Terms of Service

These Terms of Service govern access to and use of C4CI Arch and related C4CI product surfaces. They are entered into by C4CI Group Belgium BV/SRL, enterprise number BE 1030.600.254, registered office at Nieuwstraat 41, 2260 Westerlo, Belgium ("C4CI", "we", "us", or "our"), and the organisation or person using the service ("Customer", "you", or "your").

If you use Arch for an organisation, you confirm that you are authorised to bind that organisation. If you do not have that authority, or if you do not agree to these terms, you must not use the service.

1. Business Use

Arch is provided for business, professional, and organisational use. It is not intended for personal household use or for use by children. You are responsible for ensuring that each user accessing your organisation workspace is authorised to do so and complies with these terms.

2. Service Scope

Arch helps customers discover infrastructure, generate architecture views, review drift, prepare audit evidence, and operate related governance workflows. The service is designed to be read-only by default. Where write, remediation, or approval-backed actions are available, they are performed only through the product controls and approval paths exposed for those features.

Arch provides operational and technical assistance. It does not replace your own architecture review, security review, legal advice, regulatory assessment, financial control, or compliance sign-off.

3. Accounts, Organisations, and Administrators

You are responsible for account security, identity-provider access, role assignments, organisation membership, and all activity performed through your users, credentials, tokens, and connected systems.

Organisation administrators may invite users, assign roles, manage organisation settings, configure integrations, and accept legal documents for the organisation where the product allows that flow. You must promptly remove users who should no longer have access.

You must keep authentication credentials confidential and must notify C4CI through support@c4ci.io if you become aware of unauthorised access or a security incident involving the service.

4. Connected Systems and Customer Content

You may connect only cloud subscriptions, repositories, identity providers, billing accounts, clusters, projects, credentials, and other systems that you are authorised to access and process through Arch.

"Customer Content" means data, metadata, configuration, files, diagrams, logs, prompts, approvals, comments, and other material that you or your connected systems provide to Arch. You retain ownership of Customer Content. You grant C4CI the limited rights needed to host, process, transmit, display, secure, support, and improve the service for you and your authorised users.

You are responsible for ensuring that Customer Content is lawful, accurate enough for the intended workflow, and does not include secrets, special-category personal data, regulated data, or third-party confidential data unless you have the required rights and safeguards.

5. Credentials and Secrets

You must use the least-privilege credentials reasonably available for each integration. You must not submit credentials, private keys, access tokens, or other secrets into free-text fields, prompts, comments, tickets, or documents unless the product explicitly identifies that field as a secret-management control.

C4CI may block, redact, rotate, or delete material that appears to expose secrets or creates a material security risk.

6. Acceptable Use

You must not use Arch to:

1. violate laws, regulations, sanctions, export controls, third-party rights, or contractual restrictions;
2. access, scan, disrupt, modify, or test systems that you are not authorised to use;
3. bypass authentication, authorisation, tenant isolation, rate limits, usage limits, metering, or security controls;
4. upload malware, exploit code, unlawful content, or content designed to harm C4CI, other customers, or third parties;
5. extract, infer, or expose another tenant's data, secrets, identifiers, or system information;
6. overload, benchmark, crawl, scrape, resell, sublicense, or reverse engineer the service except where applicable law gives you a non-waivable right to do so;
7. use outputs as the sole basis for safety-critical, legal, employment, financial, medical, or similarly high-impact decisions.

7. AI-Assisted and Automated Features

Arch may use AI-assisted features to summarise infrastructure, generate diagrams, explain drift, draft evidence, propose next actions, or assist with support and product workflows. AI-assisted output can be incomplete, outdated, or wrong.

You are responsible for reviewing outputs before relying on them, sharing them, submitting them as evidence, or using them to make changes. Write or remediation features must be reviewed and approved by an authorised user through the available product controls.

You must not use Arch to generate or automate unlawful, deceptive, harmful, or unauthorised actions.

8. Security and Compliance Posture

C4CI designs Arch around tenant isolation, role-based access control, audit logging, encryption, controlled integrations, and Reader-first discovery where possible. These controls support your governance workflows, but they do not guarantee that your systems are secure, compliant, complete, or free from drift.

You remain responsible for your own cloud, repository, identity, billing, security, backup, retention, audit, and compliance obligations.

Security testing of the service, including penetration testing, vulnerability scanning, load testing, or automated probing, requires prior written approval unless C4CI publishes a separate testing policy that permits the activity.

9. Privacy and Data Processing

C4CI processes personal data as described in the Privacy Policy. For account, security, billing, product administration, legal-document acceptance, and service-operations data, C4CI acts as controller where it determines the purposes and means of processing.

For Customer Content and connected-system data processed on your behalf, C4CI will generally act as processor or service provider under your instructions, unless the Privacy Policy, an order form, or a data-processing agreement states otherwise. If you need a data-processing agreement, contact support@c4ci.io.

10. Third-Party Services and Integrations

Arch may interoperate with third-party services such as cloud providers, identity providers, source-control systems, payment processors, support tools, design tools, observability tools, and hosting providers. Third-party services are governed by their own terms and privacy notices.

C4CI is not responsible for third-party services, customer-managed credentials, customer infrastructure, or changes made by third-party providers. You are responsible for configuring integrations consistently with your security, privacy, billing, and compliance requirements.

11. Fees, Taxes, and Billing

Paid tiers, usage-based features, subscriptions, credits, trials, and limits are governed by the active order form, checkout flow, pricing page, invoice, or in-product billing terms. Unless stated otherwise, fees are exclusive of taxes, and you are responsible for taxes, withholding, duties, and similar charges.

Usage-based fees may be metered per event, run, organisation, user, project, or other product unit. Failed metered runs are not billed where the platform marks them as failed. You must raise billing disputes promptly and provide enough detail for C4CI to investigate.

Payments may be handled by third-party payment processors. Refunds, credits, cancellations, renewals, and non-payment handling follow the applicable order terms and product controls.

12. Trials, Previews, and Beta Features

C4CI may offer trials, previews, labs, or beta features. These features may be changed, limited, disabled, or discontinued at any time. They may be less stable than generally available features and may not be covered by the same support, security, retention, or availability commitments unless C4CI states otherwise.

13. Intellectual Property and Feedback

C4CI and its licensors retain all rights in the service, software, workflows, interfaces, documentation, models, templates, and product know-how. These terms do not transfer ownership of C4CI technology to you.

If you provide feedback, suggestions, bug reports, or improvement ideas, C4CI may use them without restriction or compensation, provided that we do not use your confidential Customer Content except as allowed by these terms and the Privacy Policy.

14. Confidentiality

Each party may receive non-public information from the other party. The receiving party must protect that information using reasonable care and may use it only for the relationship under these terms, unless disclosure is required by law or authorised by the disclosing party.

Customer Content remains subject to the data-handling commitments in these terms and the Privacy Policy.

15. Availability, Support, and Service Changes

C4CI may change, improve, suspend, or discontinue features to operate the service, address security or legal requirements, manage capacity, or improve the product. C4CI will use reasonable efforts to avoid unnecessary disruption.

Support channels, support hours, service levels, maintenance windows, and availability commitments apply only where C4CI expressly provides them in an order form, support policy, or written agreement.

16. Suspension and Termination

You may stop using the service at any time. C4CI may suspend or terminate access, remove content, or restrict features if C4CI reasonably believes that:

1. you breached these terms;
2. your use creates security, legal, operational, privacy, or compliance risk;
3. payment is overdue;
4. a connected system, credential, or integration is compromised or misused;
5. suspension is required by law, court order, regulator request, or third-party provider restriction.

After termination, C4CI may retain audit, billing, security, support, legal, and backup records as described in the Privacy Policy and applicable retention rules.

17. Disclaimers

To the maximum extent permitted by law, the service is provided "as is" and "as available." C4CI disclaims implied warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free operation, and accuracy of outputs.

Nothing in these terms excludes liability that cannot be excluded under applicable law.

18. Liability Limits

To the maximum extent permitted by law, C4CI will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost savings, loss of goodwill, loss of data, loss of business opportunity, or business interruption.

To the maximum extent permitted by law, C4CI's total aggregate liability arising out of or relating to the service or these terms is limited to the greater of EUR 100 or the amounts you paid to C4CI for the service in the twelve months before the event giving rise to liability.

19. Customer Indemnity

You will defend and indemnify C4CI against third-party claims, losses, damages, fines, penalties, costs, and expenses arising from Customer Content, connected systems, unauthorised use of credentials, your breach of these terms, or your violation of law or third-party rights.

20. Changes to These Terms

C4CI may update these terms as the service, law, or operating model changes. When a new mandatory version materially affects product use, C4CI may require acceptance before continued access to authenticated product surfaces.

The version and effective date at the top of this document identify the active version.

21. Governing Law and Disputes

These terms are governed by Belgian law, without regard to conflict-of-law rules. Unless mandatory law requires another forum, disputes will be handled by the competent courts for C4CI's registered office in Belgium.

Before starting formal proceedings, each party will use reasonable efforts to resolve disputes in good faith through the available account, support, or legal contact channels.

22. Contact

Questions about these terms should be sent to support@c4ci.io.