Terms of Service

These Terms of Service ("Terms") govern access to and use of ASTIS services ("Services") provided by ASTIS LLC ("ASTIS", "we", "us"). By accessing or using the Services, you agree to these Terms.

1. Definitions

• Customer / You: the individual or legal entity using the Services.
• Account: your ASTIS account.
• Content: email message content (body/attachments) handled through your email provider (e.g., Gmail/Microsoft 365).

2. What ASTIS Is (and Is Not)

• ASTIS provides a cryptographic access control and client-side encryption layer.
• ASTIS is not an email hosting provider or mail server. Your mailbox storage and email delivery remain with your chosen email provider (e.g., Google Workspace/Gmail, Microsoft 365).

3. Client-Side Encryption & Key Rewrap

• Message content encryption/decryption is performed within the ASTIS client application (web app, PWA, mobile app, desktop plugin, or other client form factor) on the user's device.
• ASTIS servers do not see or store plaintext email content.
• ASTIS may store encrypted session-key capsules ("SKEY Capsules").
• Public OpenPGP keys (WKD): ASTIS operates a Web Key Directory (WKD) service on ASTIS infrastructure for distributing users' public OpenPGP keys. Public keys are, by design, intended to be shared openly and do not contain private key material.
• Private OpenPGP keys (CVS): Private PGP keys are managed via the CryptoVault Service (CVS), which runs on ASTIS infrastructure by default. For Enterprise customers with HYOK (Hold Your Own Key), CVS can be deployed on Customer infrastructure for full key custody control.
• Key Rewrap: When a recipient registers and provides a public key, ASTIS may transiently process a session key (SKEY) in plaintext in memory solely to re-encrypt (rewrap) the SKEY Capsule to that public key. ASTIS does not store plaintext SKEY.

4. Accounts and Security

You are responsible for:

• Safeguarding credentials and devices
• Maintaining accurate account information
• Complying with all applicable laws and internal policies

We may suspend access if we reasonably believe your account is compromised or used for abuse.

5. Acceptable Use

Your use is subject to the Acceptable Use Policy. You agree not to:

• Use the Services for unlawful, harmful, or abusive purposes (malware, phishing, unauthorized access)
• Attempt to break, reverse engineer, or circumvent security measures
• Misuse the Services to facilitate spam or deceptive communications
• Interfere with the integrity or availability of the Services

6. Plans, Billing, and Taxes

• Plans and pricing are described at checkout and/or your Order Form
• Taxes may apply depending on your location
• Payments may be processed by third-party payment providers

7. Intellectual Property

ASTIS retains all rights to the Services, software, and documentation, except for rights expressly granted to you. You retain rights to your own materials and content you provide.

8. Confidentiality

Each party will protect the other party's confidential information and use it only as necessary to perform under these Terms.

9. Disclaimers

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE". TO THE MAXIMUM EXTENT PERMITTED BY LAW, ASTIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ASTIS WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES.

ASTIS's total liability arising out of or relating to the Services will not exceed the fees paid by Customer to ASTIS in the 12 months preceding the event giving rise to the claim.

11. Termination and Suspension

11.1 Termination by Customer

You may stop using the Services at any time. Cancellation will be effective at the end of the current annual billing term unless otherwise stated in your Order Form.

11.2 Termination or Suspension by ASTIS for Cause

ASTIS may suspend or terminate the Services, an Account, an Organization, or any portion thereof, immediately and without prior notice, where ASTIS reasonably determines that:

• (a) the Customer is in material breach of these Terms, the AUP, the DPA, or any Order Form;
• (b) the Customer's use poses a security, integrity, or availability risk to the Services, ASTIS, or other Customers;
• (c) the Customer's use could subject ASTIS to liability, regulatory action, or reputational harm;
• (d) continued provision of the Services is prohibited or restricted by applicable law, court order, governmental authority, or sanctions program (including but not limited to US OFAC, EU Consolidated, UK OFSI, UN, and any other list applicable to ASTIS);
• (e) any payment processor, bank, or critical infrastructure provider declines, suspends, or terminates services relevant to the Customer or the Account;
• (f) the Customer engages in any activity prohibited by the Acceptable Use Policy.

11.3 Risk-Based Decline (ASTIS's Discretion)

In addition to Section 11.2, ASTIS may, in its reasonable discretion, decline to provide or discontinue the Services to any prospective or existing Customer where ASTIS determines that providing the Services presents an unacceptable legal, regulatory, financial, security, or reputational risk to ASTIS, other Customers, or third parties. ASTIS may also withdraw the Services from a market, sector, or jurisdiction as a business decision. The non-exhaustive grounds for a Risk-Based Decline are set out in Section 6 of the Acceptable Use Policy.

11.4 Effect of Termination

• The Customer's right to access the Services ends on the effective termination date.
• Where ASTIS terminates for cause under Section 11.2, or where the Customer is on, or becomes subject to, a sanctions or restricted-party list, prepaid fees are non-refundable and may be forfeited to the extent permitted by applicable law.
• Where ASTIS terminates under Section 11.3 (Risk-Based Decline) or for ASTIS's convenience, ASTIS will provide a prorated refund for the unused portion of the prepaid term, except where prohibited by law.
• Customer Data will be handled per Section 8 of the DPA, subject to legal-hold obligations.

11.5 Notice

Where feasible and lawful, ASTIS will provide reasonable advance notice. ASTIS may take immediate action without notice where required to comply with law, prevent harm, or protect the Services, other Customers, or third parties. Sanctions-driven blocks may be applied without notice.

11.6 Appeals

Except for sanctions or law-enforcement-driven blocks, Customers may appeal an enforcement action by contacting [email protected]. ASTIS will review appeals in good faith and respond within a reasonable timeframe.

12. Privacy

Our Privacy Policy is at /privacy.

13. Service Availability

ASTIS will use commercially reasonable efforts to make the Services available. No SLA applies unless expressly agreed in an Order Form or Enterprise agreement. Scheduled maintenance will be communicated with reasonable advance notice where feasible.

14. Cancellation and Refunds

• You may cancel your subscription at any time. Upon cancellation, you retain access to the Services until the end of the current annual billing term.
• Prepaid fees are non-refundable, except where required by law or as expressly agreed in an Order Form.
• If ASTIS terminates the Agreement under Section 11.3 (Risk-Based Decline) or for ASTIS's convenience, ASTIS will provide a prorated refund for the unused portion of the prepaid term.
• If ASTIS terminates the Agreement for cause under Section 11.2 (including breach, sanctions, legal order, payment-processor decline, or AUP violation), prepaid fees are non-refundable, subject to mandatory law.
• Price changes: Plan pricing may change. Existing Customers continue to be charged at the price in effect when their current subscription term began; updated pricing applies at the next renewal with reasonable advance notice.

15. Assignment

You may not assign or transfer these Terms or your rights under them without ASTIS's prior written consent. ASTIS may assign these Terms to an affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees to be bound by these Terms.

16. Export Controls and Sanctions

16.1 Customer Compliance

You agree to comply with all applicable export control laws, sanctions, and regulations (including US OFAC, EU, UK OFSI, UN, and any other relevant jurisdiction). You represent and warrant that you, your Affiliates, your beneficial owners, and your financial institutions are not located in, organized under, or controlled by parties in jurisdictions subject to comprehensive sanctions, and are not on any restricted-party list.

16.2 ASTIS Screening

ASTIS reserves the right, at its sole discretion and without liability, to screen prospective and existing Customers against sanctions lists, restricted-party lists, and adverse-media sources, on initial onboarding and periodically thereafter. ASTIS may decline or discontinue Services based on such screening.

16.3 Prohibited Jurisdictions

ASTIS does not provide Services to Customers located in, or owned or controlled by parties in, Cuba, Iran, North Korea, Syria, the Crimea / Donetsk / Luhansk regions of Ukraine, the Russian Federation, the Republic of Belarus, or any other jurisdiction subject to comprehensive trade sanctions applicable to ASTIS.

16.4 Changes in Customer Status

If a Customer or its beneficial owners become subject to sanctions or restricted-party designation after onboarding, ASTIS will block the Account immediately. Prepaid fees may be forfeited as provided in Section 11.4.

17. Notices

Legal notices to ASTIS must be sent to [email protected]. ASTIS may send notices to the email address associated with your Account. Notices are deemed received when sent to the correct email address.

18. Governing Law

These Terms are governed by the laws of the State of Delaware, excluding conflict of laws rules, unless the Agreement/Order Form states otherwise for Enterprise customers.

19. Changes

We may update these Terms from time to time. Continued use after the effective date of changes constitutes acceptance.

20. Contact