PostureIQ

Terms of Service

Last updated: 1 May 2026

1. Acceptance

By creating an account, uploading audit data, or otherwise using PostureIQ (the “Service”), you agree to be bound by these Terms of Service (“Terms”). If you do not agree, do not use the Service. The Service is operated by ArimaiTech (“we”, “us”), a sole trader established in Malta.

2. Service Description

PostureIQ analyses Microsoft 365 tenant configuration data against published compliance frameworks (CIS M365, ISO 27001:2022, DORA, NIS2, NIST CSF 2.0, CIS Intune) and produces posture scores, findings, and remediation guidance.

The Service is an analytical tool, not a formal certification or legal opinion. Outputs are derived from configuration data you provide and from framework mappings authored by ArimaiTech. PostureIQ does not replace a qualified auditor, legal counsel, or a regulator's determination of compliance.

3. Account & Eligibility

  • You must be at least 18 years old to create an account.
  • You must be authorised by the organisation whose M365 tenant you upload data for.
  • You are responsible for the accuracy of the registration details you provide.
  • You are responsible for keeping your account credentials confidential and for all activity under your account.
  • One organisation per tenant on the free plan; supporters may manage up to ten tenants.

4. Acceptable Use

You agree not to:

  • Reverse engineer, decompile, or attempt to extract the source code of the Service
  • Upload data containing malware, exploits, or content you are not authorised to share
  • Use the Service to violate any law, regulation, or third-party right
  • Attempt to gain unauthorised access to other organisations' data or to our infrastructure
  • Resell, sublicense, or redistribute the Service or its outputs to parties outside your organisation without our prior written consent
  • Use automated means to scrape the Service beyond the documented APIs

5. Intellectual Property

The Service, including the compliance rule engine, framework mappings, remediation library, UI, and documentation, is owned by ArimaiTech and protected by copyright and other intellectual property laws. We grant you a limited, non-exclusive, non-transferable licence to use the Service during your active subscription or free-tier usage.

You retain all rights to the M365 configuration data you upload (“Customer Data”). You grant us a limited licence to process Customer Data solely to provide the Service to you, including generating your reports and remediation guidance. We claim no rights to your Customer Data beyond what is necessary for service delivery, and our processing is further governed by our Data Processing Agreement.

6. Fees & Payment

  • The free plan is provided at no cost, subject to the limits documented on the postureiq.arimaitech.com pricing page.
  • The “Buy me a coffee” supporter option is a one-time charge of €3 that extends supporter access for 30 days. Payments stack: each successful payment adds 30 days from the current expiry date.
  • Payments are processed by Stripe Inc. We do not store full card details on our infrastructure.
  • VAT is included where applicable. ArimaiTech is registered in Malta.
  • All fees are non-refundable except as required by law (see Section 7).

7. Refunds & Disputes

Because the supporter option is a low-value, time-bound benefit (€3 / 30 days), we do not operate a discretionary refund programme. We will honour refund obligations imposed by EU consumer law and by your card-issuer's chargeback rules.

If a refund is issued or a chargeback is opened against a supporter payment, supporter access tied to that payment is revoked automatically and immediately. Where a chargeback is later resolved in our favour and you wish to have supporter access reinstated, contact info@arimaitech.com.

8. Service Availability

We provide the Service on a best-effort basis. The free tier is offered without a service-level agreement. The Service depends on third-party infrastructure including Vercel (hosting), Supabase (database and authentication), Stripe (payments), and Anthropic (AI analysis); their availability is outside our direct control.

Planned maintenance windows are communicated in advance where reasonably practicable. We do not guarantee uninterrupted, error-free operation.

9. Limitation of Liability

To the maximum extent permitted by law, our aggregate liability arising out of or relating to the Service in any twelve-month period is limited to the total fees you paid us in that twelve-month period.

We are not liable for indirect, incidental, consequential, special, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, or business interruption, even if advised of the possibility of such damages.

Nothing in these Terms excludes liability that cannot be excluded under applicable law, including liability for fraud, gross negligence, or wilful misconduct.

10. Disclaimers

The Service is provided “as is” and “as available” without warranties of any kind, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

We make no warranty that the Service's outputs constitute legal, regulatory, or audit compliance, that they will identify every misconfiguration in your tenant, or that following our remediation guidance will satisfy any specific regulator, certification body, or court. Compliance determinations remain your responsibility.

11. Termination

Either party may terminate this agreement at any time. You may delete your account from Settings > Account, which will remove your data within 90 days (subject to legal retention obligations). We may suspend or terminate accounts that violate these Terms, with notice where reasonably practicable.

On termination, your access to the Service ends immediately, supporter benefits cease, and we delete or anonymise your data within 90 days. The provisions of Sections 5, 6, 7, 9, 10, 12, and 13 survive termination.

12. Governing Law & Jurisdiction

These Terms are governed by the laws of Malta. The courts of Malta have exclusive jurisdiction over any dispute arising out of or relating to these Terms or the Service, save that we may seek injunctive relief in any competent court to protect our intellectual property rights.

Nothing in this section deprives you of the protection afforded by mandatory consumer-protection provisions of the law of the country in which you reside.

13. Contact

ArimaiTech
Email: info@arimaitech.com

See also our Privacy Policy and Data Processing Agreement.