Skip to main content

Terms of Service

Last updated: August 23, 2025

1. Overview and Acceptance

These Terms of Service (the "Terms") govern access to and use of the COBOLpro platform, products, professional services, and related websites (collectively, the "Services"). By executing an order form, SOW, or by accessing the Services, the entity or organization you represent ("Customer") accepts these Terms. If you are entering into these Terms on behalf of a Customer, you represent that you are authorized to bind that Customer.

If the parties have executed an Order Form, SOW, DPA, or SLA (each, an "Order Document"), those govern to the extent of a conflict with these Terms.

2. Definitions

  • Affiliate: any entity controlling, controlled by, or under common control with a party.
  • Customer Data: code, documentation, metadata, and other information Customer submits to the Services.
  • Generated Output: content, suggestions, documentation, or artifacts produced by AI features.
  • Personal Data: information relating to an identified or identifiable natural person.
  • Order Form: a mutually executed document specifying a subscription, quantities, and pricing.
  • Professional Services: staffing, configuration, migration, or consulting services provided under an SOW.
  • SLA: the service level commitments referenced in Section 10 or a separate SLA document.

3. Access, License and Restrictions

  • Subject to timely payment, COBOLpro grants Customer a limited, non-exclusive, non-transferable right to access and use the Services for Customer’s internal business purposes during the Subscription Term.
  • Customer will not: (a) sublicense, resell, or provide the Services to third parties; (b) circumvent technical controls; (c) decompile, reverse engineer, or derive source code except to the extent permitted by law; (d) use the Services to develop a competing product; or (e) use the Services in violation of law, including export, sanctions, or privacy laws.
  • Seats and usage metrics are limited to the quantities in the Order Form. Usage beyond contracted quantities may be invoiced at then-current rates.

4. Accounts and Administration

  • Customer is responsible for configuring SSO/SCIM (if applicable) and maintaining accurate role assignments and least-privilege access.
  • Customer will maintain the confidentiality of credentials and is responsible for activities under its accounts.
  • Customer will promptly notify COBOLpro of suspected unauthorized access or security incidents related to the Services.

5. Customer Data; Generated Output

  • As between the parties, Customer retains all right, title, and interest in and to Customer Data. Customer grants COBOLpro a limited license to host, process, transmit, and display Customer Data to provide and improve the Services (excluding training of foundation models per Section 9).
  • Generated Output is owned by Customer to the extent permitted by applicable law. Customer is responsible for reviewing and validating Generated Output, including for accuracy, completeness, and fitness for purpose.
  • Customer will not submit data it is not authorized to process and will ensure inputs and outputs comply with Customer’s internal policies and laws.

6. Data Protection and Processing

COBOLpro will process Personal Data in accordance with a Data Processing Addendum ("DPA"). At Customer’s request, COBOLpro will execute a DPA with SCCs/IDTA/BCRs as required.

  • Data residency and logical segregation are available where supported; on‑premise/air‑gapped options may be provided per Order Form.
  • Upon termination or at Customer’s request, COBOLpro will delete or return Customer Data within 60 days, except where retention is required by law or for audit/defense purposes.
  • COBOLpro may use aggregated, de‑identified metrics for improving the Services and benchmarking, provided no Customer Confidential Information is revealed.

7. Security

  • COBOLpro maintains an information security program aligned to SOC 2 Type II and industry best practices, including access controls, encryption in transit and at rest, vulnerability management, and logging/monitoring.
  • COBOLpro will notify Customer without undue delay of a confirmed Security Incident affecting Customer Data and will provide details and remediation steps consistent with applicable law.
  • Penetration tests and third‑party audits may be shared under NDA. Customer may conduct reasonable security due diligence subject to scheduling and scope limits.

8. Professional Services

Professional Services (including staffing, migrations, integrations, and enablement) are governed by an SOW. Deliverables and acceptance criteria will be defined in the SOW.

  • Unless stated otherwise in an SOW, Professional Services are provided on a time-and-materials basis.
  • Customer will provide necessary access, information, and resources to enable performance.

9. AI / ML Features

  • Unless expressly agreed in writing, Customer Data is not used to train third‑party foundation models. COBOLpro may fine‑tune internal models on de‑identified, ephemeral telemetry to improve accuracy for the Customer’s own environment.
  • AI outputs may be probabilistic and could contain inaccuracies; Customer remains responsible for review and testing before production use.
  • COBOLpro may employ Retrieval‑Augmented Generation (RAG) from Customer’s repositories to increase output relevance; Customer governs scope through configuration.

10. Support; Service Levels; Maintenance

  • Support. COBOLpro provides enterprise support during Business Hours and 24×7 for Severity 1 incidents (if purchased). Target initial response times: Sev1 (Critical) 1 hour, Sev2 (High) 4 hours, Sev3 (Medium) 1 business day, Sev4 (Low) 2 business days.
  • Availability. For cloud deployments, COBOLpro targets 99.9% monthly uptime (Standard) and 99.95% (Premium) excluding: planned maintenance with ≥48 hours’ notice, emergency maintenance, Customer-caused issues, third‑party outages, and force majeure.
  • Service Credits. If monthly uptime falls below target, Customer may request credits within 30 days after the month end: 99.9%–99.5% → 5%; 99.5%–99.0% → 10%; <99.0% → 20% of the monthly subscription for the affected Service. Credits are Customer’s sole remedy for availability issues.
  • Maintenance. COBOLpro may roll out updates that improve security, reliability, or functionality; Customer will implement client updates reasonably required for compatibility.

11. Third‑Party Services

The Services may interoperate with third‑party products (e.g., SCMs, CI/CD, ticketing, LLM APIs). COBOLpro is not responsible for third‑party services and does not control their terms or availability. Use of third‑party services is governed by the third party’s terms.

12. Fees, Invoicing, Taxes

  • Fees and billing schedules are set forth in the Order Form. Unless stated otherwise, fees are invoiced annually in advance and payable net 30 days.
  • Fees are exclusive of taxes. Customer is responsible for applicable taxes other than COBOLpro’s income taxes.
  • Late payments may accrue interest at 1.5% per month (or the maximum allowed by law) and may result in suspension after notice.
  • Usage above contracted quantities may be charged at overage rates specified in the Order Form.

13. Confidentiality

  • Each party will protect the other party’s Confidential Information using at least the same degree of care it uses to protect its own similar information, but no less than reasonable care.
  • Confidentiality obligations do not apply to information that is publicly available without breach, independently developed, or rightfully received from a third party.
  • Compelled disclosures are permitted with prompt notice (where legally permissible) and reasonable cooperation.

14. Intellectual Property; Feedback

  • COBOLpro and its licensors retain all rights in the Services, software, models, and documentation.
  • Customer grants COBOLpro a worldwide, perpetual, irrevocable, royalty‑free license to use and incorporate feedback without obligation.

15. Warranties; Disclaimers

  • COBOLpro warrants it will provide the Services in a professional and workmanlike manner consistent with industry standards.
  • COBOLpro does not warrant that the Services will be uninterrupted or error‑free.
  • EXCEPT AS EXPRESSLY STATED, THE SERVICES ARE PROVIDED “AS IS,” AND COBOLpro DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON‑INFRINGEMENT.

16. Indemnification

COBOLpro IP Indemnity

COBOLpro will defend Customer against third‑party claims alleging that the Services infringe a U.S., U.K., or EU intellectual property right, and will pay damages finally awarded (or settlement amounts approved by COBOLpro), provided Customer promptly notifies COBOLpro and provides reasonable cooperation and sole control of the defense.

If the Services are enjoined, COBOLpro may: (a) procure rights; (b) modify the Services to be non‑infringing; or (c) terminate the impacted Services and refund prepaid unused fees. COBOLpro has no liability for claims arising from (i) Customer Data; (ii) combinations with items not provided by COBOLpro; or (iii) use not in accordance with documentation.

Customer Indemnity

Customer will defend COBOLpro against claims arising from Customer Data, Customer’s use of the Services in violation of law or these Terms, or from third‑party services configured by Customer, and will pay damages finally awarded.

17. Limitation of Liability

  • TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY.
  • EXCEPT FOR (A) FEES DUE, (B) A PARTY’S INDEMNIFICATION OBLIGATIONS, OR (C) CUSTOMER’S BREACH OF LICENSE RESTRICTIONS, EACH PARTY’S AGGREGATE LIABILITY IS LIMITED TO THE AMOUNTS PAID OR PAYABLE BY CUSTOMER FOR THE SERVICES GIVING RISE TO THE CLAIM IN THE 12 MONTHS BEFORE THE FIRST EVENT.

18. Term; Suspension; Termination

  • Term. The Term begins on the Effective Date of the first Order Form and continues while any subscription remains in effect.
  • Suspension. COBOLpro may suspend the Services for material breach (including non‑payment) after notice and a reasonable cure period, or to address a Security Incident, legal requirement, or risk to the Services.
  • Termination. Either party may terminate for material breach not cured within 30 days’ written notice. Upon termination, Customer’s access ceases and COBOLpro will delete or return Customer Data per Section 6.

19. Publicity; Marks

COBOLpro may use Customer’s name and logo to identify Customer as a client, subject to Customer’s brand guidelines. Any press release requires mutual written approval.

20. Compliance; Export; Government Use

  • Each party will comply with applicable law, including anti‑corruption and sanctions laws.
  • The Services may be subject to export controls. Customer will not export or allow access contrary to U.S. or other applicable export laws.
  • If Customer is a U.S. Government end user, the Services are provided as “commercial computer software” subject to FAR 12.212/DFARS 227.7202.

21. Miscellaneous

  • Assignment. Neither party may assign without the other’s consent, except to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets.
  • Subprocessors. COBOLpro may use subprocessors; a current list is available upon request. COBOLpro remains responsible for subprocessors’ performance.
  • Force Majeure. Neither party is liable for delays or failure due to events beyond reasonable control.
  • Notices. Legal notices must be in writing and sent to the addresses specified in the Order Form or to legal@cobolpro.com.
  • Governing Law; Venue. These Terms are governed by the laws of the State of California, excluding conflicts rules. The parties consent to exclusive jurisdiction and venue in the state and federal courts located in San Francisco County, California.
  • Entire Agreement; Order of Precedence. These Terms and applicable Order Documents form the entire agreement. Order of precedence: (1) Order Form/SOW, (2) DPA, (3) SLA, (4) these Terms, (5) documentation.
  • Severability; Waiver. If a provision is unenforceable, the remainder remains in effect. Failure to enforce is not a waiver.

22. Contact

If you have questions about these Terms, please contact:

Email: legal@cobolpro.com

Address: COBOLpro, San Francisco, CA, USA

23. Enterprise Controls and Assurances

The following additional controls are available to Enterprise Customers as specified in an Order Form or Enterprise Addendum.

  • Security Program Detail. Encryption in transit (TLS 1.2+) and at rest (AES‑256); centralized key management (KMS/HSM); network isolation; least‑privilege access; background checks for personnel with data access; security awareness training.
  • Vulnerability Management. Risk‑based remediation aligned to CVSS: Critical within 7 days, High within 30 days, Medium within 90 days. Emergency out‑of‑band patching for actively exploited issues.
  • Security Testing and Reports. Annual third‑party penetration test and SOC 2 Type II/ISO 27001 reports available under NDA; summary of findings and remediation tracking upon request.
  • Subprocessors and Change Notice. Current subprocessor list available upon request. COBOLpro will provide ≥30 days’ notice of material subprocessor changes and accept reasonable objections for data protection risks.
  • Audit Rights. Once per 12‑month period, on 30 days’ notice and during business hours, Customer (or its appointed auditor) may conduct a reasonable security and compliance audit (paper/remote by default) under NDA, without disrupting operations.
  • Incident Response. Confirmed personal data breaches will be notified to Customer without undue delay and no later than 72 hours. COBOLpro will provide incident details, mitigation steps, and cooperate with Customer’s regulatory notifications.
  • Business Continuity and Disaster Recovery. Documented BCDR program with at least annual testing. Standard RTO: 24 hours; RPO: 4 hours. Premium options available (e.g., RTO 4 hours, RPO 1 hour) per Order Form.
  • Data Residency and Isolation. Region selection and logical segregation by tenant. Dedicated VPC/VNET and single‑tenant deployment (including on‑prem/air‑gapped) available as an add‑on.
  • Customer‑Managed Keys (CMK). Optional integration with Customer KMS for envelope encryption and key rotation policies; key revocation disables access to encrypted data.
  • Logging and SIEM. Access and admin activity logs retained ≥12 months. Optional export/integration to Customer SIEM via API/webhooks.
  • Change Management. Backward‑incompatible API changes will be announced ≥60 days in advance with deprecation timelines; emergency fixes may proceed to protect security/reliability.
  • Privacy by Design. Data minimization, purpose limitation, and role‑based access enforced in product and process; DPIAs available under NDA where legally required.
  • HIPAA/PCI/GxP Support. HIPAA Business Associate Addendum (BAA) and PCI scope guidance available when applicable to Customer’s use case, as specified in an Order Form.
  • Data Export and Termination Assistance. During the Term and for 60 days post‑termination, Customer may export data (JSON/CSV/PDF/OpenAPI where applicable). Professional termination assistance is available at then‑current rates, and a deletion certificate will be provided upon completion.
  • Software Escrow (On‑Prem). For on‑prem components, code escrow can be arranged with release triggers for vendor insolvency or material, uncured breach.
  • Insurance. COBOLpro maintains commercial general liability and cyber liability insurance with industry‑standard limits; certificates of insurance available under NDA.