AI Terms of Service
Effective July 1, 2026
These AI Terms of Service (“AI Terms”) govern the use of the artificial intelligence features made available within the SecurityTrax platform — SecurityTrax Intelligence and the Documentation Assistant (together, the “AI Features”). The AI Terms supplement, and are incorporated into, the SecurityTrax Software as a Service Agreement (the “Agreement”) between SecurityTrax LLC, 8281 Greensboro Drive, Suite 100, Tysons, Virginia 22102 (“SecurityTrax,” “we,” “us”) and the customer organization identified in the Agreement (“Customer,” “you”). Capitalized terms not defined here have the meaning given in the Agreement. If these AI Terms conflict with the Agreement with respect to the AI Features, these AI Terms control.
By enabling or using any AI Feature, you agree to these AI Terms. If you do not agree, do not enable or use the AI Features. The AI Features are optional; the SecurityTrax platform remains fully usable with all AI Features disabled.
1. The AI Features
SecurityTrax Intelligence has four parts that work together, plus a separate documentation assistant. These AI Terms apply to all of them, and to any substantially similar AI capability we add to the platform in the future:
- SecurityTrax Assistant. A conversational assistant for asking natural-language questions about your SecurityTrax data — about an individual customer or lead record, or, as the feature expands, across records (for example, “how many of yesterday’s customers are installed?”). The Assistant answers using only data the signed-in user is already permitted to view.
- Assists. Reusable AI prompts curated by your administrators. An Assist can be run by a user in the Assistant, or run on your behalf by an Automation.
- Automations. A workflow feature in which an AI model evaluates a plain-language condition you define against customer or lead records — individually or across a selection you configure (for example, all customers created yesterday) — and returns a structured verdict (and, where you enable it, a drafted text body). Actions resulting from that verdict — such as creating a note, opening a ticket or work order, applying or removing a tag, or flagging an account at risk — are executed by SecurityTrax’s permission-checked automation engine, not by the AI model. See Section 5.
- AI Summaries. On-demand summarization within the Assistant and on customer records, including summaries of notes and tickets and the ability to condense an Assistant conversation into a summary that the user may choose to save as a customer note or ticket.
- Documentation Assistant. A help assistant (“Ask about the docs”) that answers questions about how to use SecurityTrax. The Documentation Assistant answers exclusively from SecurityTrax’s own product documentation; it has no access to your customer, lead, financial, or other business data.
“Input” means content submitted to an AI Feature (for example, a question typed to the Assistant, an Assist prompt, or an Automation condition). “Output” means content an AI Feature generates in response (for example, an answer, summary, verdict, or drafted note body).
2. Your Data and How the AI Features Use It
2.1 Permission-scoped access — the AI sees and does only what you can see and do
Every AI Feature that reads or writes your SecurityTrax data does so through SecurityTrax’s permissioned data-access layer. In practical terms:
- The Assistant and Automations retrieve data field by field, applying the same role- and location-based permissions that govern what the requesting user can see in the SecurityTrax interface. If a user cannot view a field or a category of records (for example, invoices or payments), the AI Feature cannot retrieve it for that user’s request.
- AI requests operate only on the data in scope for the request — an individual customer or lead record, a defined selection of records (for example, customers created yesterday), or aggregate questions across records — and every record and field retrieved passes through the permission layer described above. The AI model cannot bypass that layer, reach another organization’s data, or widen its own access beyond what the requesting user is permitted to view.
- Writes are permission-checked, validated, and audited. AI Features can create and change records in your database — for example, a live Automation can open a ticket, add a note, or apply a tag. Every such write passes through the same permission and validation layer that governs the SecurityTrax interface, is attributed to the acting user, and is audited; an AI Feature cannot perform a write the acting user would not be permitted to perform manually. In the current AI Features, the AI model itself only reads and recommends — it requests data through a fixed set of retrieval functions and returns verdicts and drafted content, and the resulting writes are carried out by SecurityTrax’s automation engine under the controls described in Section 5.
2.2 Categories of data never provided to AI models
Certain sensitive fields are excluded from the AI Features at the data-access layer, regardless of the requesting user’s permissions. These include, without limitation: Social Security numbers, dates of birth, credit/beacon scores, payment card numbers, and alarm-system confirmation, abort, and receiver codes. In addition, before an Assistant conversation is summarized for saving as a note, the conversation text is passed through a redaction filter that masks patterns resembling Social Security numbers, payment card numbers, bank account and routing numbers, and similar sensitive identifiers.
2.3 What is transmitted to AI model providers
To generate a response, an AI Feature transmits to the applicable AI Provider (Section 3): the feature’s system instructions; the user’s Input and recent conversation history for the session; and, for the Assistant and Automations, the permission-filtered data in scope for the request that the model requests through the retrieval functions described above. For the Documentation Assistant, only the user’s question, recent conversation history, and excerpts of SecurityTrax’s own product documentation are transmitted — no Customer business data.
2.4 What we store, and for how long
- Conversations. Assistant sessions and messages (including which datasets were consulted, token counts, and timing) are stored in your own tenant database, alongside the rest of your SecurityTrax data and subject to the same protections the Agreement provides for Customer Data generally. Documentation Assistant sessions are stored by SecurityTrax separately; they contain no Customer business data.
- Automation records. Every Automation run is recorded in your tenant database, including the AI verdict, each action’s outcome, and the acting user, as described in Section 5(4).
- Usage metering. For billing and capacity purposes we record, per AI invocation: the feature used, the model and provider, token counts, and (where applicable) the customer record the request related to. Metering records contain usage metadata, not conversation content.
- Retention. AI conversation, summary, and automation records are retained as part of your SecurityTrax data for the duration of your subscription and are handled on termination as the Agreement provides for Customer Data generally. SecurityTrax may introduce automatic retention limits for AI conversation records in the future and will reflect any such change in these AI Terms.
2.5 No training on your data
SecurityTrax does not use your Inputs, Outputs, or Customer Data to train or fine-tune AI models, and does not permit its AI Providers to do so. We access AI models exclusively through commercial APIs under agreements that prohibit the provider from using data submitted through those APIs to train their models.
2.6 Ownership
As between you and SecurityTrax, you retain all rights in your Inputs and your Customer Data. Subject to the Agreement and to any third-party rights, SecurityTrax assigns to you its rights, if any, in Outputs generated for you by the AI Features. You acknowledge that AI models may produce identical or similar outputs for other customers, and these AI Terms do not restrict outputs independently generated for others.
3. Third-Party AI Model Providers
The AI Features are powered by large language models operated by third-party providers (each, an “AI Provider”). SecurityTrax uses OpenAI as its default AI Provider. SecurityTrax may select a different AI Provider or model for particular features, and may change AI Providers or models at any time without notice, provided any arrangement with an AI Provider offers materially similar data protections, including the training prohibition in Section 2.5. The AI Providers supported by SecurityTrax’s AI infrastructure are: OpenAI, Anthropic, Microsoft (Azure OpenAI Service), Amazon Web Services (Bedrock), Google (Gemini), Cohere, DeepSeek, ElevenLabs, Groq, Jina AI, Mistral AI, OpenRouter, Voyage AI, xAI, and self-hosted models via Ollama. Only the AI Provider(s) actually serving a given feature receive data for that feature, as described in Section 2.3, and each such AI Provider acts as a subprocessor of SecurityTrax; this Section constitutes SecurityTrax’s disclosure of its AI subprocessors and will be updated as the supported list changes. A current list of SecurityTrax’s subprocessors is also available at securitytrax.com/subprocessors. AI Providers’ processing is governed by our agreements with them; SecurityTrax is not responsible for AI Provider service interruptions, rate limits, or model deprecations, though we will use commercially reasonable efforts to maintain continuity of the AI Features.
4. Output Accuracy and Human Review
AI-generated content is probabilistic and may be inaccurate, incomplete, outdated, or misleading — including in ways that appear plausible.
- Outputs are provided for informational and drafting convenience only. You are responsible for reviewing Outputs before relying on them or acting on them, and for all decisions and actions taken based on them.
- The Assistant answers only from the SecurityTrax data available to the requesting user; an answer may be wrong or incomplete because of missing or stale underlying data, permission limits, or model error. The interface reminds users to double-check anything important; that reminder is part of these AI Terms.
- The Documentation Assistant answers only from SecurityTrax documentation and is not a substitute for professional advice. Outputs are not legal, tax, accounting, financial, or compliance advice.
- AI Features must not be used as the sole basis for decisions that produce legal or similarly significant effects on a consumer — including credit, collections, employment, insurance, or housing decisions — without meaningful human review.
5. Automations — Controls, Approval, and Audit
Automations are designed so that the AI model judges; it does not act:
- Evaluation only. The model receives your plain-language condition and permission-filtered context for the record(s) being evaluated and returns a structured verdict (condition met / not met, reasons, and an optional drafted text body). The model cannot choose, add, or execute actions, and the records an automation covers are selected by criteria you configure — not by the model.
- Deterministic, permission-checked execution. Actions are selected from a fixed catalog you configure and are executed by SecurityTrax application code through the same permission and validation layer that governs the SecurityTrax interface and API. An automation cannot perform a write its acting user would not be permitted to perform manually.
- Dry-run by default; optional human approval. New automations default to a preview (“dry run”) mode that evaluates and validates without saving anything. Live automations may additionally be configured to require human approval; in that mode, an approver is shown the exact verdict, actions, and any AI-drafted text before anything is committed, and approval commits exactly what was previewed (the drafted text is not regenerated).
- Complete audit trail. Every run records the trigger, the acting user, the AI verdict, and the outcome of every action (including failures) in your tenant database, and every record created or changed by an automation carries standard attribution (who/when) like any other change in SecurityTrax.
You are responsible for the conditions and actions you configure, for choosing appropriate run modes (including whether to require approval), and for monitoring automation results. We recommend approval-required mode for any automation whose actions are customer-visible or difficult to reverse.
6. Enabling, Disabling, and Administering the AI Features
SecurityTrax Intelligence is off unless enabled. Your administrators control: a master switch for your organization, and separate switches for the Assistant, Assists, and Automations. Access to the Documentation Assistant is additionally controlled per user through SecurityTrax’s standard permission system. You may disable any or all AI Features at any time; disabling a feature stops new AI processing for it but does not remove previously stored conversations, summaries, notes, or automation records, which remain part of your SecurityTrax data as described in Section 2.4.
Each AI Feature displays an in-product notice that AI features are subject to these AI Terms, with a link to the then-current version at this page.
You are responsible for: (a) provisioning permissions appropriately, since the AI Features inherit each user’s permissions; (b) the content of Assists and Automation conditions your administrators author; and (c) ensuring your use of the AI Features — including any disclosures to or consents from your own customers — complies with applicable law and your own privacy commitments.
7. Acceptable Use
In addition to the acceptable-use provisions of the Agreement, you will not, and will not permit any user to:
- attempt to circumvent permission scoping, data redaction, or other technical safeguards of the AI Features (including through prompt injection);
- use the AI Features to develop, train, or improve a competing AI model or service;
- input content you do not have the right to provide, or use the AI Features to infringe, misappropriate, or violate the rights of any person;
- use the AI Features to generate content that is unlawful, deceptive, or harassing, or to make automated decisions with legal or similarly significant effect on consumers without human review (Section 4);
- misrepresent Output as human-authored where the distinction is material, or as statements made by SecurityTrax.
SecurityTrax may suspend an organization’s or user’s access to the AI Features for violation of this Section or where continued use poses a security or legal risk, and will restore access when the issue is resolved.
8. Fees and Metering
AI Feature usage is metered per invocation based on model token consumption, as described in Section 2.4, and is billed in SecurityTrax Tokens as provided in the Software as a Service Agreement — drawn first from your included monthly token allowance and then from your prepaid token wallet. Metered usage is available in the billing area of the SecurityTrax platform. We may introduce, modify, or remove usage tiers or limits on reasonable notice.
9. Warranty Disclaimer
THE AI FEATURES AND ALL OUTPUTS ARE PROVIDED “AS IS” AND “AS AVAILABLE.” WITHOUT LIMITING THE WARRANTY DISCLAIMERS IN THE AGREEMENT, SECURITYTRAX MAKES NO WARRANTY THAT OUTPUTS WILL BE ACCURATE, COMPLETE, CURRENT, RELIABLE, OR FIT FOR ANY PARTICULAR PURPOSE, OR THAT THE AI FEATURES WILL BE UNINTERRUPTED OR ERROR-FREE. NO INFORMATION OR OUTPUT OBTAINED FROM THE AI FEATURES CREATES ANY WARRANTY NOT EXPRESSLY STATED IN THE AGREEMENT.
10. Limitation of Liability
The limitations and exclusions of liability in the Agreement apply to the AI Features and to all Inputs and Outputs. Without limiting those provisions, SecurityTrax is not liable for any loss arising from reliance on an Output without the human review these AI Terms require, or from actions you configure Automations to take in live mode.
11. Changes to the AI Features and These Terms
The AI Features evolve quickly. We may add, modify, or discontinue AI Features (or underlying models and AI Providers, per Section 3) at any time. We may update these AI Terms from time to time; material changes will be notified through the platform or by email, and continued use of the AI Features after the effective date of an updated version constitutes acceptance. The then-current version will always be available at this page.
12. Contact
Questions about these AI Terms or the AI Features:
SecurityTrax LLC
8281 Greensboro Drive, Suite 100
Tysons, Virginia 22102
legal@securitytrax.com