Terms of Service

3.1 Eligibility

You must be at least 18 years old and have the authority to bind your organization to these Terms.

3.2 Account Creation

• You agree to provide accurate, current, and complete information during registration
• You are responsible for maintaining the confidentiality of your account credentials
• You are responsible for all activities that occur under your account
• You must notify us immediately of any unauthorized use of your account

3.3 Organization Accounts

• One account per organization
• The account owner is responsible for all users within the organization
• You may designate multiple administrators with appropriate permissions

3.4 Customer Eligibility Review & Business Verification

Because CredentialFlow is used to deliver real employee credentials to real people, we are selective about who we allow on the platform. We reserve the right to verify the legitimacy of any organization that registers for or uses our Service.

As part of this review, we may:

• Screen your organization using third-party business verification services
• Review publicly available records (business registration, ownership, online presence)
• Request documentation to confirm your organization's legitimacy and intended use case
• Conduct this review at signup, at any point during your subscription, or upon material changes to your organization

We reserve the right to decline onboarding or terminate any account where we determine, in our sole discretion, that the organization:

• Does not appear to be a legitimate, legally registered business entity
• Is operating in violation of applicable laws or regulations
• Poses a risk to the integrity of our platform or to the security of other customers
• Cannot be reasonably verified through our standard screening process

We may not be able to disclose the specific reason for a denial or termination in all cases. If your account is terminated under this section, you will receive a pro-rated refund for any unused subscription period.

4.1 Permitted Use

You may use CredentialFlow for:

• Delivering initial access credentials to new employees
• Managing contractor and temporary worker credentials
• Secure credential delivery for legitimate business purposes
• Reasonable testing and development (in non-production environments)

4.3 Enforcement

We reserve the right to investigate violations and take appropriate action, including:

• Warning notices
• Temporary suspension of access
• Permanent termination of account
• Legal action if necessary

5.1 Plan Quotas & "Unlimited" Credential Deliveries

Pro plans include 300 credential deliveries and 300 Help Desk verifications per billing period. Enterprise plans include unlimited credential deliveries and Help Desk verifications, subject to the fair-use provisions below. "Unlimited" means reasonable use aligned with your organization size and typical hiring velocity.

5.2 Usage Thresholds

Pro subscribers may upgrade to Enterprise at any time for additional volume. We monitor Enterprise usage to ensure platform stability and fair access for all customers:

Typical usage: Most customers use 5-100 credential deliveries per month based on normal hiring patterns.

5.3 What Happens at the Pro Quota (300 / 300)?

1. You'll receive notification emails as you approach the quota (at 80% and 100%)
2. When you reach 300 deliveries or 300 verifications in a billing period, new deliveries or verifications of that type will be paused
3. Service resumes at the start of the next billing period, or immediately upon upgrade to Enterprise
4. All other platform features remain available

5.4 What Happens at the Enterprise Soft Limit?

1. Your service continues uninterrupted
2. We'll send a friendly email to check if you're experiencing high hiring volume
3. We may discuss custom volume pricing if sustained high usage is expected
4. No action required from you unless you expect continued high volume

5.6 Manual Overrides

We understand that hiring patterns vary (acquisitions, seasonal hiring, rapid growth). We're happy to approve higher limits for legitimate business needs. Contact [email protected] to discuss.

6.1 Subscription Plans

• Pro Plan: $399/month (or $299/month for founders pricing)
• Enterprise Plan: Custom pricing (contact sales)

6.2 Billing

• All plans are billed monthly in advance
• Payment is due on the subscription renewal date
• We accept major credit cards and ACH payments (Enterprise only)
• Failed payments may result in service suspension

6.3 Refunds

• Monthly subscriptions: No refunds for partial months
• Annual subscriptions: Pro-rated refunds available for remaining months
• First month: 30-day money-back guarantee (must request within 30 days of signup)

6.4 Price Changes

• We may change our prices with 30 days' notice
• Existing customers: Grandfathered pricing for 12 months from notice date
• Annual subscribers: Price locked for the subscription period

6.5 Taxes

You are responsible for any applicable taxes, duties, or government fees. Prices do not include taxes unless stated otherwise.

7.1 Your Data

• You retain all rights to your data
• We do not sell your data to third parties
• We use your data only as described in our Privacy Policy
• You may export your data at any time

7.2 Data Security

• We encrypt all data in transit (TLS 1.2+) and at rest (AES-256)
• We use industry-standard security practices
• We maintain SOC 2-aligned security controls
• We perform regular security audits

7.3 Data Retention

• Active credentials: Retained until retrieved or TTL expiration (typically 24-72 hours)
• Audit logs: Retained for 1 year (Pro) or 7 years (Enterprise)
• Employee PII: Automatically purged 24 hours after credential delivery
• Organization data: Retained for 30 days after account cancellation, then deleted

7.4 Subprocessors

We use the following third-party services:

• WorkOS: Authentication and encryption key management
• Amazon Web Services (AWS): Infrastructure and hosting
• Twilio: SMS delivery
• SendGrid: Email delivery

7.5 GDPR and CCPA Compliance

• You have the right to access, correct, or delete your personal data
• You have the right to data portability
• You have the right to opt-out of marketing communications
• Contact [email protected] for data requests

8.1 Our IP

The Service, including all content, features, and functionality, is owned by CredentialFlow, Inc. and is protected by copyright, trademark, and other intellectual property laws.

You may not:

• Copy, modify, or create derivative works of the Service
• Reverse engineer or decompile the Service
• Remove or alter any proprietary notices

8.2 Your IP

You retain all rights to your organization's data, branding, and content. By using the Service, you grant us a limited license to use your data solely for providing the Service.

8.3 Feedback

If you provide feedback, suggestions, or ideas, we may use them without any obligation to you.

9.1 Uptime SLA

• Pro Plan: 99.5% monthly uptime
• Enterprise Plan: 99.9% monthly uptime (with SLA credits)

9.2 Maintenance

We may perform scheduled maintenance with advance notice. Emergency maintenance may occur without notice.

Total Liability Cap

Our total liability for any claims related to the Service shall not exceed the amount you paid us in the 12 months preceding the claim.

Exclusions

We are not liable for:

• Indirect, incidental, special, or consequential damages
• Loss of profits, revenue, data, or business opportunities
• Damages resulting from your misuse of the Service
• Damages caused by third-party services (Twilio, SendGrid, AWS, etc.)
• Unauthorized access to your account
• Service interruptions beyond our control

Exceptions

Nothing in these Terms limits our liability for:

• Death or personal injury caused by our negligence
• Fraud or fraudulent misrepresentation
• Violations that cannot be limited by law

12.1 By You

You may cancel your subscription at any time from your account settings or by contacting support. Cancellation takes effect at the end of the current billing period.

12.2 By Us

We may suspend or terminate your account if:

• You violate these Terms
• You fail to pay fees when due
• Your account remains inactive for 12+ months
• Required by law or legal process
• We discontinue the Service (with 60 days' notice)
• Your organization does not meet our customer eligibility requirements (see Section 3.4)

12.3 Effect of Termination

Upon termination:

• Your access to the Service will end
• You will receive a final invoice for any outstanding fees
• Your data will be deleted after 30 days (request export before termination)
• Provisions that should survive (IP, liability, etc.) remain in effect

13.1 Notification

We may modify these Terms at any time. We will notify you of material changes by:

• Email to your account email address
• Notice in the Service dashboard
• Update to "Last Updated" date at the top of this document

13.2 Acceptance

Your continued use of the Service after changes constitutes acceptance of the new Terms. If you disagree with changes, you must stop using the Service.

14.1 Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.

14.2 Informal Resolution

Before filing a legal claim, you agree to contact us at [email protected] to attempt to resolve the dispute informally for at least 30 days.

14.3 Arbitration

If informal resolution fails, any disputes will be resolved through binding arbitration in accordance with the American Arbitration Association (AAA) rules.

Exceptions to arbitration:

• Small claims court (for claims under $10,000)
• Intellectual property disputes
• Injunctive relief

15.1 Entire Agreement

These Terms, along with our Privacy Policy, constitute the entire agreement between you and CredentialFlow, Inc.

15.2 Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions will remain in full effect.

15.3 Waiver

Our failure to enforce any right or provision does not constitute a waiver of that right or provision.

15.4 Assignment

You may not assign or transfer these Terms without our written consent. We may assign these Terms to any affiliate or successor.

15.5 Force Majeure

We are not liable for any delay or failure to perform due to causes beyond our reasonable control (natural disasters, war, pandemic, internet outages, etc.).

17.1 Enterprise Services

Enterprise customers may have additional terms in their Master Services Agreement (MSA) or Statement of Work (SOW). In case of conflict, the MSA/SOW takes precedence.

17.2 HIPAA Business Associate Agreement (BAA)

Enterprise customers requiring HIPAA compliance must execute a separate Business Associate Agreement. The BAA is available upon request for Enterprise plans only.

17.3 API Access

API access is subject to rate limits and fair use. Excessive API usage may result in throttling or suspension.

17.4 Beta Features

Beta features are provided "as-is" without warranties or SLA guarantees. We may modify or discontinue beta features at any time.