Terms of Service

1. Service

Thorn Street Company LLC ("Company") provides technology services to its customers as described in the applicable service order or agreement.

2. Customer Data

The Company processes data provided by or on behalf of the customer solely for the purpose of delivering the service. customer data is not used for any other purpose unless required by law.

3. Security

The Company maintains an Information Security Policy and implements safeguards to protect customer data from unauthorized access, disclosure, alteration, or destruction. The Company's security controls are audited annually under the AICPA SOC 2 framework.

4. Availability

The Company uses commercially reasonable efforts to maintain the availability of the service, including automated backups, monitoring, and disaster recovery procedures.

5. Processing

The Company processes customer inputs and delivers outputs in accordance with the applicable service specifications. Known errors or processing failures are communicated to the customer and remediated in a timely manner.

6. Data Retention

Customer data is retained and disposed of at the Company's discretion in accordance with its internal data retention policies and applicable law, unless otherwise agreed upon in writing.

7. Incident Notification

In the event of a confirmed security incident affecting customer data, the Company will notify the customer without unreasonable delay.

8. Reporting Security Concerns

Customers may report security concerns, incidents, or complaints to contact@thornstreet.com. Reports are acknowledged within one business day.

9. Third-Party Providers

The Company uses third-party providers in the delivery of the service. The Company is responsible for the security of customer data regardless of where it is processed or stored.

10. Warranties and Disclaimers

The Service is provided on an "as is" and "as available" basis. Except as expressly stated in these terms or in an applicable service order, the Company makes no warranties, express or implied, including implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

The commitments in Sections 3 through 7 describe the Company's obligations. They do not constitute a guarantee that security incidents, service interruptions, or data loss will never occur.

11. Limitation of Liability

To the maximum extent permitted by applicable law, the Company's total liability arising out of or related to these terms or the service is limited to the fees paid by the customer to the Company during the twelve months preceding the event giving rise to the claim.

Neither party is liable for indirect, incidental, special, consequential, or punitive damages, including lost profits, lost data, or business interruption, regardless of the theory of liability.

12. Indemnification

Each party agrees to indemnify and hold harmless the other party from claims, losses, and expenses (including reasonable legal fees) arising from: (a) the indemnifying party's breach of these terms, or (b) the indemnifying party's gross negligence or willful misconduct.

13. Termination

Either party may terminate the service by providing 30 days' written notice to the other party. The Company may terminate immediately if the customer materially breaches these terms and does not cure the breach within 15 days of written notice.

Upon termination, the Company will make customer data available for export for a period of 30 days. After that period, customer data is disposed of securely in accordance with Section 6.

14. Protected Health Information

If customer data includes protected health information as defined under HIPAA, the parties will execute a Business Associate Agreement prior to the Company receiving such data. The Business Associate Agreement supplements these terms and governs the handling of protected health information.

15. Dispute Resolution

Any dispute arising from these terms will be resolved through binding arbitration administered under the rules of the American Arbitration Association in the State of California. Either party may seek injunctive relief in a court of competent jurisdiction to protect its confidential information or intellectual property.

16. General

The Company may update these terms from time to time. Material changes will be communicated to customers at least 30 days prior to taking effect. These terms are governed by the laws of the State of California. Questions may be directed to contact@thornstreet.com.