Ayliea — AI Security Assessment & Compliance Consulting

Terms of Service

Effective date: May 12, 2026

1. Acceptance of Terms

By accessing or using Ayliea (the "Service"), including the marketing website at ayliea.com, the Ayliea mobile application (the "App"), and AI Security Assessment consulting services, you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

2. Description of Service

Ayliea provides a mobile security posture assessment application and AI Security Assessment consulting services, including:

  • Self-service security assessments across 8 compliance frameworks (CIS Controls v8, NIST 800-53, NIST CSF 2.0, HIPAA, ISO 27001, SOC 2, PCI DSS, AI Security)
  • AI-generated security improvement recommendations
  • Evidence attachment uploads and assessment reports
  • Organization-level collaboration and multi-seat management
  • Optional two-factor authentication (TOTP) for enhanced account security
  • Organization-level MFA enforcement for team compliance
  • AI asset discovery and shadow AI identification (consulting)
  • Data flow mapping and analysis (consulting)
  • Compliance gap analysis against industry frameworks (consulting)
  • Risk scoring and prioritized remediation roadmaps
  • Executive and technical deliverable packages (consulting)

3. The Service

The Service is offered in four tiers: Free (single-user, AISS framework only, no AI recommendations or PDF export), Pro ($1,200/yr; all seven compliance frameworks, the AI System Registry with EU AI Act / NIST AI RMF risk classification, AI-personalized recommendations, PDF reports, and the Trust Center; multi-seat up to 10), Business ($3,600/yr; everything in Pro plus continuous monitoring, the full AI Governance Module (vendor risk questionnaires, incident tracking, regulatory timeline, policy engine), the advanced Trust Center, and custom branding; multi-seat up to 25), and Enterprise (starting at $15,000/yr; everything in Business plus SSO/SAML, REST API, webhooks, advanced audit log, SIEM streaming, custom frameworks, and white-labeled reports; unlimited seats). Free, Pro, and Business are self-serve via Stripe Checkout. Enterprise is inbound only with a published price floor and a tailored quote. The specific capabilities included in each tier are published at /pricing.

3.1 Platform Capabilities

The Service's platform capabilities include: multi-seat assessments across all supported compliance frameworks; historical score tracking and composite posture scoring across multiple frameworks; evidence attachment uploads; AI-generated remediation recommendations validated against framework controls; the AI System Registry and risk classification (EU AI Act risk tiers, NIST AI RMF assessments); branded PDF reports with compliance mapping; the Trust Center (basic and advanced); continuous network monitoring, real-time shadow AI alerts, and AI tool inventory with CSV export; Trust Gap scoring (self-reported vs. verified); AI vendor risk questionnaires; AI incident tracking; regulatory timeline and compliance tracking; AI-assisted narrative risk analysis (via Anthropic's Claude API); and custom branding. Tier-specific availability for each capability above is published at /pricing.

3.2 Enterprise Tier Features

Advanced features — including SSO/SAML integration, REST API with scoped API keys, webhook events for incident status changes, advanced audit log with CSV export, SIEM streaming, custom compliance framework support, and white-labeled reports — are included with the Enterprise tier and are scoped to your environment as part of Enterprise onboarding. Specific integration timelines, identity provider compatibility, and framework definitions are confirmed in your subscription agreement. To evaluate the Enterprise tier, contact sales@ayliea.com or use the inquiry form at /contact.

3.3 AI Governance Module

The AI System Registry — including per-system EU AI Act risk classification and NIST AI RMF impact assessment — is included with the Pro tier and above. The full AI Governance Module — AI vendor risk questionnaires, AI incident tracking, regulatory timeline tracking, and the AI policy engine — is included with the Business tier and above. Tier-by-tier breakdown is published at /pricing.

3.4 Billing

Subscriptions for the Pro and Business tiers are billed annually via Stripe Checkout at the prices published at /pricing. The Enterprise tier is billed annually via invoice at the price stated in your subscription agreement. The Freetier has no billing. All fees are non-refundable except as required by applicable law. Cancellations take effect at the end of the then-current billing period; you retain access to paid features until then. We reserve the right to change published pricing with 30 days' written notice to subscribers; continued use after a price change constitutes acceptance of the new pricing. Card payments are processed by Stripe; we do not store card details on our systems. You may manage your subscription (upgrade, downgrade, cancel, update billing details, download invoices) at any time through the Stripe Customer Portal accessible from your account settings. For Enterprise customers preferring quarterly invoicing on annual contracts, contact sales@ayliea.com.

4. Consulting Engagements

Consulting engagements are governed by individual engagement agreements and non-disclosure agreements executed between Ayliea and the client organization.

Engagement scope, deliverables, timelines, and fees are defined in the engagement agreement. All engagements begin with a free scoping call to determine the right package for your organization.

Assessment methodologies, frameworks, tools, and deliverable templates are proprietary to Ayliea and may not be reproduced or distributed without written consent.

5. Assessment Results and Deliverables

5.1 Professional Services

Assessment deliverables — including executive summaries, technical reports, AI asset inventories, compliance gap matrices, remediation roadmaps, and risk registers — are produced by qualified security professionals and represent our expert assessment of your organization's AI security posture at the time of engagement.

5.2 AI-Generated Recommendations

The App generates security improvement recommendations using artificial intelligence (Anthropic's Claude). These AI-generated recommendations are informational only and are not a substitute for professional security audits, penetration testing, or legal advice. AI-generated content may contain inaccuracies or omissions. You are solely responsible for evaluating and implementing any recommendations. Ayliea does not guarantee the accuracy, completeness, or suitability of AI-generated recommendations for your specific environment.

5.3 Not Legal Advice

Our assessments, deliverables, and AI-generated recommendations do not constitute legal advice. You should consult qualified legal counsel for regulatory compliance determinations and legal obligations.

5.4 Point-in-Time Assessment

Assessment results reflect your organization's posture at the time of the engagement or self-assessment. Security posture changes over time as your organization adopts new tools, changes configurations, and responds to evolving threats. Regular reassessment is recommended.

5.5 Framework Accuracy

Our assessment framework is built on publicly available standards (NIST, CIS, ISO, etc.) extended with AI-specific control domains. Framework content is not created, endorsed, or maintained by the organizations that publish those standards (e.g., CIS, NIST, PCI SSC, ISO, AICPA, HHS). You are responsible for verifying that assessment content is current and applicable to your specific regulatory obligations.

5.6 Shared Responsibility

Security outcomes depend on your organization's implementation, operational practices, and ongoing diligence — not solely on assessment findings or the recommendations provided by Ayliea. You bear sole responsibility for the security decisions you make and the controls you implement.

5.7 Self-Assessment Disclaimer

Ayliea Assess is a self-assessment and audit preparation tool. Assessment scores are based on self-reported answers and are not independently verified by Ayliea. The Service does not constitute a formal audit, compliance certification, or professional security engagement. Users must not represent Ayliea assessment results as equivalent to a certified audit or compliance certification. Ayliea expressly disclaims liability for compliance decisions, regulatory submissions, or business representations made based on assessment results. Organizations requiring formal compliance certification should engage a qualified auditor or compliance professional.

6. File Uploads

6.1 Permitted Files

The App allows you to upload evidence attachments in the following formats: PDF, PNG, JPEG, TXT, and CSV. The maximum file size is 5 MB per file.

6.2 Malware Scanning

All uploaded files are automatically scanned for malware using VirusTotal. Files identified as malicious are deleted immediately without notice. By uploading files, you acknowledge that file hashes (and potentially full files) may be submitted to VirusTotal for analysis and that VirusTotal may retain submitted files. See our Privacy Policy for details on third-party data sharing.

6.3 Your Responsibility

You are solely responsible for the content of files you upload. You must not upload files that contain malware, illegal content, or content that violates the rights of any third party. We reserve the right to remove any uploaded file at our discretion.

7. Accounts and Organizations

Every account in the Service belongs to an organization. The seat count, role configuration, and any single-seat scoping are set during onboarding via your Order.

7.1 Organization Owners

The individual designated as the organization owner during onboarding is responsible for managing organization membership, distributing invite codes and collaborator links, and ensuring that members comply with these Terms.

7.2 Member Access

On multi-seat organizations, members share access to assessments, recommendations, and scores within their organization. The organization owner controls who has access by managing invite codes and removing members as needed.

7.3 Seats

Both tiers currently include unlimited seats. If we change this policy in the future for new customers, existing organizations will keep their current seat allowance for the remainder of the billing term and we will notify you in writing of any new limits before renewal.

8. User-Generated Content

Assessment answers, evidence notes, uploaded files, and other content you create within the App ("User Content") remain your property. By using the Service, you grant Ayliea a limited, non-exclusive license to store, process, and display your User Content as necessary to provide the Service (including generating AI recommendations and sharing within your organization).

You may export or delete your User Content at any time through the App or by contacting us. Upon account deletion, all User Content is permanently removed from our systems within 30 days.

When you provide vendor contact information for assessment invitations through the AI Governance Module, you represent that you have a legitimate business relationship with the vendor and that you have the authority to request the assessment. You are responsible for ensuring that your use of the vendor assessment feature complies with applicable privacy and anti-spam laws in your jurisdiction.

9. Acceptable Use

You agree not to:

  • Use the Service for any unlawful purpose
  • Reproduce, distribute, or publicly share Ayliea's proprietary assessment methodology, tools, or deliverable templates without written consent
  • Interfere with or disrupt the Service or its infrastructure
  • Misrepresent assessment results or deliverables as certifications, attestations, or formal audits
  • Upload files containing malware, viruses, or malicious code
  • Share account credentials or invite codes with unauthorized parties
  • Attempt to circumvent tier restrictions, seat limits, or access controls
  • Use the vendor assessment portal to send unsolicited assessments to contacts who have not agreed to participate in a vendor risk assessment

10. Intellectual Property

10.1 Service Ownership

The Service, including its design, branding, assessment methodology, control framework, scoring algorithms, deliverable templates, and marketing content, is owned by Ayliea and protected by intellectual property laws.

10.2 Deliverable Ownership

Upon completion of an engagement and receipt of full payment, clients receive a non-exclusive, non-transferable license to use the deliverables produced during their engagement for internal business purposes. The underlying methodology and templates remain the intellectual property of Ayliea.

10.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a non-exclusive, royalty-free license to use that feedback to improve the Service.

11. Limitation of Liability

The Service is provided "as is" and "as available" without warranties of any kind, express or implied, including but not limited to merchantability, fitness for a particular purpose, and non-infringement.

To the maximum extent permitted by law, Ayliea shall not be liable for:

  • Security incidents that occur despite following recommendations produced during an engagement or generated by the App
  • Regulatory penalties or compliance failures based on assessment results or AI-generated recommendations
  • Loss of data beyond our reasonable control (force majeure, third-party provider outages)
  • Deletion of uploaded files that are identified as malicious by automated malware scanning
  • Inaccuracies or omissions in AI-generated recommendations
  • Any indirect, incidental, special, consequential, or punitive damages

Our total liability for any claim arising from the Service shall not exceed the fees paid for the specific engagement or subscription giving rise to the claim.

12. Indemnification

You agree to indemnify and hold Ayliea harmless from claims, damages, losses, and expenses (including reasonable legal fees) arising from your use of the Service, violation of these Terms, or infringement of any third-party rights.

13. Termination

13.1 Account Termination

You may delete your account at any time through the App or by contacting us. Upon account deletion, your assessment data, uploaded files, and recommendations will be permanently removed within 30 days.

13.2 Consulting Engagements

Either party may terminate an engagement as specified in the engagement agreement. Website access may be restricted if these Terms are violated.

13.3 Effect of Termination

Upon termination of an engagement, deliverables produced up to the point of termination remain subject to the engagement agreement terms. We will delete or return engagement data in accordance with our Privacy Policy and the engagement agreement. Upon termination of a subscription, your account will move to read-only access for a 30-day grace period during which you may export your data; after the grace period, all User Content will be permanently removed in accordance with §8 above.

14. Dispute Resolution

Any disputes arising from these Terms or the Service will be resolved through binding arbitration in accordance with the rules of the American Arbitration Association. You agree to resolve disputes individually and waive the right to participate in class action lawsuits.

15. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.

16. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions continue in full force and effect.

17. Changes to Terms

We may update these Terms from time to time. Material changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the new Terms.

18. Contact

If you have questions about these Terms, contact us at legal@ayliea.com.