Terms of Service

These Terms of Service ("Terms") are a binding agreement between SmishAlert LLC ("SmishAlert", "we", "us", or "our") and you and, if you accept on behalf of an organization, that organization ("Customer"). By accessing or using our websites (including www.smishalert.ai, crm.smishalert.ai, and our web console), our iOS and Android mobile applications, our web console, our APIs, and any related services (collectively, the "Services"), you agree to these Terms. If you do not agree, do not use the Services.

If you sign a separate written agreement with us (for example, an order form or master subscription agreement) for an enterprise plan, that agreement controls to the extent it conflicts with these Terms.

1. The Services

SmishAlert provides messaging-layer and human exposure threat intelligence for organizations and consumers. This includes on-device and cloud-assisted analysis of reported messages (SMS, iMessage, WhatsApp, Slack, Microsoft Teams, email, and similar channels), machine-learning-based threat classification, educational threat explanations, campaign clustering and exposure scoring in the web console, smishing simulation programs (add-on), and integrations with common security tools (SIEM, SOAR, MDR, chat, webhooks, and optional identity/HRIS sources).

We may update, add, or remove features. We will not make changes that materially reduce the core functionality of a paid subscription during its then-current term.

2. Eligibility and Accounts

You must be at least 13 years old (16 in jurisdictions that set a higher minimum age for digital services) and have the legal capacity to enter into these Terms. Enterprise plans require authorized representatives of the Customer. You are responsible for the accuracy of the information you provide, for keeping your credentials confidential, for use of multi-factor authentication where available, and for all activity under your account.

3. Customers and End Users

If Customer makes the Services available to its employees, contractors, or other authorized individuals ("End Users"), Customer is responsible for: (a) all use of the Services by its End Users; (b) providing any notices and obtaining any consents required by law from its End Users; (c) configuring integrations, retention, roles, and simulation programs appropriately; and (d) responding to End User requests about Customer's data.

4. Acceptable Use

You agree not to, and not to permit anyone to:

• Use the Services for any illegal, infringing, harmful, deceptive, or unauthorized purpose.
• Circumvent or attempt to circumvent authentication, rate limits, tenant isolation, or other security or access controls.
• Probe, scan, or test the vulnerability of the Services except under a written authorization.
• Interfere with or disrupt the Services, including through denial-of-service, scraping at volume, or abusive automation.
• Resell, sublicense, white-label, or commercially exploit the Services except as expressly permitted by your plan or a separate written agreement.
• Use the Services to harass, defraud, or harm others, or to send unlawful communications.
• Send real malware, phishing payloads, credential harvesters, or other malicious content through our infrastructure.
• Reverse engineer, decompile, or attempt to extract source code, models, weights, prompts, or training data (except to the extent this restriction is unenforceable under applicable law).
• Use the Services, or outputs from the Services, to develop, train, or improve a competing AI model, detection engine, or threat intelligence product.
• Upload content that contains personal information you are not authorized to share, or that violates any third party's rights.

We may suspend or limit access to address suspected violations, protect the Services, or comply with law.

5. Customer Content and Data

"Customer Content" means data you or your End Users submit to the Services, including reported messages, screenshots, URLs, QR codes, metadata, notes, configuration, and integration payloads. As between you and us, you own Customer Content. You grant us a worldwide, non-exclusive, royalty-free license to host, process, transmit, display, and otherwise use Customer Content as needed to provide, secure, and improve the Services, to comply with law, and to generate aggregated and de-identified data that does not identify you or your organization.

You are responsible for the legality of Customer Content and for having the necessary rights and consents to provide it to us. You represent that Customer Content does not violate applicable law or these Terms.

6. AI Features

Parts of the Services use artificial intelligence, including large language models provided by third parties such as OpenAI and Anthropic, to extract information from reported messages, classify threats, generate educational assessments, suggest next steps, and produce simulation content. AI output is probabilistic and may be inaccurate, incomplete, or not current. You are responsible for independently reviewing AI output before relying on it, and the Services are not a substitute for professional judgment or legal, financial, medical, or security advice.

We do not permit our AI subprocessors to use Customer Content to train or improve their foundation models. We may use aggregated, de-identified signals derived from the Services to improve our own detection and platform.

As between the parties and to the extent permitted by law, we assign to you all rights we may have in the output generated by AI features specifically for your account from your prompts or inputs ("Output"). You acknowledge that AI systems may produce similar or identical output for different users; we cannot guarantee uniqueness or non-infringement of Output, and you are responsible for reviewing Output before using it.

7. Smishing Simulations

Smishing simulation programs are an organizational add-on. When a Customer enables simulations, the Customer is the sender of those simulated messages for legal purposes and is responsible for (a) ensuring it has a lawful basis to send simulated messages to its workforce in each jurisdiction, (b) providing any required notices to employees, (c) not using simulations to target consumers or the general public, and (d) complying with applicable laws including the US Telephone Consumer Protection Act (TCPA), CAN-SPAM, and local equivalents. We provide tooling; the Customer operates the program.

8. Subscriptions, Fees, and Billing

• Plans. Paid plans include iOS app subscriptions (starting at $4.99/month or $49.99/year in-app) and web subscriptions (starting at $7.99/month or $79.99/year per user), plus enterprise or partner plans; all are billed per the pricing and billing terms presented at purchase or on your order form.
• Auto-renewal. Subscriptions renew automatically for successive terms unless canceled in accordance with the plan or the App Store / Play Store rules for in-app purchases.
• Taxes. Fees are exclusive of taxes. You are responsible for applicable taxes except those based on our net income.
• Refunds. Consumer app subscriptions are subject to the refund policy of the App Store or Play Store. Enterprise fees are non-refundable except as expressly stated in your order form or required by law.
• Late payment. We may suspend the Services for past-due amounts after reasonable notice.
• Price changes. We may change prices for subsequent renewal terms with at least 30 days' prior notice.

9. Intellectual Property

The Services, including all software, models, content, designs, logos, and know-how, are owned by SmishAlert or its licensors and are protected by intellectual property and other laws. Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services during your subscription term for your internal business or personal purposes.

Feedback. If you send us suggestions, ideas, or feedback, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use it without obligation to you.

10. Third-Party Services and Integrations

The Services may interoperate with or include third-party services (for example, Apple, Google, cloud infrastructure, payment processors, SIEM/SOAR, chat, URL reputation, identity, and HRIS providers). Those services are governed by their own terms and privacy policies, and we are not responsible for them. If you enable an integration, you authorize us to exchange relevant data with it.

11. Beta and Preview Features

We may offer features labeled as beta, preview, experimental, or early access. These features are provided as-is, may be changed or discontinued at any time, and are excluded from any service-level or support commitments. Use them at your discretion.

12. Privacy and Security

Our Privacy Policy explains how we handle personal information. For enterprise Customers, our written data processing terms (DPA) govern our role as a processor for Customer personal data.

13. Export Controls and Sanctions

You may not use or export the Services in violation of US export laws or applicable sanctions. You represent that you are not located in, and are not a national or resident of, any country or territory subject to comprehensive US sanctions, and that you are not on any US government denied-party list.

14. Disclaimers

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE". WE DO NOT GUARANTEE THAT DETECTION WILL IDENTIFY ALL THREATS, THAT IT WILL NOT OCCASIONALLY FLAG BENIGN CONTENT, THAT CLASSIFICATIONS OR AI OUTPUT WILL BE ACCURATE OR CURRENT, OR THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE. THE SERVICES ARE NOT INTENDED TO BE A SOLE CONTROL FOR PREVENTING FRAUD, MALWARE, OR SOCIAL ENGINEERING. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED, AND STATUTORY, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

15. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATING TO THE SERVICES OR THESE TERMS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR TOTAL CUMULATIVE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICES OR THESE TERMS WILL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID US FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM AND (B) ONE HUNDRED US DOLLARS ($100). SOME JURISDICTIONS DO NOT ALLOW CERTAIN LIMITATIONS, IN WHICH CASE THE FOREGOING APPLIES TO THE EXTENT PERMITTED.

16. Indemnification

You agree to defend, indemnify, and hold harmless SmishAlert and its affiliates, officers, directors, employees, and agents from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your Customer Content; (b) your use of the Services in violation of these Terms or law; (c) your operation of simulation programs; or (d) your violation of any third-party right.

17. Term, Suspension, and Termination

These Terms start when you first use the Services and continue until terminated. You may stop using the Services at any time and delete your account. We may suspend or terminate your access if you materially breach these Terms, if required by law, or to protect the Services or other users. On termination, your right to use the Services ends, and we may delete your account and Customer Content after a reasonable wind-down period, except as required by law. Sections that by their nature should survive termination will survive (including IP, disclaimers, limitation of liability, indemnification, and dispute resolution).

18. Changes to the Terms

We may update these Terms from time to time. If we make material changes, we will notify you by email, in-app notification, or by posting a notice on our website. Changes are effective on the date stated in the update. Your continued use of the Services after the effective date means you accept the updated Terms. If you do not agree, stop using the Services.

19. Governing Law, Venue, and Dispute Resolution

These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Informal resolution first. Before filing a claim, each party agrees to try to resolve the dispute informally by contacting the other. If not resolved within 30 days, either party may proceed as set forth below.

Binding arbitration and class-action waiver (consumers). Except for claims that qualify for small-claims court and claims for injunctive relief for intellectual property or security violations, any dispute arising out of or relating to these Terms or the Services will be resolved by binding individual arbitration administered by a recognized arbitration provider (such as JAMS or AAA) under its applicable rules. The arbitration will take place in Delaware or another mutually agreed location, or by video hearing. You and SmishAlert waive the right to a jury trial and the right to participate in a class, collective, or representative action. If any part of this arbitration agreement is held unenforceable as to a particular claim, that claim will proceed in court, but the rest of this Section continues to apply.

Opt-out. You may opt out of the arbitration agreement by emailing support@smishalert.ai with the subject "Arbitration Opt-Out" within 30 days of first accepting these Terms.

Enterprise Customers. If you have a separate signed agreement with us, the dispute resolution terms of that agreement control and this Section does not apply.

Mandatory consumer protections. Nothing in these Terms waives rights you have under mandatory consumer protection laws in your jurisdiction.

20. Apple and Google App Store Terms

If you access the Services through the Apple App Store or Google Play, additional terms from those platforms apply. Apple and Google are not parties to these Terms and are not responsible for the Services; however, as a condition of those platforms, Apple and Google are third-party beneficiaries of these Terms with respect to the app distributed through their stores and may enforce these Terms against you to that extent.

21. Miscellaneous

• Entire agreement. These Terms, together with the Privacy Policy and any order form or DPA, are the entire agreement between the parties on this subject.
• No waiver. Our failure to enforce any right is not a waiver of that right.
• Severability. If any provision is held unenforceable, the rest remains in effect.
• Assignment. You may not assign these Terms without our consent. We may assign to an affiliate or successor in connection with a merger, acquisition, or sale of assets.
• Notices. Legal notices to us must be sent to support@smishalert.ai. We may provide notice to you by email, in-product messaging, or posting on our website.
• Force majeure. Neither party is liable for delays or failures due to causes beyond its reasonable control.
• Relationship. The parties are independent contractors. No agency, partnership, or joint venture is created.
• US government end users. The Services are "commercial computer software" and "commercial items" as defined in applicable federal acquisition regulations, licensed with only those rights granted to all other end users under these Terms.

22. Contact

For questions about these Terms, email support@smishalert.ai (fastest—monitored with Intercom and our knowledge base).