Terms of Service — RE::DACT

Welcome to RE::DACT

Thank you for choosing RE::DACT! These Terms of Service (“Terms”) govern your access to and use of the RE::DACT platform, SPARK content discovery tool, RE::CORD voice transcription, and related services (collectively, the “Services”).

Please read these Terms carefully before using our Services. By accessing or using the Services, you agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use the Services.

Contracting Entity and Governing Law
Definitions
Acceptance of Terms
Eligibility and Account Registration
Description of Services
Beta Testing Phase
Subscription Plans and Pricing (Post-Beta)
Payment Terms (Applicable After Beta)
Cancellation and Refunds
Right of Withdrawal (EU Consumers Only)
User Content and Intellectual Property Rights
AI-Powered Features and Data Usage
Acceptable Use Policy
Privacy and Data Protection
Third-Party Services and Integrations
Service Level Agreement (SLA)
Disclaimers and Limitation of Liability
Indemnification
Term and Termination
Modifications to Services and Terms
Governing Law and Dispute Resolution
Arbitration Agreement (US Users Only)
Miscellaneous Provisions
Contact Information

§ 1. CONTRACTING ENTITY AND GOVERNING LAW

1.1 Contracting Entity

Based on your geographic location, you are entering into this agreement with one of the following legal entities:

FOR USERS IN THE UNITED STATES AND REST OF WORLD:
REDACT Inc.
1111B S Governors Ave STE 99573
Delaware, United States
Email: contact@redact-app.com
Governing Law: State of New York, USA
Jurisdiction: State and federal courts located in New York County, New York

FOR USERS IN THE EUROPEAN UNION, EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND:
REAI Prosta Spółka Akcyjna
Aleja Jana Pawła II 5/6
64-920 Piła, Poland
NIP: 7642729249
KRS: 0001218484
Email: contact@reai-strategy.com
Prawo właściwe: Prawo polskie
Sąd właściwy: Sąd powszechny właściwy dla siedziby spółki
Compliance: RODO (Rozporządzenie UE 2016/679), Dyrektywa ePrivacy, EU AI Act (Rozporządzenie UE 2024/1689)

1.2 Location Determination

Your geographic location is determined by one or more of the following factors (in order of priority):

a) The country in your billing address;
b) Your IP address at the time of registration;
c) The country you select during account setup.

If you change your location, the contracting entity and applicable governing law may change accordingly. We will notify you of such changes.

1.3 References in These Terms

Throughout these Terms, “we,” “us,” “our,” and “Company” refer to the applicable legal entity based on your location as described in Section 1.1. “You” and “your” refer to you as an individual user or the legal entity you represent.

§ 2. DEFINITIONS

“Account” means your registered user account for accessing the Services.

“AI Models” means third-party artificial intelligence models provided by OpenAI, Anthropic, Google, and other providers, integrated into our Services.

“Beta Phase” means the testing period during which the Services are provided free of charge for evaluation purposes (currently in effect as of February 14, 2026, expected to end June 2026).

“Content” means any text, articles, documents, data, images, audio recordings, or other materials uploaded, created, or processed through the Services.

“Personal Data” means any information relating to an identified or identifiable natural person, as defined under GDPR and applicable data protection laws.

“PWA” means Progressive Web App — a web application that can be installed on devices for app-like experience without app store distribution.

“RE::CORD” means our voice recording and transcription feature.

“RE::DACT” means our web-based platform for AI-assisted journalism and content creation.

“SPARK” means our content discovery tool, including both the web application and browser extension components.

“Subscription” means your paid access to the Services under a selected plan (available after Beta Phase ends).

“User Content” means Content that you upload, create, or submit to the Services.

§ 3. ACCEPTANCE OF TERMS

3.1 Binding Agreement

By clicking “I Agree,” creating an Account, or accessing the Services, you acknowledge that:

a) You have read, understood, and agree to be bound by these Terms;
b) You have read and understood our Privacy Policy;
c) You have the legal capacity to enter into this agreement;
d) If you are accepting on behalf of an organization, you have the authority to bind that organization.

3.2 Updates to Terms

We may modify these Terms at any time. When we make material changes, we will:

a) Update the “Last Updated” date at the top of these Terms;
b) Notify you via email or through the Services;
c) Provide at least 30 days’ notice before changes take effect (unless legally required to implement sooner).

Continued use of the Services after changes take effect constitutes acceptance of the modified Terms. If you do not agree to the changes, you must stop using the Services and may terminate your Account.

§ 4. ELIGIBILITY AND ACCOUNT REGISTRATION

4.1 Minimum Age Requirement

You must be at least 18 years old to use the Services.

For users in the European Union: The minimum age is 16 years (or the applicable age of consent for data processing in your Member State, whichever is higher).

If you are under the required age, you may not use the Services.

4.2 Account Registration

To use the Services, you must create an Account.

Registration Methods:

a) Email + Password:

Provide a valid email address
Create a secure password meeting our requirements
Verify your email address (required)

b) Google Sign-In (SSO):

Authenticate via your Google Account
We receive your Google email address and basic profile information
Faster registration, no separate password needed

c) Other SSO providers (to be added in future):

Microsoft, GitHub, and others (coming soon)

Required Information:

For Individual Users:

Email address (from Google or manually entered)
Name (optional, can be added later)

For Organizational Accounts (Newsrooms/Media Organizations):

Organization name (e.g., “The New York Times”, “TVP”)
Your role (e.g., “Editor”, “Journalist”, “Content Manager”)
Organization email domain (recommended)
Billing information (when paid plans launch in June 2026)

We do NOT require:

Phone number
Physical address (except for billing when payments launch)
Detailed personal information during registration

4.3 Email Verification

After registration, you must verify your email address by clicking the verification link sent to your inbox.

Unverified accounts have limited functionality until verification is complete.

If you don’t receive the verification email:

Check your spam/junk folder
Request a new verification email from Account settings
Contact contact@reai-strategy.com for assistance

4.4 Account Security

You are responsible for:

a) Maintaining confidentiality of your password and Account credentials;
b) All activities that occur under your Account;
c) Notifying us immediately of any unauthorized use or security breach at security@redact.ai;
d) Ensuring accuracy of all information provided.

We are not liable for any loss or damage arising from your failure to protect your Account credentials.

4.5 One Account Per User

Each user may maintain only one Account. Creating multiple accounts to circumvent restrictions, abuse trials, or violate these Terms is prohibited and may result in termination of all your accounts.

4.6 Organizational Accounts

If you create an Account for an organization:

a) The organization is the “Subscriber”;
b) You represent and warrant that you have authority to bind the organization to these Terms;
c) The organization is responsible for all activities under the Account;
d) The organization must designate an “Account Owner” with administrative rights.

§ 5. DESCRIPTION OF SERVICES

5.1 RE::DACT Platform

RE::DACT is an AI-powered web application designed for journalists and media professionals, accessible at https://editor.redact-app.com/

Platform Features:

a) Content Creation Tools — AI-assisted writing, editing, and content generation
b) Fact-Checking — Automated verification and source analysis
c) Research Assistance — AI-powered research and information gathering
d) Document Analysis — Processing and analyzing documents, reports, and sources
e) Collaboration Features — Team workspaces for newsrooms and editorial teams
f) Source Protection — Tools for protecting journalistic sources and sensitive information
g) Audit Trail — Hedera Hashgraph-based transparency (PRO and Enterprise plans)

Access Methods:

Web Application — Works in any modern browser (desktop and mobile-responsive)
Progressive Web App (PWA) — Install on mobile devices or desktop for app-like experience. No App Store or Google Play distribution. Add to home screen on mobile (iOS/Android). Install as standalone app on desktop (Windows/Mac/Linux). Works offline with cached content. Push notifications (when available).

Note: PWA functionality requires a modern browser with PWA support (Chrome, Edge, Safari, Firefox).

5.2 SPARK — Content Discovery Tool

SPARK helps you monitor sources and discover relevant content through two integrated components:

a) SPARK Web Application
Manage your content monitoring through “Spark Boxes”:

Create topic-based monitoring (e.g., “EU AI regulation updates”, “Climate change policies”)
Specify websites and sources to monitor
Define keywords and themes of interest
Receive alerts when relevant content is published
Organize discoveries into projects

b) SPARK Chrome Extension
Quick web clipping and research tools:

Save articles and web content directly to RE::DACT
Highlight and annotate web pages
Capture quotes and citations with proper attribution
One-click access to AI analysis tools
Integration with RE::DACT workspace

Installation: Available via Chrome Web Store (support for other browsers planned)

How SPARK Monitoring Works:

1. You configure a “Spark Box” with topics/keywords of interest, websites to monitor (URLs or domains), and monitoring frequency (hourly, daily, weekly).

2. Our monitoring bot checks robots.txt first (respects site crawling policies), honors crawl-delay directives (follows rate limiting rules), respects disallow directives (skips restricted content), scans for content matching your topics, does NOT download or store full article text, and extracts only metadata (title, URL, publication date, brief description).

3. You receive notifications with the article title and link to original source, brief description or snippet (from page metadata), publication date and source, and relevance score based on your keywords.

4. You access content by clicking the link to read the full article on the original publisher’s website, saving notes and annotations in RE::DACT, and organizing into research projects.

Important — What SPARK Does NOT Do:

Scrape or store full article content
Bypass paywalls or access restrictions
Download copyrighted material
Violate robots.txt or Terms of Service of monitored sites
Provide full-text access without visiting original source

If a website blocks bots:

SPARK cannot monitor it automatically (we respect robots.txt)
You can manually add content via SPARK Chrome extension (by visiting pages yourself)

5.3 RE::CORD (Voice Recording & Transcription)

Voice recording and AI-powered transcription features for journalism and content creation:

Features:

Record audio interviews and conversations
AI-powered automatic transcription
Speaker identification and labeling
Timestamped transcripts
Export in multiple formats (text, SRT, JSON)
Integration with RE::DACT articles and notes

Availability: Included in all paid plans (SPARKS, FREELANCER, PRO, Enterprise)

Privacy: Recordings and transcripts are encrypted and stored securely. Only you have access to your voice data.

5.4 AI-Powered Search

Integrated Search Providers:

a) Tavily AI Search — Optimized for journalistic research and fact-checking

Focuses on authoritative sources
Real-time web search
Source credibility scoring

b) Brave Search — Privacy-focused web search

No user tracking
Independent search index
Anonymous queries

c) SPARK Search — Our proprietary content discovery

Searches across your monitored sources
Personalized based on your Spark Boxes
Historical content from your saved discoveries

Search queries and results may be processed by these third-party providers in accordance with their respective privacy policies. See Section 15 for details on third-party services.

5.5 Hedera Hashgraph Audit Trail (PRO & Enterprise Only)

For transparency, accountability, and compliance, PRO and Enterprise users have access to Auditable AI features powered by Hedera Hashgraph distributed ledger technology.

Purpose:

Prove authenticity and integrity of AI-assisted work
Create immutable audit trail for journalism accountability
Demonstrate when and how AI was used in content creation
Enable third-party verification without revealing sensitive content
Comply with EU AI Act transparency requirements (Article 14)

What is recorded on Hedera (public ledger):

a) Cryptographic hashes (SHA-256) of:

AI prompts (your questions/inputs to AI)
AI responses (generated content from AI models)
Article content (your final published work)

b) Metadata:

AI model used (e.g., “gpt-4”, “claude-3-sonnet”, “gemini-pro”)
Timestamp (consensus timestamp, aBFT verified by Hedera network)
Merkle root (for hierarchical verification)
Canary checkpoints (periodic integrity verification)

What is NOT recorded publicly:

Your actual content (only cryptographic hashes, which cannot be reversed)
Your identity (encrypted, visible only to you)
Source identities (salted hashes only, not reversible)
Any readable text or information

Storage Architecture:

Data Element          | Primary Storage              | Visibility                     | On Hedera Ledger
----------------------|------------------------------|--------------------------------|---------------------
Prompt content        | Firestore + BigQuery (enc.)  | User + LLM provider + RE::DACT | SHA-256 hash only
Response content      | Firestore + BigQuery (enc.)  | User + LLM provider + RE::DACT | SHA-256 hash only
User identity         | Firestore (encrypted)        | User only                      | SHA-256 hash only
Source identity       | Firestore (encrypted)        | User only                      | Salted hash only
Article content       | Firestore (encrypted)        | User only                      | SHA-256 hash only
AI model used         | Firestore + BigQuery         | User + LLM provider + RE::DACT | SHA-256 hash only
Merkle root           | Hedera HCS                   | PUBLIC                         | Plaintext (crypto hash)
Canary checkpoint     | Hedera HCS                   | PUBLIC                         | Plaintext (hash)
Consensus timestamp   | Hedera HCS                   | PUBLIC                         | aBFT verified timestamp

Key Technical Properties:

a) Hashes are one-way:

Cannot be used to reconstruct original content
Prove data integrity without revealing data
Mathematical certainty of tampering detection

b) Immutable:

Once recorded on Hedera, cannot be altered or deleted
Permanent audit trail with Byzantine Fault Tolerance
Timestamps are consensus-based (not dependent on single party)

c) Independently verifiable:

Anyone can verify hashes against published work
Proves AI usage and timing without exposing sources
No need to trust RE::DACT — verification is cryptographic

d) Privacy-preserving:

Your sources and sensitive content remain confidential
Only cryptographic proof is public
Complies with journalistic source protection principles

How to use Auditable AI:

a) Enable “Auditable AI” in Account settings (PRO/Enterprise plans)
b) Work normally — hashing happens automatically in background
c) Export audit trail report when needed (PDF or JSON)
d) Share verification link with editors, fact-checkers, or for publication

5.6 Service Availability and Limitations

Current Status (Beta Phase — until June 2026):

Services provided on “best effort” basis
No uptime guarantees during testing
Features under active development and may change
Bugs and service interruptions should be expected

Future Status (Post-Launch — June 2026 onward):

Target high availability (99%+ uptime for paid plans)
Formal SLA for PRO (99.5%) and Enterprise (99.9%) plans
Scheduled maintenance windows announced in advance
24/7 monitoring and incident response

We reserve the right to:

Modify, suspend, or discontinue any part of the Services
Implement new features or remove existing features
Change technical requirements or specifications
Implement usage limits to prevent abuse or ensure fair use
Temporarily restrict access for maintenance or security purposes

We will provide reasonable advance notice (typically 30 days) of material changes that adversely affect your use of paid features.

§ 6. BETA TESTING PHASE

6.1 Current Status — Free Testing Period

THE SERVICES ARE CURRENTLY IN BETA TESTING (as of February 14, 2026).

Expected Production Launch: June 2026

During this Beta testing phase:

a) All features are provided FREE OF CHARGE for testing, evaluation, and feedback purposes
b) No payment system is active — pricing is displayed for informational purposes, but no charges are applied
c) No credit card required — you can use all features without providing payment information
d) Testing and feedback encouraged — the platform is being actively developed and improved based on user feedback
e) Features may change without notice — functionality is under development and may be modified, added, or removed
f) Stability not guaranteed — you may experience bugs, errors, downtime, or service interruptions
g) Data preservation is best-effort — while we implement regular backups, we cannot guarantee against data loss during Beta

6.2 Beta User Responsibilities

As a Beta tester, you agree to:

a) Use the Services primarily for testing and evaluation purposes
b) Provide feedback on bugs, issues, and user experience (optional but greatly appreciated)
c) Report technical problems, security issues, or unexpected behavior to support@redact.ai
d) Understand that data preservation during Beta is best-effort only
e) Not rely on the Services for critical production workflows during the testing phase
f) Accept that features may change, be removed, or function differently than expected
g) Participate constructively in the Beta community (if applicable)

Recommended practices during Beta:

Keep backup copies of important work
Don’t use for time-sensitive or mission-critical projects
Test features thoroughly before relying on them
Report bugs promptly to help us improve

6.3 Transition to Paid Service

Expected Production Launch: June 2026

When we transition from Beta to paid service:

a) We will notify all Beta users at least 60 days in advance via email and in-app notifications
b) Pricing plans will be activated (see Section 7 for details)
c) You will have the following options:

Subscribe to SPARKS plan ($10/month) — basic features
Subscribe to FREELANCER plan ($25/month) — full platform access
Subscribe to RE::DACT PRO plan ($50/month) — advanced features + Auditable AI
Contact sales for ENTERPRISE plan (custom pricing)
Use Free tier (if available, with significant limitations)
Export your data and close your Account

d) Beta users may receive special early adopter benefits:

Discounted pricing for first 12 months (to be announced)
Extended free trial period (e.g., 90 days instead of 30)
Grandfathered pricing if rates increase in future
Early access to new features before general availability
Special “Founding Member” badge or recognition
Priority customer support
Details will be communicated to Beta users before launch

e) Your data will be preserved during transition:

All content, projects, and settings will be retained
No data loss during migration to production systems
You will have opportunity to export data before deciding on plan
We will not delete your content during transition (unless you request deletion)

f) Grace period:

30-day grace period after launch to choose a plan
During grace period, you retain read-only access to your data
After 30 days, data retention follows standard cancellation policy (Section 9.4)

6.4 No Guarantees During Beta

USE OF BETA SERVICES IS ENTIRELY AT YOUR OWN RISK.

During the Beta phase, we provide the Services “AS IS” and “AS AVAILABLE” with:

NO WARRANTIES of any kind regarding functionality, availability, reliability, or data integrity
NO SLA (service level agreements) or uptime guarantees
NO LIABILITY for data loss, bugs, service interruptions, or any damages arising from Beta use
NO REFUNDS (since the service is provided free of charge)
NO GUARANTEES that features in Beta will be available in production version
NO SUPPORT OBLIGATIONS — support is provided on best-effort basis only

By participating in Beta, you acknowledge and accept these limitations.

6.5 Beta Termination Rights

We reserve the right to:

a) End the Beta phase at any time with reasonable notice (minimum 30 days for active users)
b) Limit the number of Beta users or implement waitlists for new registrations
c) Modify, add, or remove features during Beta testing without prior notice
d) Terminate individual Beta accounts for violations of these Terms
e) Reset or migrate Beta data as necessary for technical improvements
f) Change the expected production launch date (June 2026 is an estimate, not a guarantee)

If we decide not to proceed to production launch:

We will provide at least 90 days notice
You will have opportunity to export all your data
We will assist with data migration to alternative platforms (if feasible)

§ 7. SUBSCRIPTION PLANS AND PRICING (Post-Beta)

Note: This section describes our planned pricing structure for when we launch paid service (expected June 2026). During Beta (current phase), all features are free and no payments are collected.

7.1 Available Subscription Plans

Upon production launch, we will offer the following tiers:

SPARKS PLAN - $10/month

Includes:

SPARK content discovery and monitoring
SPARK Chrome extension
RE::CORD voice recording and transcription
Basic usage limits (details on pricing page)
Community support (knowledge base, forums)

Annual billing: 20% discount = $96/year (save $24)

Best for: Freelance journalists focused primarily on content discovery and monitoring

Limitations:

Limited number of Spark Boxes (e.g., 5 active boxes)
Limited monitored sources (e.g., 20 websites)
Limited RE::CORD transcription hours (e.g., 5 hours/month)
No access to full RE::DACT platform
No AI-assisted writing features
No Auditable AI (Hedera audit trail)

FREELANCER PLAN - $25/month

Includes:

Everything in SPARKS, plus:
Full RE::DACT platform access
AI-assisted writing and editing
Fact-checking and research tools
Document analysis
Standard usage limits (higher than SPARKS)
Email support (response within 48 hours)

Annual billing: 25% discount = $225/year (save $75)

Best for: Independent journalists, freelance writers, and solo content creators

Typical limits (subject to change):

Unlimited Spark Boxes
50+ monitored sources
20 hours/month RE::CORD transcription
500 AI queries/month
50GB storage

RE::DACT PRO - $50/month

Includes:

Everything in FREELANCER, plus:
Auditable AI (Hedera Hashgraph transparency and audit trail)
Higher usage limits (2-3x FREELANCER limits)
Priority email support (response within 24 hours)
Advanced AI models access (GPT-4, Claude 3 Opus, etc.)
99.5% uptime SLA with service credits
Export and backup automation
Advanced collaboration features

Annual billing: 30% discount = $420/year (save $180)

Best for: Professional journalists requiring accountability, transparency, compliance, and reliability

Typical limits:

Unlimited Spark Boxes and sources
50+ hours/month RE::CORD transcription
2,000 AI queries/month
200GB storage
Audit trail for all AI interactions

ENTERPRISE - Custom Pricing

Includes:

Everything in PRO, plus:
Team collaboration - Multi-user workspaces, shared resources, role-based access
Private storage - Dedicated infrastructure for your organization
Unlimited usage - No caps on AI queries, storage, or monitored sources
Dedicated support - Priority response, dedicated account manager, phone support
Custom SLA - 99.9% uptime guarantee with service credits
Custom integrations - API access, SSO (SAML, OIDC), custom features
Custom contracts - Negotiable terms, Data Processing Agreements, compliance documentation
Training and onboarding - Team training sessions, custom documentation
Advanced security - Custom encryption keys, audit logs, compliance reporting
White-label options (for large organizations)

To get pricing: Contact contact@reai-strategy.com with:

Number of users
Expected usage volume
Required features and integrations
Compliance requirements

Best for: Newsrooms, media organizations, publishing companies, editorial teams with 5+ users

Typical features:

10-500+ user seats
Dedicated instance (optional)
Custom data retention policies
Integration with existing tools (CMS, DAM, etc.)
Service Level Agreement with financial penalties
Quarterly business reviews

7.2 Pricing Currency and Regions

Prices will be displayed and charged in:

USD ($) - For customers in the United States, Canada, and other non-EU countries
EUR (€) - For customers in the European Union and EEA
! Approximate conversions: €9, €23, €46 (based on current exchange rates) PLN (zł) - For customers in Poland

! Approximate conversions: 40zł, 100zł, 200zł (based on current exchange rates) Exchange rates are updated periodically (typically monthly). The final price shown at checkout is

based on:

Your billing address
Your selected currency
Current exchange rates at time of purchase

Currency conversion:

You may change your billing currency in Account settings
Price changes due to exchange rate fluctuations will be communicated in advance
Major currency changes (>10%) will trigger email notification

7.3 Annual Billing Discounts

Save money with annual billing commitment:

SPARKS: 20% off monthly price " $96/year (instead of $120)
FREELANCER: 25% off monthly price " $225/year (instead of $300)
RE::DACT PRO: 30% off monthly price " $420/year (instead of $600)
ENTERPRISE: Custom discount available (typically 20-35% depending on commitment term)

Annual subscription details:

Billed once per year in advance on your subscription anniversary
Discount applied automatically when selecting annual billing
Non-refundable after 7-day money-back guarantee period (Section 9.2)
Automatically renews each year unless cancelled before renewal date
Can switch to monthly billing at end of annual term (no prorated refund)

7.4 Usage Limits and Fair Use

Each plan includes specific usage limits for:

a) AI queries per month - Number of prompts sent to AI models (GPT, Claude, Gemini, etc.)

b) Content storage - Total storage for articles, documents, notes, and uploads

c) SPARK monitored sources - Number of websites/feeds you can actively monitor

d) RE::CORD transcription hours - Audio recording and transcription capacity per month

e) Team members (Enterprise only) - Number of user accounts

If you exceed your plan limits:

a) Soft limits (first occurrence):

We will notify you via email when you reach 80% of any limit
Additional notification at 100% of limit
Grace period of 7 days to upgrade or reduce usage

b) Hard limits:

Service functionality may be restricted for features exceeding limits
Example: AI queries blocked until next billing cycle or upgrade
No loss of data - just temporary restriction of new activity

c) Options when limits are reached:

Upgrade to higher plan - takes effect immediately with prorated billing
Purchase additional quota (if available for your plan)
Wait until next billing cycle - limits reset monthly
Reduce usage - delete old content, pause Spark Boxes, etc.

d) Enterprise plans:

Unlimited usage (no hard caps)
Fair use policy applies (no abuse or reselling)
Usage monitoring for capacity planning

Fair Use Policy:

Even for "unlimited" Enterprise plans, usage must be reasonable and in good faith:

Normal business use for your organization
Multiple users actively working
Reselling access to third parties
Automated bulk processing beyond normal use
Intentionally abusive or wasteful usage

We will contact you if usage appears inconsistent with normal business operations. Exact limits for each plan will be published on our pricing page at https://redact-app.com/ before production launch.

7.5 Free Tier (Availability To Be Determined)

We may offer a limited Free tier after production launch, subject to:

Potential features:

Access to basic RE::DACT features only
Strict usage limits (e.g., 10 AI queries/month, 1 Spark Box, 1GB storage)
Community support only (no email support)
No SLA or uptime guarantees
May include ads or promotional content (to be determined)
No access to Auditable AI, advanced features, or integrations

Availability:

Free tier availability not guaranteed
May be limited to certain user categories (students, non-profits, etc.)
May require application or approval process
Subject to capacity constraints Details and availability will be announced if/when Free tier becomes available.

7.6 Plan Changes (Upgrades and Downgrades)

Upgrades (moving to higher-priced plan):

a) Take effect immediately upon confirmation

b) Prorated credit applied for unused time on previous plan

c) New plan limits and features accessible immediately

d) Next billing date remains the same (unless switching from monthly to annual)

e) Example:

Currently on FREELANCER ($25/mo), 15 days into billing cycle
Upgrade to PRO ($50/mo)
Charged: $50 - ($25 × 15/30) = $37.50 for remainder of month
Next month: regular $50 charge

Downgrades (moving to lower-priced plan):

a) Take effect at next billing cycle (end of current paid period)

b) No refund for current billing period

c) Warning if downgrade affects your usage:

If you exceed new plan limits, you must reduce usage before downgrade
Example: PRO with 100 Spark Boxes " FREELANCER allows 50
You must delete or deactivate 50 boxes before downgrade processes

d) Grace period:

7 days before downgrade to adjust usage
Email reminders sent at downgrade request, 7 days before, and 1 day before
Can cancel downgrade request any time before it takes effect

Switching billing frequency:

a) Monthly to Annual:

Immediate upgrade with discount applied
Charged for full year immediately
Prorated credit from monthly plan

b) Annual to Monthly:

Takes effect at end of current annual term
No prorated refund for unused annual time
Monthly billing begins at next anniversary

7.7 Pricing Changes

We reserve the right to change our pricing at any time, but will honor the following commitments:

For existing subscribers:

a) 60 days advance notice of any price increase via email

b) Price changes apply at your next renewal date (not mid-subscription)

c) Current subscription period honored at original price

d) You may cancel before renewal to avoid price increase

e) Grandfathered pricing may be offered at our discretion for:

Early adopters (first 1,000 subscribers)
Long-term customers (2+ years)
Annual subscribers (locked rate for term)

For new subscribers:

a) New pricing applies immediately upon sign-up

b) No grandfathered rates for new customers after price change

c) Pricing page always shows current rates

Price decreases:

Applied automatically to all subscribers (including existing)
No notice required for price reductions
Refunds not provided for prior periods

Example scenario:

You subscribe to PRO at $50/mo on March 1, 2026
We announce price increase to $60/mo on June 1, 2026
Notice sent on April 1, 2026 (60 days advance)
Your price remains $50/mo through May 31, 2026
New price $60/mo takes effect June 1, 2026 (your renewal date)
You can cancel by May 31 to avoid increase

§ 8. PAYMENT TERMS (Applicable After Beta)

Note: During Beta (current phase through June 2026), no payments are processed and this section does not apply. This section will become effective when we launch paid subscriptions.

8.1 Payment Processing

When we launch paid plans:

a) All payments will be processed through Stripe, a certified PCI DSS Level 1 Service Provider

b) Supported payment methods:

Credit cards: Visa, Mastercard, American Express, Discover
Debit cards (where available)
SEPA Direct Debit (for EU customers on annual plans)
Other payment methods available through Stripe (region-dependent)

c) Payment information security:

Payment details are securely stored by Stripe using PCI DSS compliant encryption
We do NOT store your full credit card information on our servers
We store only last 4 digits and card type for reference
Stripe handles all sensitive payment data

d) By subscribing, you agree to:

Stripe's Services Agreement: https://stripe.com/legal/ssa
Stripe's Privacy Policy: https://stripe.com/privacy
Our ability to share necessary information with Stripe for payment processing

8.2 Billing Cycles and Timing

Billing frequency options:

a) Monthly subscriptions:

Billed on the same day each month as your initial subscription
Example: Subscribe on March 15 " billed on 15th of each month
If subscription date is 29-31 and month has fewer days, billed on last day of month

b) Annual subscriptions:

Billed once per year on subscription anniversary
Example: Subscribe on March 15, 2026 " next bill March 15, 2027

When billing begins:

a) Immediate subscription (no free trial):

First charge processed immediately upon subscription confirmation
Access granted immediately upon successful payment

b) Free trial subscription (if offered):

No charge during trial period
Credit card required for trial activation
Automatic conversion to paid plan at trial end
First charge on day after trial expires
Email reminder sent 3 days before trial ends

Billing day changes:

Your billing day may shift if you upgrade mid-cycle
We will notify you of any billing day changes
You can view next billing date in Account " Billing section

8.3 Automatic Renewal

Subscriptions automatically renew unless you cancel before the renewal date.

By subscribing, you authorize us (via Stripe) to:

a) Charge your payment method automatically for each renewal period

b) Update payment information if your card is replaced or renewed (via Stripe Account Updater)

c) Continue billing until you explicitly cancel or we terminate your Account

d) Retry failed payments according to our retry schedule (Section 8.4)

You will receive:

a) Email confirmation after each successful payment with:

Receipt and invoice
Next renewal date
Current plan details

b) Renewal reminder 7 days before next charge:

Amount to be charged
Payment method on file
Link to cancel or update payment method

c) Annual renewal reminder (for annual plans):

30 days before renewal
7 days before renewal
Summary of plan usage over the year

To prevent automatic renewal:

Cancel your subscription before renewal date (Section 9.1)
Access continues until end of current paid period
No refund for early cancellation (except 7-day guarantee)

8.4 Failed Payments

If a payment fails (insufficient funds, expired card, declined transaction, etc.):

Our retry schedule:

a) Day 0 (payment date):

Immediate automatic retry
Email notification of failed payment
Link to update payment method

b) Day 3:

Second automatic retry
Second email notification
Warning that service may be suspended

c) Day 7:

Third automatic retry
Final email notification
Account suspended (read-only access to data)

d) Day 10:

Fourth and final automatic retry
If still unsuccessful, Account may be terminated
30-day grace period for data export (Section 9.4)

During suspension (Day 7-10):

You can view your content (read-only)
You can export your data
You can update payment method to restore access
Cannot create new content or use AI features
Cannot add new Spark Boxes or monitored sources

Restoring access:

Update payment method in Account " Billing
We will automatically retry charge within 1 hour
Access restored immediately upon successful payment
Outstanding charges must be paid in full

You remain responsible for:

All outstanding charges even if access is suspended
Updating payment information to avoid service interruption
Any applicable late fees (not currently charged, but reserved right)

8.5 Taxes

Prices displayed do not include applicable taxes unless explicitly stated as "tax-inclusive."

For EU/EEA/UK Customers:

VAT (Value Added Tax) applies based on your location:

a) For individual consumers:

VAT automatically added at checkout
Rate based on your country (e.g., 23% Poland, 19% Germany, 20% UK)
VAT amount shown separately on invoice
Example: €23 FREELANCER + 23% Polish VAT = €28.29 total

b) For businesses with valid EU VAT number:

Provide VAT number during registration or in billing settings
Reverse charge mechanism applies (Article 44 VAT Directive)
0% VAT charged (you self-account in your country)
VAT number validated via VIES (VAT Information Exchange System)
Must provide: Company name, address, valid VAT number (format: XX123456789)

c) VAT invoices:

Automatically generated for all EU transactions
Include all required information per EU VAT Directive
Available immediately in Account " Billing " Invoices

VAT number validation:

We verify VAT numbers in real-time via EU VIES system
Invalid VAT numbers result in consumer VAT rate being applied
You are responsible for providing accurate VAT information

For US Customers:

Sales tax may apply depending on your state:

a) Tax nexus:

We collect sales tax in states where we have nexus (determined by Stripe)
Tax rates and applicability determined by your billing address
Rates range from 0% (no sales tax states) to ~10% (highest combined state+local rates)

b) Example:

$25 FREELANCER in California (9.5% tax) = $25 + $2.38 tax = $27.38 total
$25 FREELANCER in Oregon (no sales tax) = $25.00 total

c) Tax exemption:

Tax-exempt organizations must provide valid exemption certificate
Email exemption certificate to contact@reai-strategy.com
We will review and apply exemption if valid for your state

For Other Countries:

a) GST/VAT equivalent taxes may apply based on local law

b) Tax rates determined by Stripe based on your billing address

c) Compliance with local tax law is handled via Stripe Tax

Your responsibilities:

a) Provide accurate billing information including correct address and tax ID

b) Pay all applicable taxes in addition to subscription price

c) Notify us of tax status changes (e.g., business registration, VAT number)

d) Retain tax invoices for your records and tax filing

We are responsible for:

Calculating correct tax rates
Collecting taxes at point of sale
Remitting taxes to appropriate authorities
Providing compliant tax invoices

8.6 Invoices and Receipts

We provide electronic invoices for all transactions:

Delivery: a) Sent via email immediately after successful payment

b) Available in Account " Billing " Invoices section

c) Can be downloaded as PDF at any time

d) Retained for 7 years for tax compliance purposes

Invoice contents:

a) For EU customers (VAT invoices):

Our company details (REAI P. S.A. )
Your details (name/company, address, VAT number if applicable)
Invoice number (sequential)
Invoice date and tax point
Service description
Net amount, VAT rate, VAT amount, gross amount
Payment method and date
Reverse charge notation (if applicable)

b) For US customers:

Our company details (REDACT Inc.)
Your details (name/company, billing address)
Invoice number
Invoice date
Service description
Subtotal, sales tax (if applicable), total amount
Payment method

c) For other customers:

Company and customer details
Invoice number and date
Service description
Amount charged and currency
Applicable taxes (if any)

For businesses:

To receive invoices with your company details:

a) Update billing information in Account " Settings " Billing

b) Provide:

Legal company name
Company registration number
VAT/Tax ID (if applicable)
Complete billing address
Purchase order number (optional, will be included on invoice if provided)

Corrected invoices:

If you need a corrected invoice (wrong company name, address, VAT number, etc.):

a) Email contact@reai-strategy.com within 30 days of original invoice

b) Provide:

Original invoice number
Correct information
Reason for correction c) We will issue corrected invoice within 5 business days

d) Original invoice will be marked as "Cancelled - Replaced by [new invoice number]”

Note: Corrections after 30 days may not be possible due to tax reporting deadlines.

8.7 Currency Conversion and Foreign Transaction Fees

If your payment method uses a different currency than your selected billing currency:

a) Currency conversion:

Your bank/card issuer will convert the charge to your card's currency
Conversion rates set by your bank, not by us or Stripe
Exchange rates fluctuate daily
We have no control over conversion rates or fees

b) Foreign transaction fees:

Your bank may charge foreign transaction fees (typically 1-3%)
These fees are charged by your bank, not by us
Fees appear as separate line item on your credit card statement
Example: €23 charge may appear as $25.67 + $0.77 foreign fee

To avoid currency conversion fees:

a) Choose billing currency that matches your payment method currency

b) Use a credit card with no foreign transaction fees

c) For EU customers: Use EUR billing + EUR-denominated card

d) For US customers: Use USD billing + US-issued card

Multi-currency support:

We support EUR, USD, and PLN
You can change your billing currency in Account settings
Currency change takes effect at next billing cycle
Historical invoices remain in original currency

§ 9. CANCELLATION AND REFUNDS

9.1 Cancellation by You

You may cancel your Subscription at any time through:

a) Account settings " Billing " "Cancel Subscription", OR

b) Email to contact@reai-strategy.com with subject "Cancel Subscription" and your account email

Effect of Cancellation:

a) Access continues until end of current billing period:

Monthly plan: Until last day of current month
Annual plan: Until subscription anniversary date

b) No partial refunds for early cancellation:

Except during 7-day money-back guarantee period (Section 9.2)
You retain access for full paid period

c) Account status after cancellation:

Downgrades to Free tier (if available)
If no Free tier available, Account becomes inactive
Data retained for 30 days (see Section 9.4)

d) Cancellation confirmation:

Email confirmation sent immediately
Final invoice generated at end of billing period
No further charges after current period ends

To reactivate:

You can resubscribe at any time
Data restored if within 30-day retention period
New billing cycle starts from reactivation date

9.2 Refund Policy - 7-Day Money-Back Guarantee

We offer a full refund if you are dissatisfied with your paid subscription.

Eligibility:

a) Request must be made within 7 calendar days of:

Your initial purchase (first payment), OR
Your renewal payment (annual plans)

b) One refund per user/Account:

This guarantee applies once per Account lifetime
Multiple refund requests will be denied

c) Applicable to:

All paid plans (SPARKS, FREELANCER, PRO)
Both monthly and annual subscriptions
Initial purchases and renewals

How to request a refund:

a) Email contact@reai-strategy.com within 7 days of purchase

b) Subject line: "Refund Request - [Your Account Email]"

c) Include:

Your Account email address
Order/invoice number
Brief reason for refund (optional but helpful for improving our service)
Confirmation that you understand this is your one-time refund

d) We will process your request within 2 business days

e) Refund issued to original payment method within 5-10 business days

f) Access to paid features terminates immediately upon refund approval

Refund does NOT apply to:

a) After 7-day period - all sales are final beyond guarantee period

b) Enterprise custom contracts - refund terms specified in your agreement

c) Add-on purchases (if we offer them in future)

d) Accounts terminated for violations - no refund for Terms violations

e) Second/subsequent refund requests - only one refund per Account

f) Chargebacks - filing a chargeback forfeits refund eligibility and results in Account termination

Important notes:

Refunds are prorated for partial months on annual plans
If you used significant resources (e.g., thousands of AI queries), we reserve the right to
charge for actual usage before refunding remainder Free trial users who forget to cancel: refund is at our discretion (usually granted as courtesy)

9.3 Our Right to Suspend or Terminate

We may suspend or terminate your Account and access to the Services if:

Violations:

a) You violate these Terms or our Acceptable Use Policy (Section 13)

b) Payment fraud or chargeback abuse

c) Unauthorized use of another person's Account

d) Abusive behavior toward our staff or other users

e) Security threats - using Services to attack others, distribute malware, etc.

Non-Payment:

f) Payment fails and you don't update payment information within 10 days (Section 8.4)

g) Disputed charges resolved in our favor but you refuse to pay

Inactivity:

h) Account inactive for more than 12 consecutive months with no login activity

Legal Requirements:

i) Required by law - court order, subpoena, regulatory requirement

j) Sanctions compliance - you are in or become subject to sanctions (Section 23.9)

k) Service discontinuation - we cease operations (minimum 90 days notice)

In case of termination for violation:

a) Effective immediately:

Access to Services revoked immediately
No advance notice required for serious violations (e.g., illegal activity, security threats)
For minor violations, may provide opportunity to cure within 7 days

b) No refund:

Remaining Subscription period is forfeited
No prorated refund for time not used
Outstanding charges remain due

c) Data handling:

For serious violations: immediate deletion possible
For other terminations: 30-day retention period applies (Section 9.4)
You may request one-time data export within 48 hours of termination notice

d) Account ban:

Email address permanently blocked from new Account creation
IP address may be blocked for persistent abuse
No future Account creation allowed

Appeal process:

If you believe termination was in error: a) Email legal@redact.ai within 14 days b) Provide explanation and evidence c) We will review and respond within 7 business days d) Our decision is final

9.4 Data Retention After Cancellation or Termination

What happens to your Content when subscription ends:

During 30-Day Grace Period:

a) Your Content is retained but inaccessible:

All articles, documents, notes, Spark Boxes, recordings remain in our systems
You cannot log in to access paid features
Data encrypted and securely stored

b) You may reactivate at any time:

Subscribe to any paid plan
All data restored immediately upon payment
Continue exactly where you left off
No data loss during grace period

c) You may request data export:

Email contact@reai-strategy.com with subject "Data Export Request"
Provide Account email for verification
We will generate export file within 5 business days
Download link provided via email (valid for 30 days)
Export formats: JSON (machine-readable), PDF (articles), CSV (metadata)

d) Read-only access option:

On request, we may provide temporary read-only access (72 hours) to facilitate export
Request via contact@reai-strategy.com
Subject to availability and at our discretion

After 30-Day Grace Period:

a) Permanent deletion from active systems:

All User Content deleted from production databases (Firestore)
All cached data cleared
Deletion is irreversible - we cannot recover data after this point
SPARK Boxes and monitored sources configuration deleted
RE::CORD recordings and transcripts deleted

b) Backup retention (90 days maximum):

Backup systems may retain data for additional 90 days
Backups automatically purged after 90 days
Used only for disaster recovery (not accessible for restoration to user)
After 90 days, complete purge from all systems

c) What is NOT deleted:

Account email (for preventing duplicate accounts and fraud)
Billing records (required for tax compliance - 7 years)
Usage logs (anonymized after 90 days)
Hedera Hashgraph hashes (immutable public ledger - cannot be deleted) ! Note: Hashes do not contain your content, only cryptographic fingerprints ! Original content is deleted; hashes remain as proof of integrity

d) Metadata retained (anonymized):

Aggregated usage statistics (no personally identifiable information)
Feature usage data for product improvement
Anonymized after 90 days (not linkable to your identity)

To preserve your data before deletion:

Option 1: Use Account settings (if available):

Account " Settings " Data Export
Select data types to export
Download ZIP file containing all data

Option 2: Email request:

Send to contact@reai-strategy.com
Subject: "Data Export Request - [Account Email]"
Specify preferred format (JSON/PDF/CSV)
Receive download link within 5 business days

Option 3: Reactivate within 30 days:

Subscribe to any paid plan
All data restored automatically
No export needed

We strongly recommend:

Export your data BEFORE canceling
Keep local backups of important work
Don't rely solely on grace period for data recovery

GDPR Right to Erasure (EU users):

If you want immediate deletion (waiving 30-day grace period):

Email contact@reai-strategy.com with subject "GDPR Right to Erasure"
We will delete all personal data within 30 days
Cannot be reversed
Billing records retained for 7 years (legal obligation)

§ 10. RIGHT OF WITHDRAWAL (EU CONSUMERS ONLY)

This section applies ONLY to individual consumers (not businesses) in the European Union, EEA, UK, and Switzerland. Under EU Consumer Rights Directive 2011/83/EU, you have the right to withdraw from this contract within 14 days without giving any reason.

10.1 Withdrawal Period

The withdrawal period expires 14 calendar days from:

a) The date you subscribe to a paid plan (date of first payment), OR

b) The date you agree to these Terms (if earlier) The later of these two dates determines the start of your withdrawal period.

10.2 How to Exercise Right of Withdrawal

To exercise your right of withdrawal, you must inform us of your decision by a clear statement:

Contact methods:

a) Email: contact@reai-strategy.com

b) Subject: "Right of Withdrawal - EU Consumer"

c) Include:

Your full name
Your Account email address
Subscription plan name
Date of subscription
Clear statement of withdrawal

Model Withdrawal Form (optional but recommended):

To: REAI Prosta Spółka Akcyjna contact@reai-strategy.com I hereby give notice that I withdraw from my contract for the following service: Service: RE::DACT Subscription - [SPARKS/FREELANCER/PRO] Ordered on: [Date] Name: [Your full name] Account email: [Your email] Date: [Today's date] [Your signature if sent by post] You may use this form but are not obliged to. Any clear statement of withdrawal is sufficient.

10.3 Effects of Withdrawal

If you withdraw from this contract, we will reimburse:

What we reimburse:

a) All payments received from you, including:

Subscription fees
Applicable VAT or other taxes
Setup fees (if any - currently none)

b) Timeline:

Without undue delay
Not later than 14 days from the day we receive your withdrawal notice
Earlier if possible

c) Method:

Same payment method you used for the initial transaction
Unless you expressly agree to a different method
You will not incur any fees for the reimbursement

Important: We may withhold reimbursement until we have received proof that you have returned any goods (not applicable to digital services) or until you have supplied evidence of having returned the goods.

10.4 Proportionate Payment for Services Already Provided

If you requested that Services begin during the 14-day withdrawal period:

You acknowledge and agree that by using the Services during the withdrawal period, you have:

a) Expressly requested immediate access to digital services

b) Agreed that we begin providing Services immediately

c) Acknowledged that you may forfeit your withdrawal right once Services are fully performed

Partial withdrawal (if you use Services then withdraw):

If you withdraw before Services are fully performed:

a) You pay for the proportionate amount of Services provided up to withdrawal

b) Proportionate amount calculated based on:

Number of days you had access vs. total subscription period
Example: Monthly subscription (€25), withdraw on Day 5 of 30-day period
Amount due: €25 × (5/30) = €4.17
Refund: €25 - €4.17 = €20.83

c) We will inform you of the proportionate amount before processing refund

10.5 Waiver of Withdrawal Right (Digital Content)

By clicking "I Agree" and beginning to use the Services, you acknowledge:

a) Express consent to immediate access to digital services during withdrawal period

b) Acknowledgment that your right of withdrawal may be lost once:

Digital content is fully supplied, AND
Performance has begun with your prior express consent, AND
You acknowledged that you lose your withdrawal right once performance begins Note: This waiver complies with EU Directive 2011/83/EU Article 16(m). However:
This does NOT affect your 7-day money-back guarantee (Section 9.2)
You have additional protection beyond EU minimum requirements
If unclear, the more favorable provision applies

10.6 Business Customers - Withdrawal Right Does NOT Apply

This right of withdrawal does NOT apply if:

a) You are a business, company, or organization (even sole proprietorship)

b) You use Services for professional or commercial purposes

c) You register using a business email or provide business VAT number

d) You select "Business" or "Organization" during registration

Business customers are subject to:

Standard cancellation terms (Section 9.1)
7-day money-back guarantee only (Section 9.2)
No 14-day withdrawal right

10.7 Withdrawal vs. Money-Back Guarantee

You have TWO separate rights (both apply to EU consumers):

Right

Period

EU Withdrawal Right

14 days

No reason needed

EU consumers only

Money-Back Guarantee

7 days

No reason (but appreciated)

All users worldwide

Reason Required

Applies To

If you're an EU consumer:

You can use EITHER right within the first 7 days
EU withdrawal right extends to 14 days
Both result in full refund
Use whichever is more convenient

We honor the more favorable term in all cases.

§ 11. USER CONTENT AND INTELLECTUAL PROPERTY RIGHTS

11.1 Your Ownership of User Content

You retain all ownership rights to any Content you create, upload, or submit through the Services

("User Content"), including:

a) Articles, documents, written works, and editorial content

b) Research materials, notes, annotations, and highlights

c) Voice recordings and transcripts (RE::CORD)

d) SPARK Boxes and curated source lists

e) Comments, feedback, and collaborative contributions

f) Any other original content you create using the Services We do not claim ownership of your User Content. Your User Content remains your property before, during, and after your use of our Services.

11.2 License to Us

By uploading or creating User Content, you grant us a limited, non-exclusive, worldwide, royaltyfree, sublicensable license to:

What we can do:

a) Store and host your User Content on our servers (Google Cloud Platform)

b) Process and display your User Content within the Services

c) Transmit to AI providers (OpenAI, Anthropic, Google) to provide AI features you request

d) Use AI Models to analyze, edit, translate, summarize, or generate related content at your explicit request

e) Create backups and copies for data protection, disaster recovery, and service continuity

f) Cache and optimize for performance (CDN, compression, format conversion)

g) Create derivative works necessary to provide Services (e.g., thumbnails, previews, excerpts)

h) Share with service providers as necessary (Hedera for audit trail, Tavily/Brave for search)

License limitations:

This license:

a) Exists only for the duration of your use of the Services

b) Is limited to providing and improving the Services for you

c) Does NOT grant us the right to:

Publicly display or publish your User Content without permission
Sell or license your User Content to third parties for their benefit
Use your User Content for advertising or marketing (except with explicit consent)
Modify your User Content except as necessary to provide Services
Share your User Content with other users without your permission

d) Terminates automatically when you:

Delete your User Content from the Services
Terminate your Account
Request deletion under GDPR or other data protection rights

e) May survive termination only for:

Backup systems (up to 90 days - see Section 9.4)
Legal compliance (e.g., response to valid legal process)
Hedera hashes on public ledger (immutable, but contain no actual content) Sublicensing to service providers: We may sublicense your User Content to third-party service providers only to the extent necessary to provide the Services, including:
AI providers (OpenAI, Anthropic, Google) for processing your AI requests
Cloud infrastructure (Google Cloud) for hosting and storage
Search providers (Tavily, Brave) for search functionality
Hedera Hashgraph for audit trail (hashes only, not content)

All sublicenses are subject to confidentiality obligations and use restrictions.

11.3 AI-Generated Content

When you use our AI features to generate, edit, translate, summarize, or enhance content:

Ownership of AI Outputs:

a) You own the AI-generated output, subject to limitations below

b) We do not claim ownership of AI-generated content you create using our Services

c) AI providers (OpenAI, Anthropic, Google) do not claim ownership under their enterprise API terms

Important Limitations and Disclaimers:

a) Originality not guaranteed:

AI may generate content similar to existing copyrighted works
AI may produce content similar to what it generates for other users using similar prompts
You are solely responsible for verifying originality before publication
We recommend plagiarism checking for AI-generated content

b) Copyright considerations:

In many jurisdictions (including USA), pure AI-generated content without substantial human authorship may not be copyrightable
US Copyright Office guidance (as of 2023): AI-generated works require "creative control
and authorship" by humans to be copyrightable
EU law: Similar requirements for human intellectual creation We recommend substantial human editing, review, and creative input to ensure copyright protection

c) You are solely responsible for:

Verifying accuracy of all AI-generated content before publication
Fact-checking claims, statistics, quotes, and references produced by AI
Ensuring originality and non-infringement of third-party rights
Compliance with journalistic ethics and editorial standards
Proper attribution if using AI-generated content in published work (per your organization's policies)
Disclosure of AI use where required by law, regulation, or professional standards

d) No warranties regarding AI output:

We do NOT guarantee AI outputs are accurate, truthful, or factually correct
We do NOT guarantee AI outputs are original or non-infringing
We do NOT guarantee AI outputs are free from bias, errors, or "hallucinations"
We do NOT guarantee AI outputs comply with legal or ethical standards for your profession

Third-party AI provider terms:

When you use AI features, you also agree to be bound by the terms of our AI providers:

OpenAI Terms of Use (Business): https://openai.com/policies/business-terms
Anthropic Commercial Terms: https://www.anthropic.com/legal/commercial-terms
Google Cloud AI Terms: https://cloud.google.com/terms/service-terms

Enterprise API zero-retention:

Our AI providers do NOT store your prompts or outputs for training their models
Your data is NOT used to improve third-party AI models
Processing happens in real-time with no persistent storage by AI providers

11.4 Responsibility for User Content

You represent and warrant that:

a) You own or have rights to all User Content you upload, create, or submit

b) Your User Content does not infringe any third-party rights, including:

Intellectual property rights (copyright, trademark, patent, trade secret)
Privacy rights (unauthorized use of names, likenesses, personal data)
Publicity rights (unauthorized commercial use of identity)
Confidentiality obligations (NDAs, attorney-client privilege, trade secrets)
Any other proprietary or personal rights

c) Your User Content complies with:

All applicable laws and regulations (copyright law, defamation law, privacy law, etc.)
These Terms and our Acceptable Use Policy (Section 13)
Journalistic ethics and professional standards (if applicable)
Your employer's or client's policies (if using Services for work)

d) You have obtained all necessary permissions:

Consents from individuals whose personal data appears in User Content
Releases from individuals whose names, images, or voices appear in User Content
Licenses for any third-party content (quotes, images, data) included in User Content
Permissions from copyright holders if reproducing protected works

You are solely responsible for:

a) The accuracy, legality, and reliability of your User Content

b) Ensuring compliance with journalistic ethics, editorial standards, and professional codes of conduct

c) Obtaining necessary rights, permissions, and licenses before publishing

d) Consequences of publishing or distributing your User Content

e) Any legal claims arising from your User Content (defamation, copyright infringement, privacy violations, etc.)

We are NOT responsible for:

The accuracy or reliability of User Content
Legal compliance of User Content
Editorial decisions regarding User Content
Third-party claims arising from your User Content (though you must indemnify us - Section 18)

11.5 Our Intellectual Property

All rights, title, and interest in the Services and related intellectual property, including but not limited to:

a) Software and code:

The RE::DACT platform application and infrastructure
SPARK web application and browser extension
RE::CORD voice transcription system
All proprietary algorithms, features, and functionality
Source code, object code, and executables

b) Trademarks and branding:

"RE::DACT" name and logo
"SPARK" name and logo
"RE::CORD" name and logo
All associated logos, designs, and visual identity
Taglines and marketing materials

c) Content and documentation:

User documentation and tutorials
API documentation
Support articles and knowledge base
Training materials and webinars
Blog posts and case studies authored by us

d) Designs and interfaces:

User interface designs and layouts
"Look and feel" of the Services
Visual design elements, icons, graphics
User experience (UX) patterns and workflows

e) Data and analytics:

Aggregated usage statistics and analytics
Product improvement data (anonymized)
Performance metrics and benchmarks

f) Proprietary systems:

Hedera Hashgraph integration and audit trail system
SPARK content monitoring algorithms
AI prompt optimization and routing logic
Source protection and encryption systems

are owned exclusively by REDACT Inc., REAI P. S.A., and/or our licensors.

Your limited license to use:

We grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Services in accordance with these Terms.

You may NOT:

a) Copy, modify, or create derivative works from the Services or any component thereof

b) Reverse engineer, decompile, or disassemble the Services or attempt to derive source code

c) Remove, alter, or obscure any copyright, trademark, or proprietary notices

d) Use our trademarks, logos, or branding without prior written permission

e) Frame, mirror, or create links to the Services that misrepresent relationship or endorsement

f) Scrape, crawl, or use automated tools to access the Services (except SPARK monitoring which respects robots.txt)

g) Rent, lease, sell, sublicense, or transfer your access to the Services

h) Use the Services to build competing products or reverse engineer our features for competitive purposes

Permitted uses of our trademarks:

You may:

Reference "RE::DACT" in factual statements (e.g., "Created using RE::DACT")
Include our logo in case studies or portfolios showing your use of Services (with attribution)
Link to our website using our name

You must:

Maintain trademark notices (e.g., RE::DACT™ or RE::DACT®)
Not imply endorsement without permission
Follow our brand guidelines (available at redact.ai/brand)

11.6 Feedback and Suggestions

If you provide us with feedback, suggestions, ideas, recommendations, or other input regarding the

Services ("Feedback"):

We may use your Feedback without any obligation to you:

a) No compensation required - we are not obligated to pay you for Feedback

b) No attribution required - we are not obligated to credit you for implemented ideas

c) No approval needed - we may implement, modify, or reject Feedback at our discretion

d) No confidentiality - unless covered by separate written agreement, Feedback is non-confidential You grant us an unrestricted, perpetual, irrevocable, worldwide, royalty-free license to:

a) Use, implement, modify, and commercialize your Feedback in any manner

b) Incorporate Feedback into the Services or create new products based on Feedback

c) Sublicense Feedback to third parties (e.g., white-label partners)

d) Create derivative works from Feedback

e) Disclose Feedback publicly (e.g., in product announcements, marketing materials)

You waive any rights to:

a) Compensation or royalties for implemented Feedback

b) Credit or attribution (though we may choose to credit you at our discretion)

c) Approval of how Feedback is used or implemented

d) Ownership or co-ownership of features developed from your Feedback

e) Patent claims related to Feedback (to the extent permitted by law) Providing Feedback is entirely voluntary. You are not required to provide suggestions, and withholding Feedback does not affect your use of the Services.

Examples of Feedback:

Feature requests and enhancement ideas
Bug reports and technical suggestions
User experience improvements
Business model or pricing suggestions
Integration or partnership ideas

What is NOT Feedback:

Your User Content (covered by Section 11.1)
Bug reports required for troubleshooting your specific issue
Support requests
Confidential information shared under NDA

11.7 DMCA and Copyright Infringement

We respect intellectual property rights and comply with the Digital Millennium Copyright Act (DMCA) (17 U.S.C. § 512).

If you believe your copyrighted work has been infringed on our Services:

Submit a DMCA Takedown Notice to our Copyright Agent:

Email: contact@reai-strategy.com Subject: DMCA Takedown Notice

Your notice must include:

a) Identification of copyrighted work claimed to be infringed:

Description of the copyrighted work
URL or location of your original work (if online)
Copyright registration number (if registered)

b) Identification of infringing material:

Description of the allegedly infringing content on our Services
URL or specific location within RE::DACT where content appears
Account username (if known)

c) Your contact information:

Full legal name (individual or company)
Mailing address
Email address
Phone number (optional but helpful)

d) Statement of good faith belief:

"I have a good faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.”

e) Accuracy statement:

"I declare, under penalty of perjury under the laws of the United States, that the information in this notification is accurate and that I am the copyright owner or am authorized to act on behalf of the copyright owner of an exclusive right that is allegedly infringed.

f) Your physical or electronic signature

We will:

a) Investigate promptly (typically within 2-3 business days)

b) Remove or disable access to allegedly infringing content if claim appears valid

c) Notify the user who posted the content (if identifiable)

d) Provide copy of your notice to the alleged infringer

e) Terminate repeat infringers - users with multiple valid DMCA claims will have accounts permanently terminated

DMCA Counter-Notification:

If your content was removed and you believe it was removed by mistake or misidentification: Submit a Counter-Notification to: legal@redact.ai Subject: DMCA Counter-Notification

Your counter-notice must include:

a) Your contact information (name, address, email, phone)

b) Identification of removed content and its prior location

c) Statement under penalty of perjury:

"I swear, under penalty of perjury, that I have a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed
or disabled." d) Consent to jurisdiction: "I consent to the jurisdiction of the Federal District Court for the judicial district in which my address is located (or the Southern District of New York if my address is outside the United States), and I will accept service of process from the person who provided the original DMCA notice or an agent of such person." e) Your physical or electronic signature

We will:

a) Forward your counter-notification to the original complainant

b) Inform them they have 10-14 business days to file a lawsuit

c) Restore your content within 10-14 business days unless the complainant files a court action and notifies us

d) If lawsuit is filed, content remains disabled pending court resolution

False claims:

Submitting false or bad-faith DMCA notices or counter-notices may result in:

a) Liability for damages under 17 U.S.C. § 512(f), including:

Actual damages suffered by us or the affected user
Costs and attorney's fees
Statutory damages (if applicable)

b) Account termination for submitting knowingly false claims

c) Legal action - we may pursue claims for perjury, fraud, or abuse of process

d) Reporting to authorities - false DMCA claims may be criminal offenses

Repeat infringer policy:

Users with three (3) or more valid DMCA claims against their content will:

a) Have their Account permanently terminated

b) Be banned from creating new accounts

c) Forfeit any remaining Subscription period (no refund)

d) Have 30 days to export data before permanent deletion

Questions about DMCA process:

Email legal@redact.ai with subject "DMCA Question" - we can clarify the process but cannot provide legal advice.

§ 12. AI-POWERED FEATURES AND DATA USAGE

12.1 Third-Party AI Providers

We integrate AI models from leading providers to power our features:

a) OpenAI - GPT-4, GPT-3.5-turbo, and other models

b) Anthropic - Claude 3 (Opus, Sonnet, Haiku) and future models

c) Google - Gemini Pro, Gemini Ultra, PaLM, and other AI services

d) Other providers as we integrate additional AI capabilities

When you use AI features:

a) Your input prompts and Content are transmitted to these providers' servers:

Prompts (your questions, instructions, requests to AI)
Context (article excerpts, documents you ask AI to analyze)
Previous conversation history (for multi-turn conversations)

b) Processing occurs on provider infrastructure:

Servers located primarily in the United States
Enterprise-grade security and encryption
Dedicated API endpoints (not shared with consumer products)

c) We use enterprise API plans with:

Zero data retention policies - providers do NOT store your data for training
No training on your data - your inputs/outputs are NOT used to train or improve their
models
Enhanced security - dedicated infrastructure, encryption in transit and at rest
Data Processing Agreements (DPAs) - contractual commitments to data protection Compliance certifications - SOC 2, ISO 27001, and other security standards

International data transfers (EU " USA):

For users in the European Union, EEA, UK, and Switzerland:

a) Legal mechanisms protecting your data:

EU-US Data Privacy Framework - all our AI providers are certified participants
Standard Contractual Clauses (SCCs) - backup legal mechanism
Encryption in transit - TLS 1.3 for all data transmission
Encryption at rest - AES-256 for stored data (though enterprise APIs don't store)

b) Certified providers (as of February 2026):

OpenAI: DPF certified - https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNolAAG
Anthropic: DPF certified - https://www.dataprivacyframework.gov/s/participant-search
Google Cloud: DPF certified - https://www.dataprivacyframework.gov/s/participant-search/ participant-detail?id=a2zt000000001L5AAI

c) Your consent:

By using AI features, you explicitly consent to transfer of your data to USA
Required under GDPR Article 49(1)(a)
You may opt out by not using AI features (basic text editor remains available)

d) Transfer Impact Assessment:

We have conducted Transfer Impact Assessment (TIA) as recommended by EDPB
DPF + SCCs + encryption provide appropriate safeguards
See our Privacy Policy for complete TIA results

Third-party AI provider terms:

When using AI features, you also agree to:

a) OpenAI Terms of Use (Business):

https://openai.com/policies/business-terms
Enterprise API terms (not consumer ChatGPT terms)
Zero retention, no training on your data

b) Anthropic Commercial Terms:

https://www.anthropic.com/legal/commercial-terms
Enterprise API terms
Zero retention policy

c) Google Cloud AI/ML Terms:

https://cloud.google.com/terms/service-terms
Vertex AI terms of service
Google Cloud data processing terms

Important: We do NOT control these third-party providers and are NOT responsible for:

Changes to their terms or privacy policies
Security breaches on their infrastructure (though they have contractual obligations to notify
us)
Service outages or performance issues Model behavior, outputs, or limitations

We ARE responsible for:

Selecting reputable, certified providers
Ensuring DPAs and data protection agreements are in place
Monitoring compliance with privacy commitments
Providing transparency about which providers we use

12.2 Search Providers

We integrate search engines to power research and fact-checking features:

a) Tavily AI Search:

Optimized for journalistic research and fact-checking
Focuses on authoritative, credible sources
Real-time web search with source ranking
Privacy-conscious (minimal data collection)
Terms: https://tavily.com/terms

b) Brave Search:

Privacy-first web search engine
Independent search index (not reliant on Google/Bing)
No user tracking or personalization
Anonymous queries (we don't send your identity)
Terms: https://search.brave.com/help/terms\

When you use search features:

a) Your search queries are sent to these providers:

Query text (keywords, questions)
Timestamp of search
Language preference
NOT sent: Your name, email, account ID, or other identifying information

b) Search providers may log queries according to their privacy policies:

Tavily: Logs for service improvement, anonymized after 90 days
Brave: No personal data collection, privacy-first approach
We do NOT have access to provider search logs

c) We anonymize requests where possible:

API requests use our API key (not your account information)
No user identifiers transmitted to search providers
Queries grouped with all RE::DACT users (not individually tracked)

You agree to search provider terms:

Tavily AI Terms of Service
Brave Search Terms of Service

We are NOT responsible for:

Search result accuracy, completeness, or bias
Provider privacy practices (though we select privacy-conscious providers)
Content linked to in search results
Availability or performance of search services

12.3 SPARK Content Discovery and Monitoring

How SPARK monitoring bot operates:

SPARK helps you discover relevant content by monitoring websites you specify. Our monitoring

system operates as follows:

a) Your Configuration:

You create "Spark Boxes" containing:

Topics and keywords of interest (e.g., "climate policy", "AI regulation")
Websites to monitor (URLs or domains)
Monitoring frequency (hourly, daily, weekly)
Content filters (language, date range, source credibility)

b) Our Monitoring Bot Behavior:

IMPORTANT: We respect web standards and publisher rights.

1. robots.txt compliance (ALWAYS checked first):

2. Before accessing any website, our bot:

1. - Fetches robots.txt from domain root (e.g., example.com/

2. robots.txt)

3. - Parses User-agent rules

4. - Honors all Disallow directives

5. - Respects Crawl-delay instructions

6. - Obeys Allow directives (if specified)

1. If robots.txt permits crawling:

2. !

3. !

! ! !

1. Scans pages matching your topics

2. Extracts metadata only:

3. # Article title (from <title> or <h1>)

4. # Publication date (from metadata or structured data)

5. # Author (if available in metadata)

6. # Brief description (from meta description tag)

7. # URL of the article

8. Does NOT download full article text

9. Does NOT bypass paywalls or authentication

10. Does NOT store copyrighted article content

If robots.txt blocks our bot:

! ! !

SPARK cannot monitor that site automatically You are notified: "Site blocks automated monitoring - use manual capture" You can still use SPARK Chrome extension to manually save articles (by visiting yourself)

10. Rate limiting and politeness:

! Respects Crawl-delay directive (typically 1-5 seconds between requests) ! Default: Maximum 1 request per 2 seconds to any single domain ! Distributed monitoring (not all sites checked simultaneously) ! Backs off if site returns 429 (Too Many Requests) or 503 (Service Unavailable) !

11. User-Agent identification:

User-Agent: SPARK-Bot/1.0

1. !

2. !

3. !

Clear identification as automated crawler Link to documentation explaining bot purpose Contact information for webmasters

c) What You Receive (Notifications):

When relevant content is discovered:

a) Email or in-app notification containing:

Article title
Link to original article on publisher's website
Publication date and source name
Brief description (from page metadata)
Relevance score (how well it matches your topics)

b) Saved to your Spark Box:

Title and URL stored in your RE::DACT account
You can add your own notes and tags
Organized by topic and date

c) To read full article:

Click link to visit publisher's website
Read on original site (respecting paywalls and access controls)
Use SPARK Chrome extension to clip excerpts if needed

d) What SPARK Does NOT Do:

We do NOT:

Scrape or download full article text (only metadata)
Bypass paywalls, login requirements, or access controls
Store copyrighted article content in our database
Provide full-text access without visiting publisher's site
Violate robots.txt or Terms of Service of monitored sites
Redistribute publisher content to other users
Use aggressive crawling that could impact site performance
Ignore Disallow directives or crawl-delay rules
Attempt to circumvent bot detection or anti-scraping measures

We DO:

Respect robots.txt standards (RFC 9309)
Identify ourselves clearly in User-Agent
Provide webmaster contact for opt-out requests
Implement rate limiting and politeness policies
Extract only publicly available metadata
Direct you to original publisher's site for content

e) Webmaster Opt-Out:

If you are a website owner and wish to block SPARK monitoring:

Option 1: robots.txt (recommended):

User-agent: SPARK-Bot Disallow: /

Option 2: Contact us:

Email: webmaster@redact.ai
Subject: "SPARK Bot Opt-Out Request"
Include: Domain name to block
We will add to permanent block list within 48 hours

f) Compliance with Publisher Terms:

We do NOT access sites where robots.txt prohibits crawling
We do NOT bypass technical protection measures (paywalls, CAPTCHAs, login walls)
We respect copyright - no full-text storage or redistribution
We direct traffic TO publishers (users must visit original site)

Users are responsible for:

Complying with publisher Terms of Service when accessing linked content
Respecting paywalls and subscription requirements
Not using SPARK to facilitate copyright infringement
Following their jurisdiction's laws regarding web scraping and fair use

12.4 AI Training on Your Data

We may use anonymized data from your usage to improve our Services.

What data may be used:

a) Anonymized AI interactions:

AI prompts and responses (with all personal identifiers removed)
User corrections or edits to AI outputs (what worked vs. didn't work)
Feature usage patterns (which AI features are most/least useful)

b) Aggregated usage statistics:

Which features are used most frequently
Common workflows and use cases
Performance metrics (query response times, error rates)
Conversion rates (trial to paid, plan upgrades)

c) Anonymized SPARK data:

Topics monitored (without linking to specific users)
Source discovery patterns
Content relevance scoring improvements

How we protect your privacy:

a) Remove ALL personal identifiers before any analysis:

Names, email addresses, account IDs
Organization names and affiliations
IP addresses and device identifiers
Source identities (protected journalistic sources)
Location data
Any personally identifiable information (PII)

b) Aggregate across many users:

Your individual data is NEVER used in isolation
Combined with data from thousands of other users
No individual usage patterns identifiable
Statistical anonymization techniques (k-anonymity, differential privacy)

c) Legitimate purposes only:

Improve AI accuracy for journalism and content creation use cases
Develop new features based on actual user needs
Enhance fact-checking, research, and source protection capabilities
Detect and prevent abuse, fraud, or Terms violations
Improve system performance and reliability

What we NEVER use for training or share:

Your actual article content (remains encrypted and private)
Journalistic sources or source identities (protected)
Personal data or user identity information
Private workspace content (Enterprise customers)
Voice recordings with identifiable persons (RE::CORD)
Data marked as sensitive, confidential, or embargoed
Content from paid plans used for free tier improvements (paid users' data benefits only paid features)

Opt-Out of AI training:

You may opt out of having your anonymized data used for AI training:

a) In Account Settings:

Navigate to: Account " Settings " Privacy
Toggle: "Do not use my data for AI training"
Takes effect immediately

b) Via email:

Email: contact@reai-strategy.com
Subject: "Opt-Out AI Training"
Include: Your account email
Processed within 5 business days

Opting out does NOT affect:

Your ability to use all AI features (no degradation)
Quality of Services provided to you
Your subscription status or pricing
Access to any features or functionality

Third-party AI providers (OpenAI, Anthropic, Google):

Under our enterprise API agreements:

They do NOT train on your data (zero retention policy)
Your prompts/outputs are NOT used to improve their models
Data is deleted after processing (not stored for training)
Contractually bound by DPAs prohibiting unauthorized use See their privacy policies for complete details:
OpenAI Business Privacy: https://openai.com/policies/privacy-policy
Anthropic Privacy Policy: https://www.anthropic.com/legal/privacy
Google Cloud Privacy Notice: https://cloud.google.com/terms/cloud-privacy-notice

12.5 Hedera Hashgraph Audit Trail (Expanded)

(Available for RE::DACT PRO and ENTERPRISE plans only) This section expands on the technical details introduced in Section 5.5.

Purpose and Use Cases:

The Hedera-based audit trail provides:

a) Accountability:

Prove when AI was used in content creation
Demonstrate to editors/readers that work was human-verified
Create permanent record for archival and citation purposes

b) Integrity verification:

Detect any tampering or modification of content after creation
Prove content hasn't been altered since original timestamp
Independently verify authenticity without trusting RE::DACT

c) Compliance:

EU AI Act Article 14 transparency requirements (effective August 2026)
Journalistic accountability standards
Legal evidence (content authenticity for litigation)
Regulatory reporting (demonstrate AI governance)

d) Source protection:

Prove content is authentic WITHOUT revealing sources
Cryptographic proof preserves confidentiality
Public verification with private content

Technical Implementation:

Step 1: Content Hashing

When you create or edit content with AI assistance:

1. Your prompt " SHA-256 hash (64-character hexadecimal)

Example: 8f3a2b1c4d5e6f7a8b9c0d1e2f3a4b5c... 2. AI response " SHA-256 hash

Example: 1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d... 3. Final article " SHA-256 hash

Example: 6d5c4b3a2f1e0d9c8b7a6f5e4d3c2b1a… Step 2: Hierarchical Merkle Tree

Hashes organized in parent-child genealogy:

Article Root Hash $%% Paragraph 1 Hash & $%% Prompt Hash (what you asked AI) & '%% Response Hash (what AI generated) $%% Paragraph 2 Hash & $%% Prompt Hash & '%% Response Hash '%% Metadata Hash $%% Author $%% Timestamp '%% AI Model Used Key property: If you edit ANY parent node, ALL descendant hashes change. This creates tamperevident genealogy - you can't modify one part without breaking the entire chain. Step 3: Hedera Consensus Service (HCS) Anchoring

Periodically (e.g., every 5 minutes or on-demand):

1. Calculate Merkle Root of all recent hashes 2. Submit to Hedera HCS topic

3. Hedera network consensus:

- Timestamp (Byzantine Fault Tolerant, cannot be forged) - Order (guaranteed sequence) - Immutability (permanent, cannot be deleted or modified)

4. Receive Consensus Timestamp + Topic Sequence Number

Example: 2026-02-14T23:17:31.123456Z, sequence #145678 Step 4: Canary Checkpoints (Quantum-Inspired)

Random "canary" hashes inserted periodically:

1. Every 100th hash is a canary (random data) 2. Stored encrypted in your account

3. If someone unauthorized accesses system:

- They cannot know which hashes are canaries - Modifying or observing canaries triggers detection - Similar to quantum key distribution (observation = collapse)

4. Detection mechanism:

- Canaries verified on each login - If missing or modified " alert sent immediately - Indicates potential unauthorized access or tampering

What goes on public Hedera ledger:

Public/Private

Data Element

Stored Where

Merkle Root Hash

Hedera HCS Topic

PUBLIC

❌ No (one-way hash)

Canary Checkpoint Hash

Hedera HCS Topic

PUBLIC

❌ No (random data hash)

Consensus Timestamp

Hedera HCS Topic

PUBLIC

✅ Yes (plaintext timestamp)

Topic Sequence Number

Hedera HCS Topic

PUBLIC

✅ Yes (integer)

Your prompt content

Firestore (encrypted)

PRIVATE

❌ No (AES-256 encrypted)

AI response content

Firestore (encrypted)

PRIVATE

❌ No (encrypted)

Article content

Firestore (encrypted)

PRIVATE

❌ No (encrypted)

Your identity

Firestore (encrypted)

PRIVATE

❌ No (encrypted)

Source identities

Firestore (encrypted)

PRIVATE

❌ No (salted hash)

Privacy guarantees:

Can Reverse?

a) Public ledger contains ONLY hashes:

SHA-256 hashes are cryptographically one-way
Computationally infeasible to reverse (2^256 possible inputs)
No amount of computing power can recover original content from hash

b) Hashes reveal ZERO information about content:

Same input always produces same hash (deterministic)
Changing one character produces completely different hash (avalanche effect)
No similarity between similar content hashes
Hash length always 64 characters regardless of content size

c) Your content stays encrypted:

AES-256 encryption (military-grade)
Encryption keys stored separately from data
Only you can decrypt your content
Even RE::DACT cannot read your encrypted content without your keys

Verification process (for third parties):

If you want to prove authenticity of published article:

1. Export audit trail report from RE::DACT (PDF or JSON)

2. Report contains:

- Article text (that you choose to share publicly) - SHA-256 hash of article - Hedera consensus timestamp - Topic ID and sequence number

3. Anyone can verify:

Step 1: Hash the published article text Step 2: Compare to hash in audit report Step 3: Check Hedera public ledger for that hash + timestamp Step 4: Confirm match " article is authentic and unmodified

4. Verification tools:

- Hedera explorer: https://hashscan.io - RE::DACT verification page: https://redact.ai/verify - Command-line tools (open source)

Cost:

Hedera HCS transaction cost: ~$0.0001 per message
Typical article: 5-10 hashes = ~$0.001 total
Less than 0.01% of typical LLM API costs
Included in PRO/Enterprise plans (no per-transaction fees to users)

Limitations:

a) Not quantum-resistant (yet):

SHA-256 vulnerable to future quantum computers (Shor's algorithm)
Hedera is quantum-resistant (aBFT consensus)
We will migrate to post-quantum hashing (SHA-3, etc.) when needed

b) Hashes are forever:

Once on Hedera, cannot be deleted (immutable ledger)
Even if you delete your account, hashes persist
This is a feature (proof of authenticity) but means permanent record

c) Requires trust in Hedera:

Hedera network security depends on council governance
Currently governed by major organizations (Google, IBM, Boeing, etc.)
Distributed trust model (not single company)

Disabling Auditable AI:

If you don't want Hedera audit trail (PRO/Enterprise users):

Account " Settings " Auditable AI " Toggle OFF
Hashing stops immediately
Previous hashes remain on ledger (cannot be deleted)
Can re-enable at any time

12.6 Human Oversight and AI Limitations (CRITICAL - READ CAREFULLY)

IMPORTANT: AI is a tool to assist humans, not replace human judgment.

AI may produce:

a) Factual errors ("hallucinations"):

AI may confidently state false information
Fabricate sources, citations, statistics, or quotes
Confuse similar-sounding facts or mix up details
Provide outdated information (training data has cutoff dates)
Make logical errors or incorrect inferences

b) Biased content:

Reflect biases present in training data
Perpetuate stereotypes or discriminatory patterns
Favor certain viewpoints or perspectives
Lack cultural sensitivity or context

c) Non-original content:

Generate text similar to copyrighted works in training data
Produce near-verbatim reproductions of existing content
Create potential plagiarism without intent
May not be copyrightable (lack of human authorship)

d) Inappropriate or harmful content:

Generate offensive, vulgar, or insensitive language
Provide dangerous or illegal instructions
Violate journalistic ethics or professional standards
Create misleading or deceptive content

e) Lack of context and nuance:

Miss cultural, historical, or political context
Oversimplify complex issues
Fail to recognize sarcasm, irony, or figurative language
Provide generic responses lacking domain expertise

YOU are responsible for:

a) Reviewing ALL AI-generated content before publication:

Read every sentence carefully
Verify all facts, statistics, and claims
Check all sources and citations for accuracy and existence
Ensure tone and style match your standards

b) Fact-checking with original sources:

Never rely solely on AI for factual claims
Verify statistics with original data sources
Confirm quotes with primary sources
Cross-reference with multiple reliable sources

c) Ensuring editorial quality:

Maintain journalistic standards and ethics
Apply critical thinking and professional judgment
Ensure accuracy, fairness, and balance
Edit for clarity, coherence, and appropriate tone

d) Verifying originality:

Use plagiarism detection tools on AI-generated content
Check for near-verbatim reproductions of existing work
Ensure sufficient human authorship for copyright
Rewrite or substantially edit AI outputs to make them original

e) Disclosing AI use appropriately:

Follow your organization's policies on AI disclosure
Comply with legal/ethical requirements in your jurisdiction
Be transparent with editors and readers where appropriate
Maintain trust through honesty about methods

f) Taking responsibility for published work:

You are the author of record, not the AI
Legal liability rests with you (defamation, errors, harm)
Professional reputation depends on your verification
Cannot blame AI for your published mistakes

NEVER:

Publish AI content without human review and verification
Trust AI-generated facts without checking sources
Use AI to fabricate sources, quotes, or data
Present AI-generated content as purely human-written if disclosure is required
Rely on AI for legal, medical, or other professional advice
Assume AI outputs are original or non-infringing
Skip fact-checking because "AI probably got it right”
We strongly recommend:

a) Maintain human editorial oversight for all published content

b) Use AI as research assistant, not final authority

c) Apply same verification standards to AI outputs as to any draft

d) Combine AI tools with traditional journalism practices

e) Stay updated on AI limitations and best practices

f) Consult professional guidelines (e.g., AP Stylebook on AI use)

Professional standards:

Many journalism organizations have issued guidance on AI use:

Associated Press: AI guidelines for journalists
Reuters: Editorial policy on generative AI
New York Times: Standards on AI-assisted reporting
Society of Professional Journalists: Ethics guidance on AI

Familiarize yourself with and follow your industry's standards.

Disclaimers and warranties:

We make NO WARRANTIES that AI outputs are:

Accurate, truthful, or factually correct
Original or non-infringing
Free from bias, errors, or hallucinations
Suitable for publication without human review
Compliant with legal or ethical standards

You use AI features AT YOUR OWN RISK.

We are NOT liable for:

Defamation, libel, or reputational harm from AI-generated content you publish
Copyright infringement from AI outputs
Factual errors or misinformation
Professional consequences (job loss, credibility damage)
Legal liability arising from your published AI-assisted work

See Section 17 (Disclaimers and Limitation of Liability) for complete details.

12.7 AI Disclosure Compliance.

In accordance with the EU AI Act (Regulation 2024/1689), users are solely responsible for ensuring that any AI-generated content published through the Services is appropriately labeled as such, where required by law. You acknowledge that you maintain full editorial control and must perform a "human-in-the-loop" review of all AI outputs before any public dissemination to ensure accuracy and prevent misinformation.

§ 13. ACCEPTABLE USE POLICY

13.1 Permitted Use

You may use the Services for lawful purposes related to journalism, content creation, research, and

media production, including:

Permitted activities:

a) Journalistic work:

News reporting, investigative journalism, editorial writing
Fact-checking, source verification, research
Interview transcription and analysis
Content monitoring and discovery

b) Content creation:

Articles, blog posts, reports, white papers
Scripts, screenplays, books, creative writing
Marketing content, social media posts
Educational materials, tutorials, documentation

c) Research and analysis:

Academic research and literature reviews
Market research and competitive analysis
Data analysis and visualization
Trend monitoring and forecasting

d) Collaboration:

Team projects and shared workspaces
Editorial review and workflow management
Client deliverables and presentations
Knowledge sharing within organizations

e) Professional services:

Freelance writing and content services
Consulting and advisory work
Training and educational services
Non-profit and advocacy work

Use with integrity:

When using the Services, you agree to:

Act in good faith and follow professional standards
Respect intellectual property and privacy rights
Comply with applicable laws and regulations
Follow journalistic ethics where applicable
Use AI responsibly with human oversight

13.2 Prohibited Activities

You agree NOT to use the Services for any of the following prohibited purposes:

A. Content Violations

a) Misinformation and Disinformation:

You may NOT create, generate, or distribute:

Fake news or fabricated stories intended to deceive readers
Disinformation campaigns or coordinated inauthentic behavior
Deepfakes or manipulated media presented as authentic
False claims about public figures, organizations, or events
Health misinformation that could cause harm (fake cures, anti-vaccine propaganda)
Election interference or voter suppression content
Conspiracy theories promoted as factual reporting
Fabricated sources, quotes, or statistics in published work

Note: Satire, parody, and clearly labeled fiction are permitted.

b) Defamatory, Libelous, or Slanderous Content:

You may NOT create content that:

Makes false statements of fact that harm reputation
Knowingly publishes lies about individuals or organizations
Engages in character assassination or smear campaigns
Makes malicious false accusations
Violates privacy through publication of private facts

c) Intellectual Property Infringement:

You may NOT:

Plagiarize content from other sources without attribution
Copy substantial portions of copyrighted works without permission
Reproduce paywalled content and redistribute it
Use SPARK to scrape copyrighted full-text articles
Violate trademarks by creating confusingly similar content
Circumvent DRM or technical protection measures
Claim AI-generated content as purely your original work if it substantially reproduces protected works
Fair use and legitimate quotation are permitted.

d) Privacy Violations:

You may NOT:

Publish private information without consent (doxxing)
Reveal confidential sources without authorization
Share personal data obtained improperly
Violate GDPR or other privacy laws
Conduct surveillance or stalking through SPARK monitoring
Expose trade secrets or confidential business information
Publish private communications without consent (emails, DMs, etc.)

e) Hateful, Violent, or Discriminatory Content:

You may NOT create content that:

Incites violence, hatred, or discrimination against individuals or groups
Promotes terrorism, extremism, or violent ideologies
Contains hate speech based on race, ethnicity, religion, gender, sexual orientation, disability,
or other protected characteristics
Glorifies violence or encourages self-harm
Threatens individuals or groups with harm Promotes genocide, ethnic cleansing, or crimes against humanity

Legitimate news reporting on these topics is permitted with appropriate context.

f) Sexually Explicit or Exploitative Content:

You may NOT create, upload, or share:

Pornographic or sexually explicit material
Child sexual abuse material (CSAM) - ZERO TOLERANCE, immediate termination +
law enforcement report
Non-consensual intimate imagery (revenge porn)
Sexual exploitation or trafficking content Content sexualizing minors in any way

Legitimate journalism about sexual topics (e.g., sex trafficking investigations) is permitted.

g) Impersonation and Deception:

You may NOT:

Impersonate any person, organization, or entity
Misrepresent your affiliation with organizations
Create fake journalist credentials or press passes
Falsely claim endorsements from public figures or organizations
Operate fake news outlets pretending to be legitimate media
Use AI to impersonate real people in quotes or statements

B. Technical Violations

a) Malicious Code and Security Threats:

You may NOT:

Upload malware, viruses, trojans, ransomware, or other harmful code
Distribute spyware or keyloggers
Create or share exploit code targeting vulnerabilities
Use the Services to deliver phishing attacks
Inject malicious scripts (XSS, SQL injection attempts)
Upload files designed to crash or compromise our systems

b) Hacking and Unauthorized Access:

You may NOT:

Attempt to hack or compromise the Services or our infrastructure
Reverse engineer, decompile, or disassemble our software
Bypass security measures, access controls, or authentication
Probe for vulnerabilities without authorization (see Section 13.4 for responsible disclosure)
Access another user's Account without permission
Intercept communications or eavesdrop on other users
Exploit bugs for personal gain before reporting them

Authorized security research with responsible disclosure is permitted - contact@reai-strategy.com

c) Service Disruption and Abuse:

You may NOT:

Launch DDoS attacks or flood our servers with requests
Overload systems intentionally to degrade performance
Use automated tools, bots, or scrapers except SPARK (which respects robots.txt)
Create excessive load through API abuse or rapid requests
Interfere with other users' access to the Services
Attempt to crash or destabilize our infrastructure
Bypass rate limits or usage caps through technical means

d) Circumvention and Exploitation:

You may NOT:

Circumvent paywalls or subscription requirements using our tools
Share login credentials with unauthorized users
Bypass trial limitations by creating multiple accounts
Use VPNs or proxies to evade geographic restrictions or bans
Exploit referral programs through fake accounts
Game the system to obtain unfair advantages

C. Commercial Misuse

a) Unauthorized Reselling:

You may NOT:

Resell or redistribute access to the Services
White-label our Services without authorization
Operate a competing service using our infrastructure
Share your Account with clients or customers for commercial gain
Sublicense your access to third parties

Enterprise white-label partnerships available - contact@reai-strategy.com

b) Illegal Activities:

You may NOT use the Services for:

Money laundering or financial fraud
Ponzi schemes, pyramid schemes, or investment fraud
Drug trafficking or illegal substance sales
Weapons trafficking or illegal arms sales
Human trafficking or modern slavery
Child exploitation of any kind
Terrorism financing or support for terrorist organizations
Sanctions evasion or prohibited transactions
Tax evasion or fraud schemes
Identity theft or credit card fraud
Any activity that violates criminal law

c) Spam and Unsolicited Communications:

You may NOT:

Send spam emails or messages through the Services
Conduct phishing campaigns
Engage in email harvesting or scraping for spam lists
Send unsolicited commercial messages (UCE)
Operate email marketing without proper consent and opt-out
Violate CAN-SPAM Act, GDPR email rules, or other anti-spam laws

Legitimate email newsletters with proper consent are permitted.

d) Trademark and Brand Abuse:

You may NOT:

Use our trademarks to imply false endorsement
Register confusingly similar domain names or social media handles
Create fake profiles pretending to be us
Use our brand in misleading advertising
Dilute our trademarks through improper use

D. Account and Usage Abuse

a) Multiple Accounts:

You may NOT:

Create multiple accounts to circumvent restrictions
Abuse free trials by signing up repeatedly
Evade bans by creating new accounts
Maintain duplicate accounts for the same purpose
Share accounts across multiple organizations (except authorized multi-user Enterprise plans)

One account per user. Organizations should use Enterprise multi-user plans.

b) Payment Fraud:

You may NOT:

Use stolen credit cards or fraudulent payment methods
Initiate chargebacks in bad faith after receiving services
Provide false billing information
Engage in payment fraud of any kind
Abuse refund policies through serial refund requests

c) Data Mining and Competitive Intelligence:

You may NOT:

Scrape our content or user interface for competitive purposes
Reverse engineer our AI prompts or optimization techniques
Build competing products using insights from our Services
Benchmark our Services for competitive marketing without disclosure
Extract our proprietary data (training data, algorithms, business logic)

Legitimate competitive analysis and reviews are permitted.

13.3 Enforcement

If we determine (in our sole discretion) that you have violated this Acceptable Use Policy:

Warning (for minor or first-time violations):

a) Email notification detailing the violation

b) Request to cease the violating activity immediately

c) Opportunity to cure within specified timeframe (typically 24-48 hours)

d) Warning recorded on your Account

Suspension (for repeated or serious violations):

a) Temporary Account suspension:

Access to Services disabled (read-only may be granted for data export)
Duration: 7-30 days depending on severity
Must acknowledge violation and agree to comply before restoration

b) Notification:

Email explaining suspension reason
Duration of suspension
Steps required for restoration
Appeal process (if applicable)

c) During suspension:

Cannot create new content or use AI features
Read-only access to existing data (may be granted on request)
No refund for subscription period during suspension

Termination (for severe or repeat violations):

a) Immediate and permanent termination for:

Child sexual abuse material (CSAM)
Terrorism or violent extremism
Illegal activities (drug trafficking, human trafficking, etc.)
Serious security threats (hacking attempts, malware distribution)
Repeated violations after warnings/suspensions

b) Account permanently closed:

Access revoked immediately
No advance notice required for severe violations
Email address permanently banned from new registrations
IP address may be blocked

c) No refund:

Remaining subscription period forfeited
No prorated refund for time not used
Outstanding charges remain due

d) Data handling:

For severe violations: immediate deletion possible
For other terminations: 30-day retention applies (Section 9.4)
One-time data export may be granted (within 48 hours of termination)
Hedera hashes remain on public ledger (cannot be deleted)

e) Legal action:

We may report illegal activity to law enforcement
We may cooperate with investigations
We may pursue civil remedies for damages
We may preserve evidence and provide to authorities

Automated enforcement:

a) Automated detection systems monitor for:

Known CSAM hashes (PhotoDNA, etc.)
Malware signatures
Spam patterns
Unusual usage patterns indicating abuse

b) Immediate automated suspension for:

CSAM detection (law enforcement contacted immediately)
Malware distribution
Severe security threats

c) Human review follows automated actions within 24 hours

Appeals:

If you believe enforcement action was taken in error:

a) Email: contact@reai-strategy.com

b) Subject: "Appeal - [Account Email]"

c) Include:

Your account email
Description of enforcement action
Explanation why you believe it was in error
Supporting evidence d) Review timeline:
We will review within 7 business days
Decision communicated via email
Our decision is final

Note: Appeals for severe violations (CSAM, terrorism, illegal activity) will not be considered.

13.4 Reporting Violations

If you become aware of violations of this Acceptable Use Policy by other users:

How to report:

a) Email: contact@reai-strategy.com

b) Subject: "Report Violation - [Type]"

c) Include:

Description of the violation
Category (e.g., spam, copyright, harassment)
Link or reference to violating content (if accessible)
Your contact information (for follow-up if needed)
Any supporting evidence (screenshots, URLs, etc.)

What happens after you report:

a) Acknowledgment within 2 business days

b) Investigation:

Review of reported content
Assessment of violation severity
Collection of additional evidence if needed c) Action taken if violation confirmed (see Section 13.3)

d) Outcome notification to reporter (if you provided contact info): We will inform you that action was taken (or not) We will NOT disclose specific details (privacy reasons)

Reporting illegal content:

For serious illegal content (CSAM, terrorism, etc.):

a) Also report to authorities:

CSAM: National Center for Missing & Exploited Children (NCMEC) - CyberTipline:
https://www.cybertipline.org
Terrorism: FBI tips: https://www.fbi.gov/tips EU: Europol: https://www.europol.europa.eu/report-a-crime

b) We will cooperate with law enforcement investigations

Responsible disclosure (security vulnerabilities):

If you discover a security vulnerability in our Services:

a) Email: contact@reai-strategy.com

b) Do NOT:

Publicly disclose before we've had chance to fix
Exploit the vulnerability
Access other users' data

c) We will:

Acknowledge within 24 hours
Investigate and confirm
Develop and deploy fix
Credit you publicly (if you wish) after fix is deployed

d) Bug bounty program details: https://redact.ai/security/bug-bounty

False reports:

Submitting false or bad-faith reports:

a) May result in your Account being suspended or terminated

b) May constitute abuse of reporting system

c) Wastes resources that could be used for legitimate reports

Please report only genuine violations.

§ 14. PRIVACY AND DATA PROTECTION

14.1 Privacy Policy

Our collection, use, storage, and protection of your personal data is governed by our Privacy Policy, which is incorporated into these Terms by reference. Please review our Privacy Policy at: https://redact-app.com

The Privacy Policy covers:

What personal data we collect
How we use your personal data
Who we share your personal data with (service providers, AI providers)
How we protect your personal data (encryption, security measures)
How long we retain your personal data
Your rights regarding your personal data
How to contact us about privacy concerns

By using the Services, you consent to:

The data practices described in our Privacy Policy
Transfer of your data as described in the Privacy Policy
Processing of your data for the purposes stated in the Privacy Policy

The Privacy Policy may be updated from time to time. Material changes will be notified via email or in-app notification at least 30 days before taking effect.

14.1.1 Business User DPA.

If you use the Services in a professional or institutional capacity (e.g., as a Newsroom or Media Organization) and process personal data of third parties, our Data Processing Agreement (DPA) is hereby incorporated by reference into these Terms. You acknowledge that for such data, you act as the "Data Controller" and RE::DACT acts as the "Data Processor" under GDPR.

14.2 GDPR Compliance (For Users in the European Union, EEA, UK, and

Switzerland) We comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and related data protection laws.

Lawful basis for processing your personal data:

a) Contract (Article 6(1)(b)):

Processing necessary to provide the Services you subscribed to
Account management, billing, customer support

b) Consent (Article 6(1)(a)):

Marketing communications (you can opt-out)
Optional features requiring consent (e.g., analytics)
International data transfers to AI providers

c) Legitimate interests (Article 6(1)(f)):

Fraud prevention and security
Product improvement and analytics (anonymized)
Direct marketing to existing customers (with opt-out)

d) Legal obligation (Article 6(1)(c)):

Tax and accounting records retention
Compliance with law enforcement requests
Data breach notifications

Your rights under GDPR:

a) Right to access (Article 15):

Request a copy of all personal data we hold about you
Receive information about how we process your data
Request: contact@reai-strategy.com with subject "GDPR Access Request"
Response time: Within 30 days (may extend to 60 days for complex requests)
Format: JSON, CSV, or PDF (your choice)

b) Right to rectification (Article 16):

Correct inaccurate or incomplete personal data
Update your information in Account settings
Or email: contact@reai-strategy.com

c) Right to erasure / "Right to be forgotten" (Article 17):

Request deletion of your personal data
We will delete unless we have legal grounds to retain (e.g., tax records)
Request: privacy@redact.ai with subject "GDPR Erasure Request"
Processing time: 30 days
Note: Hedera hashes cannot be deleted (public ledger) but contain no personal data

d) Right to restriction of processing (Article 18):

Limit how we use your data while dispute is resolved
Request: contact@reai-strategy.com

e) Right to data portability (Article 20):

Receive your data in machine-readable format (JSON)
Transfer your data to another service
Request: Account settings " Export Data
Or email: contact@reai-strategy.com with subject "GDPR Portability Request”

f) Right to object (Article 21):

Object to processing based on legitimate interests
Object to direct marketing (always honored immediately)
Request: contact@reai-strategy.com or use unsubscribe links in emails

g) Right to withdraw consent (Article 7(3)):

Withdraw consent for processing at any time
Does not affect lawfulness of processing before withdrawal
May limit your ability to use certain features

h) Right not to be subject to automated decision-making (Article 22):

We do not use automated decision-making with legal or significant effects
AI features require human oversight (Section 12.6)

How to exercise your rights:

Primary method: Email contact@reai-strategy.com with:

Subject: "GDPR [Right Name] Request" (e.g., "GDPR Access Request")
Your account email (for verification)
Specific request details
Proof of identity (if we cannot verify from account email)

Response times:

Standard requests: Within 30 days
Complex requests: Within 60 days (we will notify if extension needed)
Urgent security matters: Within 72 hours No fee for exercising your rights (unless requests are manifestly unfounded or excessive). Data Protection Officer (DPO): [IF REQUIRED - add when appointed]
Email: contact@reai-strategy.com
Address: [DPO Address] Note: We may not be legally required to appoint a DPO. If we don't have one, contact privacy@redact.ai instead. Supervisory Authority: If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with your national data protection authority: Poland (for Polish users):
Urząd Ochrony Danych Osobowych (UODO)
Website: https://uodo.gov.pl
Email: kancelaria@uodo.gov.pl

UK (for UK users):

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

Other EU/EEA countries:

Find your data protection authority: https://edpb.europa.eu/about-edpb/board/members_en International data transfers: When we transfer your data outside the EU/EEA (e.g., to AI providers in USA):

a) Legal mechanisms:

EU-US Data Privacy Framework (for certified providers)
Standard Contractual Clauses (SCCs) approved by EU Commission
Adequacy decisions (where applicable)

b) Safeguards:

Encryption in transit (TLS 1.3)
Encryption at rest (AES-256)
Contractual commitments from recipients
Transfer Impact Assessments conducted

c) Your consent:

By using AI features, you explicitly consent to transfer under GDPR Article 49(1)(a)
You can withdraw consent (but then cannot use AI features) See our Privacy Policy for complete details on international transfers.

14.3 CCPA/CPRA Compliance (For California Residents)

We comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your rights under CCPA/CPRA:

a) Right to know:

What personal information we collect about you
Categories of sources
Business or commercial purposes for collecting
Categories of third parties we share with
Specific pieces of information we collected
Request: privacy@redact.ai with subject "CCPA Access Request”

b) Right to delete:

Request deletion of personal information we collected
Subject to exceptions (e.g., complete transaction, legal obligations)
Request: contact@reai-strategy.com with subject "CCPA Deletion Request"

c) Right to correct:

Correct inaccurate personal information
Request: contact@reai-strategy.com or Account settings

d) Right to opt-out of sale/sharing:

We do NOT "sell" or "share" personal information as defined by CCPA
We do not sell personal data for monetary consideration
We do not share for cross-context behavioral advertising
No opt-out needed (we don't do it)

e) Right to limit use of sensitive personal information:

Applies to: SSN, financial account info, precise geolocation, etc.
We collect minimal sensitive data (payment info through Stripe only)
Request limitations: contact@reai-strategy.com

f) Right to non-discrimination:

We will NOT discriminate against you for exercising CCPA rights
Same price, service quality, and features
No denial of goods/services for exercising rights

Categories of personal information we collect:

See our Privacy Policy for complete CCPA disclosure including:

Categories of personal information collected
Categories of sources
Business purposes for collection
Categories of third parties we disclose to

How to exercise your rights:

Methods: a) Email: privacy@redact.ai with subject "CCPA Request" b) Web form: https://redact.ai/ ccpa-request (if available) c) Toll-free phone: [IF PROVIDED - TBD]

Verification:

We will verify your identity before processing requests
May require additional information (e.g., account email, last 4 digits of payment method)
Authorized agents must provide proof of authorization

Response time: Within 45 days (may extend to 90 days for complex requests)

Do Not Sell My Personal Information:

We do NOT sell personal information. There is no need to opt-out.

If we ever change this practice, we will:

Update Privacy Policy with 30 days notice
Provide clear opt-out mechanism
Honor Global Privacy Control (GPC) signals

Shine the Light Law (California Civil Code § 1798.83):

California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose for third-party direct marketing.

14.4 Data Security

We implement industry-standard security measures to protect your data:

Technical safeguards:

a) Encryption:

In transit: TLS 1.3 (minimum TLS 1.2) for all data transmission
At rest: AES-256 encryption for stored data
Database: Encrypted at rest (Google Cloud encryption)
Backups: Encrypted with separate keys

b) Access controls:

Role-based access control (RBAC)
Principle of least privilege
Multi-factor authentication (MFA) for employee access
Regular access audits and reviews

c) Authentication:

Secure password hashing (bcrypt with salt)
Password complexity requirements
Account lockout after failed login attempts
Session management with secure tokens

d) Network security:

Firewalls and intrusion detection systems (IDS)
DDoS protection (via Google Cloud)
Network segmentation
Regular vulnerability scanning

Organizational safeguards:

a) Security policies:

Written information security policy
Employee security training
Incident response plan
Business continuity and disaster recovery plans

b) Vendor management:

Due diligence on third-party providers
Data Processing Agreements (DPAs) with all processors
Regular vendor security assessments
Monitoring of vendor security practices

c) Access management:

Background checks for employees with data access
Non-disclosure agreements (NDAs)
Regular access reviews
Immediate access revocation upon employee departure

d) Monitoring and logging:

Security event logging (SIEM)
Regular log reviews
Anomaly detection
Audit trails for data access

Compliance and certifications:

We work towards:

SOC 2 Type II certification (planned for 2027)
ISO 27001 certification (planned for 2027)
GDPR compliance (current)
Industry best practices (OWASP, NIST)

Third-party security:

Our infrastructure providers maintain:

Google Cloud Platform: ISO 27001, SOC 2, PCI DSS
Stripe: PCI DSS Level 1 Service Provider
Hedera Hashgraph: aBFT consensus, cryptographic security

Regular security assessments:

a) Internal assessments:

Quarterly security reviews
Regular penetration testing
Code security audits
Dependency vulnerability scanning

b) External assessments:

Annual third-party security audit (planned)
Bug bounty program (https://redact-app.com)
Responsible disclosure program

However:

We cannot guarantee absolute security. No system is 100% secure. Despite our best efforts:

Security breaches may occur
Unauthorized access may happen
Data may be compromised

You are responsible for:

Keeping your password confidential
Not sharing account access
Using strong, unique passwords
Logging out on shared devices
Reporting suspicious activity immediately

If you suspect a security issue: Email contact@reai-strategy.com immediately.

14.5 Data Breach Notification

In the event of a data breach affecting your personal data:

Our obligations:

For EU/EEA/UK users (GDPR):

a) Notification to supervisory authority:

Within 72 hours of becoming aware of the breach
To relevant data protection authority (UODO for Poland, ICO for UK)
Description of breach, data affected, likely consequences, mitigation measures

b) Notification to you:

Without undue delay if breach poses high risk to your rights and freedoms
Via email to address on file
Description of breach and likely consequences
Measures taken or proposed to address breach
Contact point for more information (contact@reai-strategy.com)
Advice on steps you can take to protect yourself

For California residents (CCPA):

a) Notification to you:

Without unreasonable delay
If breach involves SSN, financial account info, or other specified data
Via email or postal mail

For all users:

a) Transparency:

Public disclosure on our website if breach affects significant number of users
Blog post or status page update with details
Regular updates as investigation progresses

b) Notification contents:

Nature of the breach (what happened)
Data elements affected (what data was compromised)
Timeframe of breach (when it occurred)
Number of users affected (approximate)
Steps we're taking to investigate and mitigate
Steps you should take to protect yourself
Contact information for questions

c) Support:

Dedicated email for breach-related questions
Credit monitoring services (if financial data compromised)
Password reset assistance
Additional security measures (e.g., MFA enforcement)

Types of breaches we will notify:

a) Personal data breaches:

Unauthorized access to accounts
Data exfiltration or theft
Accidental disclosure to unauthorized parties
Ransomware or encryption of data

b) Security incidents:

Successful hacking attempts
Insider threats or employee misconduct
Third-party vendor breaches affecting our data
Physical security breaches (if applicable)

Our incident response process:

1. Detection: Automated monitoring, user reports, vendor notifications

2. Containment: Immediate steps to stop breach and prevent further damage

3. Investigation: Forensic analysis to determine scope and cause

4. Notification: Compliance with legal requirements (72 hours GDPR, etc.)

5. Remediation: Fix vulnerabilities, enhance security

6. Review: Post-incident review and lessons learned

Your responsibilities after a breach:

If we notify you of a breach:

a) Change your password immediately b) Enable two-factor authentication (if not already enabled) c) Monitor your accounts for suspicious activity d) Review financial statements if pay-

ment data affected e) Be alert for phishing attempts exploiting the breach f) Contact us if you notice any suspicious activity: contact@reai-strategy.com

We will NEVER:

Ask for your password via email
Request credit card details in breach notification
Ask you to click suspicious links
Pressure you to take immediate action without explanation

If you receive suspicious communications claiming to be from us, forward to contact@reai-strategy.com before taking any action.

§ 15. THIRD-PARTY SERVICES AND INTEGRATIONS

15.1 Third-Party Service Providers

The Services integrate with and depend on various third-party services, including:

a) AI and Machine Learning Providers:

OpenAI: GPT models for content generation and analysis Terms: https://openai.com/policies/business-terms Privacy: https://openai.com/policies/privacy-policy
Anthropic: Claude models for AI assistance ! Terms: https://www.anthropic.com/legal/commercial-terms ! Privacy: https://www.anthropic.com/legal/privacy
Google Cloud AI: Gemini and other AI services ! Terms: https://cloud.google.com/terms/service-terms ! Privacy: https://cloud.google.com/terms/cloud-privacy-notice

b) Cloud Infrastructure:

Google Cloud Platform: Hosting, storage, databases Terms: https://cloud.google.com/terms Privacy: https://cloud.google.com/terms/cloud-privacy-notice

c) Payment Processing:

Stripe: Payment processing and subscription management Terms: https://stripe.com/legal/ssa Privacy: https://stripe.com/privacy

d) Search Providers:

Tavily AI: Research-focused search engine
Brave Search: Privacy-first web search

e) Distributed Ledger:

Hedera Hashgraph: Audit trail and consensus timestamps Terms: https://hedera.com/terms Privacy: https://hedera.com/privacy

f) Other Services (as integrated):

Email delivery services (e.g., SendGrid, AWS SES)
Analytics and monitoring (if used)
Content delivery networks (CDN)
Customer support tools

These third-party providers:

a) Have their own terms and privacy policies that apply to their services

b) May collect and process your data independently according to their policies

c) Are not under our control - we select reputable providers but cannot guarantee their practices

d) May change their terms without our advance knowledge

e) May experience outages or service degradation beyond our control

Our relationship with third parties:

a) We are NOT responsible for:

Third-party terms, policies, or practices
Third-party service availability, performance, or security
Third-party data breaches or security incidents
Changes to third-party services or pricing
Discontinuation of third-party services

b) We ARE responsible for:

Selecting reputable, certified providers
Ensuring Data Processing Agreements (DPAs) are in place
Monitoring provider compliance with contractual obligations
Providing transparency about which providers we use
Migrating to alternative providers if necessary

Data sharing with third parties:

We share your data with third parties only:

As necessary to provide the Services
With your consent
As required by law
As described in our Privacy Policy

See Section 12 and our Privacy Policy for complete details on data sharing.

Subprocessor list:

Complete list of all third-party processors of your data: https://redact.ai/legal/subprocessors

We will notify you 30 days in advance of adding new subprocessors (GDPR Article 28 requirement).

15.2 Links to External Sites

The Services may contain links to third-party websites, articles, resources, or services.

These external links:

a) Are provided for convenience and information purposes only

b) Do not imply endorsement by us

c) Are not under our control - we have no responsibility for their content

d) Have their own terms and privacy policies that apply when you visit them

e) May collect your data when you click through or visit

We are NOT responsible for:

Content, accuracy, or legality of external sites
Privacy practices of external sites
Security of external sites
Changes or unavailability of linked content
Any loss or damage from using external sites

When you click external links:

a) You leave our Services and our Terms no longer apply

b) External site's terms apply - review them before providing information

c) External site may collect data - review their privacy policy

d) You use external sites at your own risk

We recommend:

Review terms and privacy policies of external sites
Be cautious about providing personal information
Use security software and caution on unfamiliar sites
Verify legitimacy before sharing sensitive data

§ 16. SERVICE LEVEL AGREEMENT (SLA)

16.1 Applicability

Service Level Agreement (SLA) applies ONLY to:

a) RE::DACT PRO subscribers ($50/month plan)

b) ENTERPRISE customers (per terms of custom agreement)

NO SLA for:

Beta testing phase (current - through June 2026)
SPARKS plan ($10/month)
FREELANCER plan ($25/month)
Free tier (if offered)
Features explicitly marked as "Beta" or „Experimental"

16.2 Uptime Commitment

For eligible plans:

RE::DACT PRO:

Target uptime: 99.5% per calendar month
Excludes scheduled maintenance (announced 48 hours in advance)
Measured monthly, not annually
Maximum scheduled maintenance: 4 hours per month

ENTERPRISE:

Guaranteed uptime: 99.9% per calendar month
Custom SLA terms negotiable in enterprise agreement
Excludes scheduled maintenance (announced 7 days in advance)
Maximum scheduled maintenance: 2 hours per month
May include higher uptime guarantees (99.95%, 99.99%) for additional fee

What "uptime" means:

Service is considered "available" when:

RE::DACT web application is accessible and functional
Users can log in and access their content
Core features work as intended (AI features, SPARK, RE::CORD)
API endpoints respond within acceptable timeframes

Service is considered "down" (counts against uptime) when:

Application is completely inaccessible
Login system fails for all users
Core features non-functional for majority of users
Performance degraded to point of unusability (e.g., >30 second load times)

16.3 Uptime Calculation

Formula:

Uptime % = (Total minutes in month - Downtime minutes) / Total minutes in month × 100

Example:

Month: April 2026 (30 days = 43,200 minutes)
Downtime: 3 hours = 180 minutes
Uptime: (43,200 - 180) / 43,200 × 100 = 99.58%
Result: Meets 99.5% target (PRO), exceeds 99.0%, no credits

Downtime calculation:

INCLUDES (counts against uptime):

Unplanned outages
Service degradation affecting majority of users
Emergency maintenance (unannounced)
Third-party failures within our control to mitigate

EXCLUDES (does NOT count against uptime):

Scheduled maintenance (pre-announced per Section 16.2)
Force majeure events (Section 23.5)
Third-party provider failures beyond our reasonable control: ! OpenAI API outages ! Google Cloud Platform region outages ! Hedera Hashgraph network issues ! Internet backbone failures
Issues caused by your actions: ! Violation of Terms (suspension) ! Invalid payment (account suspended) ! Abuse causing rate limiting
Issues with your internet connection, device, or browser
Beta or experimental features
Downtime during free trial period Measurement:
Monitored via third-party uptime monitoring (e.g., Pingdom, UptimeRobot)
Internal monitoring systems
User-reported incidents (verified by our logs)
Status page:

16.4 Service Credits

If we fail to meet SLA targets:

RE::DACT PRO Service Credits:

Monthly Uptime Achieved

Service Credit

99.0% to < 99.5%

10% of monthly subscription fee

98.0% to < 99.0%

25% of monthly subscription fee

95.0% to < 98.0%

50% of monthly subscription fee

< 95.0%

100% of monthly subscription fee

ENTERPRISE Service Credits:

Per terms of custom agreement. Typically:

5% credit for each 0.1% below guaranteed uptime
Maximum credit: 100% of monthly fee
May include additional remedies (dedicated support, priority fixes)

Service credit details:

a) Form of credit:

Applied as account credit toward future subscription fees
NOT refundable as cash
Automatically applied to next invoice

b) Maximum credits:

PRO: 100% of one month's subscription fee
Enterprise: Per agreement (typically 100%, may be higher)

c) Claiming credits:

Must be requested - not automatically applied
Email: contact@reai-strategy.com
Subject: "SLA Service Credit Request"
Include: ! Account email ! Month affected ! Description of outage/degradation ! Dates and times (if known)
Must be claimed within 30 days of end of affected month
We will verify against our monitoring data

d) Processing:

We will investigate and verify claim
Response within 15 business days
If valid, credit applied to next invoice
If disputed, we will provide monitoring data

e) Dispute resolution:

Our uptime monitoring data is authoritative
If you disagree, provide evidence (screenshots, logs)
Final decision at our reasonable discretion
For Enterprise, may escalate per agreement terms

Example calculation:

PRO plan: $50/month April 2026 uptime: 98.7% Falls in 98.0% to < 99.0% range Service credit: $50 × 25% = $12.50

Applied to May 2026 invoice: $50 - $12.50 = $37.50 charged

16.5 Exclusions from SLA

We are NOT liable for downtime caused by:

a) Third-party service failures:

OpenAI API outages or rate limiting
Anthropic API unavailability
Google Cloud Platform outages (when beyond our control)
Tavily or Brave Search API issues
Hedera Hashgraph network issues
Stripe payment processing issues
Internet backbone or DNS failures
DDoS attacks (to extent beyond our mitigation capabilities)

b) Your actions:

Terms violations causing suspension
Payment failures causing service interruption
Abuse or excessive usage triggering rate limits
Account sharing or unauthorized access
Providing incorrect configuration or API keys

c) Force majeure:

Natural disasters (earthquakes, floods, hurricanes)
War, terrorism, civil unrest
Government actions, strikes, embargoes
Pandemics or public health emergencies
Power outages beyond our facility
Acts of God

d) Scheduled maintenance:

Maintenance announced per timelines in Section 16.2
PRO: 48 hours notice, max 4 hours/month
Enterprise: 7 days notice, max 2 hours/month
Emergency security patches (we minimize impact)

e) Beta and experimental features:

Features marked as "Beta," "Alpha," or "Experimental"
New features in testing phase
Features explicitly excluded from SLA in release notes

f) User environment issues:

Your internet connection
Your device or browser compatibility
Firewall or security software blocking access
Local network issues

g) Service degradation below threshold:

Minor performance degradation not rendering service unusable
Affecting small percentage of users
Resolved within 15 minutes

16.6 Monitoring and Reporting

How we monitor uptime:

a) Automated monitoring:

External monitoring services (Pingdom, StatusPage, etc.)
Checks every 1-5 minutes from multiple global locations
Monitors: Website availability, API endpoints, login system, core features

b) Internal monitoring:

Server health monitoring
Database performance
API response times
Error rates and logging

c) User reports:

Support tickets
Social media monitoring
Community forums Status page: Real-time service status: https://redact-app.com Features:
Current status (All Systems Operational / Partial Outage / Major Outage)
Scheduled maintenance calendar
Incident history
Subscribe to updates (email, SMS, RSS)
Post-mortem reports for major incidents

Incident communication:

When incidents occur:

a) Immediate:

Status page updated within 5 minutes of detection
Initial incident report posted

b) During incident:

Regular updates every 30-60 minutes
Expected time to resolution (ETR)
Workarounds (if available)

c) After resolution:

Incident resolved announcement
Brief summary of cause
Steps taken to prevent recurrence

d) Post-mortem (for major incidents):

Detailed analysis within 5 business days
Root cause analysis
Timeline of events
Prevention measures implemented
Shared publicly on blog (Enterprise: private report available)

For Enterprise customers:

Dedicated account manager contact
Priority incident notification
Custom SLA reporting (monthly uptime reports)
Quarterly business reviews including uptime metrics

16.7 No Other Remedies

Service credits are your SOLE and EXCLUSIVE remedy for SLA failures.

We are NOT liable for:

a) Consequential damages:

Lost revenue or profits
Lost business opportunities
Loss of data during outage
Damage to reputation
Third-party claims against you

b) Costs incurred:

Employee time dealing with outage
Alternative service costs
Recovery or restoration costs
Legal fees

c) Amounts beyond service credits:

Service credits capped at monthly subscription fee
No additional monetary damages
No punitive damages

Exceptions:

Gross negligence or willful misconduct by us
Fraud or fraudulent misrepresentation
Liability that cannot be excluded by law

See Section 17 (Limitation of Liability) for complete details.

§ 17. DISCLAIMERS AND LIMITATION OF LIABILITY

17.1 "AS IS" and "AS AVAILABLE" Disclaimer

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING:

a) Merchantability - fitness for a particular purpose

b) Non-infringement - that Services don't violate third-party rights

c) Accuracy or reliability - correctness of AI outputs, fact-checking, research

d) Uninterrupted or error-free operation - continuous access, no bugs

e) Security - complete protection against unauthorized access

f) Results - that Services will meet your requirements or expectations

g) Defect correction - that we will fix all bugs or issues

We do NOT warrant that:

Services will be available at all times
Services will be uninterrupted, secure, or error-free
Information provided through Services is accurate, complete, or reliable
AI outputs are original, non-infringing, or suitable for publication
Quality of any products, services, information obtained through Services meets expectations
Defects will be corrected
Services are free from viruses or other harmful components
Your use of Services will achieve any particular result

Particularly regarding AI features:

AI outputs may contain errors, "hallucinations," or false information
AI may generate biased, inappropriate, or offensive content
AI-generated content may infringe copyrights or other rights
AI may not be suitable for professional use without human review
Fact-checking features are not a substitute for professional verification

You use the Services at your own risk.

17.1.1 Specific Disclaimer for Journalism.

RE::DACT is not liable for any claims of defamation, libel, or breach of professional ethics arising from unverified AI "hallucinations" or biased outputs. The "Spark" and "Cord" features are creative aids, not primary sources of factual truth. You use all AI outputs at your own professional risk.

17.2 Beta Disclaimer (Emphasis)

During Beta Phase (current - through June 2026):

SERVICES ARE EXPERIMENTAL AND FOR TESTING PURPOSES ONLY.

We provide NO WARRANTIES OR GUARANTEES regarding:

Functionality or feature availability
Data integrity or preservation
Service stability or uptime
Compatibility or performance
Fitness for production use

Beta users expressly acknowledge and agree:

Beta Services may change, break, or be discontinued without notice
Data loss may occur despite backup efforts
Features may be added, modified, or removed
No SLA or support obligations during Beta
Not suitable for mission-critical or time-sensitive workflows

USE BETA SERVICES AT YOUR OWN RISK.

17.3 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

WE (RE::DACT INC., RE::AI STRATEGY S.A., AND OUR AFFILIATES, DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, CONTRACTORS, LICENSORS) SHALL NOT BE

LIABLE FOR:

a) Indirect, incidental, consequential, punitive, or special damages, including:

Lost profits - revenue, income, or business opportunities
Lost data or content - corruption, deletion, or unauthorized access
Business interruption - downtime, service unavailability
Loss of goodwill or reputation - negative publicity, customer loss
Cost of substitute services - alternatives during outages
Third-party claims - lawsuits from your customers, readers, clients
Wasted time or resources - employee time, effort spent

Even if we were advised of the possibility of such damages.

b) Damages exceeding the amount you paid us:

Our total liability is capped at:

Greater of: Amount you paid in the 12 months preceding the claim, OR €100 (or $100 USD)

Examples:

Paid €25/month for 6 months " liability capped at €150
Free tier user " liability capped at €100
Beta user (paid €0) " liability capped at €100

c) Damages arising from:

Your use or inability to use the Services
Unauthorized access to your Account or data
Third-party conduct or content
AI errors, inaccuracies, or "hallucinations"
Fact-checking failures or research errors
Service interruptions, outages, or bugs
Data loss or corruption
Security breaches (subject to Data Breach notification in Section 14.5)
Your reliance on AI-generated content without verification
Errors in content you publish based on AI outputs
Third-party service failures (OpenAI, Google, etc.)
SPARK monitoring failures or missed content
Copyright infringement by AI-generated content

This limitation applies:

Regardless of legal theory (contract, tort, negligence, strict liability, etc.)
Even if remedy fails of its essential purpose
Even if we were advised of possibility of damages
To fullest extent permitted by applicable law
To all claims collectively (not per claim)

17.4 Exceptions to Limitations

The above limitations DO NOT apply to:

a) Gross negligence or willful misconduct by us

b) Death or personal injury caused by our negligence

c) Fraud or fraudulent misrepresentation

d) Any liability that cannot be excluded or limited by law:

Consumer protection laws in some jurisdictions
Statutory warranties that cannot be disclaimed
Unfair contract terms legislation
Mandatory liability under local law

e) For EU consumers: Consumer protection laws may provide additional rights that cannot be waived

Note: Some jurisdictions do not allow exclusion or limitation of certain damages. If your jurisdiction does not allow these limitations, they may not apply to you, but will apply to maximum extent permitted.

17.5 Basis of Bargain

You acknowledge that:

a) These limitations of liability are a fundamental basis of our agreement

b) Our pricing reflects these limitations

c) We would not provide Services without these limitations

d) These limitations are reasonable and have been negotiated In other words: We can offer affordable pricing because liability is limited. Without these limitations, pricing would need to be significantly higher to cover insurance and risk.

§ 18. INDEMNIFICATION

18.1 Your Obligation to Indemnify Us

You agree to indemnify, defend, and hold harmless RE::DACT Inc., RE::AI Strategy S.A., and

our:

Affiliates and subsidiaries
Directors, officers, and shareholders
Employees and contractors
Agents and representatives
Licensors and suppliers

From and against any and all:

Claims, demands, lawsuits, or legal proceedings
Losses, damages, liabilities, settlements, judgments
Costs and expenses (including reasonable attorney's fees and court costs)

Arising from or relating to:

a) Your use or misuse of the Services:

Violations of these Terms or Acceptable Use Policy
Illegal activities using Services
Abuse of Services or features

b) Your User Content:

Copyright infringement (plagiarism, unauthorized use)
Defamation, libel, or slander in your published work
Privacy violations (unauthorized disclosure of personal info)
Violations of third-party rights (IP, publicity, confidentiality)

c) Your published work (including AI-assisted content):

Factual errors or misinformation you publish
Harm caused by content you create and publish
Claims from individuals or organizations you write about
Failure to properly verify AI-generated content before publication

d) Your violation of laws or regulations:

Copyright law, trademark law, privacy law
Defamation law, securities law, consumer protection law
Export control, sanctions, or trade regulations
Any applicable local, national, or international law

e) Third-party claims:

Claims from sources, interview subjects, or people mentioned in your work
Claims from readers, viewers, or consumers of your content
Claims from your clients, employers, or partners
Claims from other users you interact with

Examples of indemnifiable situations:

You publish AI-generated article containing plagiarized content " copyright holder sues us
You publish defamatory statement about person/company " they sue us and you
You violate someone's privacy by publishing private info " they sue us
You use SPARK to monitor site that blocks bots, violating their ToS " they sue us
Your employer sues us because you violated their confidentiality agreement using our Services

18.2 Defense and Settlement

If a claim subject to indemnification arises:

a) We will notify you promptly (though delay doesn't eliminate your obligation unless it prejudices your defense)

b) You will assume defense with counsel of your choice (subject to our approval, not to be unreasonably withheld)

c) We may participate in defense at our expense

d) You will NOT settle without our prior written consent (not to be unreasonably withheld)

We reserve the right to:

a) Assume exclusive defense and control of any matter subject to indemnification by you

b) Settle any claim on your behalf if you fail to defend

c) At your expense - you reimburse our costs if we assume defense

Your obligations during defense:

a) Cooperate fully with us

b) Provide information and documents we request

c) Not prejudice our defense

d) Not admit liability or fault without our consent

e) Not make statements to claimants or media without our approval

18.3 Survival

This indemnification obligation:

a) Survives termination or expiration of these Terms

b) Continues for claims arising from use during your subscription

c) Extends to claims discovered after termination

Example: You terminate account in 2026, but claim arises in 2028 for content you published in 2025 using our Services " you still must indemnify us.

§ 19. TERM AND TERMINATION

19.1 Term

These Terms:

a) Begin when you first accept them (account creation or first use)

b) Continue for as long as you access or use the Services

c) Remain in effect until terminated by you or us

19.2 Termination by You

You may terminate your Account and these Terms at any time by:

a) Account settings: Account " Settings " "Delete Account"

b) Email: contact@reai-strategy.com with subject "Account Termination"

Effect of termination:

Subscription cancels per Section 9.1
Access ends immediately or at end of paid period (depending on method)
Data retention per Section 9.4 (30-day grace period, then deletion)

19.3 Termination by Us

We may terminate or suspend your Account immediately, without prior notice, for:

a) Terms violations (see Section 9.3 and 13.3)

b) Illegal activities

c) Security threats

d) Payment failures (after retry period)

e) Inactivity (12+ months)

f) Legal requirements

g) Service discontinuation (with 90 days notice to active users)

Effect of our termination:

Immediate access revocation (or after notice period)
No refund for violations
Data handling per Section 9.4
May report to authorities if illegal activity

19.4 Survival

The following provisions survive termination:

Section 9.4 (Data Retention)
Section 11 (Intellectual Property - to extent of license granted)
Section 17 (Disclaimers and Limitation of Liability)
Section 18 (Indemnification)
Section 21 (Governing Law)
Section 23 (Miscellaneous)
Any other provisions that by their nature should survive

§ 20. MODIFICATIONS TO SERVICES AND TERMS

20.1 Changes to Services

We reserve the right to:

a) Modify, add, or remove features at any time

b) Change technical requirements or specifications

c) Implement new features or discontinue existing ones

d) Improve or downgrade functionality

e) Suspend Services temporarily for maintenance, upgrades, or security

Notice for material adverse changes:

30 days advance notice for changes negatively affecting paid features
Email notification and in-app announcement
Explanation of changes and impact
Option to cancel before changes take effect No notice required for:
Bug fixes and security patches
Minor improvements or optimizations
Beta features
Changes that don't materially affect functionality

20.2 Changes to Terms

As stated in Section 3.2, we may modify these Terms at any time.

For material changes:

30 days advance notice (minimum)
Email notification to address on file
In-app notification
"Last Updated" date changed at top of Terms
Summary of key changes provided

Your options:

a) Accept: Continue using Services = acceptance

b) Reject: Terminate account before changes take effect = old Terms apply until termination

For non-material changes:

May update with less notice or no notice
Examples: Clarifications, typo fixes, formatting, contact info updates

§ 21. GOVERNING LAW AND DISPUTE RESOLUTION

21.1 For Users Contracting with REDACT Inc. (USA)

Governing Law:

These Terms shall be governed by and construed in accordance with the laws of the State of New York, USA, without regard to its conflicts of law principles. The United Nations Convention on Contracts for the International Sale of Goods (CISG) shall NOT apply.

Jurisdiction and Venue:

Any disputes arising from or relating to these Terms or the Services shall be subject to the exclusive jurisdiction of the state and federal courts located in New York County, New York. You consent to personal jurisdiction and venue in these courts and waive any objection based on inconvenient forum.

Arbitration:

See Section 22 for binding arbitration agreement (if you do not opt-out).

21.2 For Users Contracting with REAI P.S.A. (EU)

Prawo właściwe:

Niniejszy Regulamin podlega prawu polskiemu i będzie zgodnie z nim interpretowany, z wyłączeniem norm kolizyjnych.

Sąd właściwy:

Dla przedsiębiorców (B2B):

Wszelkie spory wynikające z niniejszego Regulaminu lub korzystania z Usług będą rozstrzygane przez sąd powszechny właściwy dla siedziby REAI P. S.A. w Warszawie.

Dla konsumentów (B2C):

Jeśli jesteś konsumentem w rozumieniu przepisów UE:

a) Nie możesz być pozbawiony ochrony wynikającej z bezwzględnie obowiązujących przepisów prawa kraju, w którym masz miejsce zwykłego pobytu

b) Możesz wybrać sąd:

Sąd właściwy dla siedziby REAI P.S.A., LUB
Sąd właściwy dla Twojego miejsca zamieszkania c) My możemy pozwać Cię tylko w sądzie właściwym dla Twojego miejsca zamieszkania

Pozasądowe rozstrzyganie sporów (ODR):

Zgodnie z Rozporządzeniem UE 524/2013, konsumenci mają prawo do pozasądowych sposobów

rozpatrywania reklamacji i dochodzenia roszczeń:

a) Platforma ODR (Online Dispute Resolution):

https://ec.europa.eu/consumers/odr
Dostępna dla konsumentów w UE
Ułatwia rozwiązywanie sporów online

b) Polubowne rozwiązywanie sporów:

Rzecznik Finansowy (Polska): https://rf.gov.pl
Europejskie Centrum Konsumenckie (dla transgranicznych sporów)
Stałe Polubowne Sądy Konsumenckie przy Inspekcjach Handlowych

c) Nasza polityka:

Jesteśmy otwarci na polubowne rozwiązywanie sporów
Nie jesteśmy zobowiązani do uczestnictwa w postępowaniu przed podmiotami ADR
Zachęcamy do kontaktu: legal@redact.ai przed formalnym postępowaniem

21.3 Class Action Waiver (US Users Only)

TO THE EXTENT PERMITTED BY LAW, you agree that:

a) Any dispute will be resolved on an individual basis only

b) You waive the right to participate in:

Class actions
Class arbitrations
Representative actions
Collective or consolidated proceedings c) You may ONLY seek relief (monetary, injunctive, declaratory) on an individual basis

Note: Some jurisdictions (e.g., California for certain consumer rights) may not permit class action waivers. If unenforceable in your jurisdiction, this Section 21.3 is severable from remaining Terms.

§ 22. ARBITRATION AGREEMENT (US USERS ONLY)

This section applies ONLY to users contracting with RE::DACT Inc. (USA).

22.1 Agreement to Arbitrate

You and REDACT Inc. agree to resolve disputes through binding arbitration instead of in

court, EXCEPT for:

a) Small claims court disputes:

Claims under $10,000 (or state small claims limit)
May be brought in small claims court

b) Intellectual property disputes:

Trademark, copyright, patent, or trade secret claims
May be brought in court

c) Injunctive relief:

Claims seeking injunction or restraining order
May be brought in court

d) Claims you opt-out of (see Section 22.5) By agreeing to these Terms, you waive your right to a jury trial and to participate in a class action.

22.2 Arbitration Rules

Arbitration will be conducted by:

American Arbitration Association (AAA)
Under AAA Consumer Arbitration Rules (as amended)
Rules available at: https://www.adr.org

Arbitrator:

One neutral arbitrator selected per AAA rules
Arbitrator's decision is binding and enforceable in any court

Location:

Your choice: New York County, New York, OR Your county of residence (if within USA), OR Via telephone/video conference (if both parties agree)

Process:

Claim initiated by filing with AAA per their rules
Each party submits brief and evidence
Hearing (if requested)
Arbitrator issues written decision
Decision is final and binding (limited appeal rights)

22.3 Costs

For claims under $75,000:

a) Filing fees:

You pay $200 maximum (AAA consumer filing fee)
RE::DACT pays remainder of AAA administrative fees

b) Arbitrator fees:

RE::DACT pays all arbitrator fees and expenses

c) Attorney's fees:

Each party pays own attorney's fees
Unless: Arbitrator awards fees to prevailing party per applicable law
OR: RE::DACT offers to settle and you reject, then obtain less favorable result " you may be responsible for our fees

For claims over $75,000:

Fees split per AAA rules
Arbitrator may allocate fees differently

If you prevail:

We will reimburse your filing fee
Arbitrator may award attorney's fees if permitted by law

22.4 No Class Actions (Reiteration)

You agree:

Disputes resolved individually only
NO class arbitrations or consolidated arbitrations
NO representative actions or mass arbitrations
You may ONLY seek relief on an individual basis

If class action waiver is found invalid or unenforceable:

This entire arbitration agreement is VOID
Dispute proceeds in court (not arbitration)

22.5 Opt-Out of Arbitration

You may opt out of this arbitration agreement:

How:

a) Email contact@reai-strategy.com

b) Subject: "Arbitration Opt-Out”

c) Include:

Your full name
Account email address
Mailing address
Statement: "I opt out of the arbitration agreement in the Terms of Service”

Deadline:

Within 30 days of first accepting these Terms
If you created account before this arbitration clause was added: within 30 days of notification of change

Effect of opt-out:

This Section 22 does NOT apply to you
Disputes resolved in court per Section 21.1 (NY courts)
Does NOT affect any other part of these Terms
Opt-out is permanent for your Account

If you do NOT opt-out:

You are bound by this arbitration agreement
Cannot later demand jury trial or file class action

CLASS ACTION WAIVER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, YOU AND RE::DACT AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. YOU EXPRESSLY WAIVE YOUR RIGHT TO PARTICIPATE AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION OR REPRESENTATIVE PROCEEDING.

22.6 Severability

If any part of this arbitration agreement (except class action waiver) is found invalid or unenforceable:

Remainder continues to apply
Invalid portion is severed If class action waiver (Section 22.4) is found invalid:
Entire arbitration agreement is VOID
Disputes proceed in court

22.7 Changes to Arbitration Agreement

If we materially change this arbitration agreement in the future:

a) 30 days notice to existing users

b) You may reject changes by opting out within 30 days

c) Continued use = acceptance of changes

d) Changes do not apply to disputes already filed

§ 23. MISCELLANEOUS PROVISIONS

23.1 Entire Agreement

These Terms, together with:

Our Privacy Policy
Our Cookie Policy
Any other policies referenced herein

constitute the entire agreement between you and us regarding the Services.

They supersede all prior:

Agreements or understandings (written or oral)
Proposals or negotiations
Representations or communications

Regarding the Services.

23.2 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction:

a) That provision will be modified to minimum extent necessary to make it valid and enforceable

b) If modification is not possible, the provision will be severed (removed)

c) Remaining provisions continue in full force and effect

d) The invalid provision will be replaced with a valid provision closest to original intent Exception: If class action waiver in Section 22.4 is severed, entire arbitration agreement in Section 22 becomes void (per Section 22.6).

23.3 Waiver

Our failure or delay in enforcing any provision of these Terms does NOT constitute a waiver of that provision or our right to enforce it later.

Any waiver must be:

In writing
Signed by authorized representative
Specific to the provision being waived

No waiver of:

Any provision is a waiver of any other provision
Any single instance is a waiver of future instances

23.4 Assignment

You may NOT assign or transfer:

Your rights or obligations under these Terms
Your Account or subscription
Without our prior written consent

Any attempted assignment without consent is void. We MAY assign these Terms (including to affiliates, successors, or acquirers) without your consent, but will notify you of:

Material assignments affecting your rights
Changes to contracting entity
Corporate restructuring affecting Services

Notice of assignment:

30 days advance notice (when possible)
Via email or in-app notification
Right to terminate if you object

23.5 Force Majeure

We are not liable for any delay or failure to perform due to causes beyond our reasonable control, including:

Acts of God:

Natural disasters (earthquakes, floods, hurricanes, wildfires)
Severe weather events
Pandemics or epidemics

War and civil unrest:

War, terrorism, acts of war
Civil disorder, riots, insurrection
Government actions, martial law

Labor and economic:

Strikes, labor disputes, lockouts
Economic sanctions or embargoes
Supply chain disruptions

Infrastructure:

Internet or telecommunications failures
Power outages beyond our facilities
Third-party service outages (OpenAI, Google Cloud, etc.)

Cyberattacks:

DDoS attacks (beyond our mitigation capabilities)
Large-scale hacking attempts
Ransomware affecting infrastructure

During force majeure:

a) Obligations suspended while event continues

b) No liability for delays or failures

c) We will use reasonable efforts to mitigate impact

d) SLA does not apply (see Section 16.5)

If force majeure continues >30 days:

Either party may terminate with 7 days written notice
Refund of prorated fees for unused service (at our discretion)

23.6 No Agency

These Terms do NOT create:

Partnership
Joint venture
Agency relationship
Employment relationship
Franchisor-franchisee relationship

Between you and us.

Neither party has authority to:

Bind the other party
Create obligations on behalf of the other
Make representations for the other

23.7 Third-Party Beneficiaries

These Terms are solely for the benefit of you and us (and our respective successors and permitted assigns).

No third party has:

Rights under these Terms
Ability to enforce these Terms
Standing to sue for breach

Except:

Our affiliates, directors, officers, employees (for purposes of Sections 17, 18)
Our licensors and service providers (for purposes of disclaimers and limitations)

23.8 Export Control

The Services may be subject to export control laws and regulations, including:

US Export Administration Regulations (EAR)
US International Traffic in Arms Regulations (ITAR)
EU Dual-Use Regulation
Other applicable export control laws

You represent and warrant that:

a) You are NOT:

Located in, or a resident of, any country subject to embargo: Cuba, Iran, North Korea, Syria, Russia (partial), Belarus (partial) Crimea, Donetsk, Luhansk regions Any other embargoed jurisdiction On any government restricted parties list: US OFAC SDN List (Specially Designated Nationals) US BIS Denied Persons List EU Consolidated Sanctions List UN Sanctions List

b) You will NOT:

Use Services in violation of export or sanctions laws
Export, re-export, or transfer Services to prohibited persons or countries
Use Services for prohibited end-uses (e.g., weapons development, nuclear proliferation)

We reserve the right to:

Suspend or terminate accounts in embargoed jurisdictions
Block access from sanctioned IP addresses
Comply with government requests and investigations
Implement geofencing or access restrictions

Violations:

May result in immediate termination
May be reported to authorities
May subject you to civil and criminal penalties

23.9 Sanctions Compliance

You represent and warrant that you and your organization are NOT:

a) Subject to sanctions by:

US Office of Foreign Assets Control (OFAC)
EU Council sanctions
UN Security Council sanctions
UK Office of Financial Sanctions Implementation
Other applicable sanctions regimes

b) Owned or controlled by sanctioned persons or entities

c) Acting on behalf of sanctioned persons or entities

We will:

Screen users against sanctions lists
Suspend or terminate accounts if sanctions designation discovered
Comply with blocking and freezing requirements
Report suspicious activity to authorities (when required)

You will immediately notify us if:

You become subject to sanctions
Your ownership or control changes to include sanctioned persons
You receive inquiries from sanctions authorities

23.10 Language

Primary Language: English These Terms are drafted and provided in English.

Translations:

We may provide translations (e.g., Polish) for convenience.

In case of conflict or discrepancy between language versions:

The English version shall prevail and control. Exception: For consumer contracts governed by laws requiring local language (e.g., certain EU consumer laws), the local language version may prevail to extent required by law.

23.11 Contact for Legal Notices

For legal notices to us (service of process, legal demands, etc.):

REDACT Inc. Attn: Legal Department 1111B S Governors Ave STE 99573 Delaware, United States Email: contact@redact-app.com REAI P. S.A. Attn: Dział Prawny Aleja Jana Pawła II 5/6

64-920 Piła, Polska Email: contact@reai-strategy.com

Notices must be:

In writing (email acceptable for non-legal-process notices)
In English (or Polish for REAI)
Include sufficient detail to identify the matter

Effective when:

Email: When sent to contact@reai-strategy.com (we will confirm receipt)
Postal mail: When received at address above

For service of legal process: Must comply with applicable rules of civil procedure.

§ 24. CONTACT INFORMATION

For general questions or support:

Email: contact@reai-strategy.com
Website: https://redact-app.com

For legal matters or Terms-related inquiries:

Email: contact@reai-strategy.com

For privacy or data protection matters:

Email: contact@reai-strategy.com
GDPR requests: contact@reai-strategy.com (subject: "GDPR [Request Type]")
CCPA requests: contact@reai-strategy.com (subject: "CCPA [Request Type]") For reporting abuse or violations:
Email: contact@reai-strategy.com
Subject: "Report Violation - [Type]”

For security vulnerabilities (responsible disclosure):

Email: contact@reai-strategy.com

For billing and payment inquiries:

Email: contact@reai-strategy.com

For enterprise sales and partnerships:

Email: contact@reai-strategy.com

For media and press inquiries:

Email: contact@reai-strategy.com

Mailing addresses:

REDACT Inc. (USA):

1111B S Governors Ave STE 99573 Delaware, United States

REAI P. S.A. (Poland/EU):

Aleja Jana Pawła II 5/6 64-920 Piła, Polska

ACKNOWLEDGMENT

BY USING THE SERVICES, YOU ACKNOWLEDGE THAT:

1. You have read and understood these Terms in their entirety

2. You agree to be bound by all provisions of these Terms

3. You have reviewed our Privacy Policy and Cookie Policy

4. You understand the Beta nature of the Services (during Beta Phase)

5. You are responsible for compliance with all applicable laws

6. You will use the Services in accordance with these Terms and applicable laws

7. You understand AI limitations and will maintain human oversight (Section 12.6)

8. You understand limitation of liability (Section 17)

9. You understand arbitration agreement (Section 22, US users) and your right to opt-out

10. You have the authority to enter into this agreement (personally or on behalf of organization)

If you do not agree with any part of these Terms, you must not use the Services.

END OF TERMS OF SERVICE

Document Information:

Effective Date: February 14, 2026
Version: 1.0 (Beta)
Last Updated: February 14, 2026
Governing Law: New York (US users) / Polish law (EU users)
Language: English (binding version)

Questions? Contact us at contact@reai-strategy.com

Welcome to RE::DACT

Table of Contents

§ 1. CONTRACTING ENTITY AND GOVERNING LAW

1.1 Contracting Entity

1.2 Location Determination

1.3 References in These Terms

§ 2. DEFINITIONS

§ 3. ACCEPTANCE OF TERMS

3.1 Binding Agreement

3.2 Updates to Terms

§ 4. ELIGIBILITY AND ACCOUNT REGISTRATION

4.1 Minimum Age Requirement

4.2 Account Registration

4.3 Email Verification

4.4 Account Security

4.5 One Account Per User

4.6 Organizational Accounts

§ 5. DESCRIPTION OF SERVICES

5.1 RE::DACT Platform

5.2 SPARK — Content Discovery Tool

5.3 RE::CORD (Voice Recording & Transcription)

5.4 AI-Powered Search

5.5 Hedera Hashgraph Audit Trail (PRO & Enterprise Only)

5.6 Service Availability and Limitations

§ 6. BETA TESTING PHASE

6.1 Current Status — Free Testing Period

6.2 Beta User Responsibilities

6.3 Transition to Paid Service

6.4 No Guarantees During Beta

6.5 Beta Termination Rights

§ 7. SUBSCRIPTION PLANS AND PRICING (Post-Beta)

7.1 Available Subscription Plans

SPARKS PLAN - $10/month

FREELANCER PLAN - $25/month

RE::DACT PRO - $50/month

ENTERPRISE - Custom Pricing

7.2 Pricing Currency and Regions

7.3 Annual Billing Discounts

7.4 Usage Limits and Fair Use

7.5 Free Tier (Availability To Be Determined)

7.6 Plan Changes (Upgrades and Downgrades)

7.7 Pricing Changes

§ 8. PAYMENT TERMS (Applicable After Beta)

8.1 Payment Processing

8.2 Billing Cycles and Timing

8.3 Automatic Renewal

8.4 Failed Payments

8.5 Taxes

8.6 Invoices and Receipts

8.7 Currency Conversion and Foreign Transaction Fees

§ 9. CANCELLATION AND REFUNDS

9.1 Cancellation by You

9.2 Refund Policy - 7-Day Money-Back Guarantee

9.3 Our Right to Suspend or Terminate

9.4 Data Retention After Cancellation or Termination

§ 10. RIGHT OF WITHDRAWAL (EU CONSUMERS ONLY)

10.1 Withdrawal Period

10.2 How to Exercise Right of Withdrawal

10.3 Effects of Withdrawal

10.4 Proportionate Payment for Services Already Provided

10.5 Waiver of Withdrawal Right (Digital Content)

10.6 Business Customers - Withdrawal Right Does NOT Apply

10.7 Withdrawal vs. Money-Back Guarantee

§ 11. USER CONTENT AND INTELLECTUAL PROPERTY RIGHTS

11.1 Your Ownership of User Content

11.2 License to Us

11.3 AI-Generated Content

11.4 Responsibility for User Content

11.5 Our Intellectual Property

11.6 Feedback and Suggestions

11.7 DMCA and Copyright Infringement

§ 12. AI-POWERED FEATURES AND DATA USAGE

12.1 Third-Party AI Providers

12.2 Search Providers

12.3 SPARK Content Discovery and Monitoring

12.4 AI Training on Your Data

12.5 Hedera Hashgraph Audit Trail (Expanded)

12.6 Human Oversight and AI Limitations (CRITICAL - READ CAREFULLY)

12.7 AI Disclosure Compliance.

§ 13. ACCEPTABLE USE POLICY