These Terms of Service ("Terms") constitute a legally binding agreement between you (either an individual or a legal entity, "Customer" or "you") and ArcSek FZ-LLC ("Company", "we", "us", or "our") regarding your access to and use of the ArcSek API, products (including ArcShield, ArcAudit, and ArcSentinel), the customer dashboard, and any related software or documentation (collectively, the "Service"). By registering for an account, clicking "I accept," or using the Service, you agree to be bound by these Terms. If you are accepting on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation.
You must be at least 18 years old to use the Service. By using the Service, you represent that you meet this requirement. If you are using the Service for commercial purposes, you further represent that you have the legal capacity to enter into a binding contract.
3.1 To use the Service, you must create an account. You agree to provide accurate, current, and complete information during registration and to update it promptly if it changes.
3.2 You are solely responsible for safeguarding your API keys and dashboard login credentials. API keys are hashed using bcrypt and are never stored in plaintext; however, you must keep the plaintext key secret. You are fully liable for any activities that occur under your account, whether authorised by you or not, unless we have received written notice of unauthorised use.
3.3 You agree to notify us immediately at support@arcsek.com if you suspect any unauthorised access or use of your account.
4.1 The Service provides a REST API endpoint (/check) that accepts a text input and returns a classification (SAFE or DANGER) based on analysis using a large language model via OpenRouter. The classification is intended to detect prompt injection attempts, jailbreak attempts, and other malicious instructions in multiple languages.
4.2 Your usage of the Service is limited to the monthly request quota and rate limits (200 requests per minute per API key) defined in your subscription plan (Free, Scout, Guard, or Fortress). The current quotas are published on our website.
4.3 We reserve the right to modify the quotas for new customers or for existing customers upon renewal, provided we give you at least 30 days' notice.
4.4 If you exceed your plan's quota or rate limits, we may, at our sole discretion: (a) temporarily reject further requests with a 429 Too Many Requests status, (b) charge overage fees at the rate of 0.05 AED per additional 100 requests, or (c) automatically upgrade your plan to the next tier (with your prior consent). Overage fees will be invoiced and due within 15 days.
4.5 The Service does not guarantee 100% accuracy or 100% uptime. Our historical uptime is approximately 98% (excluding scheduled maintenance).
5.1 Role of the Parties. For the text that you submit to the /check endpoint, you are the Data Controller, and we are the Data Processor under the UAE Personal Data Protection Law (Federal Decree‑Law No. 45 of 2021).
5.2 Scope of Processing. We will process the submitted text only for the purpose of providing the classification response and for the security retention periods set forth in our Privacy Policy. We will not process the data for any other purpose, except as required by law.
5.3 Subprocessors. You hereby authorise us to engage the following subprocessors:
| Subprocessor | Role | Location |
|---|---|---|
| Supabase, Inc. (AWS Seoul) | Database hosting (primary) | Seoul, South Korea |
| OpenRouter | AI gateway and LLM provider | US / EU (variable) |
| Dodo Payments | Payment processing | United States |
| Resend | Email delivery (alerts, test emails) | United States |
We will maintain an up‑to‑date list of subprocessors on our website. If we intend to add or replace a subprocessor, we will notify you at least 30 days in advance, and you may object on reasonable grounds.
5.4 Security Measures. We implement the technical and organisational measures described in our Privacy Policy, including encryption at rest (AES‑256), TLS 1.3 in transit, bcrypt hashing of API keys, and regular penetration testing. You acknowledge that these measures are appropriate given the nature of the data.
5.5 Deletion of Data. Upon termination of your account, or at your earlier written request, we will delete all personal data associated with your account within 30 days, except where we are required to retain it by law (e.g., tax records for 7 years).
5.6 Data Breach Notification. We will notify you without undue delay (and in any event within 72 hours) after becoming aware of a personal data breach affecting your data.
5.7 Audits. You may request an audit of our data processing practices once per calendar year, at your own expense, subject to a signed confidentiality agreement.
5.8 Indemnity. You agree to indemnify us against any third‑party claims arising out of your failure to obtain necessary consents from your end users or to comply with your obligations as a Data Controller under applicable law.
6.1 You agree not to, and not to permit any third party to:
6.2 If we reasonably believe that you have violated this AUP, we may suspend your account immediately without prior notice. We will notify you of the suspension and provide an opportunity to remedy the violation within 48 hours.
6.3 We will refer serious violations (e.g., using the Service to commit crimes) to the relevant UAE authorities.
7.1 The Company does not permanently log the textual content of your API requests beyond the retention period stated in your subscription plan. The retention periods are:
| Plan | Log Retention |
|---|---|
| Free | 1 day |
| Scout | 30 days |
| Guard | 90 days |
| Fortress | 365 days |
After the retention period expires, the request text is permanently deleted from our primary databases and backups are purged within an additional 30 days.
7.2 During the brief window between receiving a request and returning the response, the text is held in volatile memory (RAM) and is not written to any persistent log file, except in the following limited circumstances:
7.3 We do not use your submitted text to train or fine‑tune our AI models unless you have given explicit, separate consent (opt‑in). By default, only aggregated, anonymised statistics are used for improvement.
7.4 You acknowledge that the underlying LLM provider (OpenRouter) may have its own logging and data handling policies. We require our providers to abide by similar data minimisation and retention policies, but we are not liable for their independent violations.
8.4 No Warranty of Compliance. While we design the Service to be compliant with PDPL and GDPR, we do not warrant that your specific use case complies with all applicable laws. You are responsible for ensuring your use of the Service meets your legal obligations.
9.3 Exceptions. The above limitations do not apply to: (a) liability for fraud, intentional misconduct, or gross negligence; (b) liability for death or personal injury; (c) any liability that cannot be excluded by law.
9.4 Indemnification. You agree to defend, indemnify, and hold harmless the Company and its affiliates from and against any third‑party claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising out of or related to your use of the Service in violation of these Terms.
10.1 All fees are stated in UAE Dirhams (AED) and are exclusive of value‑added tax (VAT) or any other taxes. You are responsible for paying any applicable taxes.
10.2 Subscription fees are billed monthly or annually in advance. Payments are processed through Dodo Payments.
10.3 If a payment fails, we will attempt to charge your payment method again after 3 days. If the second attempt fails, we may suspend your account until payment is received.
10.4 Refund Policy. We do not offer refunds for partial months or unused requests. If you cancel your subscription, you will not receive a refund for the remaining period. However, if we materially change the Service to your detriment, you may cancel within 30 days of the change and receive a pro‑rated refund for the unused portion.
10.5 Disputed Charges. If you believe a charge is erroneous, you must contact us within 30 days of the charge date. Uncontested charges after 30 days are deemed accepted.
11.1 You may terminate your account at any time by using the cancellation feature in your dashboard or by emailing support. No further fees will be charged, but prepaid fees are non‑refundable.
11.2 We may suspend your account immediately if we reasonably believe you have breached the AUP or any material provision of these Terms. We will notify you of the suspension and give you 48 hours to cure the breach.
11.3 We may terminate your account for convenience by giving you 30 days' written notice. In such case, we will refund any prepaid fees for the unused portion.
11.4 Upon termination, we will delete your API keys and personal data as described in the Privacy Policy, except for data we are required to retain by law.
12.1 Governing Law. These Terms shall be governed by the laws of the United Arab Emirates, as applied in the Dubai International Financial Centre (DIFC).
12.2 Arbitration. Any dispute shall be resolved by binding arbitration in accordance with the Dubai International Arbitration Centre (DIAC) Arbitration Rules. The seat of arbitration shall be Dubai, UAE. The language shall be English. The tribunal shall consist of a sole arbitrator. The arbitration award shall be final and binding.
12.3 Small Claims Exception. Either party may bring a claim in the Dubai courts if the amount in dispute does not exceed AED 50,000, provided that the purpose is limited to recovering overdue fees or enforcing an arbitration award.
13.1 Modification of Terms. We may update these Terms from time to time. If we make material changes, we will notify you by email at least 14 days in advance. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms.
13.2 Assignment. You may not assign or transfer any of your rights or obligations under these Terms without our prior written consent. We may assign these Terms to an affiliate or to a successor in the event of a merger or acquisition.
13.3 Force Majeure. We will not be liable for any delay or failure to perform arising from causes outside our reasonable control, including acts of God, war, terrorism, pandemics, strikes, internet outages, or failures of third‑party providers.
13.4 Severability. If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
13.5 Entire Agreement. These Terms, together with the Privacy Policy and any written order form, constitute the entire agreement between you and us regarding the Service.
13.6 No Waiver. Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision in the future.
13.7 Notices. Notices to you shall be sent to the email address associated with your account. Notices to us shall be sent to support@arcsek.com.
