Content Feed Standard Terms

Master Service Agreement (MSA)

1. The Service

TAOS will provide the Customer with API and bulk-export access to its Content Feed (the "Service"): a continuously-refreshed knowledge graph of compliance frameworks, controls, cross-framework mappings and structured evidence guidance, delivered via REST API at api.theartofservice.com and via the Model Context Protocol (MCP) endpoint at the same host. The current scope (frameworks, control count, cross-mapping count, refresh cadence) is published at compliance.theartofservice.com/data.

2. Subscription tiers and fees

• Pilot: USD $7,500 one-time, 90 days from activation, 25,000 API calls per calendar month included.
• Content Feed (monthly): USD $10,000 per month, 100,000 API calls per calendar month included.
• Overage: $0.005 per API call beyond the included monthly volume. Bulk export downloads do not count against the call limit.

3. Term and termination

The Pilot subscription is a single 90-day term. It does not auto-renew. The monthly Content Feed subscription continues until terminated by either party on 30 days written notice (email to gerard.blokdyk@theartofservice.com is sufficient). Pre-paid fees are non-refundable except where TAOS materially fails to deliver the Service for more than 7 consecutive days (see Service Levels below).

4. License grant

TAOS grants the Customer a worldwide, non-exclusive, non-transferable, revocable license to access the Service and to use, store, display and incorporate the data returned by the Service inside the Customer's own products, internal tools, training material and audit deliverables for the Customer's own end users. White-label use (presenting the data without TAOS attribution to the Customer's own end users) is permitted. Sublicensing, redistribution as a standalone dataset, and resale to other data licensors are not permitted under these standard terms; contact us for a bespoke MSA if you need any of these.

5. Service levels

TAOS targets 99.5% monthly uptime measured at the /api/admin/health endpoint. If uptime in a calendar month falls below 99.0% for reasons within TAOS's control, the Customer is entitled to a service credit equal to 10% of that month's fees. Maintenance windows announced at least 48 hours in advance are excluded.

6. Data escrow

On the Customer's written request at any point during an active subscription, TAOS will deposit a complete bulk export of the Service's data (in JSON and Neo4j dump formats) into a third-party escrow service nominated by the Customer at the Customer's cost. This protects continuity of access to the data even if TAOS ceases to provide the Service.

7. Confidentiality and IP

Each party will hold the other's Confidential Information in confidence and use it only for the purposes of the agreement. The Service data, including its structure, mappings and evidence layer, is and remains the IP of TAOS. The Customer's implementation, configurations, and any derivative work product built on top of the Service remain the IP of the Customer.

8. Warranties and liability

The Service is provided as a current, regularly-refreshed reference and not as legal or audit-attestation advice. TAOS warrants that it has the right to provide the Service and that the data returned is source-grounded as described on the /data page. The Customer agrees that the data is a reference layer, not a substitute for the Customer's own qualified compliance, legal or audit judgement. Each party's total liability under this agreement is capped at twelve months of fees paid by the Customer in the preceding twelve months. Neither party is liable for indirect or consequential loss.

9. Indemnities

TAOS will indemnify the Customer against third-party claims that the Service infringes any registered IP, subject to TAOS receiving prompt notice and sole control of the defence. The Customer will indemnify TAOS against third-party claims arising from the Customer's breach of the license restrictions or from the Customer's end-user products.

10. Governing law

This agreement is governed by the laws of Queensland, Australia. The parties submit to the non-exclusive jurisdiction of the courts of Queensland.

11. Order of precedence

If the Customer has a signed bespoke MSA with TAOS for the Service, that bespoke MSA prevails over these standard terms.

Data Processing Agreement (DPA)

This DPA supplements the MSA above. It applies where TAOS processes any personal data on behalf of the Customer. The Customer is the controller and TAOS is the processor in respect of any personal data the Customer transmits to or retrieves from the Service.

1. Scope of processing

The Service does not require the Customer to transmit personal data in order to function. If the Customer chooses to include personal data in API request payloads (for example, free-text search queries containing names or addresses), TAOS will process that data only for the purpose of fulfilling the API request, retaining it for no longer than 30 days in operational logs.

2. Sub-processors

• Hetzner Cloud GmbH (Germany): hosting of the production API and database. Data is stored at rest in Hetzner's Helsinki (FI) region.
• SendGrid (Twilio Inc.) (USA): transactional email delivery for welcome and notification emails.
• Stripe Payments Australia Pty Ltd (Australia): payment processing.
• Cerebras Systems Inc. (USA): LLM inference for any AI-powered features the Customer chooses to use. No customer payloads pass to Cerebras unless the Customer explicitly calls an AI advisory endpoint.

TAOS will give the Customer at least 30 days notice via the /data page of any new sub-processor; the Customer's continued use after that notice is acceptance.

3. Security measures

TAOS maintains TLS 1.2 or higher for all API traffic, encryption at rest for the production database (Hetzner block-storage at-rest encryption), bcrypt-hashed user passwords, scoped API keys with revocation, rate-limited endpoints, and access controls on the production environment limited to TAOS personnel. Specific evidence is available on request under NDA.

4. Data subject rights

If a data subject contacts TAOS directly regarding personal data the Customer has transmitted to the Service, TAOS will refer the subject to the Customer within 5 business days and assist the Customer in fulfilling subject access, rectification, erasure or restriction requests at no additional cost for reasonable volumes.

5. Breach notification

TAOS will notify the Customer in writing within 72 hours of becoming aware of any security breach affecting personal data the Customer has transmitted to the Service, including the nature of the breach, affected records, and remediation steps taken.

6. Return or deletion

On termination of the MSA, TAOS will delete any personal data the Customer has transmitted to the Service within 30 days, except where retention is required by applicable law.

7. International transfers

Where personal data of EU/UK data subjects is transmitted to the Service, the EU Standard Contractual Clauses (2021 module 2: controller to processor) apply by reference and form part of this DPA.