Terms and Conditions

1.1. Provider / Pintor Project:Pintor Project Co., a corporation organized under the laws of the State of Delaware, United States of America (hereinafter the "Provider" or "Pintor Project"), engaged in the development, operation, and licensing of FlowGuard, a SaaS platform for automated user acceptance testing. The Provider's full identifying information and registered address are specified in the applicable Service Order.

1.2. Customer: The natural or legal person who contracts the Services from Pintor Project through (i) one or more Service Orders, commercial proposals, annexes, or similar documents, or (ii) a digital subscription or registration flow made available by the Provider (including self-serve signup at flowguardians.com).

1.3. Services / FlowGuard: The SaaS platform operated by Pintor Project for automated user acceptance testing (UAT) of web applications designated by the Customer, including browser agents, network capture, code analysis, AI-driven visual checkpoints, and related dashboards, integrations, APIs, and command-line tools.

1.4. Platform:The Provider's technology infrastructure, hosted primarily on Microsoft Azure cloud services and other authorized providers, supporting the operation of the Services.

1.5. Service Order / Commercial Proposal: Document or digital form (including the self-serve checkout flow) that details the contracted plan, scope, volumes, service levels, fees, currency, and other particular conditions.

1.6. Customer Data: All information that the Customer, its users, or third parties acting on its behalf upload, transmit, or make available to the Provider through the Services, including screenshots, logs, repository excerpts, network captures, and test artifacts generated during flow execution, as well as analytical outputs and metrics generated from such data.

1.7. Principal: Third party for whose final benefit the Services are provided through the Customer (for example, an end-customer of a Customer that resells or operates FlowGuard on its behalf).

1.8. Personal Data and Data Subject:Any information relating to an identified or identifiable natural person, as defined by applicable data-protection laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") for U.S. residents, and, where the Customer processes data of European Economic Area residents through the Services, the EU General Data Protection Regulation ("GDPR").

1.9. Data Protection and Cybersecurity Regulations:The set of applicable laws and regulations that govern the Customer's and Provider's processing of Personal Data and security obligations, including CCPA/CPRA, the U.S. federal sectoral privacy framework where applicable, the GDPR for EEA data subjects, and other sector-specific regulations applicable to the Customer's industry.

1.10. Business Day: Any day Monday through Friday that is not a federal holiday in the United States of America.

2.1. This instrument governs the Terms and Conditions of Use of the Platform and operates as the Master SaaS Services Agreement between Pintor Project and the Customer with respect to FlowGuard.

2.2. Specific Services, their technical characteristics, and commercial conditions shall be detailed in the corresponding Service Orders or the self-serve plan selected by the Customer, which shall be considered integral parts of this Master Agreement.

2.3. In case of conflict between documents, the following order of precedence shall prevail:

• a) The specific Service Order, including its technical annexes;
• b) This Master Agreement / Terms and Conditions;
• c) Complementary policies (Privacy Policy, Acceptable Use Policy, Sub-processor list) and referenced technical documentation.

2.4. Acceptance of these Terms is perfected through (i) physical or electronic signature of this document or of a Service Order that references it, or (ii) activation, registration, or effective use of the Platform by the Customer (including self-serve signup), whichever occurs first.

3.1. Pintor Project grants the Customer a non-exclusive, non-transferable, revocable, and limited license to access and use FlowGuard under the SaaS modality and for the term of this agreement and the respective Service Order or plan.

3.2. The license is granted solely for the Customer's and its Principals' own purposes, within their business operations.

3.3. The Customer may not, without prior written authorization from Pintor Project:

• a) Sub-license, rent, lease, resell, or make the Services available to third parties, except to the extent inherent in providing services to its own Principals.
• b) Decompile, disassemble, reverse-engineer, or attempt to derive the source code of the Platform.
• c) Circumvent or interfere with security, authentication, or access-control mechanisms.
• d) Use the Services for illegal activities or activities contrary to applicable regulations or the Acceptable Use Policy.

3.4. The Customer acknowledges and accepts that the Services are licensed "as is" and "as available". As an AI-assisted automated-analysis service, FlowGuard's outputs (visual checkpoint verdicts, regression detection, automatic-fix proposals) carry a statistical margin of error and cannot be considered infallible nor interpreted as legal, financial, or regulatory advice.

4.1. Pintor Project may require background information and compliance declarations from the Customer to assess the risk of use of the Services and compliance with applicable regulations.

4.2. The Provider may classify the Customer by risk level and condition the enablement of certain modules on the delivery of additional information or reinforced controls.

4.3. Pintor Project may suspend or deny access to the Services when (a) the Customer fails to provide sufficient information; (b) uses are detected contrary to these Terms, the Acceptable Use Policy, or applicable regulations; (c) there are well-founded indications of fraud or significant cybersecurity incidents.

4.4. The Customer shall remain responsible for payment obligations accrued prior to suspension or termination.

5.1. With respect to Personal Data processed through the Services, the Customer acts as Data Controller(or "business" under CCPA/CPRA) and Pintor Project acts as Data Processor(or "service provider" under CCPA/CPRA).

5.2. The Customer declares and warrants that it holds all necessary rights, notices, consents, and authorizations from Data Subjects to allow processing by Pintor Project. The Customer is solely responsible for ensuring that the applications under test, and any production or masked data exposed to the Platform, comply with applicable data-protection laws.

5.3. Indemnity. The Customer shall indemnify and hold the Provider harmless against any fine, sanction, or claim arising from lack of consent or appropriate authorization regarding Customer Data.

5.4. Pintor Project may suspend the Services for flagrant breaches of this clause, without prejudice to its right to terminate and seek damages.

6.1. The Customer acts as Data Controller and Pintor Project as Data Processor in accordance with CCPA/CPRA, GDPR (where applicable), and other applicable data-protection regulations described in clause 1.9.

6.2. Pintor Project shall process Personal Data exclusively for:

• a) Performing and improving the contracted Services;
• b) Maintaining, monitoring, and securing the Platform;
• c) Complying with legal obligations or authority requirements;
• d) Improving its AI models, always on anonymized or aggregated data and never on Customer Data used to train third-party models.

6.3. Authorized Sub-processors. The Customer expressly authorizes Pintor Project to subcontract infrastructure, security, communications, and data-processing services with the following providers:

• a) Microsoft Corporation (Azure): hosting, SQL databases, blob storage, Application Insights, Communication Services Email, and Azure AI Foundry — the private deployment used by FlowGuard for AI model calls.
• b) Anthropic, PBC (USA): language-model services (Claude API) used for visual checkpoint analysis, test generation, and codebase analysis within the FlowGuard Platform, accessed via the Provider's private Azure AI Foundry deployment.
• c) Stripe, Inc. (USA): payment processing, subscription management, and SaaS billing.
• d) Microsoft GitHub (USA): optional integration for repository analysis and flow proposals when enabled by the Customer.
• e) Atlassian (USA) and Microsoft Azure DevOps (USA): optional ticket-tracker integrations enabled by the Customer.
• f) Other sub-processors that the Provider may incorporate in the future, provided they maintain equivalent security and compliance standards.

An up-to-date list is published at flowguardians.com/subprocessors.

6.4. International transfers. The Customer acknowledges and authorizes that Customer Data may be stored and processed in data centers located in the United States of America (primary deployment region) and, where the Customer is contracted under an EU region, in the European Union, to the extent such transfers comply with applicable regulations and are covered by adequate contractual clauses (including the EU Standard Contractual Clauses where applicable), certifications, or other mechanisms permitted by law.

6.5. Information security. Pintor Project implements reasonable technical and organizational measures appropriate to the risk, including (a) encryption in transit and at rest; (b) least-privilege access management and multi-factor authentication; (c) access and event logging; (d) periodic security audits; (e) incident-management and operational-continuity procedures.

6.6. Incident notification. In the event of a security incident significantly affecting the confidentiality, integrity, or availability of Customer Data, Pintor Project shall notify the Customer without undue delay once it has reasonably sufficient information.

6.7. Data Subject rights. Requests by Data Subjects sent directly to the Provider shall be forwarded to the Customer for handling, unless applicable law imposes direct obligations on the Provider. The Provider shall reasonably cooperate with the Customer in responding to access, deletion, correction, portability, and opt-out requests within the timeframes required by applicable law.

6.8. Retention and deletion.At the Customer's written request, Pintor Project shall delete or return Customer Data within a reasonable time, except where retention is required by law. Run-history retention defaults are described in the Customer's plan (Free: 7 days; Pro: 90 days; Business: 1 year; Enterprise: custom).

7.1. UAT Automation scope. The FlowGuard Platform runs automated tests against the web applications designated by the Customer, using browser agents, network capture, code analysis, and AI models to detect regressions and propose automatic fixes.

7.2. Customer acknowledgements. The Customer acknowledges that:

• a) Test results, visual checkpoint verdicts, and fix proposals generated by the Platform are statistical decision-support tools and do not replace human validation;
• b) Test execution implies that the agent may interact with real or test data in the Customer's applications, including triggering forms, state changes, and side effects;
• c) It is the Customer's sole responsibility to segregate environments, use masked data when appropriate, and authorize the agent to operate on the designated applications.

7.3. Liability carve-out for test execution. Pintor Project shall not be liable for:

• a) Interruptions, data modifications, or unwanted effects in the Customer's applications resulting from test execution authorized by the Customer;
• b) The absolute accuracy of automatic-fix proposals, which are suggestions the Customer must review before applying them.

7.4. Third-party applications under test. The Customer is responsible for respecting third-party terms of service and intellectual-property rights over the applications under test, especially when such applications belong to third parties with whom the Customer has a commercial relationship.

8.1. Keep contact details, billing information, and authorized users up to date.

8.2. Implement internal privacy, security, and usage policies consistent with applicable regulations and this contract.

8.3. Properly manage user access credentials (strong passwords, MFA, additional controls).

8.4. Not introduce malicious code nor perform penetration tests or other actions that affect the stability or security of the Services without prior written authorization.

8.5. Reasonably cooperate with Pintor Project in incident investigations and, where applicable, in sector audits.

9.1. Pintor Project retains exclusive ownership of all intellectual- property rights over the Platform, FlowGuard, the Services, their source and object code, algorithms, AI models, trademarks, trade names, logos, and any other associated intangible assets.

9.2. Nothing in this contract shall be construed as a transfer of intellectual property to the Customer, but solely as the grant of usage licenses.

9.3. Reports, metrics, dashboards, and information generated based on Customer Data shall be considered Customer information, without prejudice to Pintor Project's right to reuse derived patterns and insights on an anonymized and aggregated basis.

9.4. The Customer may not remove, hide, or alter copyright notices, trademarks, or other indications of rights reserved.

10.1. Fees, currency, billing mode, discounts, and other commercial conditions shall be established in the corresponding Service Order or, in the case of self-subscription plans, on the pricing and checkout flow of the Provider's website at the time of contracting.

10.2. Unless otherwise indicated, prices are understood to be net, with sales tax, VAT, or any other applicable tax to be added.

10.3. Pintor Project shall issue invoices at the indicated periodicity and the Customer shall pay within the indicated term. Self-serve plans are billed monthly through Stripe.

10.4. Delay in payment shall entitle Pintor Project, without prejudice to other actions, to: (a) accrue default interest at the maximum rate permitted under applicable law; (b) suspend the Services totally or partially; (c) terminate the contract for arrears greater than 30 calendar days.

10.5. The Customer shall be responsible for any banking charges, international-transfer costs, or other expenses associated with the payment method, unless otherwise agreed.

11.1. Pintor Project shall make commercially reasonable efforts to ensure availability consistent with SaaS-industry standards. Specific levels may be defined in technical annexes or Enterprise Service Orders.

11.2. Technical support shall be provided through the hours and channels described in the Service Order or the Provider's public documentation at flowguardians.com/docs.

11.3. Temporary interruptions may exist due to scheduled maintenance, technical contingencies, or incidents outside the Provider's reasonable control, and shall not constitute breach if reasonable mitigation measures are adopted.

12.1. Each party represents it has the legal capacity to enter into this contract.

12.2. Pintor Project represents that (a) it holds the rights to license the Platform; (b) it implements security measures consistent with clause 6; (c) it makes commercially reasonable efforts for the Services to function according to the technical documentation.

12.3. The Customer represents that (i) it has reviewed the technical documentation, (ii) it understands the scope and limitations, especially in AI, and (iii) it has determined that the Services are adequate for its purposes.

12.4. Disclaimer of other warranties. To the maximum extent permitted by law, Pintor Project does not grant additional warranties, express or implied, beyond those expressly stated.

13.1. To the maximum extent permitted by the laws of the State of Delaware, United States of America, Pintor Project shall not be liable for (a) indirect, incidental, special, consequential, or punitive damages or lost profits; (b) data loss, except in case of willful misconduct or gross negligence; (c) business decisions adopted exclusively based on Service outputs without additional validation.

13.2. Pintor Project's total accumulated liability shall be limited to the amount actually paid by the Customer to the Provider during the three (3) months immediately preceding the event giving rise to the claim.

13.3. This limitation shall not apply in cases of duly proven willful misconduct or gross negligence.

14.1. Each party shall maintain in strict confidence all technical, commercial, financial, or other information identified as confidential or reasonably understood as such.

14.2. The obligation shall remain in force during the contract and for an additional period of five (5) years from termination.

14.3. Exceptions: publicly available information without contractual breach; legitimately known before disclosure; disclosed by a third party without confidentiality obligations; or required by legal mandate.

15.1. Neither party shall be liable for failures due to force majeure or fortuitous events, such as natural disasters, acts of authority, generalized telecommunications failures, wars, pandemics, or massive cyberattacks affecting third-party infrastructure.

15.2. The affected party shall inform the other within a reasonable time and adopt mitigation measures.

16.1. The contract enters into force from its acceptance (clause 2.4) and remains in effect while there are active Service Orders or the Customer maintains access to the Platform.

16.2. Either party may terminate without cause through written notice with minimum advance notice of thirty (30) calendar days. Self-serve subscriptions may be cancelled at any time through the Stripe Customer Portal linked from the Customer's Billing settings.

16.3. Pintor Project may terminate immediately upon (a) material breach by the Customer; (b) use of the Services contrary to data-protection regulations or the Acceptable Use Policy; (c) Customer insolvency or liquidation.

16.4. Upon termination, Pintor Project shall delete or return Customer Data in accordance with clause 6.8.

17.1. Pintor Project may improve, update, or modify the Services, provided that no substantial reduction of the committed service level occurs.

17.2. Material modifications to these Terms shall be communicated with reasonable advance notice (in principle, no less than 30 days).

17.3. If the Customer continues using the Services after that period, the modifications shall be deemed accepted. Otherwise, the Customer may terminate under clause 16.2.

18.1. The Customer may not assign or transfer its rights or obligations without the Provider's prior written authorization.

18.2. Pintor Project may assign this contract to related companies or to a purchaser of its business, upon prior notice to the Customer.

18.3. Pintor Project shall remain responsible to the Customer for the proper execution of the Services.

19.1. All notices shall be made in writing to the physical or electronic addresses indicated by the parties, including through the Platform when it has messaging modules. Legal notices to the Provider shall be sent to legal@flowguardians.com.

19.2. Each party shall keep its contact information up to date.

20.1. This contract is governed by the laws of the State of Delaware, United States of America, without regard to its conflict-of-laws provisions.

20.2. Any dispute arising out of or relating to this contract shall be submitted to the exclusive jurisdiction of the state and federal courts located in the State of Delaware, United States of America, the parties waiving any other jurisdiction that might apply.