Terms of Service

Last updated: 2026-04-29

Parties + scope

These terms govern your use of the CriticalAsset AI Portal (the "Portal"), operated by CriticalAsset and InsureMEP (collectively, "we" or "us"). By signing in to the Portal, you agree to these terms.

The Portal is provided to:

• CriticalAsset and InsureMEP staff in the course of their work.
• Carrier, broker, and inspection partners who have been invited and who sign in with their Google Workspace account.

The Portal is not a public service. Access is by invitation; signing in implies you've been invited and authorized.

Account + access

• You sign in via Google Sign-In. Your account identity is your Google email and Google subject ID.
• You're responsible for keeping your Google account credentials secure. We rely on Google's authentication; if your Google account is compromised, your Portal access is too.
• Per-corpus membership controls determine which document collections you can read. Your manager (or whoever invited you) grants and revokes this access.
• You may not share your account or use someone else's. Every session is logged; account-sharing breaks the audit chain we depend on for the insurance domain.

Acceptable use

The Portal is for legitimate work on property risk, claims, pricing, and customer relationships. You agree not to:

• Upload or connect data you don't have the right to share — including personal data of people who haven't consented, copyrighted material you don't license, or trade secrets of third parties.
• Attempt to extract the underlying model weights, jailbreak the grounding contract, or use the Portal to generate content unrelated to the work it's intended for.
• Probe for security vulnerabilities. If you find one, report it privately to security@criticalasset.com; do not exploit it.
• Scrape, mirror, or programmatically extract bulk content from corpora you don't own. The API surface is for the in-product experience only.
• Use the Portal in any way that would violate applicable law, Google's terms, or the contractual obligations between us and the partner you represent.

We log every prompt, response, and document access. Misuse may result in account suspension and, depending on severity, termination of your organization's access.

Your data

Documents you connect or upload remain your property (or your organization's, depending on your relationship). Granting the Portal access to a document does not grant us ownership.

• We use your data to provide the Portal's features (chat grounding, report QA, the pricing engine, etc.) — see the Privacy Policy for the specifics.
• We do not use your data to train any general-purpose AI model.
• We do not sell your data. We do not share it with third parties beyond the Google Cloud sub-processors documented in the Privacy Policy.
• You can delete documents, threads, and connections at any time via the Portal's UI. For full account-data deletion, email casey@criticalasset.com; we'll action within 7 days.

Connected integrations

You can connect Google Drive, HubSpot, and a CriticalAsset API account to the Portal. Each integration has its own scope — see the Privacy Policy for the exact OAuth scopes requested.

Connecting an integration grants the Portal a refresh token that lets us retrieve data on your behalf within the granted scope. We use that token only for the user-facing features described in this site. Disconnecting wipes the token immediately.

For Google Drive specifically: the Portal's use of Drive data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Availability + changes

We aim for high availability but make no contractual SLA. The Portal can be unavailable during deploys, GCP regional incidents, or maintenance windows. If a planned outage will exceed 30 minutes during business hours, we'll post an in-app notice in advance.

We update the Portal continuously. We may add, remove, or change features. Material changes that affect your data handling are announced 30 days in advance via in-app notification and email.

There is a kill-switch: if a regulatory or security issue arises, we may pause the entire Portal or specific features. We will notify affected users.

Warranty + liability

The Portal generates AI responses grounded on your sources. The grounding contract — citation-or-refuse — exists to reduce hallucination risk, but it does not eliminate it. Verify the citations for any decision that matters. We make no warranty that the Portal's outputs are correct, complete, or fit for any particular purpose.

To the maximum extent permitted by law, our aggregate liability for any claim arising from your use of the Portal is limited to the fees you've paid us in the prior 12 months (or, if you are a staff user with no fees, to USD $100). We are not liable for indirect, incidental, or consequential damages.

Nothing in these terms limits liability for fraud, willful misconduct, or anything that cannot be limited under applicable law.

Termination

Either party can terminate access at any time. We may terminate for material breach of these terms (acceptable use violations, misrepresentation in onboarding, etc.). On termination:

• Your sign-in stops working.
• Your connected integrations are disconnected.
• Documents you uploaded are retained for 30 days then purged, unless required by law or by an active investigation.
• Audit logs are retained per the schedule in the Privacy Policy.

Contact

Questions about these terms: casey@criticalasset.com.

Governing law: United States, state of Wyoming. These terms constitute the entire agreement between you and us regarding your use of the Portal and supersede any prior agreements on the same subject.