Terms of Service | ERMITS LLC

By accessing or using any ERMITS LLC ("ERMITS," "we," "our," or "us") products, platforms, or services (collectively, the "Services"), you ("User," "you," or "your") agree to be bound by these Master Terms of Service ("Terms"). If you do not agree to these Terms, do not use our Services.

1. Scope and Applicability

These Terms govern your use of all ERMITS products, including but not limited to:

TechnoSoluce™ Brand Products:

SBOM Analyzer - Software supply chain security and vulnerability analysis

CyberCertitude™ Brand Products:

CMMC 2.0 Level 1 Implementation Suite
CMMC 2.0 Level 2 Compliance Platform
Original Toolkit (localStorage-based compliance management)

VendorSoluce™ Brand Products:

Supply Chain Risk Management Platform

CyberCorrect™ Brand Products:

Privacy Portal (Workplace privacy compliance)
Privacy Platform (Multi-regulation privacy compliance automation)

CyberCaution™ Brand Products:

RansomCheck (Ransomware readiness assessment)
Security Toolkit (Comprehensive cybersecurity assessment platform)
RiskProfessional (CISA-aligned security assessments)

ERMITS Advisory + STEEL™ Brand Products and Services:

STEEL™ Assessment Platform (Strategic Threat & Enterprise Evaluation Layer)
STEEL™ Premium Assessment ($29 digital product)
vCISO Starter Kit ($299 digital product)
Executive Dashboard Template ($79 digital product)
Compliance Toolkit (digital product)
Incident Response Toolkit (digital product)
Vendor Risk Toolkit (digital product)
Premium Toolkits (subscription-based digital products)
STEEL Strategic Assessment Services ($25,000-$125,000 custom pricing)
On-Demand Advisory Services (custom pricing)
Compliance Advisory Services (custom pricing)
Virtual CISO (vCISO) Services (custom pricing)

SocialCaution Brand Products:

Personalized Privacy Platform with AI-powered persona detection
Privacy Exposure Index for online services
Service Catalog with risk profiles
Adaptive privacy resources and tools
Digital footprint analysis

Product-specific terms may apply as set forth in Product-Specific Addendums.

2. Definitions

"Privacy-First Architecture" means ERMITS' system design philosophy ensuring that user data is processed locally whenever possible, with optional encrypted cloud synchronization, pseudonymized telemetry, and zero-knowledge data handling principles.

"User Data" means any information, content, files, or materials that you upload, submit, generate, or process through the Services.

"Controlled Unclassified Information" or "CUI" means information that requires safeguarding or dissemination controls pursuant to federal law, regulations, or government-wide policies.

"Federal Contract Information" or "FCI" means information not intended for public release that is provided by or generated for the U.S. Government under a contract.

"Beta Products" means Services explicitly marked as "Beta," "Preview," "Early Access," or similar designations indicating pre-release or testing status.

"Advisory Services" means professional consulting, strategic guidance, assessments, and expert recommendations provided by ERMITS personnel or contractors, including but not limited to STEEL Strategic Assessments, vCISO services, compliance advisory, and on-demand consulting. Advisory Services are distinct from self-service Digital Products.

"Digital Products" means self-service downloadable or web-based tools, templates, assessments, and resources available for immediate purchase and use without professional consulting, including but not limited to STEEL Premium Assessment, vCISO Starter Kit, Executive Dashboard Template, and Premium Toolkits.

"STEEL™ Framework" means ERMITS' proprietary Strategic Threat & Enterprise Evaluation Layer methodology for assessing organizational cybersecurity and risk posture across Political, Economic, Social, Technological, Environmental, and Legal (PESTEL) factors.

"Privacy Persona" means the AI-determined privacy profile classification assigned by SocialCaution based on user assessment responses, used to personalize privacy recommendations and resources.

"Privacy Exposure Index" means SocialCaution's quantified privacy risk score (0-100) for online services based on publicly available data, privacy policies, and service characteristics.

3. Eligibility and Account Requirements

Age Requirement: You must be at least 18 years of age to use the Services. By using the Services, you represent and warrant that you meet this age requirement.

Authority: If you are using the Services on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.

Account Security: You are responsible for:

Maintaining the confidentiality of your account credentials
All activities that occur under your account
Notifying ERMITS immediately of any unauthorized access or security breach
Using strong, unique passwords and enabling multi-factor authentication where available

Accurate Information: You agree to provide accurate, current, and complete information during registration and to update such information to maintain its accuracy.

4. Privacy-First Architecture and Data Handling

ERMITS implements a Privacy-First Architecture across all products, built on the following principles:

4.1 Client-Side Processing

All core computational functions (assessments, SBOM analysis, risk scoring, compliance evaluations, privacy persona detection) are performed locally within your browser or self-managed environment whenever technically feasible.

4.2 Data Sovereignty Options

You have multiple deployment and storage options:

Local Storage Options:

Browser-based local storage (IndexedDB, localStorage)
Desktop application with local file storage
On-premises deployment (Enterprise customers)

Cloud Storage Options:

Self-managed cloud infrastructure (you control the environment)
ERMITS-managed cloud (Supabase or alternative providers)
Hybrid deployment (local processing with optional encrypted sync)

4.3 Data Residency

For cloud-managed options, data residency is determined by:

Your selected deployment region
Applicable compliance requirements
Service infrastructure location (disclosed per product)

4.4 Zero-Knowledge Principles

When using ERMITS-managed cloud services with encryption enabled:

Data is encrypted client-side using AES-256-GCM via WebCrypto
Encryption keys are derived from your credentials and never transmitted to ERMITS
ERMITS administrators cannot decrypt your data
You are solely responsible for maintaining access to your encryption keys

4.5 Data Minimization

ERMITS collects only the minimum data necessary for service functionality:

Never Collected: Raw SBOM files, assessment content, CUI, FCI, proprietary business data, or detailed vulnerability findings remain under your exclusive control

Optionally Collected: Account information (name, email, company) for authentication and billing

Pseudonymized Telemetry: Anonymous performance metrics using irreversible cryptographic hashing (opt-in or opt-out based on product)

4.6 Product-Specific Privacy-First Implementations

ERMITS Advisory + STEEL:

STEEL assessment responses processed client-side with optional encrypted cloud storage
Advisory service engagements handled via secure client portals
Digital products delivered as downloadable files or web-based tools with local processing
No access to proprietary strategic information by ERMITS

SocialCaution:

AI persona detection performed 100% client-side using JavaScript in user's browser
No persona data or assessment responses transmitted to ERMITS servers
Privacy Exposure Index calculated from publicly available service information only
User assessment data stored in browser localStorage (user-controlled)
Optional cloud sync available with end-to-end encryption

5. License Grant and Restrictions

5.1 License to Use Services

Subject to your compliance with these Terms, ERMITS grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your internal business or personal purposes.

5.2 License Restrictions

You may not:

Modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, or sell any information, software, products, or services obtained from the Services
Reverse engineer, decompile, disassemble, or attempt to discover source code or underlying algorithms (except to the extent such restriction is prohibited by applicable law)
Remove, obscure, or alter any proprietary rights notices
Use the Services to develop competing products or services
Access the Services through automated means (bots, scrapers) without prior written authorization
Attempt to circumvent security measures or gain unauthorized access
Use the Services in any way that violates applicable laws or regulations

5.3 Open-Source Components

Certain Services incorporate open-source software components licensed under MIT, Apache 2.0, BSD, or similar licenses. These components remain subject to their original license terms, which are available in the respective source code repositories. Your rights to such open-source components are governed by their respective licenses, not these Terms.

5.4 Digital Product Licenses

For ERMITS Advisory Digital Products (STEEL Premium Assessment, vCISO Starter Kit, Dashboard Template, Toolkits):

One-time purchase grants perpetual license for personal or single-organization use
Templates and tools may be customized for internal use
Redistribution, resale, or sharing with third parties prohibited
White-label use permitted only with explicit authorization
Source code access provided where applicable (e.g., Dashboard Template)

6. User Data Ownership and Responsibilities

6.1 User Data Ownership

You retain all ownership rights in your User Data. ERMITS does not claim any ownership or intellectual property rights in your User Data.

Special Provisions for Advisory Services:

When engaging ERMITS Advisory Services:

You retain ownership of all strategic information, business data, and proprietary information shared with ERMITS advisors
ERMITS deliverables (reports, assessments, recommendations) become your property upon full payment
ERMITS retains the right to use anonymized, aggregated insights for methodology improvement (no client-identifying information)
Work product created specifically for you under advisory engagements is your exclusive property
ERMITS may retain copies for quality assurance and professional liability purposes only

Special Provisions for SocialCaution:

Your privacy persona, assessment responses, and privacy preferences remain your exclusive property
ERMITS never accesses or processes your persona data (stored client-side only)
Service notifications and privacy guidance provided based on publicly available information only
No personal privacy data shared with third parties

6.2 User Data License to ERMITS

You grant ERMITS a limited license to your User Data solely to the extent necessary to:

Provide the Services to you
Perform technical operations (backup, recovery, security monitoring)
Comply with legal obligations

This license terminates when you delete your User Data or terminate your account, except for:

Data retained for legal or regulatory compliance purposes
Pseudonymized analytics data that cannot be reverse-engineered to identify you
Backup copies maintained for disaster recovery (deleted within 90 days of account termination)

6.3 User Data Responsibilities

You are solely responsible for:

The accuracy, quality, and legality of your User Data
The means by which you acquired User Data
Compliance with all applicable laws regarding User Data processing
Maintaining appropriate security controls for your User Data
Backup and disaster recovery of locally-stored data

6.4 Prohibited Data

You may not upload, transmit, or process through the Services:

Malware, viruses, or malicious code
Content that infringes intellectual property rights
Illegally obtained data or trade secrets
Personal data of minors without appropriate consent
Data in violation of applicable export control laws

7. Intellectual Property Rights

7.1 ERMITS Intellectual Property

All intellectual property rights in the Services, including but not limited to software, algorithms, user interfaces, documentation, trademarks, and branding, are owned by ERMITS LLC or its licensors. No ownership rights are transferred to you under these Terms.

7.2 Trademarks

TechnoSoluce™, CyberCertitude™, VendorSoluce™, CyberCorrect™, CyberCaution™, ERMITS Advisory™, STEEL™, SocialCaution™, and all associated logos and branding are trademarks of ERMITS LLC. You may not use these trademarks without ERMITS' prior written consent.

7.3 User-Generated Reports and Outputs

Reports, assessments, and other outputs generated by the Services using your User Data remain your property. ERMITS does not claim ownership of such outputs.

For Advisory Services: All deliverables, reports, strategic recommendations, and work product created specifically for you under advisory engagements become your exclusive property upon full payment.

For Digital Products: Templates, tools, and resources purchased as Digital Products may be customized and used internally by your organization. Redistribution or resale prohibited without explicit authorization.

7.4 Feedback

If you provide feedback, suggestions, or ideas about the Services ("Feedback"), you grant ERMITS a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such Feedback into the Services without any obligation to you.

8. Third-Party Services and Integrations

8.1 Third-Party Services

The Services may integrate with or reference third-party services including:

Payment Processing: Stripe, Inc.; Gumroad (for digital products)
Cloud Infrastructure: Supabase (PostgreSQL database)
Vulnerability Data: OSV.dev, NIST NVD, CISA advisories
Error Tracking: Sentry
Analytics: PostHog (with differential privacy)
Authentication: OAuth providers (Google, Microsoft, GitHub)

8.2 Third-Party Terms

Your use of third-party services is subject to their respective terms and privacy policies. ERMITS:

Ensures third-party integrations adhere to equivalent security and privacy standards
Is not responsible for the acts, omissions, or policies of third parties
Makes no warranties regarding third-party services
May modify or discontinue third-party integrations at any time

8.3 Data Sharing with Third Parties

ERMITS shares data with third parties only as follows:

Service Providers: Minimal data necessary for service operation (e.g., email address to Stripe for billing)
Vulnerability Databases: Anonymous, client-side queries to OSV.dev and similar services (no User Data transmitted)
Legal Requirements: When required by law, regulation, or court order
Business Transfers: In connection with mergers, acquisitions, or asset sales (with notice to users)

9. Beta Products and Services

9.1 Beta Designation

Products or features explicitly marked as "Beta," "Preview," "Early Access," or similar designations are pre-release versions provided for testing and feedback purposes.

9.2 Beta Terms

Beta Products are provided "AS IS" with the following additional limitations:

May contain bugs, errors, or incomplete features
May be modified or discontinued without notice
Are not subject to standard SLA commitments
May have limited or no customer support
Should not be used for production or mission-critical purposes

9.3 Beta Feedback

By using Beta Products, you agree to provide feedback on functionality, usability, and issues. ERMITS may use such feedback without compensation or obligation to you.

9.4 Beta Data

ERMITS recommends:

Regular backups of data in Beta Products
Not using Beta Products for sensitive, production, or regulated data
Testing Beta Products in non-production environments

9.5 Beta Graduation

When a Beta Product transitions to general availability, it becomes subject to standard Terms and SLA commitments. ERMITS will provide notice of such transitions.

10. Federal Contractor Specific Terms

10.1 Applicability

This section applies to users who are U.S. federal contractors or subcontractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI).

10.2 Compliance Representations

Users represent and warrant that they:

Understand their obligations under applicable Defense Federal Acquisition Regulation Supplement (DFARS) and Federal Acquisition Regulation (FAR) clauses
Are solely responsible for compliance with DFARS 252.204-7012, NIST SP 800-171, and CMMC requirements
Will implement appropriate controls for CUI and FCI protection
Acknowledge that ERMITS products are tools to assist with compliance but do not guarantee certification

10.3 CUI and FCI Handling

When using ERMITS Services to process CUI or FCI:

You must use encryption features and self-managed deployment options
You are responsible for properly marking and handling CUI/FCI
ERMITS does not access or process CUI/FCI due to Privacy-First Architecture
You must implement appropriate access controls and audit logging

10.4 Incident Reporting

Federal contractors must report cyber incidents affecting CUI or FCI to the appropriate government agency as required by contract and regulation. ERMITS will cooperate with reasonable incident investigation requests while maintaining user privacy and security.

11. Acceptable Use

You agree to use the Services only for lawful purposes and in accordance with these Terms. Prohibited uses include but are not limited to:

11.1 Illegal Activities

Violating any applicable laws, regulations, or third-party rights
Engaging in fraud, money laundering, or other criminal activities
Facilitating illegal activities or transactions

11.2 Security Violations

Attempting to gain unauthorized access to Services or user accounts
Interfering with or disrupting Services or servers
Introducing malware, viruses, or harmful code
Circumventing security measures or authentication mechanisms
Conducting security testing without prior written authorization

11.3 Harmful Content

Uploading or transmitting malicious software
Distributing spam, phishing, or unsolicited communications
Hosting or distributing pirated or illegal content
Processing data in violation of applicable privacy laws

11.4 Abuse and Misuse

Using Services to harass, threaten, or harm others
Impersonating others or misrepresenting affiliation
Collecting user information without consent
Exceeding rate limits or resource quotas
Using Services for cryptocurrency mining without authorization

11.5 Competitive Use

Using Services to develop competing products
Benchmarking for competitive analysis without consent
Reverse engineering (except as permitted by law)

Detailed acceptable use provisions are set forth in the Acceptable Use Policy.

12. Payment Terms

12.1 Pricing and Billing

Pricing for Services is set forth on the ERMITS website or in your subscription agreement
All fees are in U.S. Dollars unless otherwise specified
Fees are non-refundable except as expressly provided in the Refund & Cancellation Policy

Digital Products:

One-time purchase pricing clearly displayed at checkout
Instant access upon successful payment
No recurring charges for one-time purchase products
Lifetime access to purchased digital products

Advisory Services:

Custom pricing based on scope, timeline, and complexity
Quotes provided after initial consultation
Payment terms negotiable (typically 50% upfront, 50% upon delivery)
Detailed pricing in separate Statement of Work (SOW)

12.2 Payment Processing

Payments are processed through Stripe, Inc. (primary) or Gumroad (digital products)
You authorize ERMITS to charge your designated payment method
You must provide accurate, current payment information
You are responsible for all applicable taxes

12.3 Subscription Terms

Subscriptions automatically renew unless cancelled
Renewal pricing may change with 30 days' notice
Downgrades take effect at the next billing cycle
Cancellations must be submitted before renewal date

12.4 Free Trials and Freemium Tiers

Free trials and freemium features are subject to limitations
ERMITS may modify or terminate free offerings at any time
Free trial conversions to paid subscriptions require payment method
Free trial terms vary by product (see product-specific pages)

SocialCaution Freemium:

Core privacy features available free permanently
Optional premium features available via subscription
No credit card required for free tier
Upgrade anytime for enhanced functionality

Detailed payment terms are set forth in the Subscription & Payment Terms (E-Commerce Policies).

13. Term and Termination

13.1 Term

These Terms remain in effect for as long as you access or use the Services.

13.2 Termination by You

You may terminate your account at any time through:

Account settings within the Services
Contacting ERMITS support at contact@ermits.com
Following product-specific cancellation procedures

Advisory Services Termination:

Client may terminate advisory engagements per Statement of Work (SOW)
Fees for work completed through termination date remain due
Deliverables completed through termination become client property upon payment

13.3 Termination by ERMITS

ERMITS may suspend or terminate your access immediately without notice if:

You breach these Terms or any applicable policies
Your account is inactive for 12+ months (free accounts)
Your payment method fails or account is delinquent
Required by law or regulatory authority
Necessary to protect ERMITS or other users

13.4 Effect of Termination

Upon termination:

Your license to use the Services immediately ceases
You must cease all use of the Services
You may export your User Data for 30 days (paid accounts) or 7 days (free accounts)
ERMITS may delete your User Data in accordance with the Privacy Policy
Provisions that by their nature should survive (warranty disclaimers, limitation of liability, indemnification) remain in effect
Digital Products purchased remain accessible (lifetime license)
Advisory Services deliverables remain your property

13.5 Data Retention After Termination

After account termination:

User Data: Deleted within 90 days except as required by law
Backups: Retained for 90 days for disaster recovery purposes
Pseudonymized Analytics: Retained indefinitely (cannot be reverse-engineered)
Legal/Regulatory Data: Retained as required by applicable law
Financial Records: Retained for 7 years for tax and audit purposes

14. Warranties and Disclaimers

14.1 Limited Warranty

ERMITS warrants that the Services will perform substantially in accordance with published documentation under normal use. This warranty does not apply to:

Beta Products or pre-release features
Free tiers or trial accounts
Issues caused by user error, misuse, or modifications
Third-party services or integrations
Force majeure events

14.2 Disclaimer of Warranties

EXCEPT AS EXPRESSLY PROVIDED IN SECTION 14.1, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

Fitness for Purpose: No warranty that Services will meet your specific requirements
Uninterrupted Access: No guarantee of continuous, error-free operation
Security: No guarantee that Services are completely secure or error-free
Accuracy: No warranty regarding accuracy, completeness, or reliability of outputs
Compliance: No guarantee that use of Services will result in regulatory compliance or certification
Third-Party Content: No warranty regarding accuracy of third-party data (OSV.dev, NIST, CISA)

14.3 Compliance Disclaimer

ERMITS products and services are tools to assist with security and compliance efforts but:

Do not guarantee compliance with any regulatory framework
Do not constitute legal, compliance, or professional consulting advice (except where Advisory Services explicitly provide such advice)
Require users to interpret results in the context of their specific obligations
Do not replace qualified security assessments or professional audits
Are not certification authorities (not C3PAO, not CISA-endorsed)

Advisory Services Specific Disclaimers:

ERMITS Advisory Services provide professional guidance and recommendations, but:

Do not guarantee specific outcomes or compliance certification
Are based on information provided by client (accuracy is client's responsibility)
Reflect professional opinions based on industry standards and frameworks
Do not constitute legal advice (consult legal counsel for legal questions)
Do not guarantee protection from cyber incidents, breaches, or regulatory penalties
Recommendations must be evaluated in context of client's specific environment

Digital Products Disclaimers:

Digital Products (templates, toolkits, assessments) are educational and informational tools:

Require customization for specific organizational contexts
Do not replace professional consulting or legal advice
Are provided as-is with no guarantee of specific results
User responsible for proper implementation and compliance verification

SocialCaution Disclaimers:

SocialCaution privacy persona and recommendations:

Are based on AI analysis of user-provided assessment responses
Provide general privacy guidance, not legal advice
Privacy Exposure Index based on publicly available information and may not reflect current service changes
User responsible for verifying privacy policy details with each service
Persona classifications are informational, not definitive privacy profiles

14.4 Results Disclaimer

Assessment results, risk scores, and recommendations are:

For informational and educational purposes only
Based on user-provided inputs and third-party data sources
Subject to interpretation and professional judgment
Not guaranteed to identify all vulnerabilities or risks
Not a substitute for comprehensive security assessments

14.5 Privacy-First Architecture Limitations

Due to Privacy-First Architecture:

ERMITS cannot verify the accuracy of locally-processed User Data
Users are responsible for data integrity and backup
ERMITS has limited ability to provide data recovery assistance
Encryption key loss results in permanent data inaccessibility

15. Limitation of Liability

15.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ERMITS LLC, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY:

Indirect, incidental, special, consequential, or punitive damages
Loss of profits, revenue, data, use, goodwill, or other intangible losses
Business interruption or lost business opportunities
Regulatory fines, penalties, or compliance costs
Cost of procurement of substitute services
Unauthorized access to or alteration of User Data
Results of security assessments or compliance evaluations
Reliance on advisory recommendations or strategic guidance

This limitation applies regardless of the legal theory (contract, tort, negligence, strict liability, or otherwise) and whether or not ERMITS was advised of the possibility of such damages.

15.2 Cap on Liability

ERMITS' TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR USE OF THE SERVICES SHALL NOT EXCEED THE GREATER OF:

$100 USD, or
The total amount paid by you to ERMITS in the 12 months preceding the claim

For Advisory Services: Total liability capped at fees paid for the specific advisory engagement giving rise to the claim.

15.3 Liability Allocation

The limitations in this section reflect the allocation of risk between the parties and the fees charged by ERMITS. The limitations will apply even if any remedy fails of its essential purpose.

15.4 Exceptions

The limitations in this section do not apply to:

ERMITS' indemnification obligations under Section 16.2
Claims arising from gross negligence or willful misconduct
Violations of intellectual property rights
Liabilities that cannot be limited under applicable law

15.5 Basis of the Bargain

You acknowledge and agree that ERMITS has offered the Services, set pricing, and entered into these Terms in reliance upon the disclaimers and limitations of liability set forth herein, and that these disclaimers and limitations are an essential basis of the bargain between the parties.

16. Indemnification

16.1 User Indemnification

You agree to indemnify, defend, and hold harmless ERMITS LLC, its affiliates, and their respective officers, directors, employees, agents, and licensors from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

Your use or misuse of the Services
Your User Data or processing of data through the Services
Your violation of these Terms or applicable laws
Your violation of third-party rights (including intellectual property or privacy rights)
Negligence or misconduct by you or your users
Regulatory compliance failures related to your use of the Services
Your interpretation or reliance on assessment results
Implementation of advisory recommendations (client retains decision authority)

16.2 ERMITS Indemnification

ERMITS agrees to indemnify, defend, and hold you harmless from third-party claims alleging that the Services infringe a valid U.S. patent, copyright, or trademark, provided that you:

Promptly notify ERMITS in writing of the claim
Grant ERMITS sole control of defense and settlement
Reasonably cooperate with ERMITS in the defense

ERMITS' obligations do not apply to claims arising from:

Modifications to the Services not made by ERMITS
Use of the Services in combination with non-ERMITS products
Use of the Services in violation of these Terms
Use of open-source components subject to their original licenses
User Data or third-party content

16.3 Exclusive Remedy

Section 16.2 states ERMITS' sole obligation and your exclusive remedy for intellectual property infringement claims.

16.4 Indemnification Process

The indemnified party must:

Provide prompt written notice of any claim
Allow the indemnifying party control of defense and settlement
Cooperate reasonably in the defense
Not admit fault or settle without prior written consent

17. Force Majeure

ERMITS shall not be liable for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to:

Acts of God (natural disasters, pandemics, epidemics)
War, terrorism, civil unrest, or government actions
Internet service provider failures or disruptions
Power outages or telecommunications failures
Cyberattacks, DDoS attacks, or security incidents
Labor disputes or strikes
Failures of third-party service providers

During force majeure events, ERMITS will use commercially reasonable efforts to minimize service disruptions and provide timely updates.

18. Service Level Commitments

18.1 Uptime Commitment

ERMITS targets 99.9% uptime for production Services (excluding Beta Products), calculated monthly. Uptime excludes:

Scheduled maintenance (announced 48 hours in advance)
Emergency maintenance for security or critical issues
Force majeure events
User error or misuse
Third-party service failures
Beta Products

18.2 Scheduled Maintenance

ERMITS may perform scheduled maintenance during low-usage windows. ERMITS will:

Provide 48 hours' advance notice for planned maintenance
Schedule maintenance during off-peak hours when possible
Minimize duration of service disruptions

18.3 SLA Credits

Detailed uptime guarantees, measurement methodologies, and SLA credits for Enterprise customers are set forth in the Service Level Agreement (Enterprise Policies).

18.4 Beta Product Exclusions

Beta Products are explicitly excluded from uptime commitments and SLA credits. ERMITS makes no guarantees regarding Beta Product availability, performance, or data integrity.

19. Modifications to Services and Terms

19.1 Service Modifications

ERMITS reserves the right to:

Modify, suspend, or discontinue Services at any time
Add or remove features or functionality
Change pricing with 30 days' notice for existing customers
Update technical requirements or system specifications

19.2 Terms Modifications

ERMITS may update these Terms periodically. For material changes:

ERMITS will provide 30 days' advance notice via email or in-app notification
Continued use after the effective date constitutes acceptance
If you do not agree to changes, you must discontinue use and may cancel your account

19.3 Non-Material Changes

For non-material changes (clarifications, typo corrections, formatting):

ERMITS will update the "Last Updated" date
Changes are effective immediately upon posting
Continued use constitutes acceptance

20. Governing Law and Dispute Resolution

20.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the District of Columbia, United States, without regard to conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

20.2 Jurisdiction and Venue

Subject to the arbitration provision below, any legal action or proceeding relating to these Terms shall be brought exclusively in the federal or state courts located in Washington, D.C. You consent to the personal jurisdiction of such courts and waive any objection to venue.

20.3 Binding Arbitration

Any dispute, controversy, or claim arising out of or relating to these Terms or the breach, termination, enforcement, interpretation, or validity thereof (collectively, "Disputes") shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules.

Arbitration Procedures:

Arbitration shall be conducted in Washington, D.C.
Arbitration shall be by a single arbitrator
Arbitrator shall apply District of Columbia law
Discovery shall be limited as determined by the arbitrator
Each party bears its own costs and fees
Arbitrator's decision is final and binding
Judgment may be entered in any court with jurisdiction

Exceptions to Arbitration:

The following may be brought in court without arbitration:

Claims seeking injunctive or equitable relief for intellectual property infringement
Small claims court actions within jurisdictional limits
Claims for violation of computer fraud and abuse statutes

Class Action Waiver:

YOU AND ERMITS AGREE THAT DISPUTES MUST BE BROUGHT ON AN INDIVIDUAL BASIS ONLY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, REPRESENTATIVE, OR COLLECTIVE PROCEEDING. CLASS ARBITRATIONS, CLASS ACTIONS, AND REPRESENTATIVE ACTIONS ARE NOT PERMITTED.

20.4 Opt-Out of Arbitration

You may opt out of the arbitration provision by sending written notice to ERMITS at legal@ermits.com within 30 days of first accepting these Terms. The notice must include your name, address, and a clear statement that you wish to opt out of arbitration. If you opt out, disputes will be resolved in court pursuant to Section 20.2.

21. General Provisions

21.1 Entire Agreement

These Terms, together with the Privacy Policy and any product-specific addendums, constitute the entire agreement between you and ERMITS regarding the Services and supersede all prior agreements, understandings, and communications.

For Advisory Services: Separate Statements of Work (SOW) or consulting agreements may supplement these Terms for specific engagements.

21.2 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

21.3 Waiver

The failure of ERMITS to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by an authorized representative of ERMITS.

21.4 Assignment

You may not assign or transfer these Terms or any rights hereunder without ERMITS' prior written consent. ERMITS may assign these Terms without restriction, including to any successor or acquirer. Any attempted assignment in violation of this provision is void.

21.5 No Third-Party Beneficiaries

These Terms are for the benefit of you and ERMITS only and are not intended to benefit or create any right or cause of action in any third party.

21.6 Notices

All notices under these Terms must be in writing and shall be deemed given:

When delivered personally or by confirmed delivery service
When sent by email to contact@ermits.com or legal@ermits.com (for notices to ERMITS)
When sent by email to your registered email address (for notices to you)

21.7 Export Controls

The Services and related technology may be subject to U.S. export control laws and regulations. You agree to comply with all applicable export and re-export restrictions and may not export or re-export the Services to prohibited countries, entities, or persons.

21.8 U.S. Government Rights

The Services are "commercial computer software" and "commercial computer software documentation" as defined in FAR 12.212 and DFARS 227.7202. U.S. Government rights are limited to those set forth in these Terms.

21.9 Independent Contractors

The parties are independent contractors. These Terms do not create a partnership, joint venture, agency, or employment relationship.

21.10 Survival

Provisions that by their nature should survive termination shall survive, including: data ownership, intellectual property, disclaimers, limitations of liability, indemnification, and dispute resolution.

Related Policies

E-Commerce Policies - Complete subscription, payment, refund, and cancellation terms

22. Contact Information

For questions, concerns, or notices regarding these Terms:

ERMITS LLC

Email: contact@ermits.com

Website: www.ermits.com

For technical support inquiries: contact@ermits.com

For privacy inquiries: privacy@ermits.com

For compliance and legal inquiries: legal@ermits.com

For advisory services inquiries: advisory@ermits.com

MASTER TERMS OF SERVICE