liability is limited to the maximum extent permitted by law.

11. Term and Termination

These Terms apply from the moment you first access the Service until terminated. You may terminate your Subscription at any time through Manage Subscription or your Stripe Customer Portal. Sections that by their nature survive termination (5, 7.4, 8, 9, 10, 12) will survive.

We may suspend or terminate your access for any breach (including Sections 3, 4, 5), for non-payment, for fraudulent or harmful conduct, or for any other reason in our reasonable discretion. Termination for breach: no refund.

Upon termination, your right to access the Service ends immediately. You retain Artifacts you generated. Verification metadata continues to be queryable for up to five years from generation, subject to Section 7.3.

12. General Provisions

• Modifications: we may modify these Terms by posting an updated version at /terms; material changes notified through /whats-new or email.
• Governing law: State of Missouri, without regard to conflict-of-laws principles. Disputes resolved in state or federal courts located in Jackson County, Missouri.
• Assignment: you may not assign without our written consent; we may assign in M&A.
• Force majeure: neither party liable for events beyond reasonable control.
• Severability: unenforceable provisions are modified to be enforceable; remainder stands.
• No waiver: failure to enforce a provision is not a waiver.
• Entire agreement: these Terms + Trust + Subscription Terms + signed agreements = entire agreement.
• No third-party beneficiaries.
• Independent contractors. Nothing creates partnership, joint venture, agency, employment, or franchise.

13. Contact

Questions about these Terms? /contact or write to:

For partnership inquiries (auditor, MSSP, MSP, broker, fractional CISO, or reseller arrangements), please use /partners.