Terms of Service

1. Agreement & Acceptance

These Terms of Service (the "Terms") are a binding agreement between Gid Solutions, Inc., a Delaware corporation with its principal place of business at 390 Henri-Bourassa, Papineauville, Quebec, Canada, J0V 1R0, doing business as "Gid AI" ("Gid", "we", "our", or "us"), and the entity or individual identified in the account registration ("Customer", "you", or "your").

By creating an account, clicking "I agree", installing the Gid mobile application, or otherwise accessing or using the Service, you accept these Terms. If you are accepting these Terms on behalf of an organization, you represent and warrant that you have authority to bind that organization, and "Customer" refers to that organization.

If you do not have authority, or you do not agree to these Terms, you must not use the Service.

2. Definitions

• Authorized User — an individual (such as an employee, manager, or contractor) the Customer authorizes to use the Service under the Customer's account.
• Customer Content — any data, text, files, images, audio, video, or other materials that Customer or its Authorized Users submit to or generate in the Service, excluding Service Generated Output as defined below.
• Documentation — the user guides, technical documentation, and product descriptions we make available at gidai.ca, in-product, or via support channels.
• End User — synonym for Authorized User in contexts where the individual interacts with the Service directly (such as employees taking training).
• Order — the subscription selection made via self-serve checkout, the in-product upgrade flow, or a signed Order Form referencing these Terms.
• Personal Data — any information relating to an identified or identifiable natural person, as defined under applicable data protection law (GDPR Article 4, PIPEDA section 2, DPDP section 2(t), CCPA § 1798.140).
• Service — the Gid AI platform, including the web application, mobile applications, APIs, integrations, AI-driven features, training materials, and any related services we provide.
• Service Generated Output — any content produced by the Service in response to inputs, including AI-generated text, summaries, voice transcripts, schedule suggestions, training capsules, and analytics.
• Sub-processor — a third party engaged by Gid to process Personal Data on our behalf. Our current list is published at gidai.ca/sub-processors.

3. Eligibility & Account

3.1 Who can use the Service

• The Service is designed for business use in the hospitality industry. It is not intended for personal or consumer use.
• You must be at least 16 years old to create an Authorized User account. Authorized Users between 16 and the age of majority in their jurisdiction must have parental or legal guardian consent where required by local law.
• You must not be located in, under the control of, or a national of any country or person subject to U.S., Canadian, U.K., EU, or U.N. trade sanctions or export-control restrictions.

3.2 Account creation & security

• You agree to provide accurate, current, and complete information when creating your account and to keep it current.
• You are responsible for safeguarding your credentials, enabling multi-factor authentication where offered, and notifying us at security@gidai.ca within 48 hours of any suspected unauthorized access.
• You are responsible for all activities that occur under your account, including activities of your Authorized Users.
• You may not share a single Authorized User account between multiple individuals.

3.3 Customer vs. Authorized User

The Customer is the entity contracting with Gid (typically the restaurant, hotel, or hospitality operator that subscribed). Authorized Users access the Service under the Customer's account. Where these Terms refer to "you", they refer to the Customer for contract obligations (billing, indemnification, content responsibility) and to the Authorized User for personal-conduct obligations (acceptable use, account security). Each Authorized User must accept these Terms before first use.

4. The Service

The Service is an AI-assisted restaurant management and employee engagement platform. Subject to your Order, it includes some or all of the following:

• Interactive training capsules and AI coaching for hospitality teams
• Employee performance tracking, analytics, and dashboards
• Communication tools (in-app messaging, SMS notifications, voice agents)
• Scheduling and workforce management features
• POS, PMS, payroll, and accounting integrations (availability varies by integration partner)
• Management dashboards, command-center reporting, and Founder Cockpit features

We continuously develop the Service. We may add, modify, or remove features at any time. If we make a material change that materially reduces the core functionality of a feature you actively use, we will give you advance notice via email or in-product notice. Beta or Preview features (Section 13) are excluded from this commitment.

4.1 Notifications

The Service uses two distinct categories of notifications:

• Operational notifications are part of the Service and may be sent without separate consent. Examples include shift alerts, scheduling changes that affect you in the next 24 hours, security warnings, billing reminders, account-deletion confirmations, and safety reminders required by your role.
• Engagement and marketing notifications (such as coaching nudges, weekly digest, achievement celebrations, new-feature announcements) are sent only after you explicitly opt in via Account Settings → Notifications. You may opt out at any time from the same screen. Operating-system permission alone is not sufficient consent for engagement or marketing notifications.

The Service does not require push notifications to function; you can use the app fully with notifications disabled at the OS level.

4.2 External billing — no in-app purchase pricing on iOS or Android

Gid is a business-to-business Service. Subscriptions are sold to organizations through our website. The mobile applications do not display pricing comparisons, "Buy", "Upgrade", or "Subscribe" buttons; the apps show subscription status only and link to Manage workspace on the web (gidai.ca) where the workspace administrator manages billing. This is consistent with Apple App Store Guideline 3.1.3(b) (reader app pattern adapted for B2B) and Google Play Payments Policy for business productivity software.

5. AI Features & Outputs

5.1 What AI we use

The Service incorporates third-party AI models (currently including, but not limited to, models from OpenAI, Anthropic, and Google) and proprietary processing built on top of them. Our current Sub-processor list discloses the AI vendors in use and is updated as our vendor stack evolves. See gidai.ca/sub-processors.

5.2 How your inputs are used — explicit third-party AI consent

To deliver coaching, voice agents, scheduling suggestions, training generation, and other AI features, your prompts and related context may be transmitted to third-party AI providers (currently OpenAI, Anthropic, and Google), as listed in our public Sub-Processors page. By using these AI features, you consent to this transmission. If you do not consent, you must not use the AI features; the rest of the Service remains available.

• Inputs you submit to AI features are transmitted to our AI vendors strictly to generate a response for you, and are not retained beyond what is necessary to deliver that response.
• We contract with our AI vendors under zero-retention or limited-retention arrangements where available. We do not allow your inputs to be used to train third-party foundation models without your explicit, separate consent.
• We may use aggregated, de-identified usage data (token counts, latency, error rates, feature engagement) to operate, secure, and improve the Service. De-identified data does not, by itself or in combination with other data we hold, identify any natural person.

5.3 Limits of AI outputs

• AI outputs are probabilistic and may be incorrect, incomplete, biased, or out of date.
• AI outputs are not legal advice, medical advice, tax advice, accounting advice, or employment-law advice.
• You must independently verify AI outputs before relying on them for any decision that has legal, financial, safety, employment, or operational consequences. Examples: final scheduling decisions, disciplinary action, payroll reconciliation, food-safety procedures, accessibility accommodations.
• You can long-press any AI-generated message (coaching reply, voice transcript, training capsule) in the Gid app and select "Report" to flag hallucinated, harmful, or policy-violating output. Reports route to abuse@gidai.ca and inform our content-safety tuning, aligned with Google's Secure AI Framework (SAIF) and the OWASP GenAI Top-10 red-team guidance.

5.4 Ownership of AI outputs

As between you and Gid, you own the Service Generated Output you receive in response to your inputs, subject to the rights of upstream model providers, our right to operate the Service, and applicable law. You acknowledge that other users may receive the same or similar outputs from similar inputs, and that AI outputs are generally not eligible for copyright protection in many jurisdictions.

6. Customer Responsibilities

6.1 Acceptable use

You agree to use the Service only for lawful business purposes and in accordance with our Acceptable Use Policy at gidai.ca/aup (the "AUP"), which is incorporated by reference into these Terms. Violation of the AUP is a material breach of these Terms.

6.2 Authorized Users & team accounts

• You are responsible for ensuring that each Authorized User complies with these Terms and the AUP.
• You must provide notice to your Authorized Users that their use of the Service is governed by these Terms and our Privacy Policy.
• You must promptly disable access for any individual who is no longer authorized (for example, on termination of employment).

6.3 Compliance with law

You are responsible for complying with all laws applicable to your use of the Service in the jurisdictions where you operate, including:

• Employment law, wage-and-hour law, predictive scheduling law, and labor-relations law
• Health, safety, and food-service regulations
• Data protection and privacy law applicable to your Authorized Users and customers
• Tax, accounting, and consumer-protection law applicable to your billing and operations

The Service provides tools that can help you comply, but Gid is not your legal, tax, or HR advisor and the Service is not a substitute for professional advice.

6.4 Your content

You represent and warrant that you have the rights necessary to submit Customer Content to the Service and to grant Gid the licenses set out in Section 8. You are responsible for the accuracy, legality, and appropriateness of all Customer Content.

6.5 Customer security warranties

You represent, warrant, and covenant that, during the term of these Terms:

• (a) MFA enforcement. Your Authorized Users will enable multi-factor authentication where the Service offers it, and you will require MFA for all administrative accounts.
• (b) No credential sharing. Authorized User credentials will not be shared between individuals, written on paper visible to others, posted on shared boards, or stored in plaintext outside an enterprise-grade password manager.
• (c) Timely de-provisioning. You will revoke Authorized User access promptly (within one business day) upon termination of employment, change of role that no longer requires access, or any suspicion that credentials have been compromised.
• (d) Training. You will provide your Authorized Users with reasonable training on the secure use of the Service, including the procedures for reporting suspicious activity.
• (e) Customer-side environment. You are solely responsible for the security of your own endpoint devices, networks, integrations, and any third-party tools or services you connect to the Service via APIs, OAuth, or webhooks, and for the credentials and tokens issued for those integrations.
• (f) No malware. You will not introduce malware, viruses, ransomware, or other harmful code into the Service through Customer Content, file uploads, or any integration you control.
• (g) Prompt notice. You will promptly notify Gid at security@gidai.ca of any actual or suspected unauthorized access, credential compromise, or other security incident affecting your use of the Service.
• (h) Follow our guidance. You will follow Gid's published security guidance at gidai.ca/security, updated from time to time.

Breach of this Section 6.5 is a material breach and is also addressed in Section 16.6 (allocation of liability for security incidents).

7. Subscriptions, Billing & Refunds

7.1 Plans and Orders

The Service is offered under subscription plans described on our website and in your in-product upgrade flow. Plan inclusions, limits, and pricing are part of your Order and are incorporated into these Terms. Enterprise customers may contract under a separate Master Subscription Agreement (the "MSA"); if there is a conflict between an executed MSA and these Terms, the MSA controls for that customer.

7.2 Trials

If we offer a free trial, you may use the Service free of charge for the trial period described at signup. Unless you cancel before the end of the trial, your subscription will automatically convert to a paid plan at the price disclosed at signup.

7.3 Cancel anytime — we refund what you haven't used

You can cancel your subscription at any time, with no obligation to explain why. We believe the right to keep using Gid is something we earn by delivering software that works for you, not something we secure by locking you into a contract you cannot leave.

• How to cancel. In the app: Account Settings → Subscription → Cancel. Or email billing@gidai.ca. We send a written confirmation within one business day.
• Effective immediately. Cancellation takes effect when you submit it. You retain access to the Service until the date you specify (default: end of your current billing period, so you don't lose paid value mid-month or mid-year).
• Pro-rated refund of unused prepaid time. If you cancel and end access before the end of a prepaid billing period, we refund the unused portion of fees you have prepaid, calculated pro-rata to the day, within ten (10) business days, to the original payment method. This applies to both monthly and annual subscriptions.
• Auto-renewal. If you do not cancel, your subscription renews automatically at the end of each billing period at the then-current price for your plan. For annual subscriptions priced at USD 200 or more, we send a renewal reminder by email at least 30 days before the renewal date.
• Exception — termination for material breach. If we terminate your subscription under Section 14.3 because of a material breach by you (such as non-payment of past-due undisputed invoices, AUP violation, or fraudulent use), refunds of unused prepaid time are at our discretion and may be reduced or denied. Cancellation by you, or termination by us for our convenience, always triggers the unused-time refund described above.

7.4 Payments & taxes

• We use Stripe as our payment processor. You authorize us, via Stripe, to charge your chosen payment method for all fees due.
• All fees are exclusive of taxes. You are responsible for sales, use, value-added, and similar taxes, except for taxes on Gid's net income.
• If a payment fails, we may suspend the Service for non-payment after providing notice and a reasonable cure period.

7.5 Price changes

We may change pricing on at least 30 days' written notice (by email or in-product). Price changes take effect on your next renewal. They do not affect amounts already invoiced or your current billing period.

7.6 Refunds for service failure

In addition to the unused-time refund under Section 7.3, if we materially fail to deliver the Service as committed in our SLA and we do not remedy that failure within 30 days of your written notice to billing@gidai.ca, you are entitled to:

• (a) Terminate the affected portion of the Service immediately, without further charge; and
• (b) A refund of the prepaid, unused portion of fees for the affected period, calculated pro-rata to the day.

This remedy is in addition to any service credits owed under the SLA and to any non-waivable consumer-protection rights you may have under applicable law.

8. Customer Content & Data

8.1 Ownership

As between you and Gid, you own all Customer Content. We do not claim ownership of your data.

8.2 License to operate the Service

You grant Gid a worldwide, non-exclusive, royalty-free, sublicensable (to our Sub-processors) license to host, store, process, transmit, display, and modify Customer Content solely as necessary to:

• Provide, maintain, secure, and improve the Service for you;
• Enable AI features you choose to use (subject to Section 5);
• Comply with law and respond to legal process; and
• Generate aggregated, de-identified statistics about Service usage that cannot reasonably be re-identified to you or any Authorized User.

This license terminates when Customer Content is deleted from the Service in accordance with our retention policy or Section 14, subject to our right to retain de-identified data and any legally required records.

8.3 No sale of personal data

We do not sell Customer Content or Personal Data. We do not share Personal Data with third parties for cross-context behavioral advertising. For users protected under U.S. state privacy laws (including the California CCPA/CPRA), this satisfies the "Do Not Sell or Share" requirement automatically; no opt-out is required because we do not engage in those activities.

8.4 Export & deletion

You can export your Customer Content at any time using gidai.ca/data-export or the in-product "Export my data" function. You can delete your account and Customer Content using the methods in Section 14.4.

9. Privacy & Data Processing

Our processing of Personal Data is governed by our Privacy Policy, which is incorporated into these Terms by reference.

For Customers who are subject to data-protection laws that require a written data processing agreement (such as GDPR Article 28, the UK GDPR, Quebec Law 25, or applicable U.S. state privacy laws), our standard Data Processing Agreement applies. The DPA, when applicable, prevails over these Terms with respect to the processing of Personal Data.

The current list of Sub-processors we engage to process Personal Data on our behalf is published at gidai.ca/sub-processors. We will give you at least 30 days' advance notice before adding or replacing a Sub-processor by email or in-product notice (you may subscribe to that notice list at privacy@gidai.ca).

10. Confidentiality

Each party may receive non-public business or technical information of the other party that is identified as confidential or that a reasonable person would understand to be confidential ("Confidential Information"). The receiving party shall:

• Use Confidential Information solely to perform under these Terms;
• Protect Confidential Information using at least the same care it uses for its own confidential information, and no less than a reasonable standard of care;
• Not disclose Confidential Information to any third party other than its employees, contractors, advisors, and Sub-processors who need to know and are bound by equivalent confidentiality obligations.

Confidential Information does not include information that is or becomes public without breach, was rightfully known before disclosure, is independently developed without use of the other party's Confidential Information, or is rightfully received from a third party without restriction.

Confidentiality obligations survive termination for three (3) years, except for trade secrets, which remain protected for as long as they qualify as trade secrets under applicable law.

11. Service Levels, Support & Security Incidents

11.1 SLA

Our service-level commitments and support response targets are described in our Service Level Agreement, which is incorporated by reference. The SLA defines uptime targets, service credits, scheduled maintenance, exclusions, and the procedure to claim service credits.

For Free or Trial plans, we provide the Service on a "best-effort" basis without an enforceable uptime commitment. Paid plans receive the uptime targets and support response times described in the SLA.

11.2 Support

For incidents and outages, see our status page (when available) and incident reports. For support requests, contact support@gidai.ca.

11.3 Shared security responsibility model

The security of the Service requires both parties to play their part. This table summarizes the division. It allocates responsibility between the parties and does not reduce either party's obligations under applicable law.

• Gid is responsible for: the security of the underlying infrastructure (inherited from Google Cloud Platform), the production network and hosts, the Service application code and its dependencies, server-side data encryption at rest and in transit, the authentication infrastructure (Firebase Authentication, MFA support), platform-level vulnerability management, multi-tenant isolation enforced at the database layer, platform incident detection, and breach notification to Customer within 72 hours.
• You (Customer) are responsible for: enforcing MFA at the Authorized User level, managing credential hygiene, provisioning and de-provisioning Authorized User access, configuring the Service appropriately for your roles and permissions, the security of your own endpoint devices and networks, the integrations you connect (including the tokens you issue and revoke), promptly notifying Gid of suspicious activity, and the obligations set out in Section 6.5.

Gid is not responsible for security incidents caused by your failure to perform your responsibilities under Section 6.5 or this Section 11.3, even where the resulting impact materializes within the Service environment. Conversely, you are not responsible for security incidents caused by Gid's failure to perform its responsibilities under this Section 11.3.

11.4 Incident response & notification

Upon becoming aware of a Personal Data Breach affecting Customer Personal Data, Gid will:

• Activate its documented incident-response runbook (detect, triage, contain, eradicate, recover, post-mortem);
• Notify your designated security contact without undue delay and in any event within seventy-two (72) hours, as required by GDPR Article 33 and Section 8 of our DPA;
• Provide reasonable assistance to enable you to fulfill your own notification obligations to Data Subjects, supervisory authorities, and other recipients;
• Cooperate with your reasonable forensic investigation, subject to confidentiality;
• Publish a post-incident report within fourteen (14) days for incidents lasting more than one hour, as described in our SLA Section 7;
• Continue to comply with confidentiality obligations during and after the incident.

Communications about a security incident to the public, the press, regulators (other than those required by law on a fixed timeline), and to non-affected third parties will be coordinated between the parties. Neither party will make a public statement attributing blame for an incident before the parties have completed a reasonable joint investigation, except where a party is required by law to do so on a fixed timeline. This coordination obligation does not delay or impair any party's compliance with mandatory legal notification timelines, which control over this Section.

11.5 Customer cooperation

You will reasonably cooperate with Gid's incident response, including by:

• Promptly providing logs, access, and other information reasonably necessary to investigate;
• Designating a single point of contact for security-incident coordination;
• Following Gid's mitigation guidance (such as forced credential rotation, integration revocation, or temporary feature suspension) where Gid reasonably determines that such guidance is necessary to contain or limit the incident;
• Not destroying or altering evidence that may be relevant to the investigation.

12. Intellectual Property

12.1 Our rights

The Service, including all software, designs, models, prompts, agent architectures, training materials, Documentation, and trademarks (including "Gid", "Gid AI", and the Gid logo), is owned by Gid or its licensors and is protected by copyright, trademark, patent, trade-secret, and other intellectual property laws.

12.2 License to use the Service

Subject to your compliance with these Terms and payment of applicable fees, we grant you and your Authorized Users a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service during the term of your subscription, solely for your internal business purposes.

12.3 Restrictions

You may not, and you must not allow any third party to:

• Copy, modify, translate, or create derivative works of the Service;
• Reverse engineer, decompile, or attempt to extract source code or model weights, except to the extent this restriction is prohibited by applicable law;
• Use the Service to build a competing product or service, including using AI outputs as training data for a competing AI model;
• Probe, scan, or test the vulnerability of the Service except under a written authorization from us;
• Remove or alter any copyright, trademark, or proprietary notice;
• Resell, rent, lease, sublicense, or otherwise commercially redistribute the Service or access to it without our written authorization.

12.4 Feedback

If you provide suggestions, comments, or other feedback to us about the Service ("Feedback"), you grant us a perpetual, worldwide, royalty-free, sublicensable, irrevocable license to use the Feedback for any lawful purpose, without obligation or compensation to you.

13. Beta & Preview Features

From time to time, we make features available that are labeled "Beta", "Preview", "Alpha", "Experimental", or similar (collectively, "Beta Features"). Beta Features are provided "AS IS" without any service-level commitment, warranty, or indemnity, and may be modified or withdrawn at any time without notice. Information you submit through a Beta Feature may be subject to different processing terms; we will disclose any such terms when you opt in.

By using a Beta Feature, you acknowledge that it has not been generally released and may contain bugs, errors, or other problems. You agree to provide reasonable feedback about your experience if we ask.

14. Term & Termination

14.1 Term

These Terms apply for as long as you have an account or are using the Service.

14.2 Termination by you

• You may cancel your subscription at any time through Account Settings. Cancellation takes effect at the end of your current billing period.
• You may delete your account at any time using the methods in Section 14.4. Account deletion takes effect after the 30-day grace period described there.
• You remain responsible for all fees accrued before the effective date of cancellation.

14.3 Termination or suspension by us

We may suspend or terminate your access to all or part of the Service immediately if:

• You materially breach these Terms, our AUP, or any applicable Order or MSA, and (where the breach is curable) fail to cure within 15 days of our written notice;
• Required by law, court order, or governmental authority;
• Continuing to provide the Service to you would expose Gid or another user to significant security, legal, or reputational risk;
• You fail to pay an undisputed invoice within 30 days of the due date.

Where we suspend (rather than terminate), we will restore the Service after you remedy the cause of the suspension.

14.4 Account deletion

You may permanently delete your account and all associated Customer Content at any time:

• In the app: Account Settings → Delete My Account
• On the web: gidai.ca/delete-account
• By email: Send a request to privacy@gidai.ca with the subject line "Account Deletion Request"

We use a 30-day grace window so that accidental requests can be reversed. After day 30, we permanently delete profile data, training records, chat messages, schedules, and uploaded files within a further 30 days. We may retain (i) anonymized, aggregated usage data, (ii) records required for legal compliance (such as 7-year financial audit trails), and (iii) hashed records on our suppression list so that you are not re-contacted after deletion. See our Privacy Policy Section 9.A for full details.

Termination does not entitle you to a refund except as set out in Section 7.6.

14.5 Survival

Sections 2 (Definitions), 5.3-5.4 (AI limits and ownership), 6.5 (Customer security warranties, with respect to acts during the term), 7 (with respect to amounts owed), 8.1-8.3, 10, 11.3-11.5 (security responsibility and incident handling, with respect to incidents discovered after termination that relate to acts during the term), 12, 15, 16 (including 16.6), 17, 21, and 22 survive termination, together with any provision that by its nature should survive.

15. Disclaimers

15.1 Limited warranty

We warrant that the Service will perform materially in accordance with our Documentation under normal use during your paid subscription. Your sole remedy for a breach of this warranty is for us to use commercially reasonable efforts to correct the non-conformance; if we cannot correct it within a reasonable time, you may terminate the affected portion of the Service and receive a pro-rated refund for the unused, prepaid portion (Section 7.6).

15.2 General disclaimer

EXCEPT FOR THE LIMITED WARRANTY IN SECTION 15.1, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

15.3 AI disclaimer

WE DO NOT WARRANT THAT AI OUTPUTS WILL BE ACCURATE, COMPLETE, RELIABLE, OR FIT FOR ANY PARTICULAR PURPOSE. YOU REMAIN RESPONSIBLE FOR REVIEWING AI OUTPUTS BEFORE RELYING ON THEM (SECTION 5).

15.4 Security disclaimer

WE DO NOT WARRANT THAT THE SERVICE WILL BE SECURE AGAINST ALL ATTACKS, INTRUSIONS, OR DATA-LOSS EVENTS. NO SOFTWARE SERVICE CAN GUARANTEE PERFECT SECURITY. WE COMMIT TO USING COMMERCIALLY REASONABLE SECURITY MEASURES (SEE SECURITY, OUR DPA ANNEX 2, AND SECTION 11.3) BUT WE DO NOT WARRANT THAT THESE MEASURES WILL PREVENT EVERY POSSIBLE SECURITY INCIDENT. ALLOCATION OF LIABILITY FOR SECURITY INCIDENTS IS GOVERNED BY SECTION 16.6.

15.5 Mandatory consumer protections

Some jurisdictions do not allow exclusion of certain warranties. Where you are a consumer protected by such non-waivable rights, the disclaimers in this Section 15 apply only to the extent permitted by your local law.

16. Limitation of Liability

16.1 Excluded damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, BUSINESS, GOODWILL, ANTICIPATED SAVINGS, OR DATA, ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES.

16.2 Cap on direct damages

EACH PARTY'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED THE GREATER OF (A) THE FEES YOU PAID OR OWED TO GID UNDER THESE TERMS IN THE 12 MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) USD 100.

16.3 Carve-outs

The exclusions and cap in Sections 16.1 and 16.2 do not apply to:

• (i) a party's obligation to pay fees properly invoiced and undisputed under these Terms;
• (ii) a party's indemnification obligations under Section 16.5 (mutual indemnification);
• (iii) Customer's breach of Section 12.3 (use restrictions on the Service);
• (iv) either party's gross negligence, willful misconduct, or fraud;
• (v) a party's breach of Section 10 (Confidentiality), to the extent the breach also constitutes misappropriation of trade secrets;
• (vi) Gid's breach of its data-security obligations to the extent the breach was caused by Gid's gross negligence or willful misconduct;
• (vii) liabilities that cannot be limited or excluded under applicable mandatory law (such as for death or personal injury caused by negligence, or for fraud).

16.4 Allocation

The pricing of the Service reflects this allocation of risk. The limitations in this Section 16 form an essential basis of the bargain between the parties and apply regardless of the form of action (contract, tort, statute, or otherwise) and regardless of whether the remedies in these Terms fail of their essential purpose.

16.5 Mutual indemnification

By Customer. You will defend Gid against any third-party claim alleging that (a) your Customer Content, your use of the Service in violation of these Terms or the AUP, or your business operations infringe a third-party right or violate law, and you will pay any settlement we agree to and any damages and reasonable attorney fees finally awarded against Gid in such a claim.

By Gid. We will defend you against any third-party claim alleging that the Service, as provided by us and used in accordance with these Terms, infringes a valid third-party intellectual property right in your jurisdiction, and we will pay any settlement we agree to and any damages and reasonable attorney fees finally awarded against you in such a claim. We will have no obligation under this paragraph for claims arising from (i) Customer Content, (ii) your combination of the Service with non-Gid products or data not authorized by us, (iii) modifications to the Service not made by us, (iv) use of an outdated version of the Service after we have made an updated version available, or (v) Beta Features (Section 13). If the Service becomes or is likely to become subject to an infringement claim, we may at our option (1) procure the right for you to continue using it, (2) replace or modify it to make it non-infringing while preserving substantially equivalent functionality, or (3) terminate the affected portion of the Service and provide a pro-rated refund.

Process. The indemnified party must promptly notify the indemnifying party in writing of the claim, allow the indemnifying party to control the defense and settlement (provided no settlement requires the indemnified party to admit liability or pay money without consent), and reasonably cooperate at the indemnifying party's expense. This Section 16.5 states each party's sole and exclusive liability, and the other party's exclusive remedy, for third-party intellectual-property infringement claims.

16.6 Security incidents — specific allocation of liability

Without limiting Section 16.3 (carve-outs from the cap and exclusions), the parties expressly acknowledge the following allocation of liability when a security incident occurs:

• (a) Customer-caused or Customer-contributed incidents. Where a security incident is caused or materially contributed to by Customer's breach of Section 6.5 (Customer Security Warranties) or Section 11.3 (Shared Security Responsibility) — including, without limitation, Customer's failure to enforce MFA, sharing of credentials, failure to revoke departed-user access, leaked or mismanaged integration tokens, introduction of malware via Customer Content, or misconfiguration by Customer — Customer will indemnify and hold Gid harmless against any third-party claims, regulatory enforcement, fines, and reasonable defense costs arising from such incident, in addition to bearing its own losses. Gid's indemnification of Customer under Section 16.5 does not extend to incidents within this paragraph (a).
• (b) Gid's gross negligence or willful misconduct. Where a security incident is caused by Gid's gross negligence, willful misconduct, or fraud, the carve-out in Section 16.3(iv) applies and the cap on direct damages in Section 16.2 does not apply. Gid is liable for direct damages without the 12-month-fees cap, subject only to applicable law and any mandatory limits.
• (c) Gid's ordinary negligence. Where a security incident is caused by Gid's ordinary negligence (without rising to gross negligence or willful misconduct), Gid's liability remains subject to the cap in Section 16.2 and the exclusions in Section 16.1. This includes incidents arising from undiscovered vulnerabilities in the Service that a reasonably prudent SaaS operator at Gid's scale would not have foreseen or prevented with commercially reasonable measures.
• (d) Hostile third-party action. Where a security incident is caused by a hostile third party (such as a sophisticated cyber attack exploiting a zero-day vulnerability, a coordinated credential-stuffing attack, a supply-chain compromise of an upstream dependency, or a nation-state actor) and neither party acted with gross negligence or willful misconduct, each party bears its own losses, subject to applicable law. For clarity, a hostile third-party attack is not, by itself, a force majeure event (Section 21.2); the parties remain bound to follow their respective security responsibilities and incident-response obligations.
• (e) Comparative fault. Where a security incident results from the combined fault of both parties, liability is apportioned according to each party's relative contribution, as determined by the arbitrator or court under the governing law (Section 17.2). Each party retains its right of contribution against the other.
• (f) Statutory obligations preserved. Allocation under this Section 16.6 does not relieve either party from its statutory obligations under Applicable Data Protection Law, including breach notifications to Data Subjects and supervisory authorities (which are governed by Section 11.4 and the DPA).
• (g) Subrogation. Each party retains its rights of subrogation against any third party (including hackers, negligent contractors, or Authorized Users) whose acts or omissions contributed to a security incident, and each party will reasonably assist the other in pursuing those rights.
• (h) One-year time bar. Any claim for damages arising from a security incident must be brought within one (1) year after the affected party becomes aware of the incident, consistent with Section 17.8.

17. Dispute Resolution & Arbitration

17.1 Informal resolution first

Before bringing a formal claim, the parties agree to attempt in good faith to resolve any dispute by contacting legal@gidai.ca in writing with a description of the dispute, the relief requested, and a contact for follow-up. The parties will use commercially reasonable efforts to resolve the dispute within 30 days of that notice.

17.2 Governing law

These Terms, and any non-contractual obligations arising out of or in connection with them, are governed by the laws of the Province of Ontario, Canada, and the federal laws of Canada applicable therein, excluding any choice-of-law rules that would apply the laws of another jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

17.3 Courts for users outside the United States

Subject to Section 17.4, the parties submit to the exclusive jurisdiction of the courts located in Toronto, Ontario, Canada, for any dispute arising out of or related to these Terms.

17.4 Mandatory arbitration for users located in the United States

If you reside in or your principal place of business is located in the United States, the parties agree that any dispute arising out of or related to these Terms or the Service ("U.S. Dispute") will be resolved by binding individual arbitration administered by JAMS under its applicable rules (the JAMS Streamlined Arbitration Rules & Procedures for U.S. Disputes with claims under USD 250,000, and the JAMS Comprehensive Arbitration Rules & Procedures for U.S. Disputes with claims of USD 250,000 or more), as in effect at the time the arbitration is commenced.

• Seat. The arbitration will be seated in Wilmington, Delaware, USA. Telephonic or video appearances will be allowed for claims under USD 25,000 and for the arbitrator's good cause for larger claims.
• Federal Arbitration Act. This arbitration agreement is governed by the U.S. Federal Arbitration Act (9 U.S.C. §§ 1-16) ("FAA") and evidences a transaction in interstate commerce. The arbitrator (not a court) has exclusive authority to decide threshold questions of arbitrability, including the validity, scope, and enforceability of this Section 17.4, except for the class-action and mass-action waiver in Section 17.5, which only a court may interpret.
• Fallback administrator. If JAMS is unwilling or unable to administer the arbitration consistent with this Section 17.4, the parties will agree on a substitute administrator. Failing agreement, the American Arbitration Association ("AAA") under its Commercial Arbitration Rules will administer the arbitration.
• Fees. Filing and administrative fees will be paid in accordance with the administrator's rules. Where the rules require the consumer to advance fees that would deter a claim, Gid will pay those fees, without prejudice to the arbitrator's authority to allocate fees at the end of the proceeding.

17.5 Class-action and mass-action waiver (U.S. Disputes)

FOR ANY U.S. DISPUTE, YOU AND GID AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, REPRESENTATIVE, OR PRIVATE-ATTORNEY-GENERAL ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS, AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A REPRESENTATIVE OR CLASS PROCEEDING. IF A COURT OR ARBITRATOR DECIDES THAT APPLICABLE LAW PRECLUDES ENFORCEMENT OF ANY PART OF THIS PARAGRAPH AS TO A PARTICULAR CLAIM FOR RELIEF, THEN THAT CLAIM (AND ONLY THAT CLAIM) MUST BE SEVERED FROM THE ARBITRATION AND BROUGHT IN THE COURTS OF SECTION 17.3, AND THE REMAINING CLAIMS WILL PROCEED IN ARBITRATION.

17.6 Carve-outs from arbitration

Notwithstanding Sections 17.4 and 17.5:

• Either party may bring an individual action in a small-claims court of competent jurisdiction for any claim that qualifies under that court's rules;
• Either party may seek injunctive or other equitable relief in a court of competent jurisdiction to prevent infringement, misappropriation, or violation of intellectual property or confidentiality rights;
• Either party may bring an enforcement action to confirm or vacate an arbitration award in any court of competent jurisdiction under the FAA;
• Disputes that cannot be arbitrated as a matter of law are excluded from Section 17.4 to that extent.

17.7 Opt-out of arbitration (U.S. Disputes)

You may opt out of Section 17.4 (Arbitration) and Section 17.5 (Class-Action Waiver) by sending a written opt-out notice to legal@gidai.ca within 30 days of first accepting these Terms. Your opt-out notice must include your full name, your account email, and a clear statement that you wish to opt out of arbitration. Opting out does not affect any other provision of these Terms.

17.8 Time limit

To the maximum extent permitted by applicable law, any claim arising out of or related to these Terms must be brought within one (1) year after the claim accrued. Claims brought after that period are permanently barred.

18. Apple App Store Additional Terms

The following additional terms apply only to your use of the Service through an application obtained from the Apple App Store (the "App"). These terms are between you and Gid only; Apple Inc. is not a party. Apple is not responsible for the App or its content.

• License. The license granted in Section 12.2 is, with respect to the App, a non-transferable license to use the App on any Apple-branded products that you own or control and as permitted by the Usage Rules in the App Store Terms of Service.
• Maintenance and support. Gid is solely responsible for providing any maintenance and support for the App. Apple has no obligation to furnish maintenance or support.
• Warranty. Gid is solely responsible for any product warranties, whether express or implied by law, to the extent not effectively disclaimed. In the event of any failure of the App to conform to any applicable warranty, you may notify Apple, and Apple will refund the purchase price for the App (if any). To the maximum extent permitted by applicable law, Apple has no other warranty obligation whatsoever with respect to the App.
• Product claims. Gid (not Apple) is responsible for addressing any claims from you or any third party relating to the App, including product-liability claims, claims that the App fails to conform to applicable legal or regulatory requirements, and claims arising under consumer-protection, privacy, or similar legislation.
• Intellectual property. In the event of a third-party claim that the App or your possession and use of the App infringes that third party's intellectual property rights, Gid (not Apple) will be solely responsible for the investigation, defense, settlement, and discharge of any such claim, subject to Section 16.5.
• Compliance. You represent that you are not located in a country subject to a U.S. government embargo, or that has been designated by the U.S. government as a "terrorist supporting" country, and that you are not on any U.S. government list of prohibited or restricted parties.
• Third-party beneficiary. You and Gid acknowledge that Apple and Apple's subsidiaries are third-party beneficiaries of these Terms with respect to the App, and that Apple has the right (and is deemed to have accepted the right) to enforce these Terms against you as a third-party beneficiary with respect to the App.

19. Google Play Additional Terms

The following additional terms apply only to your use of the Service through an application obtained from the Google Play Store. These terms are between you and Gid only; Google LLC is not a party.

• The Service is distributed via Google Play under the Google Play Developer Distribution Agreement. Your use of Google Play is governed by Google's terms.
• You acknowledge that the Service may use generative AI features. We provide a mechanism within the Service to report harmful or inappropriate AI outputs (abuse@gidai.ca or in-product flag, see Section 5.3).
• For account-deletion requirements under Google Play's Data Deletion Policy, see Section 14.4 and our publicly accessible deletion page at gidai.ca/delete-account.
• For data-disclosure requirements under Google Play's Data Safety section, see our Privacy Policy.

20. Changes to These Terms

We may update these Terms from time to time. For material changes, we will give you at least 30 days' advance notice by email to your registered address, by in-product notice, or by updating the "Last Updated" date at the top of this page and prompting you to re-accept on next sign-in.

If you object to a material change, your remedy is to cancel your subscription and stop using the Service before the change takes effect. Continued use of the Service after the change takes effect constitutes acceptance of the updated Terms.

Previous versions of these Terms are archived at gidai.ca/legal/archive for your reference.

21. General Provisions

21.1 Entire agreement

These Terms, together with the documents incorporated by reference (Privacy Policy, AUP, DPA, SLA, Sub-processors list, and any Order or MSA), constitute the entire agreement between you and Gid regarding the Service and supersede any prior or contemporaneous understandings on the same subject. In the event of conflict, the order of precedence is: signed MSA > Order > DPA (for processing of Personal Data) > these Terms > SLA > AUP > Privacy Policy > Sub-processors list.

21.2 Force majeure

Neither party is liable for any failure or delay in performance caused by events beyond its reasonable control, including acts of God, natural disasters, war, terrorism, riots, civil unrest, government action, labor disputes, internet or telecommunications failures at the public-internet backbone level, pandemics, or other emergencies. The affected party must promptly notify the other and use commercially reasonable efforts to resume performance.

For clarity, a denial-of-service attack, credential-stuffing attack, malware intrusion, or other hostile third-party action targeting the Service or Customer's account is not, by itself, a force majeure event. Such events are governed by Sections 11.4 (Incident Response) and 16.6 (Security Incidents — Specific Allocation), which preserve each party's security responsibilities and the appropriate allocation of liability under the governing law.

21.3 Notices

Legal notices to Gid must be sent to Gid Solutions, Inc., 390 Henri-Bourassa, Papineauville, Quebec, Canada, J0V 1R0, with a copy by email to legal@gidai.ca. Legal notices to you may be sent to the email address on your account or, where required by law, to your registered postal address.

21.4 Assignment

You may not assign or transfer these Terms or any of your rights or obligations under them, in whole or in part, without our prior written consent (not to be unreasonably withheld). We may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets, with notice to you. Any attempted assignment in violation of this Section is void.

21.5 Independent contractors

The parties are independent contractors. Nothing in these Terms creates an agency, partnership, joint venture, fiduciary, or employment relationship between the parties.

21.6 Third-party beneficiaries

There are no third-party beneficiaries to these Terms, except for Apple Inc. and its subsidiaries as set out in Section 18.

21.7 Severability

If any provision of these Terms is held to be unenforceable or invalid by a court of competent jurisdiction, that provision will be enforced to the maximum extent permissible and the remaining provisions will remain in full force and effect.

21.8 No waiver

A party's failure or delay to exercise any right under these Terms is not a waiver. No waiver is effective unless in writing and signed by the waiving party.

21.9 Export and sanctions

You must comply with all applicable export-control and economic-sanctions laws, including those of the United States, Canada, the United Kingdom, the European Union, and the United Nations. You represent that you are not on any restricted-party list maintained by those authorities and will not use the Service to violate any such law.

21.10 Anti-bribery

Each party will comply with applicable anti-bribery and anti-corruption laws, including the U.S. Foreign Corrupt Practices Act, the Canadian Corruption of Foreign Public Officials Act, and the U.K. Bribery Act.

21.11 Headings and interpretation

Headings are for convenience only and do not affect interpretation. The words "include", "including", and "such as" are interpreted as "without limitation". The singular includes the plural and vice versa.

21.12 Language

The English version of these Terms is the controlling version. Translations are provided for convenience and have no legal effect to the extent of any conflict with the English version, except where applicable law (such as Quebec Law 25 or Quebec's Charter of the French Language) gives a translated version equal or controlling weight.

22. Contact