Terms of service
Effective: 2026-06-04. Last updated: 2026-06-04.
These Terms of Service (“Terms”) govern your use of NitroxBrain (the “Service”), operated by NitroX Consulting SAS (“we”, “us”, “our”), registered in France. By using the Service, you agree to these Terms.
If you do not agree, do not use the Service.
1. What NitroxBrain is
NitroxBrain is a conversational AI assistant that connects to the tools your team already uses — Google Workspace (Gmail, Drive, Calendar, Docs, Sheets, Contacts), Microsoft 365 (Outlook, OneDrive, Calendar, Teams), Slack, Google Chat, Trello, and CRMs (HubSpot, Pipedrive, Zoho, Brevo) — and helps you find information, draft content, schedule meetings, and act on your data through chat.
You interact with NitroxBrain inside your existing chat client (Slack, Google Chat, Microsoft Teams). The Service authenticates against the third-party platforms you connect — via OAuth, or via an API key you provide for integrations that use one (e.g. Brevo) — and only accesses the data scopes you have explicitly granted.
2. Eligibility
You must be at least 18 years old to use the Service. You must use the Service in compliance with all applicable laws.
If you use the Service on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms.
3. Account, authentication, and connections
The Service does not maintain its own user passwords. You authenticate via the OAuth flows of the platforms you connect (Google, Microsoft, Slack, etc.). Some integrations instead use a per-user API key that you generate on the platform and provide to the Service (e.g. Brevo). You are responsible for keeping your accounts, and any API keys you provide, secure.
You can revoke NitroxBrain’s access to any connected platform at any time. For OAuth connections, revoke from that platform’s account settings (e.g. Google Account → Security → Connected apps); revocation takes effect immediately on the provider side and is detected by the Service on the next interaction. For API-key connections, revoke by deleting or rotating the key in the platform (e.g. Brevo → SMTP & API → API Keys) and/or disconnecting the integration in the Service.
4. What we do with your data
We act as a data processor for the user data accessed via the connections you authorise, whether by OAuth or API key (Gmail messages, Drive files, Calendar events, Slack messages, Brevo contacts, etc.). You and your organisation remain the data controllers.
Detailed data-handling rules are in our Privacy Policy. Key points:
- EU residency. All compute and storage runs in Google Cloud
europe-west1(Belgium) and AWS Lightsaileu-west-3(Paris). - No content persistence beyond chat history. Email bodies and file content are loaded into the AI model’s context for one conversation turn, then discarded.
- Per-user isolation. Each user has a dedicated isolated compute instance and a dedicated encrypted storage bucket. User A’s data is technically unreachable from user B’s instance.
- No sale of data. We do not sell or rent your data, nor share it with third parties for marketing.
- No model training on your data. Your data is not used to train any general-purpose AI model.
- Subprocessors. We use Anthropic (LLM provider, Claude), OpenAI (LLM provider; also voice-memo transcription via Whisper at the dispatcher boundary), Google Cloud (infrastructure + Gemini LLM API), AWS (infrastructure), AssemblyAI (audio transcription, opt-in), Tavily (web search, opt-in), Mistral (LLM provider, opt-in). The current list with role + region per subprocessor is in the Privacy Policy.
5. Restricted-scope handling (Gmail, Drive)
When you grant NitroxBrain access to Gmail (gmail.modify) or Drive (drive), the following additional rules apply:
- The Service does not crawl, index, or batch-process your Gmail or Drive. Every API call is bounded by an explicit user message in the same conversation turn.
- Email drafts created by NitroxBrain are never auto-sent. You review and confirm every send through the chat interface.
- File writes (new Docs, Sheets, content edits) are always visible in your Google web UI before NitroxBrain reports them as done. You can roll back via your provider’s version history.
- Audit log records the action (e.g. “read inbox for query X”) and the result count — never the content itself. The audit log is tamper-evident and retained 7 years on a write-once-read-many (WORM) storage tier.
The per-scope justifications (what we read, what we write, what we deliberately do not do) are public at /scopes.
6. Acceptable use
You agree NOT to use the Service to:
- Access, read, or modify data belonging to a person who has not granted you authority to do so.
- Reverse-engineer, scrape, or attempt to extract the underlying model or its training data.
- Generate content that is illegal, defamatory, hateful, harassing, or that infringes anyone’s rights.
- Generate or distribute malware, phishing content, spam, or disinformation campaigns.
- Probe, scan, or attempt to bypass the security mechanisms of the Service or the connected platforms.
- Use the Service to compete with us in offering a substantially similar product.
We reserve the right to suspend or terminate access if we believe these terms have been violated, with notice where reasonably possible.
7. Service availability + warranty disclaimer
The Service is provided “as is” and “as available”. We do not guarantee uninterrupted availability. We do our best to maintain high uptime but do not provide a formal SLA outside of negotiated enterprise agreements.
To the extent permitted by applicable law, we disclaim all implied warranties (merchantability, fitness for a particular purpose, non-infringement).
8. Limitation of liability
To the maximum extent permitted by law, NitroX Consulting SAS shall not be liable for any indirect, consequential, incidental, or punitive damages, including loss of profits, data, or business opportunities, arising from your use of or inability to use the Service.
Our total aggregate liability for any claim arising under these Terms shall not exceed the amount you paid us for the Service in the 12 months immediately preceding the claim, or €100 if you have not paid anything.
9. Intellectual property
You retain all rights to the data and content you provide to the Service.
We retain all rights to the Service itself (the chat agent, the integrations layer, the supporting infrastructure, the documentation), including any improvements or derivative works.
You grant us a limited, non-exclusive, non-transferable licence to access and process the data you connect (via OAuth or API key), solely to the extent necessary to provide the Service.
10. Pricing, payment, and termination
If the Service is offered to you on a paid basis, pricing and payment terms are presented at the time of subscription. We may modify pricing for future renewal periods with at least 30 days’ notice.
You may stop using the Service at any time. Revoking OAuth grants — or deleting any API keys you provided — on the connected platforms is the cleanest stop signal; once revoked, the Service can no longer access your data.
We may terminate or suspend access in case of non-payment, breach of these Terms, or where required by law, with notice where reasonably possible.
On termination, we will delete your data within 30 days, subject to the audit-log retention obligations described in our Privacy Policy.
11. Changes to these Terms
We may update these Terms periodically. Material changes will be announced via the Service (in-chat notice) and via email to your registered address, at least 30 days before they take effect. Your continued use after the effective date constitutes acceptance.
The version of these Terms in effect at any time is published at /terms with the effective date in the header.
12. Governing law + jurisdiction
These Terms are governed by French law. Any dispute arising from these Terms will be submitted to the competent courts of Paris, France, except where mandatory local consumer-protection law assigns jurisdiction elsewhere.
13. Security disclosure
Security vulnerabilities can be reported per our public disclosure policy at SECURITY.md or RFC 9116 security.txt. Contact: security@nitroxconsulting.com.
14. Contact
Operator: NitroX Consulting SAS, France.
General support: support@nitroxbrain.com.
Security: security@nitroxconsulting.com.
Privacy / data-protection: privacy@nitroxconsulting.com (also listed in the Privacy Policy).
