Effective: May 5, 2026 · Last updated: May 7, 2026
By accessing or using the Draxis.ai platform (“Service”), you (“Customer,” “you,” or “your”) agree to be bound by these Terms of Service (“Terms”). If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to these Terms. If you do not agree to these Terms, do not use the Service.
These Terms constitute a legally binding agreement between you and Draxis, Inc. (“Draxis,” “we,” “us,” or “our”), a Delaware corporation with its principal place of business in Bolton, Massachusetts.
Draxis.ai is a Cyber Risk Intelligence platform that connects to your existing security controls, programmatically extracts Key Risk Indicators (KRIs), and maps them to business outcomes, including financial, operational, regulatory, and reputational exposure. The Service includes an AI Expert Panel comprising an AI vCISO, Privacy expert, Third-Party Risk expert, and Cyber Insurance expert, each with compounding institutional memory across your engagement history.
Draxis does not manage security controls, operate as a compliance automation platform, or guarantee any specific security or compliance outcome. The Service surfaces risk intelligence to support informed decision-making by qualified personnel.
3.1 Eligibility. The Service is intended for use by businesses and qualified security professionals. You must be at least 18 years of age and have legal authority to enter into contracts on behalf of your organization.
3.2 Account registration. To access the Service, you must create an account and provide accurate, complete, and current registration information. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account.
3.3 Multi-tenant accounts. Customers subscribed under a partner or managed service tier (for example, vCISO firms, MSPs) may provision access for multiple client tenants. The account holder remains responsible for all tenant activity and compliance with these Terms.
3.4 Unauthorized access. You agree to notify Draxis immediately at legal@draxis.ai if you discover or suspect unauthorized access to your account.
4.1 Subscription tiers. Draxis offers subscription plans as described on the pricing page at draxis.ai/pricing, including individual organization plans and multi-tenant partner plans. Custom enterprise and white-label arrangements are governed by a separate Order Form or Master Services Agreement.
4.2 Fees. Subscription fees are billed in advance on a monthly or annual basis, as selected at sign-up. All fees are stated in U.S. dollars and are non-refundable except as expressly provided in these Terms.
4.3 Payment processing. Payments are processed through Stripe or another authorized payment processor. By providing payment information, you authorize Draxis to charge the applicable fees to your payment method on a recurring basis.
4.4 Price changes. Draxis reserves the right to change subscription fees upon at least 30 days’ prior written notice. Continued use of the Service after the effective date of a price change constitutes your acceptance of the new pricing.
4.5 Taxes. You are responsible for all applicable taxes, levies, or duties imposed by taxing authorities in connection with your use of the Service.
4.6 Free trials and diagnostic access. Draxis may offer limited-access diagnostic tools (such as the “AI vCISO First Look”) at no charge. These free-tier tools are subject to these Terms and may be modified or discontinued at any time without notice.
5.1 Nature of AI outputs. The Service uses artificial intelligence, including large language models, retrieval systems, workflow logic, prompts, prompt chains, model-routing methods, and other proprietary Draxis Technology to generate risk analyses, recommendations, reports, summaries, and expert panel responses (collectively, “Outputs”). Outputs are provided for informational purposes only and do not constitute legal, financial, insurance, audit, compliance, or professional security advice. Draxis does not act as Customer’s attorney, security officer, compliance officer, auditor, insurance broker, fiduciary, or other professional adviser.
5.2 Customer responsibility and human oversight. Customer is solely responsible for reviewing, validating, and determining whether to act on any Output. Customer should not rely on the Service or any Output as the sole basis for decisions involving legal compliance, cybersecurity controls, financial exposure, insurance coverage, risk acceptance, regulatory reporting, vendor management, or other material business decisions. Draxis is a risk intelligence tool and does not replace qualified human judgment.
5.3 No guarantee of accuracy. Outputs may contain errors, omissions, outdated information, incomplete information, or inaccurate assumptions. Draxis does not warrant that any Output will be accurate, complete, current, compliant, legally sufficient, or fit for any particular purpose.
5.4 Institutional memory. The AI Expert Panel may retain contextual memory across Customer sessions to improve the quality and continuity of Outputs. Such memory is scoped to Customer’s account and tenant and is subject to Draxis’s data retention, deletion, security, and data processing commitments.
5.5 Beta, trial, preview, and diagnostic features. Draxis may offer beta, trial, preview, experimental, evaluation, diagnostic, or early-access features, including limited-access tools such as “AI vCISO First Look” (collectively, “Beta Features”). Beta Features are provided for evaluation only, may be modified, suspended, or discontinued at any time, and may be subject to additional limits, disclaimers, or terms. Beta Features are provided “as is” without warranties, indemnities, service commitments, support commitments, uptime commitments, or liability obligations to the maximum extent permitted by law.
6.1 Your data. As between the parties, Customer retains all right, title, and interest in and to data, configurations, security telemetry, content, prompts, files, logs, and other information that Customer provides to, submits to, or authorizes Draxis to ingest into the Service on Customer’s behalf (collectively, “Customer Data”). Subject to these Terms, Customer grants Draxis and its affiliates, subsidiaries, service providers, and Sub-processors a limited, non-exclusive, worldwide license to host, copy, transmit, display, process, analyze, and use Customer Data solely as necessary to provide, secure, maintain, support, troubleshoot, and improve the Service; generate Outputs for Customer; comply with applicable law; prevent or address service, security, support, or technical issues; and otherwise perform Draxis’s obligations or exercise Draxis’s rights under these Terms, the applicable Order Form, and the DPA.
6.2 Customer responsibility for Customer Data. Customer is responsible for the accuracy, quality, legality, integrity, and appropriateness of Customer Data and for obtaining all rights, consents, permissions, and authorizations necessary for Draxis to process Customer Data in accordance with these Terms and the DPA. Customer represents and warrants that Customer Data and Customer’s use of the Service will not violate applicable law or any third-party right.
6.3 Sensitive data. The Service is designed to ingest risk signals, control telemetry, configuration data, and KRI data from Customer’s security controls. Customer shall not upload, submit, transmit, or otherwise make available to the Service any payment card data, protected health information, special category data, biometric data, government identification numbers, financial account numbers, children’s data, or other sensitive or highly regulated data unless expressly authorized in an applicable Order Form, DPA, or written agreement signed by Draxis. Draxis has no obligation to monitor Customer Data for prohibited sensitive data.
6.4 Data security. Draxis implements commercially reasonable technical and organizational measures to protect Customer Data. Details are set forth in the Draxis Trust Center available at draxis.ai/trust.
6.5 Data Processing Addendum. The parties shall comply with the Draxis Data Processing Addendum (“DPA”), available at draxis.ai/dpa, which is incorporated into and forms part of these Terms to the extent Draxis processes Personal Data on behalf of Customer in connection with the Service. In the event of a conflict between these Terms and the DPA with respect to privacy, data protection, or Draxis’s processing of Personal Data on behalf of Customer, the DPA will control. Draxis may update the DPA from time to time as permitted by the DPA, provided that any update will not materially reduce the level of protection for Customer Personal Data during the applicable subscription term.
6.6 Customer Data and model training. Unless otherwise agreed in an Order Form or expressly enabled by Customer, Draxis will not use Customer Data to train third-party foundation models in a manner that allows such Customer Data to be retained by the third-party model provider for general model training. This Section does not limit Draxis’s rights to use Aggregated Anonymous Data as described in Section 8.7 or to use Customer Data as necessary to provide, secure, support, maintain, troubleshoot, or improve the Service for Customer.
6.7 Data deletion. Upon termination of Customer’s subscription, Draxis will retain Customer Data for 30 days, during which Customer may request an export. After that period, Customer Data will be deleted in accordance with Draxis’s data retention schedule unless a longer retention period is required by law, these Terms, the DPA, or Draxis’s legitimate backup, archival, security, compliance, or dispute-resolution requirements. Draxis has no obligation to retain Customer Data after the applicable retention period expires.
7.1 Acceptable use. Customer agrees not to use the Service to:
7.2 Usage limits. The Service may be subject to usage limits, rate limits, API limits, storage limits, tenant limits, user limits, feature limits, fair-use restrictions, or other technical or operational limits described in the applicable Order Form, product documentation, pricing page, or Service interface. Draxis may enforce such limits to protect the Service, prevent abuse, maintain performance, or ensure compliance with the applicable subscription tier.
7.3 Suspension. Draxis may suspend or restrict Customer’s access to the Service, in whole or in part, immediately upon notice where reasonably practicable, if Draxis determines that: (a) Customer has violated these Terms; (b) Customer’s use poses a security, legal, operational, or reputational risk to Draxis, the Service, another customer, or any third party; (c) Customer fails to pay undisputed fees when due; (d) Customer exceeds applicable usage limits; (e) suspension is required by law or requested by a governmental authority; or (f) a third-party service provider suspends or restricts a component necessary to provide the Service. Draxis will use commercially reasonable efforts to limit the suspension to the affected portion of the Service and to restore access promptly after the issue is resolved.
8.1 Draxis Technology. As between the parties, Draxis owns and retains all right, title, and interest in and to the Service and all technology, software, source code, object code, algorithms, artificial intelligence systems, machine learning models, model configurations, model-routing logic, prompts, prompt templates, prompt chains, retrieval methods, workflows, user interfaces, APIs, connectors, integrations, dashboards, reports, templates, risk models, scoring methodologies, analytics, benchmarks, documentation, know-how, trade secrets, designs, inventions, discoveries, improvements, enhancements, modifications, derivative works, and other materials used in, embodied in, or related to the Service (collectively, “Draxis Technology”), together with all intellectual property rights therein. These Terms do not grant Customer any ownership interest in the Service or Draxis Technology.
8.2 License to use the Service. Subject to Customer’s compliance with these Terms and payment of applicable fees, Draxis grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable license during the applicable subscription term to access and use the Service solely for Customer’s internal business purposes and in accordance with these Terms, the applicable Order Form, documentation, and usage limits.
8.3 Ownership of Customer Data. As between the parties, Customer retains ownership of Customer Data. Customer’s ownership of Customer Data does not limit Draxis’s rights in Draxis Technology, Aggregated Anonymous Data, Usage Data, Feedback, or improvements to the Service.
8.4 Outputs. Subject to Customer’s compliance with these Terms, Customer may use Outputs generated by the Service for Customer’s internal business purposes. Draxis does not claim ownership of Customer Data reflected in Outputs. However, Customer acknowledges that Outputs may include or be generated using Draxis Technology, including proprietary prompts, workflows, methods, models, templates, analytics, benchmarks, scoring methodologies, and know-how. Draxis retains all rights in Draxis Technology and does not transfer ownership of any Draxis Technology through any Output. Customer may not use Outputs to develop, train, improve, benchmark, or commercialize any competing product or service.
8.5 Improvements. Draxis owns all modifications, enhancements, improvements, derivative works, developments, discoveries, and inventions related to the Service or Draxis Technology, whether developed before, during, or after Customer’s subscription term, including those based on Customer’s use of the Service, Customer configurations, support requests, error reports, product suggestions, usage patterns, Outputs, or Feedback. No Customer ownership rights arise in the Service, Draxis Technology, or any such improvements.
8.6 Feedback. If Customer provides Draxis with suggestions, ideas, enhancement requests, recommendations, corrections, comments, or other feedback regarding the Service, Outputs, or Draxis Technology (“Feedback”), Customer grants Draxis a perpetual, irrevocable, worldwide, sublicensable, transferable, royalty-free license to use, disclose, reproduce, modify, incorporate, commercialize, and otherwise exploit such Feedback for any purpose without restriction, attribution, confidentiality obligation, or compensation to Customer.
8.7 Aggregated Anonymous Data. Draxis and its affiliates and subsidiaries may collect, derive, aggregate, de-identify, and anonymize metadata, telemetry, usage data, risk signals, configuration data, and other data made available through the Service, including data derived from Customer Data, so long as the resulting data does not identify Customer, any Authorized User, Data Subject, or other individual or entity (“Aggregated Anonymous Data”). Aggregated Anonymous Data is Draxis property and may be used during and after the subscription term for any lawful business purpose, including to operate, analyze, improve, benchmark, and develop the Service and related products, services, models, reports, insights, and business activities. Draxis will not disclose Aggregated Anonymous Data in a manner that reasonably identifies Customer without Customer’s consent.
8.8 Usage Data. Draxis may collect and use technical, diagnostic, log, performance, usage, and operational data regarding Customer’s use of the Service (“Usage Data”) to provide, secure, support, maintain, troubleshoot, analyze, and improve the Service; monitor compliance with usage limits; prevent abuse; and perform Draxis’s obligations under these Terms. To the extent Usage Data is anonymized, aggregated, or de-identified so that it does not identify Customer, an Authorized User, a Data Subject, or any other individual or entity, it will be treated as Aggregated Anonymous Data.
8.9 Reservation of rights. Except for the limited rights expressly granted in these Terms, neither party grants the other party any rights or licenses, whether by implication, estoppel, exhaustion, or otherwise, in or to its intellectual property rights.
Each party agrees to keep confidential any non-public information disclosed by the other party that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure (“Confidential Information”). Each party agrees to use Confidential Information only to exercise its rights and perform its obligations under these Terms, and to protect it using at least the same degree of care it uses for its own confidential information, but no less than reasonable care. This obligation does not apply to information that is or becomes publicly known through no fault of the receiving party, is already known to the receiving party without restriction, or is required to be disclosed by law or court order.
10.1 Service availability. Draxis may modify, update, suspend, or discontinue features of the Service from time to time. Draxis does not guarantee any minimum uptime, support response time, service credit, maintenance window, backup frequency, recovery objective, or availability commitment unless expressly stated in an applicable Order Form or service level agreement signed by Draxis.
10.2 Disclaimer.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
(a) IN NO EVENT SHALL DRAXIS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, OR COSTS OF SUBSTITUTE SERVICES, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE, EVEN IF DRAXIS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
(b) DRAXIS’S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO DRAXIS IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
(c) DRAXIS BEARS NO LIABILITY FOR SECURITY INCIDENTS, BREACHES, OR ADVERSE OUTCOMES ARISING FROM ACTIONS TAKEN OR NOT TAKEN IN RELIANCE ON THE SERVICE.
Customer agrees to indemnify, defend, and hold harmless Draxis and its affiliates, subsidiaries, officers, directors, employees, contractors, agents, representatives, successors, and assigns from and against any third-party claims, damages, losses, liabilities, penalties, fines, costs, and expenses, including reasonable attorneys’ fees, arising out of or related to: (a) Customer’s or its Authorized Users’ use of the Service in violation of these Terms; (b) Customer’s or its Authorized Users’ violation of applicable law or any third-party right; (c) Customer Data, including any allegation that Customer Data or Draxis’s processing of Customer Data in accordance with these Terms infringes, misappropriates, or violates any third-party right; (d) Customer’s use of Outputs; (e) Customer’s integrations with or use of Third-Party Services; or (f) any misrepresentation made by Customer in connection with the Service.
13.1 Term. These Terms are effective as of the date you first access the Service and continue until your subscription is terminated.
13.2 Termination by you. You may cancel your subscription at any time through your account settings or by contacting support@draxis.ai. Cancellation takes effect at the end of your current billing period. No refunds are issued for unused portions of a billing period.
13.3 Termination by Draxis. Draxis may suspend or terminate your account immediately if you materially breach these Terms, fail to pay fees when due, or engage in conduct that poses a risk to the Service or other customers. Draxis may also terminate the Service with 30 days’ written notice for any other reason.
13.4 Effect of termination. Upon termination, your license to use the Service ends immediately. Sections 6.7, 8, 9, 10, 11, 12, 13.4, 14, 16, 17, and 18 survive termination.
Draxis reserves the right to update or modify these Terms at any time. We will provide at least 14 days’ notice before changes take effect by posting the updated Terms at draxis.ai/terms and notifying you via the email address on file. Continued use of the Service after the effective date of any modification constitutes your acceptance of the updated Terms. If you do not agree to modified Terms, you must discontinue use of the Service and cancel your subscription prior to the effective date.
15.1 Third-Party Services. The Service may connect to or integrate with third-party security tools, data sources, platforms, cloud environments, identity providers, ticketing systems, observability tools, and other third-party products or services (collectively, “Third-Party Services”). Draxis does not control and is not responsible for the availability, accuracy, performance, security, integrity, legality, or content of Third-Party Services or data provided by Third-Party Services.
15.2 Customer responsibilities. Customer is solely responsible for: (a) selecting, configuring, authorizing, and maintaining Third-Party Services; (b) obtaining all rights, consents, permissions, credentials, API keys, tokens, and authorizations necessary for Draxis to connect to and process data from Third-Party Services; (c) ensuring that Customer’s integration settings and permissions are appropriate; and (d) complying with all third-party terms, policies, and restrictions applicable to Third-Party Services.
15.3 Integration changes. Draxis is not liable for any failure, delay, loss, unavailability, or degradation of the Service caused by Third-Party Services, changes to third-party APIs, changes to Customer configurations, revoked permissions, expired credentials, third-party outages, or inaccurate data received from Third-Party Services. Draxis may modify or discontinue integrations if required by a Third-Party Service provider, applicable law, security risk, or Service requirements.
Customer represents and warrants that Customer and its Authorized Users are not located in, organized under the laws of, or ordinarily resident in any country or territory subject to comprehensive trade sanctions, and are not identified on any restricted party list maintained by the United States, European Union, United Kingdom, or other applicable governmental authority. Customer shall not access, use, export, re-export, transfer, or make available the Service in violation of applicable export control, sanctions, or trade compliance laws.
17.1 Governing law. These Terms are governed by the laws of the State of Delaware, without regard to its conflict of law provisions.
17.2 Venue. Any dispute arising out of or relating to these Terms or the Service shall be resolved exclusively in the state or federal courts located in the State of Delaware. You consent to the personal jurisdiction of such courts.
17.3 Informal resolution. Before initiating formal legal proceedings, each party agrees to attempt to resolve any dispute through good-faith negotiation for at least 30 days.
17.4 Waiver of jury trial.
18.1 Entire agreement. These Terms, together with any applicable Order Form, DPA, Partner Agreement, Security Policy, and other documents expressly incorporated by reference, constitute the entire agreement between you and Draxis with respect to the Service and supersede all prior agreements, representations, and understandings.
18.2 Order of precedence. In the event of a conflict among the documents governing Customer’s use of the Service, the following order of precedence will apply unless the applicable Order Form expressly states otherwise: (a) the Order Form or other signed written agreement between the parties; (b) the DPA, solely with respect to privacy, data protection, and processing of Personal Data; (c) these Terms; and (d) any online policy, documentation, or webpage incorporated by reference.
18.3 Severability. If any provision of these Terms is found to be unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force and effect.
18.4 Waiver. Draxis’s failure to enforce any right or provision of these Terms will not be deemed a waiver of such right or provision.
18.5 Assignment. You may not assign these Terms or any rights hereunder without Draxis’s prior written consent. Draxis may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets.
18.6 Force majeure. Draxis will not be liable for delays or failures in performance resulting from causes beyond its reasonable control, including acts of God, government actions, internet disruptions, or third-party service failures.
18.7 Notices. Legal notices to Draxis should be sent to legal@draxis.ai or by mail to Draxis, Inc., PO Box 126, Bolton, MA 01740, United States. Draxis will send notices to you at the email address associated with your account.
For questions about these Terms, please contact:
Draxis, Inc.
PO Box 126
Bolton, MA 01740
United States
Email: legal@draxis.ai
Website: draxis.ai
For support inquiries: support@draxis.ai.
For privacy or data protection inquiries, see the Privacy Policy and Data Processing Addendum.