Ayliea — AI Security Assessment & Compliance Consulting

Terms of Service

Effective date: April 9, 2026

1. Acceptance of Terms

By accessing or using Ayliea (the "Service"), including the marketing website at ayliea.com, the Ayliea mobile application (the "App"), and AI Security Assessment consulting services, you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

2. Description of Service

Ayliea provides a mobile security posture assessment application and AI Security Assessment consulting services, including:

  • Self-service security assessments across 8 compliance frameworks (CIS Controls v8, NIST 800-53, NIST CSF 2.0, HIPAA, ISO 27001, SOC 2, PCI DSS, AI Security)
  • AI-generated security improvement recommendations
  • Evidence attachment uploads and assessment reports
  • Organization-level collaboration and multi-seat management
  • Optional two-factor authentication (TOTP) for enhanced account security
  • Organization-level MFA enforcement for team compliance
  • AI asset discovery and shadow AI identification (consulting)
  • Data flow mapping and analysis (consulting)
  • Compliance gap analysis against industry frameworks (consulting)
  • Risk scoring and prioritized remediation roadmaps
  • Executive and technical deliverable packages (consulting)

3. Service Tiers

3.1 Free Tier

The Free tier provides access to the AI Security framework only, with a single seat, basic assessment features, and limited recommendation capabilities.

3.2 Organization Tier

The Organization tier ($500/year) provides access to all 8 compliance frameworks, 3 seats (additional seats at $100/year each), historical score tracking, composite posture scoring, evidence attachments, full recommendation features, and organization-level collaboration. Pricing is subject to change with notice.

3.3 AI Governance Features

The AI Governance Module provides additional capabilities scoped to your subscription tier:

  • Pro — AI System Registry (register and document AI systems, use cases, and data flows) and risk classification (EU AI Act risk tiers and NIST AI RMF assessments)
  • Business— all Pro features, plus vendor questionnaires (send and score vendor risk assessments), incident tracking (log, investigate, and resolve AI incidents with timeline audit trails), regulatory timeline (track applicable AI regulations and compliance milestones), and AI risk analysis (AI-assisted risk classification narratives via Anthropic's Claude API)
  • Enterprise — all Business features, plus API access for governance data and webhook events for incident status changes

3.4 Billing

Organization tier subscriptions are billed annually. All fees are non-refundable except as required by applicable law. We reserve the right to change pricing with 30 days' written notice. Continued use of the Organization tier after a price change constitutes acceptance of the new pricing.

4. Consulting Engagements

Consulting engagements are governed by individual engagement agreements and non-disclosure agreements executed between Ayliea and the client organization.

Engagement scope, deliverables, timelines, and fees are defined in the engagement agreement. All engagements begin with a free scoping call to determine the right package for your organization.

Assessment methodologies, frameworks, tools, and deliverable templates are proprietary to Ayliea and may not be reproduced or distributed without written consent.

5. Assessment Results and Deliverables

5.1 Professional Services

Assessment deliverables — including executive summaries, technical reports, AI asset inventories, compliance gap matrices, remediation roadmaps, and risk registers — are produced by qualified security professionals and represent our expert assessment of your organization's AI security posture at the time of engagement.

5.2 AI-Generated Recommendations

The App generates security improvement recommendations using artificial intelligence (Anthropic's Claude). These AI-generated recommendations are informational only and are not a substitute for professional security audits, penetration testing, or legal advice. AI-generated content may contain inaccuracies or omissions. You are solely responsible for evaluating and implementing any recommendations. Ayliea does not guarantee the accuracy, completeness, or suitability of AI-generated recommendations for your specific environment.

5.3 Not Legal Advice

Our assessments, deliverables, and AI-generated recommendations do not constitute legal advice. You should consult qualified legal counsel for regulatory compliance determinations and legal obligations.

5.4 Point-in-Time Assessment

Assessment results reflect your organization's posture at the time of the engagement or self-assessment. Security posture changes over time as your organization adopts new tools, changes configurations, and responds to evolving threats. Regular reassessment is recommended.

5.5 Framework Accuracy

Our assessment framework is built on publicly available standards (NIST, CIS, ISO, etc.) extended with AI-specific control domains. Framework content is not created, endorsed, or maintained by the organizations that publish those standards (e.g., CIS, NIST, PCI SSC, ISO, AICPA, HHS). You are responsible for verifying that assessment content is current and applicable to your specific regulatory obligations.

5.6 Shared Responsibility

Security outcomes depend on your organization's implementation, operational practices, and ongoing diligence — not solely on assessment findings or the recommendations provided by Ayliea. You bear sole responsibility for the security decisions you make and the controls you implement.

5.7 Self-Assessment Disclaimer

Ayliea Assess is a self-assessment and audit preparation tool. Assessment scores are based on self-reported answers and are not independently verified by Ayliea. The Service does not constitute a formal audit, compliance certification, or professional security engagement. Users must not represent Ayliea assessment results as equivalent to a certified audit or compliance certification. Ayliea expressly disclaims liability for compliance decisions, regulatory submissions, or business representations made based on assessment results. Organizations requiring formal compliance certification should engage a qualified auditor or compliance professional.

6. File Uploads

6.1 Permitted Files

The App allows you to upload evidence attachments in the following formats: PDF, PNG, JPEG, TXT, and CSV. The maximum file size is 5 MB per file.

6.2 Malware Scanning

All uploaded files are automatically scanned for malware using VirusTotal. Files identified as malicious are deleted immediately without notice. By uploading files, you acknowledge that file hashes (and potentially full files) may be submitted to VirusTotal for analysis and that VirusTotal may retain submitted files. See our Privacy Policy for details on third-party data sharing.

6.3 Your Responsibility

You are solely responsible for the content of files you upload. You must not upload files that contain malware, illegal content, or content that violates the rights of any third party. We reserve the right to remove any uploaded file at our discretion.

7. Organization Accounts

7.1 Organization Owners

The individual who creates an organization account is the organization owner. Owners are responsible for managing organization membership, distributing invite codes and collaborator links, and ensuring that members comply with these Terms.

7.2 Member Access

Organization members share access to assessments, recommendations, and scores within their organization. The organization owner controls who has access by managing invite codes and removing members as needed.

7.3 Seat Limits

Organization accounts include a base number of seats. Additional seats may be purchased. Exceeding seat limits may result in restricted access for additional members until additional seats are purchased.

8. User-Generated Content

Assessment answers, evidence notes, uploaded files, and other content you create within the App ("User Content") remain your property. By using the Service, you grant Ayliea a limited, non-exclusive license to store, process, and display your User Content as necessary to provide the Service (including generating AI recommendations and sharing within your organization).

You may export or delete your User Content at any time through the App or by contacting us. Upon account deletion, all User Content is permanently removed from our systems within 30 days.

When you provide vendor contact information for assessment invitations through the AI Governance Module, you represent that you have a legitimate business relationship with the vendor and that you have the authority to request the assessment. You are responsible for ensuring that your use of the vendor assessment feature complies with applicable privacy and anti-spam laws in your jurisdiction.

9. Acceptable Use

You agree not to:

  • Use the Service for any unlawful purpose
  • Reproduce, distribute, or publicly share Ayliea's proprietary assessment methodology, tools, or deliverable templates without written consent
  • Interfere with or disrupt the Service or its infrastructure
  • Misrepresent assessment results or deliverables as certifications, attestations, or formal audits
  • Upload files containing malware, viruses, or malicious code
  • Share account credentials or invite codes with unauthorized parties
  • Attempt to circumvent tier restrictions, seat limits, or access controls
  • Use the vendor assessment portal to send unsolicited assessments to contacts who have not agreed to participate in a vendor risk assessment

10. Intellectual Property

10.1 Service Ownership

The Service, including its design, branding, assessment methodology, control framework, scoring algorithms, deliverable templates, and marketing content, is owned by Ayliea and protected by intellectual property laws.

10.2 Deliverable Ownership

Upon completion of an engagement and receipt of full payment, clients receive a non-exclusive, non-transferable license to use the deliverables produced during their engagement for internal business purposes. The underlying methodology and templates remain the intellectual property of Ayliea.

10.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a non-exclusive, royalty-free license to use that feedback to improve the Service.

11. Limitation of Liability

The Service is provided "as is" and "as available" without warranties of any kind, express or implied, including but not limited to merchantability, fitness for a particular purpose, and non-infringement.

To the maximum extent permitted by law, Ayliea shall not be liable for:

  • Security incidents that occur despite following recommendations produced during an engagement or generated by the App
  • Regulatory penalties or compliance failures based on assessment results or AI-generated recommendations
  • Loss of data beyond our reasonable control (force majeure, third-party provider outages)
  • Deletion of uploaded files that are identified as malicious by automated malware scanning
  • Inaccuracies or omissions in AI-generated recommendations
  • Any indirect, incidental, special, consequential, or punitive damages

Our total liability for any claim arising from the Service shall not exceed the fees paid for the specific engagement or subscription giving rise to the claim.

12. Indemnification

You agree to indemnify and hold Ayliea harmless from claims, damages, losses, and expenses (including reasonable legal fees) arising from your use of the Service, violation of these Terms, or infringement of any third-party rights.

13. Termination

13.1 Account Termination

You may delete your account at any time through the App or by contacting us. Upon account deletion, your assessment data, uploaded files, and recommendations will be permanently removed within 30 days.

13.2 Consulting Engagements

Either party may terminate an engagement as specified in the engagement agreement. Website access may be restricted if these Terms are violated.

13.3 Effect of Termination

Upon termination of an engagement, deliverables produced up to the point of termination remain subject to the engagement agreement terms. We will delete or return engagement data in accordance with our Privacy Policy and the engagement agreement. Upon termination of a subscription, your account will revert to the Free tier.

14. Dispute Resolution

Any disputes arising from these Terms or the Service will be resolved through binding arbitration in accordance with the rules of the American Arbitration Association. You agree to resolve disputes individually and waive the right to participate in class action lawsuits.

15. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.

16. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions continue in full force and effect.

17. Changes to Terms

We may update these Terms from time to time. Material changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the new Terms.

18. Contact

If you have questions about these Terms, contact us at legal@ayliea.com.