Terms of Service

These Terms of Service ("Terms," "Agreement") govern your use of HAYANALYSIS, a product of DCE Infosec LLC ("Company," "we," "us," or "our"). By accessing or using our services, you ("Customer," "you," or "your") agree to be bound by these Terms.

1. Acceptance of Terms

By accessing or using HAYANALYSIS, you represent and warrant that:

• You have read, understood, and agree to be bound by these Terms
• You have the legal authority to enter into this Agreement on behalf of yourself or your organization
• If accepting on behalf of an organization, you have authority to bind that organization
• You are at least 18 years of age
• Your use complies with all applicable laws and regulations

If you do not agree to these Terms, you may not access or use our services.

2. Description of Services

HAYANALYSIS is an AI-powered Security Information and Event Management (SIEM) platform that provides:

• Autonomous threat detection, investigation, and response capabilities
• AI-powered query generation, data analysis, and natural language processing
• Automated incident response, remediation, and workflow orchestration
• Integration with third-party security tools, databases, and AI services
• Real-time dashboards, reporting, and compliance documentation
• BYODb (Bring Your Own Database) connectivity
• Bring Your Own LLM integration capabilities

3. Deployment Options

HAYANALYSIS is available in multiple deployment configurations:

3.1 SaaS (Cloud-Hosted) Deployment

• Platform hosted and managed by DCE Infosec LLC on cloud infrastructure
• Tenant-separated architecture — your data and environment are isolated from other customers
• Option to connect your own databases (BYODb) or use managed storage
• Option to use our AI models or connect your own AI/LLM models
• We maintain infrastructure, security patches, updates, and availability SLAs
• Data residency options available (US, EU, APAC)

3.2 Self-Hosted (On-Premise/Private Cloud) Deployment

• Platform deployed within your infrastructure (on-premise, AWS, Azure, GCP, private cloud)
• Complete control over all data, processing, security configurations, and access
• Use your own databases and AI/LLM models exclusively
• You are responsible for infrastructure, maintenance, security patches, and updates
• Software license terms govern usage rights
• Air-gapped deployment available for disconnected environments

3.3 Hybrid Deployment

• Combination of SaaS and self-hosted components based on your requirements
• Flexible data residency with control plane in cloud and data plane on-premise
• Terms for each component apply respectively based on deployment location

4. Customer Data Ownership

You retain all ownership rights to your data.

• Your Data: All security logs, event data, configurations, detection rules, and content you provide or generate remain your property.
• Limited License: You grant us a limited, non-exclusive license to host, process, and transmit your data solely to provide and improve the services.
• No Other Use: We will not use your data for any purpose other than providing services, except as required by law.
• No AI Training: We do NOT use your data to train, improve, or develop AI/ML models for ourselves or third parties.
• No Cross-Tenant Sharing: Your data is never shared, aggregated, or combined with other customers' data.
• Self-Hosted: For self-hosted deployments, we have no access to your data unless you explicitly grant support access.

5. Tenant Separation (SaaS Deployments)

For SaaS deployments, we implement and guarantee:

• Logical Isolation: Unique tenant identifiers and access controls at every layer
• Cryptographic Separation: Dedicated encryption keys per tenant via HSM-backed KMS
• Network Isolation: VPC segmentation and security groups preventing cross-tenant network access
• Compute Isolation: Isolated processing environments (containers/pods) per tenant
• Storage Isolation: Tenant data stored in logically separated storage with dedicated encryption
• No Cross-Tenant Access: Technical controls prevent any cross-tenant data visibility or access
• Audit Logging: All access logged with tenant context for compliance and security review

6. Account Registration and Security

• You must provide accurate, current, and complete information when creating an account
• You must maintain and promptly update your account information
• You are responsible for maintaining the confidentiality of your account credentials
• You must use strong passwords and enable multi-factor authentication (MFA) when available
• You must notify us immediately of any unauthorized access or security breach
• You are responsible for all activities that occur under your account
• We reserve the right to suspend accounts with suspected security compromises

7. BYODb (Bring Your Own Database)

Our BYODb architecture allows you to connect your own databases:

• Data Ownership: You retain full ownership and control of all data in your databases
• No Data Storage: We query your databases in real-time and process data in memory only — we do not store, cache, or retain your security data
• Query Authorization: You grant us permission to execute read queries against your databases as necessary to provide services
• Your Responsibilities:
  • Database security, access controls, and authentication
  • Backup, disaster recovery, and data retention
  • Network connectivity and firewall rules
  • Providing appropriate database permissions (least privilege recommended)
  • Compliance with applicable data protection laws
• Credential Security: Database credentials are encrypted at rest using HSM-backed keys, never logged, and accessed only as needed
• Supported Databases: PostgreSQL, MySQL, OpenSearch, Elasticsearch, Snowflake, BigQuery, MongoDB, Splunk, Databricks, and others as documented

8. Bring Your Own AI/LLM

You may connect your own AI and Large Language Model services:

• Supported Integrations: Azure OpenAI, AWS Bedrock, Google Vertex AI, OpenAI API, Anthropic, self-hosted models (Ollama, vLLM, etc.), and OpenAI-compatible APIs
• Data Flow: When using your own AI models, all prompts and responses flow directly between HAYANALYSIS and your AI service — we do NOT intercept, log, or store this data
• Your Responsibilities:
  • Your AI service agreements, terms of service, and acceptable use policies
  • Usage costs, billing, and rate limits with your AI provider
  • Proper configuration and security of your AI integrations
  • Compliance with your AI provider's data handling requirements
  • Validating AI outputs before taking action
• Service Degradation: If your AI service is unavailable, affected AI-powered features may be degraded or unavailable
• No AI Training: Neither we nor your AI provider (subject to their terms) should train on your data — verify with your provider

9. Acceptable Use Policy

You agree to use the services only for lawful purposes. You shall NOT:

• Use the services for any unlawful, harmful, or fraudulent purpose
• Violate any applicable laws, regulations, or third-party rights
• Attempt to gain unauthorized access to any systems, networks, or data
• Interfere with, disrupt, or attempt to compromise the integrity of our services
• Transmit malware, viruses, ransomware, or other harmful code
• Reverse engineer, decompile, disassemble, or attempt to derive source code
• Copy, modify, or create derivative works of our software without authorization
• Resell, sublicense, or redistribute our services without written authorization
• Use the services to harm, threaten, defame, or harass any person or entity
• Attempt to access other tenants' data, systems, or environments
• Circumvent or disable any security features or access controls
• Use the services to send spam, phishing, or unsolicited communications
• Benchmark or conduct performance testing without prior written consent
• Use the services in violation of export control laws or sanctions

Violation of this policy may result in immediate suspension or termination of your account.

10. Fees, Payment, and Taxes

• Pricing: Fees are as specified in your Order Form or as displayed on our pricing page
• Payment Terms: SaaS subscriptions are billed in advance (monthly or annually). Self-hosted licenses are billed per your license agreement.
• Payment Method: Payment is due via credit card, ACH, or wire transfer as agreed
• Late Payment: Late payments accrue interest at 1.5% per month or the maximum legal rate
• Suspension: We may suspend services for accounts 30+ days past due
• Taxes: Fees are exclusive of taxes. You are responsible for all applicable taxes (sales, use, VAT, GST) except taxes on our income
• Price Changes: We may change pricing with 30 days' advance notice. Price changes apply at your next renewal.
• Refunds: Fees are generally non-refundable except as required by law or stated in our guarantee

11. Our Guarantee

We offer a risk-free engagement:

• Free Deployment: Deployment, integration, and onboarding are provided at no charge
• Value-Based Billing: You do not pay until we demonstrate measurable value and ROI
• Measurement: We will provide metrics showing hours saved, alerts reduced, and automation achieved
• Specific Terms: Detailed guarantee terms are outlined in your Service Agreement or Order Form
• Applicability: This guarantee applies to both SaaS and self-hosted deployments
• Good Faith: Both parties agree to engage in good faith during the evaluation period

12. Service Level Agreement (SaaS)

For SaaS deployments, we commit to:

• Uptime: 99.9% monthly uptime for the platform (excluding scheduled maintenance)
• Scheduled Maintenance: Communicated at least 48 hours in advance when possible, performed during low-usage windows
• Emergency Maintenance: May occur without notice for critical security issues
• Credits: Service credits for downtime exceeding SLA (see SLA addendum for details)
• Exclusions: SLA does not apply to downtime caused by: (a) your systems or third-party services, (b) force majeure events, (c) your breach of these Terms, (d) scheduled maintenance
• Status Page: Real-time service status available at status.hayanalysis.com

13. Support

• Standard Support: Email and chat support during business hours (9am-6pm ET, M-F)
• Premium Support: 24/7 support, dedicated account manager, SLA guarantees (Enterprise plans)
• Self-Hosted Support: Support is provided according to your support agreement; response times may vary
• Documentation: Self-service documentation, knowledge base, and API reference available online
• Community: Community forums and resources available to all customers

14. Intellectual Property

• Our IP: HAYANALYSIS, including all software, algorithms, user interface, documentation, and trademarks, is owned by DCE Infosec LLC and protected by intellectual property laws
• Your IP: You retain ownership of your data, content, custom detection rules, and configurations you create
• License to You: We grant you a limited, non-exclusive, non-transferable, revocable license to use our services during your subscription term for your internal business purposes
• License to Us: You grant us a limited license to host, process, and display your data solely to provide and improve the services
• Feedback: If you provide feedback or suggestions, we may use them without obligation to you
• Restrictions: You may not copy, modify, distribute, sell, or lease any part of our services without authorization

15. Confidentiality

• Definition: "Confidential Information" means non-public information designated as confidential or that should reasonably be understood to be confidential
• Obligations: Each party agrees to: (a) protect Confidential Information using reasonable care, (b) use it only for purposes of this Agreement, (c) not disclose it to third parties without consent
• Exclusions: Confidential Information does not include information that: (a) is or becomes public, (b) was known prior to disclosure, (c) is received from a third party without restriction, (d) is independently developed
• Required Disclosure: Disclosure may be made if required by law, provided the disclosing party gives notice when legally permitted
• Duration: Confidentiality obligations survive termination for 3 years (or indefinitely for trade secrets)

16. Third-Party Services

Our services integrate with third-party tools, databases, and AI services. You acknowledge:

• Third-party services are governed by their own terms, policies, and SLAs
• We are not responsible for third-party service availability, performance, or security
• You are responsible for obtaining necessary licenses and agreements with third parties
• You are responsible for compliance with third-party acceptable use policies
• Changes to third-party APIs may affect functionality — we will make reasonable efforts to maintain compatibility
• We may add, modify, or remove third-party integrations with notice

17. Data Portability and Export

• BYODb: Your data is already in your infrastructure — full portability is inherent
• SaaS Data Export: You may export your data at any time through provided tools and APIs
• Configuration Export: Detection rules, workflows, dashboards, and configurations can be exported in standard formats (JSON, YAML)
• No Lock-In: We do not impose proprietary formats that prevent data portability
• Termination Export: Upon termination, you will have 30 days to export your data before deletion
• Assistance: We will provide reasonable assistance with data export upon request

18. Warranty Disclaimer

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND
• WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ACCURACY
• WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE
• WE DO NOT WARRANT THAT THE SERVICES WILL DETECT OR PREVENT ALL SECURITY THREATS
• WE DO NOT WARRANT THE ACCURACY OR COMPLETENESS OF AI-GENERATED OUTPUTS
• ANY RELIANCE ON THE SERVICES IS AT YOUR OWN RISK

19. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• Liability Cap: Our total aggregate liability shall not exceed the fees paid by you in the 12 months preceding the claim (or $100 if no fees paid)
• Exclusion of Damages: We are NOT liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including:
  • Loss of profits, revenue, goodwill, or anticipated savings
  • Loss of data, use, or business interruption
  • Cost of substitute services
  • Security breaches or incidents
• Third-Party Liability: We are not liable for issues arising from your connected databases, AI services, or third-party integrations
• AI Outputs: We are not liable for decisions or actions taken based on AI-generated recommendations or outputs
• Self-Hosted: For self-hosted deployments, we are not liable for issues arising from your infrastructure, configuration, or maintenance

These limitations apply regardless of the theory of liability (contract, tort, negligence, strict liability, or otherwise) and even if we have been advised of the possibility of such damages.

20. Indemnification

20.1 Your Indemnification

You agree to indemnify, defend, and hold harmless DCE Infosec LLC and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

• Your use of the services
• Your violation of these Terms or any applicable law
• Your violation of any third-party rights
• Your content, data, or materials
• Actions taken by your configured AI/LLM integrations
• Data stored in or accessed from your connected databases
• Security of your self-hosted deployment or infrastructure
• Your employees' or agents' actions using the services

20.2 Our Indemnification

We will indemnify you against third-party claims alleging that the services (as provided by us) infringe a valid patent, copyright, or trademark, provided you:

• Notify us promptly of the claim
• Give us sole control of the defense and settlement
• Provide reasonable assistance at our expense

We may, at our option: (a) obtain the right for you to continue using the services, (b) modify the services to be non-infringing, or (c) terminate the services and refund prepaid fees. This is your exclusive remedy for IP infringement claims.

21. Term and Termination

• Term: These Terms are effective until terminated. Subscriptions auto-renew unless cancelled.
• Termination by You: You may terminate at any time by providing 30 days' notice. No refunds for partial periods.
• Termination by Us: We may terminate or suspend your account immediately for:
  • Violation of these Terms or Acceptable Use Policy
  • Non-payment after notice and cure period
  • Conduct that harms us, other customers, or third parties
  • Legal or regulatory requirements
• Effect of Termination: Upon termination:
  • Your right to use the services ceases immediately
  • You must pay any outstanding fees
  • For SaaS: You have 30 days to export your data before deletion
  • For Self-Hosted: License terminates per your agreement; you must cease use and destroy copies
• Survival: Sections regarding IP, confidentiality, limitation of liability, indemnification, and dispute resolution survive termination

22. Force Majeure

Neither party shall be liable for failure or delay in performance due to causes beyond reasonable control, including:

• Acts of God, natural disasters, pandemics, or epidemics
• War, terrorism, civil unrest, or government actions
• Internet or telecommunications failures not caused by us
• Third-party service provider outages
• Cyberattacks, DDoS attacks, or other malicious activities

The affected party must notify the other party promptly and make reasonable efforts to mitigate the impact.

23. Export Compliance

You agree to comply with all applicable export control laws, sanctions, and regulations, including:

• US Export Administration Regulations (EAR)
• US Office of Foreign Assets Control (OFAC) sanctions
• Applicable EU, UK, and other export control laws

You represent that you are not located in, or a national of, any embargoed country, and are not on any restricted party list.

24. Dispute Resolution and Arbitration

24.1 Informal Resolution

Before filing a formal dispute, you agree to contact us at legal@hayanalysis.com to attempt informal resolution for at least 30 days.

24.2 Binding Arbitration

Any dispute not resolved informally shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. Arbitration will be conducted in Wilmington, Delaware, or remotely as agreed.

24.3 Class Action Waiver

YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

24.4 Exceptions

Either party may seek injunctive relief in any court of competent jurisdiction for intellectual property infringement or confidentiality breaches.

25. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

26. General Provisions

• Entire Agreement: These Terms, together with any Order Forms and policies referenced herein, constitute the entire agreement between the parties
• Amendments: We may modify these Terms with 30 days' notice. Continued use constitutes acceptance.
• Severability: If any provision is held invalid, the remaining provisions remain in effect
• Waiver: Failure to enforce any provision does not waive future enforcement
• Assignment: You may not assign these Terms without our consent. We may assign to affiliates or successors.
• Notices: Notices to you will be sent to your account email. Notices to us should be sent to legal@hayanalysis.com.
• Relationship: The parties are independent contractors, not partners, joint venturers, or agents
• Third-Party Beneficiaries: There are no third-party beneficiaries to these Terms
• Headings: Section headings are for convenience only and have no legal effect

27. Contact Information

DCE Infosec LLC
Legal Department
Email: legal@hayanalysis.com
Website: www.hayanalysis.com