Online Service Terms

Online Service Terms (OST)

Public reference copy · BlackCrypt legal · Version 2026.2

Online Service Terms (OST)

0 Overview & key points

This document sets out the contractual terms under which you may use the BlackCrypt encrypted-traffic analysis platform. It explains how the Service works, how the different analysis tiers behave, and how responsibilities and risk are allocated between you and BlackCrypt.

What the Service is: an AI-assisted, point-in-time analysis tool for encrypted network sessions based on metadata and threat intelligence, not a managed detection & response (MDR) or incident-response service.
Who is who: you are the Customer using the Service for your defensive security purposes; BlackCrypt provides the Service and acts as processor or sub-processor for Customer Data, as applicable, as described in the DPA.
Two tiers: free Basic Analyses with limited outputs and liability excluded or limited to the maximum extent permitted by law, and paid Advanced Analyses that unlock richer enrichment, reporting and a capped liability model.
Data protection: Customer Data remains yours; BlackCrypt processes it under the DPA, does not train detection models on your traffic, and deletes capture artefacts after analysis as described in these OST, the DPA and the Privacy Policy.
Your responsibilities: you stay responsible for validating findings in your environment, making enforcement decisions, and ensuring your use of the Service complies with applicable law.
Evidence & audit trail: each Analysis report records the OST and DPA versions in force and the timestamp of your most recent acceptance.

0.1 How this document fits with others

These OST sit alongside the Data Processing Agreement (DPA), where applicable, and any order, checkout, invoice, or billing information confirmed through the Service. Together, these documents govern your use of BlackCrypt.

If there is a conflict on data-protection terms, the DPA prevails. For other service, commercial, reporting, liability, and use terms, these OST prevail unless a separate signed agreement expressly overrides them.

1 Introduction and Parties

These Online Service Terms (“OST”) govern access to and use of the BlackCrypt online platform for encrypted traffic analysis (“Service”). They are concluded between (i) the natural or legal person that creates an account or otherwise uses the Service (“Customer” or “you”), and (ii) BlackCrypt (the provider of the Service) (“BlackCrypt”, “we”, “us”).

BlackCrypt is operated by Emir FATTOUM, an independent professional established in Luxembourg and trading under the name BlackCrypt, with establishment address at L-1329, Luxembourg, business authorisation number N° 10172173 / 0, VAT identification number: pending registration with the Luxembourg Registration Duties, Estates and VAT Authority (AED). It will be added once issued. Legal contact: contact@blackcrypt.ai.

By creating an account, clicking to accept, or using the Service, you agree to be bound by these OST. If you accept on behalf of an organisation, you represent that you are authorised to bind that organisation.

1.1 Contractual framework

These OST form part of a broader contractual framework consisting of:

these OST, which govern use of the Service, commercial terms, report use, permitted use, liability, IP, export controls, governing law and general legal terms;
the Data Processing Agreement (“DPA”) where BlackCrypt processes Customer Data on behalf of Customer; and
any order, checkout confirmation, invoice, billing information, or separately signed agreement confirmed through or alongside the Service.

No report legal notice, dashboard page, help text, FAQ, generated report, or other informational surface creates separate accepted terms unless expressly incorporated into these OST or a separately signed agreement.

2 Definitions

Capitalised terms not defined in this section have the meanings given in the DPA or, where applicable, the relevant order, checkout confirmation, invoice, or separately signed agreement. For clarity, the following terms are used consistently in these OST:

Service: The BlackCrypt software-as-a-service platform that ingests Customer-provided network captures (for example, PCAP files) and produces encrypted-traffic analysis results and reports, including both Basic Analyses and Advanced Analyses.
Basic Analysis: A free analysis tier limited to identifying sessions that match supported malicious patterns and sessions where no supported malicious pattern was detected, without threat-intelligence enrichment, malware family/type classification, or downloadable report, as described in the Service interface.
Advanced Analysis: A paid analysis tier that may include additional enrichments (for example, threat intelligence and Geo-IP), malware family/type labels, and a downloadable report, as described in the Service interface.
Customer Data: Network captures and related data you upload to the Service, together with any associated metadata that you provide (such as labels or context fields), but excluding Service analytics and information generated independently by BlackCrypt.
Results / Outputs: Analysis results, outputs, indicators, scores, labels, conversation views, downloadable reports and related artefacts produced by the Service based on Customer Data.
Report: A human-readable export or document generated by the Service from Results, including PDF or HTML analysis reports. Reports are part of the Outputs and are subject to the same confidentiality, permitted-use, non-reliance and limitation terms in these OST.
Credits: Pre-purchased units that can be consumed to run Advanced Analyses or other metered features of the Service, as described in the billing interface.

3 Scope of Service and Tiers

3.1 Nature of the Service

The Service provides automated, point-in-time analysis of encrypted network traffic metadata. It does not decrypt payloads, inspect cleartext content, access your endpoints, or directly modify your infrastructure.

The Service focuses on encrypted-session telemetry such as TLS fingerprints, SNI where available, IP addresses, ports, timing, sizes, certificates, and related metadata. Findings reflect only the data submitted, the capture window, the capture point’s visibility, and the model and threat-intelligence snapshot available at analysis time.

The Service is not a managed detection and response (MDR) service, 24/7 SOC, incident-response engagement, endpoint-forensics service, general-purpose PCAP forensics platform, vulnerability scanner, SIEM, EDR, DLP tool, or compliance-audit service.

The Service uses statistical, AI and machine-learning models and may use external threat-intelligence sources. Outputs are probabilistic indicators and may include false positives and false negatives. Family/type labels, severity levels and threat-intelligence enrichments are triage signals, not conclusive proof of compromise, definitive malware attribution, or threat-actor attribution.

Results and Reports are point-in-time outputs. BlackCrypt has no obligation to update a completed analysis or Report for later threat-intelligence changes, IP reputation changes, infrastructure reuse, model updates, or newly discovered information unless separately agreed.

Detection methods, feature engineering, models, weights, templates and internal scoring logic are proprietary. BlackCrypt may disclose high-level methodology or label-space information in the Service or in Reports, but is not required to disclose proprietary detection methods.

Plain language

BlackCrypt analyses encrypted traffic metadata at a specific point in time. It does not decrypt payloads, run on your endpoints, or make decisions for you. Outputs are indicators to support your security team, not guaranteed detections, legal advice, audit opinions, or compliance attestations.

3.2 Basic vs Advanced Analysis

Basic Analyses are provided free of charge and are intended for initial evaluation and low-risk use cases. They typically provide limited classification, such as sessions that match supported malicious patterns and sessions where no supported malicious pattern was detected, without detailed enrichment, attribution, malware family/type labels, or downloadable reporting. Liability for Basic Analyses is excluded or limited as set out in Section 12.3.

Advanced Analyses are paid, credit-consuming analyses that provide richer enrichment (such as threat intelligence hits, Geo-IP breakdowns, malware family/type labels, and extended reporting). Liability for Advanced Analyses is capped as set out in Section 12.2.

The exact features included in each tier, and the types of Results and exports, are described in the Service interface and may be updated from time to time as the Service evolves.

3.3 Changes to features

BlackCrypt may improve, modify, or deprecate features of the Service from time to time, provided that any change does not materially deprive you of the core functionality of the tier you are using (Basic or Advanced) for the remaining duration of your current billing period or pre-purchased Credits.

Where a change materially reduces functionality of a paid feature, BlackCrypt will provide reasonable advance notice, and you may have the option to stop using that feature and avoid further charges related to it.

4 Accounts, Access and Eligibility

4.1 Registration and security

To use the Service, you must create an account and provide accurate, complete information. You are responsible for keeping your login credentials confidential and for all activity under your account, except where caused by a breach of BlackCrypt’s security obligations.

You must notify BlackCrypt promptly if you become aware of any unauthorised access to your account or suspected compromise of your credentials. BlackCrypt may require multi-factor authentication or other additional security measures for access to certain features.

4.2 Organisational use

If you use the Service on behalf of an organisation, you must ensure that only authorised personnel have access to the account and that access is revoked when they no longer need it. You remain responsible for ensuring that your users comply with these OST and any applicable policies.

4.3 Eligibility

You may not use the Service if you are located in, or are a national or resident of, any country or region subject to comprehensive trade sanctions or export restrictions applicable to BlackCrypt, or if you are listed on any applicable sanctions or denied-party list.

You represent that you will not use the Service for the benefit of any such sanctioned person or in violation of applicable export-control or sanctions laws.

4.4 Export controls and sanctions

Use of the Service, models, Results and Reports is subject to applicable export-control and sanctions laws, including EU dual-use rules, EU restrictive measures, Luxembourg implementing rules, and, where relevant to a transaction, other applicable regimes.

You represent that you are not a sanctioned or restricted party, are not owned or controlled by a sanctioned or restricted party, and are not located in an embargoed or comprehensively restricted territory. You must not permit access to or use of the Service from embargoed locations or by restricted parties.

You must not use the Service, Results or Reports for prohibited end uses, including weapons of mass destruction proliferation, restricted military end use, unlawful surveillance, or human-rights abuses. You must not route access through VPNs, proxies, or other means to evade screening or territorial controls.

BlackCrypt may conduct sanctions or export screening, request information, suspend or terminate access, refuse delivery, or withhold performance where required to comply with law or where an export licence or authorisation is required and not obtained. You must promptly notify BlackCrypt if your restricted-party or export-control status changes.

5 Use of the Service

5.1 Permitted use and permitted sharing

You may use the Service, Results and Reports solely for internal defensive security purposes, such as analysing network captures from your environment or from environments you are contractually responsible for securing.

You may use Results and Reports to support internal assessment, triage, investigation, defensive security actions, incident handling, risk review, and internal reporting.

Results and Reports are confidential. You may share them only on a strict need-to-know basis with your personnel, controlled affiliates, bound contractors, external counsel, auditors, MSSPs, consultants, and incident-response providers, provided they are subject to professional secrecy or written confidentiality obligations no less protective than these OST.

If disclosure is legally required by a regulator, court, or competent authority, you must disclose only what is necessary and, where legally permitted, notify BlackCrypt in advance.

5.2 Prohibited use

You must not use the Service:

to analyse captures obtained unlawfully or without appropriate authorisation;
to attempt to deanonymise or re-identify individuals beyond what is necessary for legitimate defensive security purposes and permitted by applicable law;
to circumvent technical or usage limits of the Service, or to interfere with its proper functioning;
to publicly redistribute, publish, resell, sublicense, or commercialise Results or Reports;
to use Results or Reports for marketing, public comparative benchmarking, vendor scorecards, or public claims about BlackCrypt or third parties without BlackCrypt’s prior written consent;
to remove confidentiality notices, attribution, legal notices, report metadata, or verification information from Reports;
to use BlackCrypt names, logos, trademarks, screenshots, Results, or Reports in public material without BlackCrypt’s prior written consent;
to train, benchmark, evaluate, reverse engineer, or improve models, detection tools, or competing services using the Service, Results, Reports, or their contents, except where explicitly permitted in a separate written agreement with BlackCrypt;
for prohibited end uses under applicable export-control or sanctions laws, including unlawful surveillance, human-rights abuses, weapons of mass destruction proliferation, or restricted military end use;
in a way that violates applicable law, including export-control, sanctions, data-protection, telecommunications, cybercrime, or computer-misuse laws.

Important — prohibited uses

You cannot use BlackCrypt to analyse captures you are not legally authorised to process, to build or benchmark a competing product, to redistribute Reports publicly, or to misuse the outputs in ways that violate law or others’ rights. If you are unsure whether a use is permitted, you should seek legal advice before proceeding.

5.3 Customer responsibilities

You are responsible for:

ensuring that you have a valid legal basis to process any personal data contained in Customer Data through the Service;
configuring capture scope so Customer Data is representative, lawful, accurate, and limited to what is necessary;
reviewing Results critically and validating findings against internal context before enforcement, blocking, reporting, escalation, or containment;
using safe change-management practices, including testing and rollback where appropriate;
performing asset triage, incident response, regulatory assessment, and remediation under your own policies and procedures;
restricting access to Results and Reports to need-to-know recipients and preventing unauthorised redistribution;
ensuring that downstream vendors or processors handling personal data in Customer Data, Results or Reports are subject to appropriate GDPR-compliant contracts and safeguards;
ensuring that your use of the Service, monitoring, disclosure, retention, and enforcement actions comply with applicable law, sector rules, and internal policies.

Summary – your key responsibilities

You stay in charge of what captures are uploaded, how you interpret the outputs, and what enforcement decisions you take. BlackCrypt provides analysis and indicators, but does not run your security operations for you.

6 Customer Data and Privacy

6.1 Roles

For Customer Data processed through the Service, Customer acts as controller or processor, as applicable. Where Customer acts as controller, BlackCrypt acts as processor. Where Customer acts as processor for an end customer, BlackCrypt acts as Customer’s sub-processor. Customer is responsible for ensuring that it has authority to appoint BlackCrypt and to issue processing instructions for the relevant Customer Data.

The DPA sets out the details of this processing, including subject matter, duration, nature, purpose, categories of data, categories of data subjects, security measures, sub-processors, transfers, assistance, deletion/return, and audit rights.

6.2 Data Processing Agreement

BlackCrypt will process Customer Data only as documented in the DPA and your instructions, which include your use of the Service and any configuration options you select. In the event of a conflict between these OST and the DPA on data-protection matters, the DPA prevails.

6.3 Data minimisation and retention

BlackCrypt will implement data-minimisation and retention measures as described in these OST, the DPA and the Privacy Policy. Uploaded PCAPs and capture-derived raw artefacts are deleted after the analysis completes or irrecoverably fails, subject only to technical backup cycles.

Derived analysis outputs, metadata and generated report artefacts are retained for 90 days by default while the analysis remains available in the Service, unless deleted earlier by Customer or retained longer where required by law, security investigation, dispute handling, or an agreed enterprise retention setting.

Security, abuse-prevention, support and audit logs are retained for up to 180 days by default, unless longer retention is required for legal, tax, security, incident-response, or dispute reasons. Deletion propagates to backups within 30 days according to the backup lifecycle, unless backup isolation is legally or operationally required.

6.4 No model training on Customer Data

BlackCrypt does not use Customer Data, PCAPs, derived Results, Reports, or personal data contained in Customer Data to train, retrain, fine-tune, benchmark, or evaluate general-purpose detection, AI, or machine-learning models reused across customers, except under a separate explicit written opt-in agreement.

BlackCrypt may use aggregated and de-identified service analytics, such as uptime, error rates, capacity metrics, queue statistics, and non-identifying product telemetry, to operate, secure and improve the Service, provided that such analytics do not identify Customer, Customer users, data subjects, or Customer Data.

7 Credits, Billing and Payment

7.1 Credits and consumption

Unless the Service interface clearly states otherwise before submission, one Credit runs one Advanced Analysis on one accepted PCAP. Basic Analyses do not consume Credits. BlackCrypt may introduce other paid metered features only where the applicable Credit consumption or price is displayed in the Service interface before use.

Credits are typically sold in bundles. Credits do not expire unless an expiry period is expressly stated at the time of purchase, in the Service interface before checkout, or in a separate signed agreement. Expired Credits cannot be used and are not refundable, except where required by mandatory law.

7.2 Payments and taxes

You agree to pay all fees and charges for Credits and any other paid features as described in the billing interface. Prices are exclusive of taxes unless stated otherwise. You are responsible for any applicable VAT, sales tax, or similar indirect taxes, except where BlackCrypt is required by law to collect and remit them.

Payments are processed through third-party payment processors. BlackCrypt does not store full payment card details and relies on those processors for secure transaction handling.

7.3 Expiry and refunds

Unless otherwise stated in a separate signed agreement or required by mandatory law, Credits are non-transferable and non-refundable once purchased, even if unused.

Credits are consumed when an Advanced Analysis starts or when the Service accepts a paid metered request, as described in the Service interface. No Credit is consumed for inputs rejected before acceptance.

If an accepted Advanced Analysis irrecoverably fails before Results are delivered because of a platform error, queue/worker failure, or unsupported condition not caught before acceptance, BlackCrypt will re-issue the consumed service Credit unless a cash refund is required by mandatory law.

No refund or re-credit is owed for completed analyses; expected model uncertainty such as false positives or false negatives; invalid, corrupted, unauthorised, incomplete, unsupported, or out-of-scope inputs rejected before acceptance; inputs that contain no encrypted traffic required for the selected analysis; or third-party rate limits or outages outside BlackCrypt’s reasonable control.

8 Support and Availability

BlackCrypt will use commercially reasonable efforts to maintain the availability and reliability of the Service, excluding scheduled maintenance, emergency maintenance, third-party outages, force majeure events, customer-side issues, and factors outside BlackCrypt’s reasonable control.

Unless expressly agreed in a separate signed Service Level Agreement, the Service, Basic Analyses, Advanced Analyses, Results and Reports are provided without service-level commitments, including guaranteed uptime, availability, response times, resolution times, turnaround times, accuracy thresholds, remediation obligations, or service credits. Any processing times or support response times communicated in the Service are operational targets only.

Basic support is provided through the channels indicated in the Service interface. Enhanced support levels, SLAs, or professional services may be available only under separate signed agreements or paid plans.

9 Security

BlackCrypt will implement technical and organisational measures to protect Customer Data, as described in the DPA and Privacy Policy. These measures are designed to protect against unauthorised access, disclosure, alteration, and destruction and may include encryption in transit and at rest, access controls, MFA, data segregation, logging, monitoring, vulnerability management, and controlled deletion.

You are responsible for securing your own environment, including endpoints, network infrastructure, and identity systems. The Service is one component of your overall security posture, not a complete solution.

10 Intellectual Property

BlackCrypt and its licensors retain all rights, title, and interest in and to the Service, including software, models, model weights, features, interfaces, workflows, detection logic, report templates, layouts, documentation, training datasets, proprietary methods, and improvements developed by BlackCrypt.

You retain all rights, title, and interest in and to Customer Data. BlackCrypt acquires no ownership rights in Customer Data, except for the limited, non-exclusive licence necessary to host, process, analyse, secure, support, delete and otherwise handle Customer Data to provide the Service, comply with law, enforce these OST, and perform obligations under the DPA.

Subject to these OST, BlackCrypt grants you a limited, non-exclusive, non-transferable licence to use Results and Reports for your internal defensive security purposes and permitted need-to-know disclosures under Section 5.1. BlackCrypt retains rights in the underlying templates, layouts, software, models and systems used to generate Results and Reports.

No rights are granted by implication, estoppel, or otherwise beyond the limited rights expressly stated in these OST.

11 Warranties and Disclaimers

The Service, Results and Reports are provided “as is” and “as available”, subject only to any commitments expressly stated in a separate signed agreement. To the maximum extent permitted by law, BlackCrypt disclaims all warranties, whether express, implied, statutory, or otherwise, including merchantability, fitness for a particular purpose, accuracy, non-infringement, and warranties arising from course of dealing or trade usage.

BlackCrypt does not warrant that the Service will be uninterrupted, error-free, vulnerability-free, or available at all times, or that Results will detect all malicious activity, avoid all false positives, avoid all false negatives, or be suitable as the sole basis for security, legal, regulatory, compliance, audit, or business decisions.

Results and Reports are informational security-analysis outputs. They are not legal, audit, compliance, assurance, certification, or attestation advice, and do not constitute an examination, review, certification or attestation engagement. No legal opinion, audit opinion, compliance opinion, certification, or warranty of regulatory compliance is provided.

You remain responsible for independent judgement, enforcement decisions, regulatory positions, filings, incident handling, and obtaining independent legal, audit, compliance, or security advice where appropriate. Except where expressly agreed in writing, BlackCrypt owes no duty of care to third parties who receive or rely on Results or Reports, and any third-party use is at their own risk.

BlackCrypt has no obligation to update Results or Reports for later changes in threat intelligence, IP reputation, infrastructure ownership, model versions, label space, legal requirements, or newly discovered information unless separately engaged.

Plain language

No security tool is perfect. BlackCrypt outputs are useful security indicators, not guarantees, legal opinions, audit opinions, or compliance certifications.

12 Limitation of Liability

This Section 12 sets out the limits on BlackCrypt’s liability under these OST. Nothing in these OST excludes or limits liability that cannot be excluded or limited under applicable law (for example, liability for death or personal injury caused by negligence, or for intentional misconduct).

12.1 Excluded damages

To the maximum extent permitted by law, neither party will be liable to the other for any indirect, incidental, consequential, special, punitive, or exemplary damages, or for loss of profits, revenue, goodwill, or data, even if advised of the possibility of such damages and even if any limited remedy fails of its essential purpose.

12.2 Caps for Advanced Analyses

For paid Advanced Analyses and other paid features, BlackCrypt’s aggregate liability arising out of or related to these OST (whether in contract, tort, or otherwise) will not exceed the greater of (a) the total fees paid by you to BlackCrypt for the Service during the twelve (12) months immediately preceding the event giving rise to the claim, or (b) EUR 10,000.

12.3 Basic Analyses

For free Basic Analyses, BlackCrypt’s liability is excluded to the maximum extent permitted by law. Where such exclusion is not permitted, BlackCrypt’s aggregate liability for Basic Analyses is limited to EUR 100.

12.4 Carve-outs

The caps and exclusions in this Section 12 do not apply to (a) your payment obligations, (b) either party’s liability for gross negligence or wilful misconduct, or (c) any other liability that cannot be limited under applicable law.

At a glance — tiers and liability

Basic Analyses: free, limited outputs, liability excluded to the maximum extent permitted by law, with limited fallback liability where exclusion is not permitted.
Advanced Analyses: paid, richer outputs, liability capped at recent fees or EUR 10,000, whichever is higher.

13 Term, Suspension and Termination

These OST apply from the moment you create an account or first use the Service, whichever is earlier, and continue until your account is closed and all use of the Service has ceased.

BlackCrypt may suspend or restrict access to the Service if you breach these OST, if your account is used in a way that risks harm to the Service or others, or if required to do so by law or competent authority. Where practicable, BlackCrypt will provide notice and an opportunity to cure before suspending for breach.

You may stop using the Service at any time. If you wish to close your account, you may do so through the mechanisms described in the Service interface or by contacting support. Closing your account does not entitle you to a refund of unused Credits, except where required by mandatory law or explicitly agreed otherwise.

14 Changes to these OST

BlackCrypt may update these OST from time to time, for example to reflect changes in the Service, applicable law, or best practices. When changes are made, BlackCrypt will update the version number and effective date and, where changes are material, provide reasonable advance notice through the Service or by email.

Where required by the Service, you may need to review and affirmatively accept updated OST before continuing to use upload, analysis, billing, or other protected features.

Continued use of the Service after the effective date of updated OST constitutes acceptance of the updated terms. If you do not agree to material changes, you should stop using the Service and may be entitled to a proportional refund of unused Credits for paid Advanced Analyses, subject to the caps and exclusions in Section 12.

15 Notices

Notices under these OST may be provided through the Service interface, by email to the contact details associated with your account, or by other reasonable means. You are responsible for keeping your contact details up to date.

16 Governing Law and Venue

Unless otherwise required by mandatory law or expressly agreed in a separate signed agreement, these OST and the Service are governed by the laws of the Grand Duchy of Luxembourg, excluding its conflict-of-laws rules and excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).

For business customers and other non-consumer users, the parties submit to the exclusive jurisdiction of the competent courts of Luxembourg City, Grand Duchy of Luxembourg, for disputes arising out of or relating to the Service or these OST.

If you are a consumer resident in the EU, EEA, UK, or another jurisdiction with mandatory consumer-protection rules, this choice of law and venue does not deprive you of protections that cannot be waived under the law of your habitual residence. You may have the right to bring proceedings in the courts of your habitual residence where mandatory law so provides.

Either party may seek temporary, interim, or injunctive relief in any court of competent jurisdiction to protect confidentiality, intellectual property, security, or data-protection interests.

17 Miscellaneous

These OST, together with the DPA where applicable and any order, checkout confirmation, invoice, billing information, or separately signed agreement confirmed through or alongside the Service, constitute the entire agreement between you and BlackCrypt regarding the Service, unless a separately signed agreement expressly states that it overrides these OST.

No third party is intended to benefit from or enforce these OST, except where mandatory law provides otherwise or where a separately signed agreement expressly states otherwise.

If any provision is held invalid or unenforceable, the remaining provisions continue in full force and effect. Failure to exercise a right is not a waiver. Rights and remedies under these OST are cumulative unless expressly stated otherwise.

Neither party is liable for delays or failure to perform caused by events beyond its reasonable control, including third-party provider outages, internet failures, acts of government, war, strikes, natural disasters, power failures, security incidents not caused by the affected party’s breach, or other force majeure events, provided the affected party uses reasonable efforts to mitigate the impact.

Sections concerning confidentiality, permitted use, prohibited use, payment obligations, intellectual property, Customer Data ownership, no model training, warranties and disclaimers, limitation of liability, non-reliance, export controls, governing law and venue, definitions, and this miscellaneous section survive termination or expiry of the Service or these OST.

For business customers and other non-consumer users, any claim arising out of or relating to the Service or these OST must be brought within twelve (12) months after the event giving rise to the claim, except where a longer period is required by mandatory law. This claims period does not apply to consumers where prohibited by mandatory law.