Terms of Service & Privacy Policy

Agreement

By installing or using the GenAI Guard browser extension or any related Iron Book Enterprise services (together, the “Services”), you agree to these Terms of Service (the “Terms”) on behalf of yourself and, if applicable, your employer or organization (“Customer”). If you do not agree, do not use the Services.

The Parties

Provider. Identity Machines Inc., a Canadian federal corporation with its principal address at 169 Gore Vale Avenue, Toronto ON M6J 2R5, Canada (“IM”, “we”, “our”).
‍Customer. The individual or legal entity accepting these Terms.

Licence

IM grants Customer a non-exclusive, revocable, non-transferable licence to install and use the extension on supported browsers and, if enabled, to access the Iron Book Enterprise API, solely for internal business purposes and subject to these Terms.

Customer Responsibilities

• Ensure prompts do not violate laws or third-party rights.
• Configure and safeguard any Iron Book API Keys.
• Obtain all user consents required by privacy, employment, or export-control laws.
• Not disassemble, reverse-engineer, or sub-license the Services.

Service Levels & Support

The free extension is provided “as-is” without uptime commitments. For Enterprise API access, IM will use commercially reasonable efforts to provide 99 % monthly uptime and email support
(devops@identitymachines.com) during 09:00-17:00 ET on business days.

Fees (Enterprise only)

Fees and overage rates appear on the Order Form or Marketplace private offer, or via digital invoices sent to the Customer’s specified email address.
IM may suspend access for non-payment after 15 days’ notice. All fees are in USD unless stated otherwise and exclude taxes.

Intellectual Property

IM retains all rights, title, and interest in the Services and related documentation. Customer owns its own prompts and results. Suggestions or feedback may be incorporated by IM without obligation.

Indemnification

Customer shall defend, indemnify, and hold harmless IM and its officers, directors, and employees from any claim or demand arising out of
(i) Customer’s breach of these Terms,
(ii) Customer content, or
(iii) use of the Services in violation of law or third-party rights.

Disclaimers

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” IM DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. IM DOES NOT WARRANT THAT THE SERVICES DETECT EVERY SECRET, PII ELEMENT, OR RISK.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IM’S TOTAL LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE FEES PAID BY CUSTOMER IN THE 12 MONTHS PRECEDING THE CLAIM OR CAD 10,000 (WHICHEVER IS GREATER). IM SHALL NOT BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, EVEN IF ADVISED OF THE POSSIBILITY.

Term & Termination

Either party may terminate (i) at convenience with 30 days’ written notice, or (ii) immediately for material breach not cured within 15 days. Sections 7-10 and 12-14 survive termination.

Governing Law & Venue

These Terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict-of-law principles. The parties submit to the exclusive jurisdiction of the courts of Toronto, Ontario.

Arbitration & Class-Action Waiver

Any dispute not resolved informally shall be finally settled by binding arbitration under the ADR Institute of Canada Rules in Toronto, in English. Class or representative actions are not permitted.

PRIVACY POLICY

Last updated: 9 October 2025Identity Machines Inc. (“IM”, “we”) is committed to protecting privacy. This Policy explains what information we collect, how we use it, and your choices.

Scope

Extension – Local-Only Mode (default). All prompt processing occurs on-device. No prompt text, PII, or secrets leave the user’s computer.
Telemetry (optional). Users may opt-in to share anonymized counts (e.g., “3 secrets blocked”).
‍Enterprise Mode. If enabled and an Iron Book API Key is provided, prompt text is sent to IM’s Google Cloud Platform (“GCP”) endpoint for advanced analysis.

Information We Process

Category:
• Prompt text
• Block/redaction events API key & org metadata
• Website analytics (GA)
‍
Local-only Mode:
• Not collected
• Optional, aggregated, no prompt content N/A
• Not collected

Enterprise Mode
• Encypted in transit (YLS1.2+); stored ≤ 90 days for audit.
• Same, plus rule IDs.
• Stored until revoked.
• IP-address truncated, device info; HubSpot cookies only on marketing site.

Legal Bases

Contract – Provide the Services you request.
‍Legitimate interests – Improve detection accuracy, prevent abuse.
‍Consent – Optional telemetry and marketing emails.

Retention

• Prompt text (Enterprise) – 90 days, then automatic deletion.
• Telemetry – 365 days aggregated.
• Support emails – 3 years for audit.

Security

• HTTPS/TLS for all data in transit.
• AES-256 encryption at rest.
• Annual penetration test and SOC 2 Type II controls.

Your Rights

Subject to local law (GDPR, CPRA, PIPEDA) you may access, correct, delete, or port your personal data. Email devops@identitymachines.com or write to our address. We reply within 30 days.

Cookies & Tracking

Marketing site: Google Analytics & HubSpot cookies; opt-out via banner.
‍Portal & extension: Only essential cookies (session) plus GA.

International Transfers

Data is processed in Canada and the United States under Standard Contractual Clauses (SCCs) where required.

Children

Services are not directed to children under 16. We do not knowingly collect children’s data.

Contact

Identity Machines Inc.
169 Gore Vale Ave, Toronto ON M6J 2R5, Canada
devops@identitymachines.com

Changes

We may update this Policy; we will notify Enterprise admins and post the new date. Continued use signifies acceptance.