Terms of Service

These Terms of Service ("Terms") govern access to and use of the websites, applications, APIs, dashboards, command centers, signal feeds, investigations, reports, automations, connectors, support services, pilots, implementation services, documentation, and related offerings provided by Vistoa, Inc. ("Vistoa," "we," "us," or "our") (collectively, the "Services").

By accessing or using the Services, creating an account, accepting an invitation, signing an order form, connecting a source, or using any Vistoa-hosted workspace, you agree to these Terms. If you use the Services on behalf of a company or other organization, you represent that you have authority to bind that organization, and "Customer" or "you" refers to that organization.

If you do not agree to these Terms, you may not access or use the Services. A separate written agreement signed by Vistoa controls if it expressly conflicts with these Terms.

Customers may purchase or access the Services through an order form, statement of work, pilot agreement, services agreement, marketplace listing, invoice, online checkout, or other ordering document accepted by Vistoa (each, an "Order"). Each Order may specify the subscription, modules, usage limits, implementation scope, fees, billing terms, support expectations, pilot period, renewal terms, tenant, authorized users, or special conditions.

If there is a conflict, the following order of precedence applies unless the relevant document states otherwise: first, a signed master services agreement or equivalent written agreement; second, a signed data processing, security, or other legal addendum; third, the applicable Order; fourth, these Terms; and fifth, documentation, public website language, or product descriptions.

Product pages, demos, beta previews, roadmap statements, marketing materials, and verbal discussions are not binding commitments unless included in a signed Order or written agreement.

The Services are intended for business use by organizations and authorized representatives who are at least 18 years old. You may not use the Services if you are barred from doing so under applicable law or if we previously suspended or terminated your access for cause.

If you accept these Terms for an organization, you represent and warrant that you are authorized to do so, that all registration information is accurate, and that you will keep account, billing, tenant, and administrative information current.

Customers are responsible for managing authorized users, roles, permissions, SSO settings, directory-sync configuration, connector permissions, workflow assignments, report recipients, API keys, and other access controls within their tenant. Customers are responsible for all activity under their accounts and credentials, except to the extent caused by Vistoa's breach of these Terms.

You must keep credentials, sessions, API keys, webhook secrets, OAuth grants, and administrative access secure. You must promptly notify Vistoa of suspected unauthorized access, credential compromise, account misuse, or security incidents involving the Services.

Vistoa may require reasonable identity, authorization, or ownership verification before granting access, changing tenant administrators, restoring accounts, exporting data, or acting on support requests.

Vistoa provides a data intelligence platform that can ingest, normalize, search, score, rank, cite, summarize, report on, and route operational signals from customer-authorized systems and public or third-party sources. The Services may include command-center views, signal feeds, investigations, alerts, dashboards, connectors, webhooks, reports, automations, approval workflows, AI-assisted drafting, and support or implementation services.

Pilots, proofs of concept, evaluation access, sandbox features, previews, and beta functionality may be limited, experimental, or subject to additional terms. Beta features may be modified, suspended, or discontinued at any time and may not be appropriate for production decisions unless Vistoa expressly states otherwise in a signed Order.

We may improve, modify, replace, or discontinue features as the Services evolve. We will not materially reduce a paid customer's purchased core functionality during an active Order without providing commercially reasonable notice or an appropriate transition path, unless the change is required for security, legal compliance, provider-policy compliance, or urgent operational reasons.

Subject to these Terms and any applicable Order, Vistoa grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable right during the applicable term to access and use the Services for Customer's internal business operations and authorized external workflows expressly permitted by the applicable Order.

You may not, and may not allow others to:

• Reverse engineer, decompile, disassemble, copy, frame, scrape, or attempt to derive source code, non-public APIs, models, prompts, scoring logic, security controls, or underlying platform architecture, except where law prohibits this restriction.
• Resell, rent, lease, sublicense, white-label, timeshare, or provide the Services to third parties except as expressly allowed in an Order.
• Circumvent usage limits, rate limits, tenant boundaries, authentication, authorization, audit controls, paywalls, security controls, or provider restrictions.
• Upload malware, exploit code, unlawful content, infringing content, or data you do not have the right to process through the Services.
• Use the Services to make automated decisions with legal or similarly significant effects about individuals without appropriate human review, notices, rights mechanisms, and legal authorization.
• Benchmark, publish performance comparisons, or disclose non-public Service results without Vistoa's prior written consent.
• Use the Services to build or train a competing product or to extract Vistoa's non-public product design, scoring approach, prompts, workflows, or user experience.

Customer retains all rights in Customer Content. Customer grants Vistoa a worldwide, non-exclusive right to host, access, use, process, transmit, copy, display, transform, create embeddings from, index, analyze, summarize, and otherwise process Customer Content as necessary to provide, secure, support, improve, and administer the Services and as otherwise permitted by the applicable agreement.

Customer represents and warrants that it has all rights, permissions, consents, notices, and legal bases necessary to submit Customer Content, connect sources, import records, process Personal Information, run searches, create reports, send webhooks, export outputs, and allow Vistoa to process Customer Content under these Terms.

Customer is responsible for source-system permissions, provider terms, rate limits, retention rules, deletion requirements, export controls, intellectual-property restrictions, confidentiality obligations, privacy notices, and any other obligations governing the data Customer connects to Vistoa.

The Services may use AI systems, embeddings, semantic search, model providers, AI gateways, ranking systems, or statistical methods to extract, normalize, classify, score, summarize, draft, recommend, or explain information. AI-assisted outputs may be incomplete, inaccurate, stale, biased, or inappropriate for a particular use without review.

Vistoa is designed to preserve source evidence, timestamps, drivers, confidence indicators, approval states, and audit context where supported by the relevant feature. Customer remains responsible for validating outputs, reviewing evidence, applying professional judgment, and deciding whether to act.

The Services do not provide legal, financial, tax, employment, medical, regulatory, or other professional advice. Customer must not rely on the Services as a substitute for qualified professional review or as the sole basis for legally significant decisions.

The Services may interoperate with third-party products, APIs, websites, models, databases, marketplaces, identity providers, communication systems, analytics systems, document systems, CRM systems, billing systems, support systems, accounting systems, RSS feeds, and other sources. Third-party services are governed by their own terms and privacy policies, not these Terms.

Vistoa is not responsible for third-party services, third-party content, provider outages, provider policy changes, provider rate limits, loss of provider access, data made unavailable by a provider, or Customer's failure to comply with provider terms. Vistoa may suspend or modify integrations to comply with provider requirements, protect security, prevent misuse, or preserve platform stability.

APIs, exports, webhooks, background jobs, sync routes, and automated workflows may be subject to quotas, rate limits, concurrency limits, payload limits, entitlement limits, fair-use rules, provider restrictions, and technical constraints. Vistoa may enforce or modify these limits to preserve security, reliability, cost control, provider compliance, and equitable platform access.

Customer is responsible for systems that receive exports, webhooks, reports, alerts, or API responses from Vistoa. Customer must protect exported data, validate received payloads, secure downstream systems, and ensure that onward use complies with law, provider requirements, and Customer's own obligations.

Fees, billing frequency, taxes, payment method, renewal terms, usage-based charges, overages, pilot charges, and implementation fees are specified in the applicable Order or invoice. Unless the Order states otherwise, fees are non-refundable and payable in US dollars.

Customer must provide complete and accurate billing, tax, purchase order, and procurement information. Late amounts may result in suspension, interest, collection costs, or termination as permitted by law and the applicable Order. Customer is responsible for taxes other than taxes based on Vistoa's net income.

If Customer requires purchase orders, vendor portals, security reviews, or procurement workflows, Customer remains responsible for making payment by the due date unless Vistoa expressly agrees in writing to different payment timing.

"Confidential Information" means non-public information disclosed by one party to the other that is marked confidential or should reasonably be understood as confidential given its nature and the circumstances of disclosure. Confidential Information includes Customer Content, non-public product information, security information, pricing, technical architecture, credentials, business plans, roadmap information, and implementation materials.

The receiving party will use Confidential Information only to perform or receive the Services, protect it using reasonable care, and not disclose it except to personnel, affiliates, contractors, advisers, service providers, or legal authorities who have a need to know and are bound by confidentiality or legal obligations. These obligations do not apply to information that is publicly available without breach, already known without restriction, independently developed without use of Confidential Information, or rightfully received from a third party without restriction.

Vistoa and its licensors retain all rights, title, and interest in the Services, software, designs, interfaces, workflows, models, prompts, templates, documentation, scoring logic, indexes, connectors, analytics, know-how, inventions, and other technology, excluding Customer Content. No rights are granted except as expressly stated in these Terms or an Order.

Customer may provide feedback, ideas, suggestions, requests, or recommendations. Vistoa may use feedback without restriction or obligation, provided that Vistoa does not disclose Customer's Confidential Information in violation of these Terms.

Vistoa may use aggregated, anonymized, or de-identified information derived from Service operations to analyze, operate, benchmark, secure, and improve the Services, provided it does not identify Customer or any individual.

Vistoa processes Personal Information as described in the Vistoa Privacy Policy and any applicable signed data protection terms. Customer is responsible for its own privacy notices, legal bases, consents, data subject request processes, source-provider permissions, and compliance obligations for Customer Content.

Vistoa maintains technical and organizational safeguards designed to protect Customer Content. Customer is responsible for configuring the Services in a secure manner, managing access, reviewing connected sources, enforcing least privilege, and using available controls appropriately.

Unless separately agreed in writing, the Services are not designed for regulated medical records, consumer credit eligibility decisions, payment-card storage, classified information, nuclear facilities, emergency services, life-safety systems, or other high-risk use cases where failure could lead to death, personal injury, or severe environmental or property damage.

Support obligations, uptime commitments, incident-response commitments, implementation scope, and service levels apply only if included in a signed Order or written agreement. Otherwise, Vistoa provides commercially reasonable support and may prioritize requests based on severity, customer plan, security impact, and operational urgency.

The Services may be unavailable or degraded due to maintenance, deployments, incidents, network failures, third-party outages, provider limits, force majeure events, security measures, or other causes. Vistoa may monitor, throttle, suspend, or restrict workloads that threaten the security, reliability, cost profile, or stability of the Services.

Vistoa may suspend access immediately if Customer or an authorized user violates these Terms, fails to pay undisputed amounts, creates a security risk, uses the Services unlawfully, infringes third-party rights, threatens platform stability, violates provider requirements, or exposes Vistoa or others to legal or operational risk.

Either party may terminate as stated in an applicable Order. Upon termination or expiration, Customer's right to use the Services ends. Vistoa may make Customer Content available for export for a reasonable period if commercially and technically feasible and then delete or make it inaccessible according to the applicable agreement, retention schedule, and legal obligations.

Terms that by their nature should survive termination will survive, including payment obligations, confidentiality, intellectual property, disclaimers, limitations of liability, indemnity, governing law, and dispute provisions.

EXCEPT AS EXPRESSLY STATED IN A SIGNED WRITTEN AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, VISTOA DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, QUIET ENJOYMENT, AND AVAILABILITY.

Vistoa does not warrant that the Services will be uninterrupted, error-free, secure, accurate, complete, current, free from harmful components, compatible with all systems, or suitable for any particular business outcome. Vistoa does not guarantee that signals, scores, summaries, reports, forecasts, recommendations, or AI outputs will identify every relevant event or prevent loss.

Customer will defend, indemnify, and hold harmless Vistoa, its affiliates, officers, directors, employees, contractors, agents, and licensors from and against claims, damages, liabilities, losses, costs, and expenses, including reasonable attorneys' fees, arising from or relating to Customer Content, Customer's connected sources, Customer's breach of these Terms, Customer's violation of law, Customer's misuse of the Services, or Customer's violation of third-party rights or provider terms.

Vistoa will promptly notify Customer of any indemnified claim for which it seeks indemnity, allow Customer to control the defense where legally and commercially reasonable, and reasonably cooperate at Customer's expense. Customer may not settle a claim in a manner that admits fault by Vistoa, imposes obligations on Vistoa, or restricts Vistoa's business without Vistoa's prior written consent.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, COVER, BUSINESS INTERRUPTION, LOST PROFIT, LOST REVENUE, LOST GOODWILL, LOST DATA, OR PROCUREMENT-OF-SUBSTITUTE-SERVICES DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF THOSE DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, VISTOA'S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THE SERVICES OR THESE TERMS WILL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO VISTOA FOR THE SERVICES GIVING RISE TO THE CLAIM IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO LIABILITY, OR 100 US DOLLARS IF NO AMOUNTS WERE PAID.

These limitations apply regardless of the legal theory, including contract, tort, negligence, strict liability, warranty, statute, or otherwise. Some jurisdictions do not allow certain limitations, so some limitations may not apply to the extent prohibited by law.

Customer must comply with all applicable export-control, sanctions, anti-corruption, anti-bribery, anti-money-laundering, and trade compliance laws. Customer may not use the Services in violation of US sanctions, export restrictions, embargoes, or denied-party rules.

Customer may not use the Services for unlawful surveillance, harassment, discrimination, weapons targeting, biometric identification without required legal authority, high-risk automated decisions without required safeguards, or any use that would violate applicable law or rights of others.

These Terms and any dispute arising out of or relating to them or the Services are governed by the laws of the State of Ohio, without regard to conflict-of-law principles. The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in Franklin County, Ohio, for any dispute not subject to a separate written dispute-resolution provision.

Each party waives objection to personal jurisdiction, venue, and inconvenient forum in those courts. Either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect intellectual property, confidential information, security, or unauthorized access.

Notices to Vistoa under these Terms must be sent to legal@vistoa.com unless a signed agreement specifies a different notice method. Notices to Customer may be sent to the account owner, billing contact, administrator, email address, workspace notice surface, or other contact information associated with Customer's account.

Vistoa may update these Terms from time to time. The "Last updated" date identifies the latest version. If we make material changes, we may provide notice through the Services, by email, by posting an update, or as otherwise required by law. Updates apply prospectively unless required by law or expressly stated otherwise.

Continued use of the Services after updated Terms become effective constitutes acceptance of the updated Terms. If you do not agree to the updated Terms, you must stop using the Services and, if applicable, terminate according to the relevant Order.