Terms of Service

1. Agreement to Terms

These Terms of Service (“Terms”) constitute a legally binding agreement between you (“User,” “you,” or “your”) and BeatMask LLC, a Wyoming limited liability company (“BeatMask,” “Company,” “we,” “us,” or “our”), governing your access to and use of the BeatMask browser extension, desktop application, website, APIs, and all related services (collectively, the “Service”).

By installing, accessing, or using the Service, you agree to be bound by these Terms. If you do not agree, do not install or use BeatMask. If you are using BeatMask on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms, and “you” and “your” refer to that organization.

We may update these Terms from time to time. If we make material changes, we will notify you through the Service or by email at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date of updated Terms constitutes acceptance of those Terms. If you do not agree to the updated Terms, you must stop using the Service before the effective date.

2. Description of the Service

BeatMask is a data loss prevention tool that scans text content for potentially sensitive information—including personally identifiable information (PII), protected health information (PHI), credentials, API keys, source code, and proprietary business context—before that content is submitted to AI platforms such as ChatGPT, Claude, Gemini, and similar services.

The Service is provided in the following forms:

• BeatMask Extension: A free browser extension for Google Chrome and Microsoft Edge that performs real-time, on-device scanning of content entered into supported AI platforms.
• BeatMask Pro: A paid macOS desktop application that provides system-wide clipboard monitoring, enhanced detection using AI-powered named entity recognition, file scanning, custom blocklist functionality, and additional detection capabilities beyond the free Extension.
• BeatMask Website: The beatmask.com and beatmask.ai websites, which provide product information, documentation, subscription management, and related resources.

2.1 Zero-Knowledge, Local-Only Processing

BeatMask processes all data exclusively on your local device. No user content, text inputs, detected sensitive data, or AI platform interactions are transmitted to, collected by, or stored on BeatMask servers or any third-party servers. All detection operations occur client-side within your browser or desktop application. BeatMask operates on a zero-knowledge architecture: the Company has no technical means to access, view, monitor, intercept, or recover any content processed by the Service.

BeatMask Pro (the desktop application) transmits subscription and licensing information necessary to validate paid features, processed through Stripe. The BeatMask Extension (the browser extension) makes no outbound network requests carrying user data; the only network activity is receiving updates through your browser’s standard update mechanism. Neither product transmits scanned content, detection results, or user activity data. BeatMask does not collect email addresses, usernames, or personal identifiers as part of normal Service operation. See our Privacy Policy for complete details.

2.2 Browser Extension Permissions

BeatMask requires specific browser permissions to function. These permissions allow the Extension to inspect text content entered into supported AI platform interfaces for the sole purpose of detecting potentially sensitive data before submission. Specifically:

• The Extension accesses page content on supported AI platforms (including but not limited to ChatGPT, Claude, Gemini, Perplexity, DeepSeek, and Copilot) to scan text inputs in real time.
• The Extension accesses clipboard content, solely for the purpose of scanning copied text for sensitive data before you paste it into an AI platform.
• The Extension does not access your browsing history, content on non-supported websites, stored passwords, bookmarks, or any other browser data unrelated to its detection function.
• No page content, clipboard content, or detected data is transmitted to BeatMask servers or any third party. All scanning occurs locally.
• The Extension uses the nativeMessaging permission to optionally communicate with BeatMask Pro (the desktop application) via a secured local Unix domain socket for enhanced, ML-powered detection. This connection operates entirely on your device; no data is transmitted over the network through this channel. The Extension functions fully without the desktop app installed.

You may review and modify Extension permissions through your browser settings at any time. Revoking permissions may reduce or disable the Extension’s detection capabilities.

3. Advisory and Informational Nature of the Service

THIS IS THE MOST IMPORTANT SECTION OF THESE TERMS. PLEASE READ IT CAREFULLY.

3.1 No Guarantee of Detection

BeatMask does not guarantee or warrant that it will detect, identify, flag, or prevent the disclosure of all sensitive data, including but not limited to PII, PHI, credentials, API keys, source code, proprietary information, trade secrets, or any other category of confidential or regulated information. No detection system achieves 100% accuracy. BeatMask:

• May fail to detect sensitive data (false negatives). Sensitive information may pass through undetected due to novel formats, obfuscation, encoding variations, language limitations, context-dependent sensitivity, evolving data patterns, or inherent limitations in pattern-matching and machine learning models.
• May incorrectly flag non-sensitive data (false positives). BeatMask may identify content as sensitive when it is not, which may interrupt your workflow or cause you to withhold information unnecessarily.
• May produce alerts that, if acted upon, cause unintended consequences. You may choose to redact, mask, or withhold information based on a BeatMask alert that was incorrect, potentially affecting the quality of AI-generated outputs or your workflow.
• Cannot detect all categories of sensitive information. Detection capabilities are limited to the pattern categories, rules, and models included in each release. New categories of sensitive data emerge constantly.
• Cannot evaluate contextual sensitivity with certainty. Whether specific information is “sensitive” depends on organizational policies, regulatory requirements, contractual obligations, jurisdictional rules, and contextual factors that BeatMask cannot fully assess.

BeatMask’s failure to detect specific sensitive data does not constitute a defect in the Service.

3.2 Advisory Positioning

BeatMask provides alerts and recommendations only. The Service does not constitute professional data security, privacy, legal, or compliance advice. BeatMask does not make decisions on your behalf—it provides information to assist your decision-making.

You are solely responsible for:

• Configuring BeatMask’s detection settings, including sensitivity thresholds, detection categories, custom blocklists, and platform-specific settings.
• Determining what actions to take (or not take) based on BeatMask’s alerts, including whether to submit, modify, or withhold content.
• Reviewing all content before submission to third-party AI platforms, whether or not BeatMask flagged it.
• Ensuring compliance with all applicable privacy laws, data protection regulations, contractual obligations, and organizational security policies, regardless of whether BeatMask detects a violation.

3.3 Configuration Responsibility

You acknowledge and agree that you are solely responsible for selecting and maintaining the configuration of the Service, including detection categories, sensitivity thresholds, custom blocklist entries, and platform-specific settings. The Company is not liable for any data exposure, regulatory violation, or other harm resulting from misconfiguration, disabled detection categories, overly permissive sensitivity thresholds, incomplete custom blocklists, or failure to configure the Service for your specific regulatory or organizational requirements.

3.4 Update Responsibility

BeatMask regularly releases updates that include new detection patterns, improved models, bug fixes, and security patches. You understand and agree that delaying, declining, or failing to install updates to the Service may reduce detection accuracy, introduce security risks, and leave known vulnerabilities unpatched. The Company is not responsible for any data exposure, detection failures, or security incidents resulting from your use of outdated versions of the Service or its detection patterns.

3.5 Not a Substitute for Comprehensive Data Protection

BeatMask is a supplementary tool designed to be one layer within a multi-layered data protection strategy. Organizations with regulatory obligations (including but not limited to HIPAA, GDPR, CCPA/CPRA, SOX, PCI-DSS, GLBA, and industry-specific regulations) should not rely on BeatMask as a sole or primary data protection mechanism. BeatMask does not replace data classification programs, access controls, encryption, employee training, security audits, or professional compliance counsel.

3.6 Regulatory Status and Compliance Limitations

BeatMask is not a regulated entity under any data protection, healthcare, financial, or education privacy framework. Without limiting the generality of the foregoing:

• HIPAA: BeatMask is not a Covered Entity or Business Associate as defined under the Health Insurance Portability and Accountability Act. BeatMask does not create, receive, maintain, or transmit Protected Health Information (PHI) on behalf of any user or organization. BeatMask’s local-only detection of PHI on your device does not constitute the processing, storage, or transmission of PHI by BeatMask. The Company does not enter into Business Associate Agreements (BAAs). Use of BeatMask does not satisfy HIPAA’s Security Rule, Privacy Rule, or Breach Notification Rule requirements.
• GDPR: With respect to the content scanned locally on your device, BeatMask is neither a Data Controller nor a Data Processor, because that content is never transmitted to or accessed by the Company. BeatMask may act as a Data Processor with respect to subscription data processed through Stripe as described in the Privacy Policy. Use of BeatMask does not constitute a Technical or Organizational Measure sufficient to satisfy GDPR Article 32 obligations on its own.
• COPPA: BeatMask is not directed at children under the age of 16. See Section 5.1 (Eligibility) for age requirements.
• Other Regulations: BeatMask does not represent, warrant, or guarantee that use of the Service satisfies any specific regulatory requirement under any federal, state, local, or international law or regulation, including but not limited to FERPA, GLBA, PCI-DSS, SOX, CCPA/CPRA, or any industry-specific data protection standard. You are solely responsible for determining whether and how BeatMask fits within your regulatory compliance obligations, and for obtaining professional compliance counsel as appropriate.

No marketing material, product documentation, sales communication, or support interaction shall be construed as a representation that BeatMask satisfies any specific regulatory requirement or eliminates any compliance obligation.

4. Device Security and Data Recovery

4.1 Your Device, Your Responsibility

Because BeatMask operates entirely on your device, the security of your device directly affects the security of BeatMask’s operations. You are responsible for keeping your device, operating system, browser, and BeatMask installation safe and secure. BeatMask cannot and will not be liable for any loss, damage, data exposure, or detection failure resulting from:

• Unauthorized access to your device by third parties.
• Malware, spyware, keyloggers, or other malicious software on your device.
• Modifications, tampering, or unauthorized alterations to the BeatMask extension or desktop application files.
• Use of the Service on a jailbroken, rooted, or otherwise compromised device or browser.
• Browser extensions or desktop applications that interfere with BeatMask’s operation.

4.2 No Data Recovery

Due to BeatMask’s zero-knowledge, local-only processing architecture, the Company has no ability or obligation to recover, retrieve, reconstruct, or provide copies of any content processed by the Service. If data processed by BeatMask is lost, corrupted, or compromised on your device, the Company has no means to assist in data recovery. You are solely responsible for maintaining backups of any data on your device.

5. Subscriptions and Payments

5.1 Eligibility

You must be at least sixteen (16) years of age to use the Service. By installing or using BeatMask, you represent and warrant that you are at least 16 years old. If we learn that a user under 16 is using the Service, we will take reasonable steps to block that use. If you believe someone under 16 is using BeatMask, please contact us at privacy@beatmask.com.

The age requirement of 16 is set to comply with the strictest applicable thresholds under both the U.S. Children’s Online Privacy Protection Act (COPPA, age 13) and the EU General Data Protection Regulation (GDPR, age 16 in most member states).

5.2 Free Extension (Free Tier)

The BeatMask browser extension is provided free of charge with no service level commitments. We reserve the right to modify, limit, suspend, or discontinue Free Tier features at any time and for any reason without prior notice.

5.3 BeatMask Pro (Paid Tier)

BeatMask Pro requires a paid subscription at the pricing in effect at the time of purchase (currently $9.00 USD per month). Subscriptions are billed monthly through Stripe, Inc. By subscribing, you authorize recurring charges to your payment method until you cancel. Subscription prices are locked for the duration of your current billing period.

5.4 Free Trial

New subscribers to BeatMask Pro receive a seven (7) day free trial. You will not be charged during the trial period. If you do not cancel before the trial ends, your subscription will automatically convert to a paid subscription and your payment method will be charged.

5.5 Cancellation and Refunds

You may cancel your subscription at any time by emailing contact@beatmask.com. Cancellation takes effect at the end of your current billing period; you will retain access to Pro features until that date. We offer a full refund if requested within fourteen (14) days of your first paid charge (not including trial periods). After the initial 14-day period, we do not provide refunds for partial billing periods. If you believe you were charged in error, contact us at contact@beatmask.com within thirty (30) days.

5.6 Price Changes

We may change subscription pricing with at least thirty (30) days’ advance notice via email. Price changes take effect at the start of your next billing period after the notice period. Your continued subscription after a price change constitutes acceptance of the new pricing. If you do not agree, cancel before the new pricing takes effect.

6. Acceptable Use

You agree to use the Service only for lawful purposes and in accordance with these Terms. You agree NOT to:

• Use BeatMask for any unlawful purpose or in violation of any applicable law or regulation.
• Use BeatMask to facilitate the unauthorized collection, harvesting, or processing of personal data belonging to others.
• Attempt to gain unauthorized access to BeatMask’s systems, infrastructure, servers, databases, or any non-public areas of the Service.
• Use BeatMask to conduct unauthorized penetration testing, vulnerability scanning, or security assessments of BeatMask’s infrastructure, any third-party systems, or any AI platforms monitored by the Service.
• Interfere with or disrupt the integrity or performance of the Service, including through denial-of-service attacks, injection attacks, or similar activities.
• Use automated scripts, bots, crawlers, or similar tools to access or interact with the Service in any manner not expressly authorized by BeatMask.
• Circumvent, disable, or interfere with security-related features of the Service, including features that prevent or restrict use, copying, or extraction of any content or functionality.
• Misrepresent your identity or affiliation, or impersonate any person or entity, including BeatMask personnel.
• Use the Service to develop, train, or improve a competing product or service, whether directly or indirectly, including by benchmarking, performance testing, detection-rate analysis, feature extraction, pattern extraction, or model extraction.
• Access or use the Service if you are a direct competitor of BeatMask or are acting on behalf of a direct competitor, except with BeatMask’s prior written consent.
• Use BeatMask’s detection capabilities to test, probe, or calibrate methods of evading data loss prevention tools.
• Distribute, sublicense, resell, or make the Service available to third parties except as expressly permitted by these Terms or an enterprise agreement.

7. Intellectual Property and Reverse Engineering

7.1 Ownership

BeatMask and its licensors retain all right, title, and interest in and to the Service, including all software, source code, object code, detection patterns, pattern libraries, rules, signatures, regular expressions, machine learning models, model weights, algorithms, training data and methodologies, inference logic, sensitivity thresholds, classification logic, user interface designs, documentation, trademarks, service marks, and trade secrets embodied in or associated with the Service (collectively, “BeatMask IP”). These Terms grant you a limited, non-exclusive, non-transferable, revocable license to use the Service in accordance with these Terms. No other rights are granted, whether by implication, estoppel, or otherwise.

7.2 Detection Patterns as Proprietary Content

All detection rules, sensitivity patterns, pattern libraries, regular expressions, named entity recognition models, model weights, classification logic, and detection thresholds embedded in the Service constitute Company Content and proprietary trade secrets of BeatMask. You may not use, extract, copy, replicate, catalog, reverse-engineer, or redistribute these components, or use them to develop any product, service, dataset, or AI model that competes with or substitutes for BeatMask, or share such components with any third party.

7.3 Reverse Engineering Prohibition

You shall not, and shall not permit or assist any third party to:

• Reverse engineer, decompile, disassemble, decipher, un-obfuscate, decode, or otherwise attempt to derive the source code, object code, underlying algorithms, data structures, or underlying ideas of any component of the Service.
• Extract, copy, replicate, catalog, or create derivative works of BeatMask’s detection patterns, pattern libraries, rules, signatures, regular expressions, or named entity recognition models.
• Attempt to reconstruct, identify, map, or catalog BeatMask’s detection rules, sensitivity thresholds, classification logic, or detection boundaries through systematic testing, probing, experimentation, observation of the Service’s outputs, or any other method.
• Remove, alter, obscure, or deface any copyright, trademark, or other proprietary rights notice on or in the Service.
• Translate, adapt, modify, or create derivative works based on the Service, except to the extent that applicable law expressly permits such activity notwithstanding this restriction.

7.4 Anti-Benchmarking

You may not publish, disclose, or make publicly available any benchmark, performance comparison, detection-rate analysis, false positive/negative rate analysis, or competitive evaluation of the Service without the Company’s express prior written consent. This includes testing BeatMask against specific datasets, comparing detection rates with competing products, or publishing accuracy metrics derived from use of the Service.

7.5 Open Source Components

The Service incorporates certain open-source software components, which are licensed under their respective open-source licenses (including but not limited to MIT, Apache 2.0, and similar permissive licenses). Nothing in these Terms restricts your rights under those open-source licenses with respect to the open-source components themselves. A list of open-source components and their licenses is available upon request at contact@beatmask.com. To the extent there is a conflict between these Terms and any applicable open-source license, the open-source license governs solely with respect to that specific component. Open-source license rights do not extend to BeatMask’s proprietary detection patterns, models, classification logic, or the Service as a whole.

7.6 Feedback

If you provide suggestions, ideas, enhancement requests, feedback, or other information relating to the Service (“Feedback”), you grant the Company a non-exclusive, worldwide, royalty-free, perpetual, irrevocable, sublicensable license to use, reproduce, modify, and distribute such Feedback for any purpose without obligation or compensation to you.

8. Privacy and Data Protection

8.1 Privacy Policy

Our collection and use of personal information in connection with the Service is described in our Privacy Policy, also available via privacy@beatmask.com. The Privacy Policy is incorporated into these Terms by reference. In the event of a conflict between these Terms and the Privacy Policy regarding data handling practices, the Privacy Policy controls.

8.2 Zero-Knowledge Architecture

BeatMask’s zero-knowledge architecture means the Company has no access to, no knowledge of, and no ability to monitor the content you process through the Service. We cannot determine what you typed, what was detected, what alerts were shown, what actions you took, or what content you ultimately submitted to AI platforms. This architecture is a core design principle, not a feature that can be toggled. As a consequence:

• We cannot assist with investigations into specific data exposure incidents on your device.
• We cannot provide evidence or records of what was or was not detected during any specific use session.
• We cannot be subpoenaed for content we do not possess and have never possessed.
• We cannot verify or confirm your compliance with any regulation based on your use of BeatMask.

9. Disclaimers of Warranties

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

• IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND SECURITY.
• ANY WARRANTY THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
• ANY WARRANTY REGARDING THE ACCURACY, COMPLETENESS, RELIABILITY, OR TIMELINESS OF DETECTION RESULTS, INCLUDING THE IDENTIFICATION OR FAILURE TO IDENTIFY SENSITIVE DATA OF ANY TYPE OR CATEGORY.
• ANY WARRANTY THAT THE SERVICE WILL MEET YOUR SPECIFIC REQUIREMENTS, ACHIEVE ANY PARTICULAR DETECTION RATE, PRODUCE ACCEPTABLE FALSE POSITIVE OR FALSE NEGATIVE RATES, OR PROVIDE PROTECTION ADEQUATE FOR YOUR REGULATORY, CONTRACTUAL, OR ORGANIZATIONAL OBLIGATIONS.
• ANY WARRANTY REGARDING THE COMPATIBILITY OF THE SERVICE WITH YOUR BROWSER, OPERATING SYSTEM, DEVICE, OR OTHER SOFTWARE.
• ANY WARRANTY ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

THE COMPANY SPECIFICALLY DISCLAIMS ANY WARRANTY OF SECURITY. BEATMASK IS A SECURITY TOOL, BUT NO SECURITY TOOL IS INFALLIBLE. YOU ACKNOWLEDGE THAT NO DETECTION TOOL CAN GUARANTEE THE IDENTIFICATION OF ALL SENSITIVE DATA AND THAT USE OF THE SERVICE DOES NOT ELIMINATE THE RISK OF DATA EXPOSURE.

YOU WILL NOT HOLD THE COMPANY LIABLE OR SEEK INDEMNIFICATION IF SENSITIVE DATA IS UNINTENTIONALLY EXPOSED AS THE RESULT OF A DETECTION FAILURE, FALSE NEGATIVE, SECURITY VULNERABILITY, MODEL LIMITATION, OR PERFORMANCE LIMITATION OF THE SERVICE.

10. Limitation of Liability

10.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY, ITS AFFILIATES, MEMBERS, MANAGERS, OFFICERS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

• Loss of profits, revenue, data, business opportunities, customers, contracts, or goodwill.
• Data breaches, unauthorized disclosures, regulatory fines, or data loss, whether or not the Company was advised of the possibility of such damages.
• The cost of procurement of substitute goods or services.
• Any damages arising from the failure of the Service to detect sensitive data (false negatives) or from incorrect detection of non-sensitive data (false positives).
• Any damages arising from your reliance on the Service, its outputs, or its alerts.
• Any damages arising from your configuration choices, failure to update the Service, or failure to act on the Service’s alerts.
• Any consequences of submitting content to third-party AI platforms, whether or not BeatMask generated an alert regarding that content.

10.2 Tiered Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR YOUR USE OF THE SERVICE SHALL NOT EXCEED:

• For Free Tier users: Fifty United States Dollars ($50.00 USD).
• For Pro (paid) users: The greater of (a) the total amount you actually paid to BeatMask in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) Fifty United States Dollars ($50.00 USD).
• For users in a free trial period: One Hundred United States Dollars ($100.00 USD).

10.3 Basis of the Bargain

THE LIMITATIONS OF LIABILITY IN THIS SECTION REFLECT THE ALLOCATION OF RISK BETWEEN THE PARTIES AND ARE AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE COMPANY AND YOU. THE COMPANY WOULD NOT PROVIDE THE SERVICE—INCLUDING THE FREE TIER—WITHOUT THESE LIMITATIONS. THESE LIMITATIONS SHALL NOT APPLY TO THE COMPANY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR TO ANY LIABILITY THAT CANNOT BE EXCLUDED UNDER APPLICABLE LAW.

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, the Company’s liability is limited to the maximum extent permitted by law.

11. Indemnification

You agree to indemnify, defend, and hold harmless the Company and its affiliates, members, managers, officers, employees, agents, and licensors from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:

• Your use of the Service.
• Your violation of these Terms or any applicable law or regulation.
• Your violation of any third party’s rights, including intellectual property, privacy, or data protection rights.
• Any data breach, unauthorized disclosure, regulatory fine, or regulatory action arising from your submission of sensitive data to third-party AI platforms, regardless of whether BeatMask detected or failed to detect that data.
• Your configuration of the Service, including the selection of detection categories, sensitivity thresholds, and custom blocklist entries.
• Any claim by a third party that your use of the Service infringed their rights.

We will provide you with reasonable notice of any such claim, cooperate with your defense at your expense, and not settle any claim without your prior written consent (not to be unreasonably withheld). You will not settle any claim that imposes obligations on the Company without our prior written consent.

12. Dispute Resolution

12.1 Informal Resolution

Before filing a formal legal claim, you agree to attempt to resolve any dispute informally by contacting us at contact@beatmask.com with a detailed description of your claim. We will attempt to resolve the dispute informally within sixty (60) days. If the dispute is not resolved within that period, either party may proceed as described below.

12.2 Binding Arbitration

Any dispute, claim, or controversy arising out of or relating to these Terms or the Service that is not resolved informally shall be resolved by binding arbitration administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator, in the English language, and shall take place in the State of Wyoming or remotely via videoconference at the mutual agreement of the parties. The arbitrator’s decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

For claims under $10,000, the arbitration will be conducted on the basis of written submissions only unless the arbitrator determines that an in-person or video hearing is necessary. The Company will pay all arbitration filing fees and arbitrator costs for claims under $10,000 that are not frivolous.

12.3 Class Action Waiver

YOU AND THE COMPANY AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. Unless both you and the Company agree otherwise, the arbitrator may not consolidate more than one person’s claims and may not preside over any form of a class or representative proceeding.

12.4 Exceptions to Arbitration

Notwithstanding the foregoing, either party may: (a) bring an individual action in small claims court for disputes within that court’s jurisdictional limits; or (b) seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of intellectual property rights, confidentiality obligations, or the provisions of Section 7 (Intellectual Property) or Section 13 (Security Research).

13. Security Research and Vulnerability Disclosure

BeatMask welcomes good-faith security research. If you discover a security vulnerability in the Service, we ask that you report it responsibly through our designated channel: security@beatmask.com.

Safe Harbor: The Company will not pursue legal action against security researchers who:

• Report vulnerabilities exclusively through security@beatmask.com.
• Do not access, modify, delete, or exfiltrate data belonging to other BeatMask users.
• Do not disrupt the Service’s functionality or availability for other users.
• Allow the Company a reasonable period (minimum ninety (90) days) to investigate and remediate the vulnerability before any public disclosure.
• Do not exploit the vulnerability beyond what is minimally necessary to demonstrate the issue.
• Do not use the vulnerability research as a pretext to violate Section 7 (Intellectual Property).

This safe harbor does not extend to research that violates any law, accesses other users’ data, or causes material harm to the Service or its users. The Company reserves the right to determine, in its sole discretion, whether research activity qualifies for safe harbor protection.

14. Termination

14.1 Termination by You

You may stop using the Service at any time by uninstalling the Extension and/or desktop application. If you have an active paid subscription, you must also cancel your subscription by emailing contact@beatmask.com to stop future charges.

14.2 Termination by the Company

For Free Tier users, we may suspend or terminate your access at any time, for any reason, without prior notice. For Pro subscribers, we will provide at least thirty (30) days’ written notice before termination without cause, and a prorated refund of any prepaid unused fees. For any user, we may immediately suspend or terminate access without notice if we reasonably believe you have materially violated these Terms, including Sections 6 (Acceptable Use) or 7 (Intellectual Property).

14.3 Effect of Termination

Upon termination: (a) your license to use the Service immediately ends; (b) you must cease all use of the Service and uninstall all copies of BeatMask software; (c) any active subscription will be cancelled; and (d) the following sections survive termination: Sections 3, 4, 7, 9, 10, 11, 12, 13, and 16.

15. Third-Party Services and Platforms

BeatMask operates on and interacts with third-party platforms, including Google Chrome, Microsoft Edge, macOS, and AI platforms such as ChatGPT, Claude, and Gemini. BeatMask is not affiliated with, endorsed by, or sponsored by any of these third-party platform providers, including OpenAI, Anthropic, Google, Microsoft, Apple, or any other entity. Your use of those platforms is governed by their respective terms of service and privacy policies. BeatMask is not responsible for the availability, accuracy, security, or policies of any third-party platform.

Payment processing is provided by Stripe, Inc. Your use of Stripe’s payment services is subject to Stripe’s terms of service and privacy policy. BeatMask does not see, store, or process your payment card information.

The Service may be available through browser extension stores (such as the Chrome Web Store or Microsoft Edge Add-ons). Your use of those stores is governed by their respective terms. In the event of a conflict between store terms and these Terms regarding the use of BeatMask, these Terms control to the extent permitted.

16. General Provisions

16.1 Entire Agreement

These Terms, together with the Privacy Policy and any executed enterprise agreements, constitute the entire agreement between you and the Company regarding the Service, and supersede all prior agreements, understandings, and representations, whether written or oral. In the event of a conflict between these Terms and an executed enterprise agreement, the enterprise agreement controls.

16.2 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to its conflict of laws provisions. To the extent that litigation is permitted under these Terms as an exception to arbitration, you consent to the exclusive jurisdiction of the state and federal courts located in Wyoming.

16.3 Severability

If any provision of these Terms is held invalid, illegal, or unenforceable by a court or arbitrator of competent jurisdiction, that provision shall be modified to the minimum extent necessary to make it enforceable. If modification is not possible, the provision shall be severed, and the remaining provisions shall continue in full force and effect.

16.4 Waiver

No waiver of any provision of these Terms shall be deemed a further or continuing waiver of that provision or any other provision. The Company’s failure to enforce any right or provision shall not constitute a waiver of that right or provision.

16.5 Assignment

You may not assign or transfer these Terms or your rights under them without the Company’s prior written consent. The Company may assign these Terms without restriction, including in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets. Any purported assignment in violation of this section is void.

16.6 Force Majeure

The Company shall not be liable for any failure or delay in performing its obligations where such failure or delay results from circumstances beyond its reasonable control, including but not limited to natural disasters, pandemics, acts of government, war, terrorism, labor disputes, failures of third-party services, internet or telecommunications disruptions, or power outages.

16.7 Export Compliance

You agree to comply with all applicable export and re-export control laws and regulations, including the U.S. Export Administration Regulations, in your use of the Service. You represent that you are not located in, or a national or resident of, any country subject to U.S. trade sanctions.

16.8 No Third-Party Beneficiaries

These Terms do not create any third-party beneficiary rights in any individual or entity that is not a party to these Terms.

16.9 Notices

Notices to you may be sent via email or through the Service. Notices to the Company must be sent to contact@beatmask.com, with a copy to our mailing address below. Notices are deemed received upon delivery by email or three (3) business days after mailing.

16.10 Headings

Section headings are provided for convenience only and do not affect the interpretation of these Terms.