Terms of Service

By accessing or using WaverSec Protect, you agree to these Terms of Service on behalf of yourself or the organization you represent. If you are acting for an organization, you represent that you have authority to bind it.

These terms apply to the public site, the admin product, APIs, Outlook add-in, documentation, and related support or onboarding services unless a more specific written agreement says otherwise.

You must provide accurate account information and keep credentials secure. You are responsible for activity under your accounts and for actions taken by your administrators, users, contractors, and agents.

You must promptly notify WaverSec if you suspect unauthorized access, credential compromise, or misuse of the service.

Subject to these terms and any order form, WaverSec grants you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use WaverSec Protect during the applicable service term for your internal business operations.

No ownership rights are transferred to you. All rights not expressly granted remain with WaverSec and its licensors.

As between the parties, customer data remains the customer’s data. WaverSec uses customer data only to provide, secure, support, and improve the service as permitted by the agreement and applicable law.

Use of personal data is also described in the Privacy Policy and, where applicable, the Data Processing Addendum.

You may not misuse the service, bypass technical controls, or use WaverSec Protect in a way that infringes rights, creates unlawful surveillance, or harms the platform or other parties.

The Acceptable Use Policy is incorporated into these terms by reference.

WaverSec Protect can be connected to MCP-capable AI clients such as Claude, Codex, Copilot, or GPT through the WaverSec MCP server. MCP access is available only for active licensed seats; each MCP token must be bound to a single seat email, and multiple tokens for the same seat do not expand the customer’s licensed seats, authorized users, or permitted usage.

Each MCP access token issued by WaverSec is bound at creation time to a single seat email within the customer organization and may be used only for messages that the bound licensed seat is authorized to compose, scan, or send, and only under the customer’s documented authorization, notices, and lawful basis. Tokens must not be shared across users or organizations and must be treated as confidential credentials. The customer is responsible for AI agent actions under the token as if performed by that seat.

When an AI client calls the pre-send check, WaverSec returns non-binding advisory labels named allow, warn, or block. Those labels are not approval, authorization, legal clearance, compliance clearance, or a guarantee that an email is safe or permitted to send. The customer is responsible for configuring, supervising, and operating any client, agent environment, or hosting application that receives an MCP result, including deciding whether and how to act on the advisory result before any email is sent. WaverSec does not itself transmit, deliver, or stop the email.

If a customer configures an AI client or agent to act automatically on an MCP result, the customer is responsible for determining whether GDPR, UK GDPR, or similar automated-decision rules apply, and for providing any required notices, lawful basis, human review, challenge, and override process. Customer-selected AI clients, agent environments, and their providers are not WaverSec subprocessors unless expressly listed in WaverSec’s DPA or subprocessor list.

Paid plans are currently provisioned through manual commercial workflows, including order forms, invoices, payment requests, or another agreed billing method.

WaverSec does not currently process payments automatically through the product. Unless an applicable order form says otherwise, the product does not provide automated in-product self-serve subscription checkout, self-serve renewal management, or automatic recurring card charges.

Fees are due as stated in the applicable invoice or order form. Late payments may result in suspension, downgraded service, delayed renewals, or reactivation conditions.

Each party may receive non-public information from the other party. The receiving party must use that information only for the agreement, protect it with reasonable care, and disclose it only to people and subprocessors who need it and are bound by confidentiality obligations.

Confidentiality obligations do not apply to information that is public without breach, already known without obligation, independently developed, or lawfully received from a third party without restriction.

WaverSec and its licensors own the service, software, models, documentation, branding, and all related intellectual property rights. No implied licenses are granted.

If you provide product feedback, suggestions, or requested improvements, WaverSec may use them without restriction and without owing compensation to you.

WaverSec may suspend or limit access if necessary to protect the service, enforce the agreement, respond to legal process, investigate suspected misuse, or prevent security harm.

Either party may terminate for material breach if the breach is not cured within a reasonable period after notice. WaverSec may also terminate free or trial access at any time.

Except as expressly stated in a signed agreement, the service is provided on an as-is and as-available basis. WaverSec disclaims implied warranties, including merchantability, fitness for a particular purpose, non-infringement, and that the service will be uninterrupted or error-free.

Security and anomaly detection tools reduce risk; they do not guarantee that every incident, policy violation, or data leak will be prevented or detected.

To the maximum extent permitted by law, neither party is liable for indirect, incidental, special, consequential, punitive, or exemplary damages, or for lost profits, revenue, goodwill, or data, even if advised of the possibility of those damages.

Except for excluded claims that cannot be limited by law, each party’s total aggregate liability arising out of or related to the service will not exceed the fees paid or payable by the customer to WaverSec for the twelve months before the event giving rise to the claim. For free use, that cap is EUR 100.

You will defend and indemnify WaverSec against third-party claims arising from your unlawful use of the service, your violation of the agreement, or your customer data or configuration choices, except to the extent the claim results from WaverSec breach of the agreement.

Any indemnified party must give prompt notice, reasonable cooperation, and control of the defense to the indemnifying party, subject to settlement protections for the indemnified party.

Unless a signed enterprise agreement says otherwise, these terms are governed by the laws of Estonia, without regard to conflict-of-law rules.

The courts of Harju County, Estonia, will have exclusive jurisdiction over disputes arising out of or related to these terms, except where mandatory law requires a different forum.

WaverSec may update these terms from time to time. Material updates will be posted on this page with an updated effective date. Continued use after the effective date constitutes acceptance of the updated terms, unless a signed agreement provides a different amendment mechanism.