1. Definitions

2. Account Registration and Access

2.1 Eligibility

To create an ClairFlo account, you must: (a) be at least 18 years of age; (b) have the legal authority to enter into contracts on behalf of any business entity you register; and (c) provide accurate and complete registration information.

2.2 Account Security

You are responsible for maintaining the confidentiality of your credentials and for all activities that occur under your account. You must notify us immediately at security@clairflo.com if you suspect unauthorized access. We will not be liable for losses caused by unauthorized access resulting from your failure to protect your credentials.

2.3 Authorized Users

You may grant access to Authorized Users within your organization. You are responsible for their compliance with this Agreement and for revoking access promptly when they no longer have authorization.

2.4 Acceptable Use

You agree not to:

• Use the platform for any unlawful purpose, including money laundering, tax evasion, or financial fraud
• Attempt to reverse-engineer, decompile, or extract source code from the platform
• Use automated means to access the platform in a manner that exceeds reasonable usage or adversely affects performance for other users
• Transmit malicious code, spam, or content that violates any third party's rights
• Resell, sublicense, or commercially distribute access to the platform without our prior written consent
• Attempt to probe, scan, or test the vulnerability of the platform or bypass security measures

3. Your Data — Ownership, License, and Portability

3.1 You Own Your Data

We claim no ownership rights in Customer Data. Your financial data is yours. By using the platform, you grant Khaiba Platforms, Inc. a limited, non-exclusive, non-transferable license to process Customer Data solely for the purpose of providing the ClairFlo service to you.

3.2 Data Portability

You may export your Customer Data at any time through the platform interface. Export formats include CSV, JSON, and QuickBooks-compatible import files. Export is available free of charge and without restriction throughout the term of your account.

3.3 Data Deletion

Upon account termination, we will delete or anonymize Customer Data within 30 days, subject to retention obligations described in the Privacy Policy (Section 5). We will provide written confirmation of deletion upon request.

3.4 Aggregated Anonymized Data

We may generate aggregate, anonymized statistical data (such as industry benchmarks or platform performance metrics) from Customer Data. This data does not identify you or your business. We may use such data to improve the platform and publish industry reports. No personal or business-identifiable information is included. [COUNSEL REVIEW: Confirm this is consistent with Privacy Policy commitments and PIPEDA requirements]

4. Service Availability and Beta Terms

4.1 Beta Service Level

During the Beta Period, we provide the platform on an "as-is" and "as-available" basis. We do not guarantee any specific uptime, response time, or service level during the beta. We will endeavour to maintain 99% availability but make no binding commitment to this figure during the Beta Period.

4.2 Feature Changes

During the Beta Period, we may modify, add, or remove platform features without prior notice. We will communicate significant changes through the platform interface and by email where reasonably practicable.

4.3 Production Service Levels

Following the Beta Period, Khaiba Platforms, Inc. intends to offer a formal Service Level Agreement (SLA) with defined uptime commitments and support response times. Beta participants will receive advance notice of these terms before they take effect.

5. Payment and Pricing

5.1 Beta Program — No Charge

Access to the ClairFlo Platform during the Beta Period is provided free of charge. No credit card is required to participate in the beta program.

5.2 Post-Beta Pricing

Following the Beta Period, Khaiba Platforms, Inc. will offer subscription plans on a monthly or annual basis. Beta participants will receive: (a) at least 60 days' advance notice before any charges commence; (b) a 50% discount on their first year of subscription, as stated in the Beta Program Agreement; and (c) the right to cancel before any charge is made.

5.3 Taxes

Subscription fees are exclusive of applicable taxes. GST/HST will be added to invoices for Canadian customers in accordance with applicable law.

6. Intellectual Property

6.1 Khaiba Platforms, Inc. IP

The ClairFlo platform, including its software, algorithms, AI models, design elements, documentation, and all intellectual property embodied therein, is owned by Khaiba Platforms, Inc. and protected by Canadian and international intellectual property laws. This Agreement grants you a limited right to use the platform — it does not transfer any ownership rights.

6.2 Feedback

If you provide feedback, suggestions, or ideas regarding the platform ("Feedback"), you grant Khaiba Platforms, Inc. a perpetual, irrevocable, worldwide, royalty-free license to use, incorporate, and commercialize that Feedback without restriction and without compensation to you. See the Beta Program Agreement for additional details.

6.3 No Reverse Engineering

You may not reverse engineer, decompile, disassemble, or attempt to derive the source code or underlying algorithms of the ClairFlo platform.

7. Disclaimers — Not Financial, Legal, or Tax Advice

Specifically:

• AI-generated journal entries, classifications, and tax calculations must be reviewed and approved by a qualified accounting professional before reliance.
• Compliance calculations (GST/HST, payroll remittances, SR&ED claims) are provided for informational purposes and must be verified by a qualified accountant or tax advisor before filing.
• ClairFlo's financial forecasting and cash flow projections are estimates based on historical data and do not constitute financial advice.
• ClairFlo does not guarantee that its compliance outputs will be accepted by the Canada Revenue Agency, the IRS, or any other tax authority.

Use of the ClairFlo platform does not create an accountant-client, lawyer-client, or advisor-client relationship between you and Khaiba Platforms, Inc.

8. Limitation of Liability

8.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, KHAIBA PLATFORMS, INC. WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, OR COST OF SUBSTITUTE SERVICES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE PLATFORM, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF KHAIBA PLATFORMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.2 Aggregate Cap

Khaiba Platforms, Inc.'s total aggregate liability to you for all claims arising under or in connection with this Agreement will not exceed the greater of: (a) the total fees paid by you to Khaiba Platforms, Inc. in the twelve (12) months immediately preceding the event giving rise to the claim; or (b) CAD $100.00. During the Beta Period, when the service is provided free of charge, our aggregate liability is limited to CAD $100.00.

8.3 Essential Basis

The limitations in this section are a fundamental part of the basis of the bargain between Khaiba Platforms, Inc. and you. Khaiba Platforms, Inc. would not provide the platform absent these limitations.

9. Indemnification

You will defend, indemnify, and hold harmless Khaiba Platforms, Inc. and its officers, directors, employees, and contractors from any claims, damages, losses, and expenses (including reasonable legal fees) arising from or related to: (a) your use of the platform in violation of this Agreement; (b) Customer Data you provide to the platform; or (c) your violation of any applicable law, including privacy laws.

10. Term, Termination, and Suspension

10.1 Term

This Agreement begins when you create an account and continues until terminated by either party.

10.2 Termination by You

You may terminate your account at any time by contacting support@clairflo.com or through the account settings interface. Upon termination, we will process your data deletion request per Section 3.3.

10.3 Termination by Khaiba Platforms, Inc.

Khaiba Platforms, Inc. may terminate your account immediately (without notice) for material breach of this Agreement, including fraudulent use, violation of the acceptable use policy, or non-payment of fees after the Beta Period. For less severe violations, we will provide 14 days' written notice and an opportunity to cure before terminating.

10.4 Effect of Termination

Upon termination, your access to the platform ceases immediately. Your right to export data survives for 30 days post-termination. Sections 3 (Your Data), 6 (IP), 7 (Disclaimers), 8 (Liability), 9 (Indemnification), and 11 (Disputes) survive termination.

11. Governing Law and Dispute Resolution

11.1 Governing Law

This Agreement is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of laws principles.

11.2 Dispute Resolution

Before initiating formal proceedings, you agree to contact us at legal@clairflo.com and attempt to resolve the dispute informally for 30 days. If informal resolution fails, disputes will be resolved by binding arbitration administered by the ADR Institute of Canada under its Arbitration Rules, with proceedings conducted in English in Toronto, Ontario. [COUNSEL REVIEW: Assess whether mandatory arbitration is enforceable in Ontario for consumer contracts; consider whether a small claims court carve-out is appropriate]

11.3 Class Action Waiver

All disputes must be brought in an individual capacity only, and not as a plaintiff or class member in any purported class action. [COUNSEL REVIEW: Class action waivers have limited enforceability in Canadian courts — counsel must advise on viability]

12. General Provisions

Entire Agreement: This Agreement constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements.

Severability: If any provision is found unenforceable, it will be modified to the minimum extent necessary to make it enforceable. The remaining provisions remain in full force.

Waiver: Our failure to enforce any provision does not constitute a waiver of that provision.

Assignment: You may not assign this Agreement without our written consent. Khaiba Platforms, Inc. may assign this Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets.

Notices: Notices to Khaiba Platforms, Inc. must be sent to legal@clairflo.com. Notices to you will be sent to the email address on your account.

1. Purpose and Nature of the Beta Program

Khaiba Platforms, Inc. is inviting a limited number of businesses and accounting professionals ("Beta Participants" or "you") to access and test the ClairFlo Platform prior to its general commercial release. The beta program serves two purposes: to allow Beta Participants to begin realizing value from ClairFlo early, and to allow us to identify and resolve issues before broad deployment.

The ClairFlo Platform during the Beta Period is in active development. It may contain errors, operate at reduced performance, and undergo significant changes. Participation is voluntary and carries the risks inherent in using pre-release software.

2. Beta Participant Benefits

In consideration for your participation and feedback, we provide:

• Full platform access: Access to the complete ClairFlo Platform including all modules (AP, AR, treasury, practice management, compliance, analytics) without feature restrictions during the Beta Period.
• No-cost access: The ClairFlo Platform is provided free of charge during the Beta Period. No payment, credit card, or financial commitment is required.
• Pricing lock: Upon the conclusion of the Beta Period, Beta Participants who choose to continue will receive a 50% discount on their first 12 months of subscription, with the applicable tier rate locked at the publicly announced pricing at time of launch. This discount does not apply to per-transaction or usage-based charges that may be introduced at launch.
• Roadmap influence: Beta Participants will have a structured opportunity to submit feature requests and vote on roadmap priorities. Khaiba Platforms, Inc. makes no binding commitment to implement any specific request.
• Onboarding session: we will provide a 60-minute configuration session for each Beta Participant, conducted by a member of the founding team.
• Direct access: Beta Participants will have direct Slack channel access to the ClairFlo engineering and product staff during the Beta Period.

3. Beta Participant Obligations

In exchange for the benefits described in Section 2, you agree to:

• Connect real data: Connect at least one live data source (bank account via Plaid, accounting software via OAuth, or equivalent) within 14 days of account activation. Testing with synthetic or demo data is permitted alongside real data but cannot be the sole data source.
• Active use: Use the platform operationally for at least 30 consecutive days. "Operational use" means processing actual financial events through the platform, not merely logging in.
• Structured feedback: Participate in one 20-minute structured feedback call per month. These are conducted by video conference and recorded with your consent for internal use.
• Bug reporting: Report bugs, errors, and unexpected behaviors through the designated feedback channel promptly upon discovery.
• Honest feedback: Provide candid and constructive feedback, including negative feedback. The purpose of the beta is to find problems.

Khaiba Platforms, Inc. may remove Beta Participants who consistently fail to meet these obligations after providing written notice and a 7-day opportunity to re-engage.

4. Mutual Confidentiality

4.1 Khaiba Platforms, Inc. confidential information

During and after the Beta Period, you agree to keep the following information confidential and not to disclose it to any third party without our prior written consent:

• Unreleased features, algorithms, architecture, and technical details of the ClairFlo Platform
• Information shared in feedback calls, Slack, or other communications that we designate as confidential
• Beta pricing, business terms, and any non-public commercial information
• Security vulnerabilities or weaknesses you discover in the platform

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available without your breach; (b) you independently developed without using our confidential information; or (c) you are required to disclose by law (in which case you must notify us promptly if legally permitted).

You may disclose Our confidential information to your employees or contractors who need to know it for the purpose of evaluating or using the platform, provided they are bound by confidentiality obligations at least as protective as these.

4.2 Your Confidential Information

Khaiba Platforms, Inc. acknowledges that your Customer Data and business operations information are confidential. we will not disclose your Customer Data or business information except as permitted by the Privacy Policy and Terms of Service. Our obligation of confidentiality with respect to your Customer Data is perpetual.

4.3 Duration

Confidentiality obligations survive termination of this Agreement for a period of three (3) years, except that obligations relating to trade secrets continue for as long as the information remains a trade secret. [COUNSEL REVIEW: Assess appropriate duration for your specific competitive sensitivity]

5. Feedback License

You acknowledge that Khaiba Platforms, Inc. may receive feedback, suggestions, bug reports, and ideas from many Beta Participants simultaneously. To avoid any ambiguity about ownership of platform improvements, you agree that:

• All Feedback you provide to Khaiba Platforms, Inc. (whether in feedback calls, written submissions, Slack, email, or any other channel) is provided on a non-confidential basis.
• You grant Khaiba Platforms, Inc. a perpetual, irrevocable, worldwide, royalty-free, fully sublicensable license to use, reproduce, modify, create derivative works from, distribute, and commercialize any Feedback without restriction and without any compensation to you.
• Khaiba Platforms, Inc. is not obligated to implement any Feedback and retains sole discretion over product direction.
• You represent that you have the authority to provide the Feedback and that it does not infringe any third party's intellectual property rights.

6. Beta Data Handling

6.1 Data Use During Beta

Customer Data you provide during the Beta Period is handled according to the Privacy Policy and Terms of Service. We do not use Beta Participant Customer Data for AI model training. Beta data is subject to the same security controls as production data.

6.2 Data Continuity

we will use commercially reasonable efforts to maintain data continuity throughout the Beta Period. However, in the event of a significant platform issue, we may need to restore from backups, which could result in loss of data added after the most recent backup point. we will notify you promptly of any such event.

6.3 Transition to Production

If you choose to continue using ClairFlo after the Beta Period concludes, all Customer Data processed during the Beta Period will automatically be available in your production account. No data migration or re-import is required. Any data you accumulated during the Beta Period counts toward your full transaction history.

7. Beta Warranty Disclaimer

THE CLAIRFLO PLATFORM DURING THE BETA PERIOD IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. KHAIBA PLATFORMS, INC. EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

Specifically during the Beta Period, Khaiba Platforms, Inc. does not warrant that:

• The platform will be uninterrupted, error-free, or free from security vulnerabilities
• AI-generated classifications, journal entries, or compliance calculations are accurate
• Beta features will be included in the production release
• Data will be preserved in the event of a catastrophic system failure

You accept these risks as part of participating in a pre-release software program. We recommend maintaining your existing accounting records in parallel during the Beta Period.

8. Term and Termination

8.1 Beta Period Duration

The Beta Period begins on the date of your beta acceptance email and concludes when Khaiba Platforms, Inc. announces the general commercial release of the platform or otherwise notifies Beta Participants of the beta program's conclusion. we will provide at least 30 days' advance notice of the conclusion of the Beta Period.

8.2 Voluntary Withdrawal

You may withdraw from the Beta Program at any time by notifying us at beta@clairflo.com. Upon withdrawal, your access to the platform will cease, and your Customer Data will be handled per Section 6 of the Terms of Service.

8.3 Removal for Non-Participation

Khaiba Platforms, Inc. may remove Beta Participants who: (a) fail to connect any live data source within 21 days of account activation; (b) have not logged in for 30 or more consecutive days; or (c) consistently decline to participate in feedback calls without notice. we will provide 7 days' written notice before removal for non-participation.

8.4 Removal for Cause

Khaiba Platforms, Inc. may immediately terminate a Beta Participant's access for material breach of this Agreement, including but not limited to: disclosure of confidential information, use of the platform for unlawful purposes, or attempted circumvention of security measures.

9. General

This Beta Program Agreement is incorporated into and subject to the ClairFlo Terms of Service. In the event of a conflict between this Agreement and the Terms of Service, this Agreement controls with respect to the Beta Program. All other terms and conditions of the Terms of Service apply in full.

1. Encryption

1.1 Data At Rest

All Customer Data stored in our databases and object storage is encrypted at rest using a layered approach:

• Infrastructure-level encryption: AWS S3 and MongoDB Atlas encrypt all stored data using AES-256-GCM. This protects against physical media theft.
• Application-level envelope encryption: Sensitive fields (financial amounts, personal identifiers, credentials) are additionally encrypted at the application layer before storage. Encryption keys are managed through AWS KMS, scoped per tenant.
• Post-quantum cryptography (Kyber768 KEM): Long-retention records — those kept for 5–7 years for regulatory compliance — are encrypted using hybrid classical + post-quantum key encapsulation. This ensures data stored today cannot be decrypted by future quantum computing capabilities ("harvest now, decrypt later" attacks). Signatures use Dilithium (NIST FIPS 204).

1.2 Data In Transit

• All communication between your browser and the ClairFlo platform uses TLS 1.3. TLS 1.0 and 1.1 are disabled.
• API endpoints enforce HTTPS with HSTS (HTTP Strict Transport Security) headers and a minimum validity period of 1 year.
• Internal service-to-service communication within the ClairFlo infrastructure uses mutual TLS (mTLS).
• Kafka event streams are encrypted in transit using TLS and authenticated using SASL/PLAIN.

1.3 Key Management

Encryption keys are managed through AWS KMS with the following controls: (a) per-tenant key isolation — your data is encrypted with a key unique to your tenant; (b) key rotation on an annual schedule; (c) all key access is logged in CloudTrail; (d) Khaiba staff cannot directly access your encryption keys without formal break-glass procedures that generate immutable audit records.

2. Access Controls and Tenant Isolation

2.1 Multi-Tenant Architecture

ClairFlo is built as a strict multi-tenant system. Every MongoDB query, Neo4j Cypher statement, and Redis operation is automatically scoped to a tenant_id extracted from a validated JWT token at the middleware layer. This is not an application-level filter — it is enforced at the database driver level, making cross-tenant data access architecturally impossible under normal operation.

2.2 Role-Based Access Control (RBAC)

Within your organization, access is governed by a five-role permission system enforced at every API endpoint via Open Policy Agent (OPA):

2.3 Segregation of Duties (SoD) Enforcement

ClairFlo enforces segregation of duties at the API middleware layer — not just as an application-level check. Six critical conflict pairs are blocked by default:

• VENDOR_CREATE + PAYMENT_RELEASE (ghost vendor protection)
• VENDOR_BANK_UPDATE + PAYMENT_INITIATE (BEC fraud protection)
• BILL_RECEIVE + BILL_APPROVE (AP approval integrity)
• CASH_RECEIPT_RECORD + CASH_RECEIPT_BANK (larceny prevention)
• PAYROLL_PREPARE + PAYROLL_APPROVE (payroll fraud prevention)
• JE_PREPARE + JE_POST (journal entry integrity)

2.4 Khaiba staff access to Customer Data

Khaiba engineers and staff have strictly limited access to Customer Data:

• Production database access requires formal approval, uses time-limited credentials, and generates an immutable audit record.
• "Break-glass" emergency access to production is logged, time-limited to 4 hours, and requires a second approver.
• Customer Data is never accessed for purposes other than troubleshooting reported issues, with your consent requested where possible.
• We do not conduct ad-hoc queries on Customer Data for business analysis, product development, or sales purposes.

3. Infrastructure Security

3.1 Cloud Infrastructure

Khaiba Platforms, Inc. operates ClairFlo on Amazon Web Services, primarily in the Canada (Central) region (ca-central-1) for data residency. Production workloads run in a Virtual Private Cloud (VPC) with private subnets for all data-tier services. Database servers are not publicly accessible.

3.2 Network Security

• WAF (Web Application Firewall) at the Kong API gateway layer
• DDoS protection via AWS Shield Standard
• Network segmentation between public-facing services and internal data tier
• Security group rules following the principle of least privilege

3.3 Vulnerability Management

• Dependency scanning on every CI/CD pipeline run (automated via GitHub Dependabot)
• Container image scanning before deployment
• Quarterly penetration testing (scheduled for pre-production launch — [COUNSEL REVIEW: Insert current pen test status])
• Security review as a mandatory step in the pull request process

4. Incident Response

4.1 Breach Notification Timeline

In the event of a security incident affecting Customer Data:

We will provide affected customers with: (a) a description of what happened; (b) what data was involved; (c) what we have done to respond; (d) what you can do to protect yourself; and (e) our contact for questions.

4.2 Reporting a Security Issue

If you discover a security vulnerability in the ClairFlo platform, please report it responsibly to security@clairflo.com. We commit to:

• Acknowledging your report within 24 hours
• Providing a timeline for investigation within 7 days
• Crediting your responsible disclosure publicly (if you wish)
• Not pursuing legal action against good-faith security researchers

During the Beta Period, we are especially interested in reports of: authentication bypass, cross-tenant data access, injection vulnerabilities, and any issue that could allow access to Customer Data without authorization.

5. Backup and Disaster Recovery

• MongoDB: Continuous oplog backup via MongoDB Atlas. Point-in-time recovery to any second within the last 7 days. Daily snapshots retained for 30 days.
• Object storage (S3): Versioning enabled. Cross-region replication to a secondary AWS region. [COUNSEL REVIEW: Confirm secondary region and retention policy with infrastructure team]
• Recovery Time Objective (RTO): Target 4 hours for full service restoration from backup. Not an SLA during beta.
• Recovery Point Objective (RPO): Target maximum 1-hour data loss. Continuous backup means this is typically seconds for most failure scenarios.

6. Compliance Status

7. Contact