Legal

Terms of Service

Effective: January 1, 2026 | Last Updated: January 1, 2026 | Version 1.0

Thank you for choosing Patchly AI! These terms of service (the "Terms") govern your access to and use of the websites, platform, software, and services (the "Services") provided by Patchly AI Corp ("Patchly," "we," or "our"), a Delaware corporation. Please read them carefully before using the Services.

By using the Services you agree to be bound by these Terms. If you are using the Services on behalf of an organization, you are agreeing to these Terms for that organization and confirming that you have the authority to bind that organization. In that case, "you" and "your" refer to that organization.

If you have entered into a separate Master Services Agreement or Enterprise Agreement with Patchly, that agreement controls to the extent it conflicts with these Terms.

Your Data & Your Privacy

By using our Services you provide us with information, configuration data, vulnerability scan results, patch deployment records, system metadata, and other content you submit to Patchly (together, "Your Data"). You retain full ownership of Your Data. We don't claim any ownership of it. These Terms do not grant us any rights to Your Data or intellectual property except for the limited rights needed to run the Services, as explained below.

We need your permission to do things you ask us to do with Your Data — for example, processing vulnerability information through our Patch Veracity engine, generating risk assessments, producing reports, or displaying dashboards. This includes product features visible to you (such as patch confidence scores, deployment analytics, and remediation guidance) and design choices we make to technically administer our Services (such as how we redundantly back up data to keep it safe).

You give us the permissions we need to do those things solely to provide the Services. This permission also extends to trusted third parties we work with to provide the Services, for example cloud infrastructure providers — and again, only to provide the Services.

How We Use Data for AI and Analytics

Our Services include AI-powered features such as Patch Veracity scoring and remediation recommendations. To provide these features, we process Your Data using machine learning models. Here's what you need to know:

  • We do not use Your Data to train general-purpose AI models that benefit other customers, unless you explicitly opt in to a data-sharing program.
  • Aggregated and de-identified data (which cannot reasonably identify you or your organization) may be used to improve our models, benchmarks, and threat intelligence — for example, understanding patch failure rates across Microsoft ecosystems.
  • You can opt out of aggregated data contributions at any time through your account settings or by contacting us.
  • AI-generated outputs (such as risk scores and remediation suggestions) are informational and should be reviewed by qualified personnel before action. We do not guarantee their accuracy.

To be clear: aside from the limited exceptions identified in our Privacy Policy, we will not share Your Data with others — including law enforcement — for any purpose unless you direct us to or we are compelled by valid legal process. How we collect and use your information is further explained in our Privacy Policy.

Data Processing & International Transfers

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, our processing of your personal data is governed by our Data Processing Addendum (DPA), which forms part of these Terms. We rely on Standard Contractual Clauses, adequacy decisions, and other lawful transfer mechanisms for international data transfers.

If applicable law requires us to process personal data as a "processor" on your behalf (for example, under GDPR), we will do so only in accordance with your documented instructions and our DPA.

Sharing Your Data

The Services may include features that allow you to share reports, dashboards, or other outputs with others within or outside your organization. Please consider carefully what you choose to share. Patchly has no responsibility for what recipients do with shared content.

Your Responsibilities

You are responsible for your conduct, the systems you connect to the Services, and the accuracy of information you provide. Specifically:

  • You must have appropriate authorization to connect systems, networks, and endpoints to the Services.
  • You must not use the Services to scan, test, or assess systems you do not own or have explicit permission to assess.
  • You are responsible for maintaining and protecting backups of Your Data. Patchly will not be liable for any loss or corruption of Your Data.
  • You must keep your contact and billing information current.
  • The Services are not intended for use by anyone under 18 years of age.

Account Security

You are responsible for safeguarding the credentials you use to access the Services, and you agree not to disclose your passwords, API keys, or access tokens to unauthorized third parties. You are responsible for any activity under your account, whether or not you authorized it. You should immediately notify Patchly of any unauthorized use of your account at security@patchly.ai.

We strongly recommend enabling multi-factor authentication (MFA) on your account. If you are an enterprise customer, your administrator may enforce MFA and other security policies for your organization.

Subscription, Billing & Cancellation

Access to certain features of the Services requires a paid subscription ("Paid Plan"). By subscribing to a Paid Plan, you agree to the following:

  • We will bill you in advance on a recurring basis (monthly or annually, depending on the plan you select).
  • Your subscription will automatically renew at the end of each billing period unless you cancel before the renewal date.
  • We will send you a reminder at least 30 days before any annual renewal.
  • If we change pricing, we'll give you at least 30 days' notice. Price changes take effect at the start of your next billing cycle.
  • You are responsible for all applicable taxes, and we will charge tax when required by law.
  • Refunds are only issued if required by applicable law (for example, EU consumers have the right to cancel within 14 days of subscribing).

Software, APIs & Updates

Some use of our Services requires you to download client software, install agents, or integrate via APIs (collectively, "Software"). Patchly grants you a limited, nonexclusive, nontransferable, revocable license to use the Software solely to access the Services. This license is automatically revoked if you violate these Terms in a manner that implicates our intellectual property rights.

You must not reverse engineer, decompile, or disassemble the Software, nor attempt to do so, nor assist anyone else to do so, except to the extent that applicable law expressly permits such activity despite this limitation.

The Services and Software may update automatically when new versions are available. You consent to these automatic updates as part of your use of the Services.

Patchly Property & Feedback

These Terms do not grant you any right, title, or interest in the Services, Software, or any content we provide through the Services (including Patch Veracity scores, benchmarks, threat intelligence, and remediation guidance). While we appreciate user feedback, please be aware that we may use any feedback, comments, or suggestions you send us without any obligation to you.

The Software and other technology we use to provide the Services are protected by copyright, trademark, and other laws. These Terms do not grant you any rights to use Patchly's trademarks, logos, domain names, or other brand features.

Acceptable Use

You will not, and will not attempt to, misuse the Services. Examples of misuse include:

  • Using the Services to conduct unauthorized penetration testing, vulnerability scanning, or security assessments of third-party systems.
  • Attempting to gain unauthorized access to Patchly's systems, other customers' data, or any connected systems.
  • Uploading malicious software, exploits, or any code designed to harm the Services or other users.
  • Reselling, sublicensing, or providing the Services to third parties without our written consent.
  • Using the Services in any way that violates applicable laws or regulations.
  • Interfering with or disrupting the integrity or performance of the Services.

Confidentiality

Each party may receive confidential information from the other in connection with these Terms ("Confidential Information"). This includes, for Patchly: proprietary algorithms, pricing, roadmap, and security methodologies; and for you: Your Data, security configurations, and vulnerability information. Each party agrees to protect the other's Confidential Information using at least the same degree of care it uses to protect its own confidential information, and no less than reasonable care.

Confidential Information does not include information that is publicly available, already known to the receiving party, independently developed, or rightfully obtained from a third party without restriction.

Mutual Indemnification

Both parties commit to mutual protection. This section reflects Patchly's confidence in our platform and our commitment to standing behind the Services we provide.

Patchly's Indemnification of You. Patchly will defend you against any third-party claim alleging that the Services, as provided by Patchly and used in accordance with these Terms, infringe that third party's intellectual property rights, and will indemnify you against any damages finally awarded against you (or amounts agreed in settlement) resulting from such claim.

Exclusions. Patchly's indemnification obligation does not apply to claims arising from: (a) modifications to the Services made by you or at your direction; (b) your combination of the Services with products, services, or data not provided or authorized by Patchly, where the infringement would not have occurred but for such combination; (c) your use of the Services after Patchly has notified you to stop due to an infringement claim; or (d) your use of a superseded version of the Services if infringement would have been avoided by using the current version.

Remediation. If the Services become, or in Patchly's opinion are likely to become, the subject of an infringement claim, Patchly may, at its option: (a) obtain the right for you to continue using the Services; (b) modify the Services so they are no longer infringing while remaining functionally equivalent; or (c) if neither (a) nor (b) is commercially reasonable, terminate your access to the affected Services and refund any prepaid fees covering the remainder of the subscription term.

Your Indemnification of Patchly. You will defend Patchly against any third-party claim arising from: (a) your use of the Services in violation of these Terms; (b) your violation of any applicable law; or (c) any claim that Your Data infringes a third party's intellectual property or proprietary rights. You will indemnify Patchly against any damages finally awarded against Patchly (or amounts agreed in settlement) resulting from such claims.

Indemnification Process. The party seeking indemnification must: (a) promptly notify the indemnifying party of the claim; (b) give the indemnifying party sole control of the defense and settlement; and (c) provide reasonable cooperation at the indemnifying party's expense. The indemnifying party may not settle a claim in a way that imposes liability or obligations on the indemnified party without prior written consent.

Copyright

Patchly respects others' intellectual property and asks that you do too. We will respond to notices of alleged copyright infringement if they comply with the law and are properly provided to us. We reserve the right to delete or disable content alleged to be infringing and to terminate repeat infringers.

Copyright Agent: Patchly AI Corp, copyright@patchly.ai

Third-Party Services & Integrations

The Services may integrate with or contain links to third-party products, services, or websites (for example, Microsoft services, SIEM platforms, or ticketing systems). Patchly does not endorse and is not responsible for the availability, accuracy, or practices of any third-party service. Your use of third-party services is governed by their own terms and privacy policies.

If we provide any software under an open source license, the open source license terms will apply to the extent they conflict with these Terms.

Termination

You can stop using our Services at any time by canceling your account. Upon termination:

  • We will make Your Data available for export for 30 days following termination, after which we will delete it from our active systems in accordance with our data retention policy.
  • Some information may persist in encrypted backups for a limited period, but will not be actively processed.
  • We may retain certain data as required by law or legitimate business purposes (for example, billing records, fraud prevention).

We reserve the right to suspend or terminate your access at any time if you are not complying with these Terms, or if your use of the Services would cause us legal liability or disrupt others' use. If we suspend or terminate your access, we will try to give you advance notice and help you retrieve Your Data, except where immediate action is necessary (for example, flagrant Terms violations, court order, or danger to other users).

Data Deletion & Portability

You can request deletion of Your Data at any time through your account settings or by contacting privacy@patchly.ai. We will process deletion requests promptly, subject to any legal retention obligations. You can also export Your Data in machine-readable format at any time through the Services.

Service Levels & Support

For Paid Plan customers, Patchly will use commercially reasonable efforts to maintain the availability described in our Service Level Agreement (SLA), which may be provided as a separate document or addendum. If we fail to meet our SLA commitments, you may be eligible for service credits as described in the SLA.

Services Provided "As-Is"

Though we want to provide a great service, there are certain things we can't promise. For example:

THE SERVICES AND SOFTWARE ARE PROVIDED "AS IS," AT YOUR OWN RISK, WITHOUT EXPRESS OR IMPLIED WARRANTY OR CONDITION OF ANY KIND. WE DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. PATCHLY DOES NOT WARRANT THAT THE SERVICES WILL IDENTIFY ALL VULNERABILITIES, THAT ALL PATCH RECOMMENDATIONS WILL BE ACCURATE OR COMPLETE, OR THAT USE OF THE SERVICES WILL MAKE YOUR SYSTEMS FULLY SECURE.

(We're not shouting — it's just that these disclaimers are really important, so we want to highlight them.)

Security is a shared responsibility. The Services are designed to assist your patch management and vulnerability assessment processes, but they do not replace professional security judgment, compliance audits, or your organization's own security controls.

Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL PATCHLY, ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS, OR LICENSORS BE LIABLE FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS, OR PROFITS), REGARDLESS OF LEGAL THEORY, WHETHER OR NOT PATCHLY HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES; OR (B) AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THE SERVICES EXCEEDING THE GREATER OF $100 OR THE AMOUNTS PAID BY YOU TO PATCHLY FOR THE 12 MONTHS PRECEDING THE CLAIM.

Some jurisdictions do not allow these types of limitations, so they may not apply to you.

Dispute Resolution

Let's Try to Work It Out First. Before filing a formal legal claim, you agree to try to resolve any dispute informally by contacting legal@patchly.ai. We'll try to resolve the dispute within 30 days.

Arbitration. If we can't resolve a dispute informally, you and Patchly agree to resolve any claims through final and binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, except that either party may bring claims in small claims court if they qualify.

No Class Actions. You may only resolve disputes with us on an individual basis, and may not bring a claim as a plaintiff or class member in a class, consolidated, or representative action.

Opt-Out. You can opt out of this arbitration agreement by emailing legal@patchly.ai within 30 days of first accepting these Terms.

Export Restrictions

The Services and Software may be subject to United States export control laws and regulations, including the Export Administration Regulations (EAR) and sanctions programs administered by the Office of Foreign Assets Control (OFAC). You may not use, export, or re-export the Services in violation of these laws, including to any U.S.-embargoed country or sanctioned party. You represent that you are not located in, under the control of, or a national or resident of any sanctioned country or on any restricted party list.

U.S. Government Use

If you are a U.S. government entity, the Services are provided as "commercial computer software" and "commercial computer software documentation" under FAR 12.212, DFARS 227.7202, and applicable agency supplements. Use, duplication, and disclosure are subject to the terms of these Terms and applicable government regulations.

Changes to These Terms

We may revise these Terms from time to time. The most current version will always be posted on our website. If a revision materially reduces your rights, we will notify you at least 30 days in advance (for example, via email to the address associated with your account or through a prominent notice in the Services). By continuing to use the Services after changes become effective, you agree to be bound by the revised Terms. If you do not agree to the new terms, please stop using the Services.

Miscellaneous

These Terms, together with the Privacy Policy, DPA (if applicable), SLA (if applicable), and any Enterprise Agreement, constitute the entire agreement between you and Patchly with respect to the Services. These Terms are governed by the laws of the State of Delaware, without regard to its conflict of laws principles. If the arbitration agreement does not apply, any judicial proceeding must be brought in the federal or state courts located in Hillsborough County, Florida, and both parties consent to personal jurisdiction there. Patchly's failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions remain in full effect. You may not assign your rights under these Terms without our consent, but Patchly may assign its rights to any affiliate or successor. Nothing in these Terms creates a partnership, joint venture, or agency relationship between you and Patchly.

Force Majeure

Neither party will be liable for any failure or delay in performing its obligations under these Terms where such failure or delay results from circumstances beyond the party's reasonable control, including but not limited to natural disasters, pandemics, government actions, cyberattacks against infrastructure providers, or failures of third-party services.

Contact Us

If you have questions about these Terms, please contact us:

Patchly AI Corp
General Legal: legal@patchly.ai
Privacy Inquiries: privacy@patchly.ai
Security Issues: security@patchly.ai

Thank you for trusting Patchly AI with your security operations. Your trust is our most important asset.