1. Parties and acceptance
These Terms of Service form a binding agreement between SOCPilot, INC(“SOCPilot”, “we”) and the organization on whose behalf the platform is accessed (“Customer”, “you”). The individual accepting these Terms represents they are authorized to bind the Customer.
2. The service
SOCPilot provides hosted software that ingests security telemetry, correlates alerts into investigation cases with evidence, generates AI-assisted briefs and compliance packs, and proposes response playbooks gated by human approval. Specific features available depend on the subscription plan stated on the order form.
3. Customer responsibilities
- You will use SOCPilot only on systems and data you are legally authorized to monitor.
- You are responsible for safeguarding API keys, integration credentials and user accounts.
- You are responsible for your analysts' decisions, including approvals of containment, identity and ticketing actions surfaced by the platform.
- You will configure user roles (owner, admin, analyst, auditor, viewer) consistent with least privilege.
- You will not attempt to extract, reverse engineer or train competing models on the platform.
4. AI features and human oversight
AI-generated outputs (verdicts, briefs, recommendations, compliance drafts) are advisory. You are the accountable decision-maker for any response action taken in your environment. SOCPilot does not represent that AI outputs will be free of error and recommends a human-in-the-loop review for any decision with operational, legal or compliance impact.
5. Subscription, fees, taxes
Fees and term are stated on the applicable order form. Unless otherwise stated, fees are due net 30 from invoice. Subscriptions auto-renew for equal terms unless either party gives 30 days' notice before renewal. Fees are exclusive of taxes; you are responsible for applicable VAT/sales tax.
6. Confidentiality
Each party will protect the other's confidential information with at least the care it uses for its own confidential information of similar importance, and in no case less than reasonable care. Customer data is the Customer's confidential information and is governed by the Privacy Policy andDPA.
7. Security and incidents
SOCPilot maintains administrative, technical and physical safeguards designed to protect customer data, including encryption in transit and at rest, least-privilege production access, and continuous monitoring. We will notify affected customers without undue delay (and in any event within 72 hours of discovery) of any confirmed unauthorized access to customer data.
8. Intellectual property
SOCPilot retains all rights in the platform, including improvements derived from aggregated, de-identified usage telemetry. Customer retains all rights in its data. Customer grants SOCPilot a limited license to host, process and transmit Customer data solely to provide the service.
9. Warranties and disclaimers
SOCPilot warrants that it will provide the service with commercially reasonable care and skill. Except as expressly stated, the service is provided “as is” and SOCPilot disclaims all other warranties, including merchantability, fitness for a particular purpose, and non-infringement.
10. Limitation of liability
To the maximum extent permitted by law, neither party will be liable for any indirect, incidental, special, consequential or punitive damages, or for lost profits, revenue or data. Each party's total liability in connection with the agreement is capped at the fees paid by Customer to SOCPilot in the 12 months preceding the event giving rise to the claim. Nothing in this section limits liability for fraud, willful misconduct, or amounts owed under an indemnity.
11. Indemnification
SOCPilot will defend Customer against third-party claims that the platform, as provided and used as authorized, infringes a valid intellectual property right. Customer will defend SOCPilot against third-party claims arising out of Customer's misuse of the platform or breach of Section 3.
12. Term and termination
Either party may terminate for material breach not cured within 30 days of written notice. On termination, Customer's right to access the platform ends. SOCPilot will make Customer data available for export for 30 days after termination, after which it will be deleted in line with the retention policy.
13. Governing law
These Terms are governed by the laws of the State of Delaware, USA, excluding its conflict-of-law rules. The parties submit to the exclusive jurisdiction of the state and federal courts located in Delaware, except where the law of the Customer's principal place of business mandates otherwise.
14. Changes to these Terms
We may update these Terms from time to time. Material changes will be announced in-product and via email to workspace owners at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.