The contracting entity under these Terms is the Company (as defined in the “Defined Terms and Party Aliases” section). The Service is a hosted, online software-as-a-service offering made available by the Company, together with related Sites, dashboards, interfaces, tools, APIs/SDKs, documentation, and other materials the Company may provide from time to time. The Service is provided remotely over the internet; no on-premises deployment is offered, except for any client components made available solely to enable use of the Service. Customer’s access to and use of the Service are governed by these Terms, the Policies, and any applicable Orders. Any descriptions of functionality, public statements, product roadmaps, or forward-looking features are for information purposes only and do not constitute a commitment to deliver or maintain any particular functionality. The Company may modify the Service in accordance with these Terms.

Customer accepts these Terms as of the Effective Date by placing an Order that references them or by otherwise indicating acceptance, including creating an account or accessing or using the Service. These Terms apply together with the Policies and any Orders, each incorporated by reference and updateable as permitted by these Terms. Orders govern commercial details shown in the ordering flow or dashboard. Any preprinted or purchase-order terms are void unless the Company agrees in writing.

The Service is provided for business or professional use only. Customer must be (a) a legal entity or (b) a natural person acting as a sole proprietor or otherwise for business purposes, and not as a consumer for personal, family, or household purposes. The individual accepting these Terms represents and warrants that they are at least 18 years old and have authority to bind Customer. Customer is responsible for all access to and use of the Service under its account and will ensure such use complies with these Terms and applicable law. If Customer does not meet these requirements, the Service must not be accessed or used.

Customer represents and warrants that the individual accepting these Terms and any individual who accesses the Service on Customer’s behalf is at least 18 years of age (or the age of majority where higher under applicable law) and has legal capacity to enter into these Terms. The Service is not intended for minors, and Customer will not permit minors to use the Service. If these requirements are not met, the Service must not be accessed or used.

Customer must create an account to use the Service and will provide accurate, current, and complete information and keep it updated. Customer must keep all access credentials confidential and must not share, sell, or transfer them to any third party; Customer is responsible for all activities that occur under its account (including by any person who gains access using Customer’s credentials). Customer will promptly notify the Company of any suspected unauthorized access or security incident at security@blazeauth.net and will cooperate in any remedial actions. The Company may refuse, reclaim, or disable account identifiers that are misleading, infringing, or otherwise violate these Terms or the Policies, and may suspend access to protect the Service or investigate suspected violations. Customer will ensure that all use of the Service under its account complies with these Terms, the Policies, and applicable law.

Customer will generate and maintain access credentials (including any keys or tokens) for use of the Service and will keep them confidential and secure. Customer will implement reasonable safeguards (such as secure storage and periodic rotation) and will not share, sell, sublicense, or otherwise disclose credentials to third parties except as expressly permitted by these Terms. Customer will promptly notify the Company of any suspected compromise or misuse and will cooperate in remediation. The Company may require or offer additional protection measures (for example, multi-factor authentication or credential rotation) and may modify credential formats or issuance processes from time to time. The Company may revoke or reissue credentials to protect the Service or address suspected violations of these Terms or the Policies.

Either party may assign these Terms and any Orders, in whole and without consent or notice, including to an affiliate, successor, or acquirer, or by operation of law. Any assignee must agree in writing to be bound by these Terms and applicable Orders. Partial assignments are void. Obligations accrued before the effective date of an assignment remain with the assigning party. These Terms do not grant Customer any right to resell, sublicense, or provide the Service as a stand-alone offering.

Subject to these Terms, the Policies, and any applicable Orders, the Company grants Customer a limited, non-exclusive, non-sublicensable, non-transferable (except under Section 3.3) right to access and use the Service solely for Customer’s internal business or professional purposes during the applicable subscription term. The Company reserves all rights not expressly granted.

Customer must use the Service in compliance with the Acceptable Use Policy (AUP) and applicable law. Without limiting the AUP, Customer will not: (a) copy, modify, or create derivative works of the Service; (b) reverse engineer, decompile, or attempt to derive source code except to the extent a restriction is prohibited by law; (c) bypass, interfere with, or disable security, usage, or access controls; (d) resell, sublicense, provide the Service as a stand-alone offering, or operate a service bureau; (e) access the Service in a manner intended to burden or disrupt it; (f) use the Service to infringe intellectual property, privacy, or other rights; or (g) remove, alter, or obscure proprietary notices.

The Service may include or interact with third-party components (including open-source software) governed by separate licenses; to the extent of any conflict, those licenses control for their components. The Company may take reasonable steps (including suspension) to address suspected violations of this Section or the AUP.

The Company may establish and modify technical and usage limits for the Service, including API limits. Current limits may be shown on a Service Limits page or within the dashboard and may vary by account or subscription. Material adverse changes, if any, will be communicated as described in Section 9.2.

Customer will use the Service consistent with fair use and will not attempt to bypass or evade limits. The Company may monitor usage to operate and secure the Service and may apply automated controls such as throttling, queuing, temporary blocks, or connection caps. Exceeding limits or causing undue load may result in temporary restrictions or suspension of affected operations or, in repeated or egregious cases, of the account under Section 10.

Customer is responsible for configuring integrations to respect limits and for implementing reasonable retry and backoff behavior consistent with the documentation. Additional capacity or higher limits may be offered at the Company’s discretion but are not guaranteed.

Customer is solely responsible for the data it submits to the Service, including any user identifiers and usage metadata. Customer will not include sensitive personal data or secrets in such data (for example, government IDs, financial or health data, biometric or precise location data, authentication credentials, or information about minors). Where identification is required, Customer should use pseudonymization (e.g., hashing with a salt) and data minimization. The Company has no obligation to monitor, retain, or return data that violates these Terms or the Policies and may remove or restrict access to such data. Customer is responsible for providing any notices to, and obtaining any permissions from, End Users required by applicable law.

The Service may interoperate with or provide links to third-party services, websites, or components (“Third-Party Services”). Third-Party Services are not under the Company’s control, and Customer’s use of them is governed by their own terms and privacy policies, not these Terms. The Company is not responsible for the availability, security, or performance of Third-Party Services.

If Customer enables an integration or interoperation, Customer instructs the Company to exchange Customer Content and related data with the relevant Third-Party Service as reasonably necessary to provide the interoperation. The third party’s processing is that party’s responsibility, and Customer is responsible for obtaining any required notices or permissions from End Users.

The Service may include or be distributed with open-source or third-party components subject to separate licenses; to the extent of any conflict, those licenses govern their components. The Company may modify, suspend, or discontinue integrations or components (for example, if a provider changes its API or terms).

Customer retains all right, title, and interest in and to Customer Content. No ownership rights are transferred to the Company under these Terms. Customer grants the Company and its Subprocessors a worldwide, non-exclusive, royalty-free license to host, store, reproduce, transmit, display, and otherwise process Customer Content solely to provide, maintain, secure, and support the Service, and to comply with law.

Customer represents and warrants that it has all necessary rights, consents, and permissions to submit Customer Content and to grant the foregoing license, and that Customer Content (and its authorized use under these Terms) does not infringe or violate any rights or laws. Customer is responsible for any required notices to, and permissions from, End Users. Upon termination or expiration of the applicable subscription term, the Company may delete Customer Content in accordance with these Terms and the Policies; the Company has no obligation to provide data export or continued storage except where required by law.

The Company does not pre-screen or continuously monitor Customer Content. Customer is solely responsible for Customer Content and for ensuring that its collection and use comply with these Terms, the Policies (including the Acceptable Use Policy), and applicable law.

The Company may remove, disable, or restrict access to Customer Content, or suspend affected operations of the Service, if the Company reasonably believes that the content or its use violates these Terms, the Policies, or law, poses a security or legal risk, or is the subject of a credible complaint or demand. The Company may request information to verify rights or compliance, and may preserve or disclose Customer Content as required by law. The Company has no obligation to store, maintain, or return any Customer Content removed under this Section, and—to the extent permitted by law—no refunds or credits are due for enforcement actions.

Prohibited content and activities are described in the Acceptable Use Policy. Claims concerning intellectual property are handled under the Intellectual Property Claims Procedure.

The Company respects intellectual property rights and expects the same from Customers. If you believe material available through the Service infringes your rights, send an Intellectual Property Notice to seo@blazeauth.net. Your notice should include: (a) identification of the right allegedly infringed (e.g., copyright, trademark, patent) and, where available, registration details; (b) identification of the material and its precise location within the Service (URLs, account or item identifiers, and relevant screenshots); (c) your contact information and authority to act; and (d) a statement that you have a good-faith belief the use is unauthorized and that the information in the notice is accurate.

Upon receipt, the Company may (at its discretion) forward the notice to the relevant Customer, request additional information, temporarily disable or remove the material, or decline to act on incomplete or facially deficient notices. The Company is not an adjudicator of third-party disputes and may take or decline action without determining the merits.

If Customer believes the notice is mistaken or that Customer has authorization, Customer may submit a counter-notice to seo@blazeauth.net describing the material, its prior location, and the basis for authorization, with supporting documents and contact details. The Company may restore access at its discretion unless required by law to maintain a restriction.

The Company may disclose notices and counter-notices to the parties involved. Repeated or egregious violations may result in suspension or termination under Section 10 and the Policies.

Customer purchases access to the Service under Orders presented in the ordering flow or account dashboard. Each Order states the subscription term and fees. Unless an Order states otherwise, fees are billed in advance for the applicable term and are non-refundable except as provided in Section 6.4.

Customer authorizes the Company and its payment processor to charge the payment method on file and will keep billing information accurate and current. If a charge is declined or an invoice remains unpaid when due, the Company may suspend or restrict the Service until payment is received. Amounts not timely paid may accrue reasonable late charges or finance charges as permitted by law, and Customer is responsible for reasonable collection costs.

Fees are exclusive of taxes; the Company may charge applicable taxes, and Customer is responsible for any taxes, duties, or withholdings, except for taxes on the Company’s income.

Subscriptions renew automatically for successive periods equal to the expiring term unless auto-renew is turned off in the account settings (or Customer gives written notice) before the end of the then-current term. Service remains available until the term ends; no refunds are provided for the remaining period except as stated in Section 6.4.

Renewals are billed at the fees in effect at renewal unless an Order states otherwise; material pricing changes, if any, are notified under Section 9.2. Renewal is contingent on timely payment; if a renewal charge fails, the Company may suspend the Service under Section 6.1. Free or trial access does not incur charges unless Customer converts to a paid Order.

If a paid subscription is not renewed, the account transitions to a no-charge tier at the end of the then-current term.

If a subscription is downgraded, the account remains on a paid tier at the lower level. Unless stated otherwise in the dashboard or an Order, a downgrade takes effect at the start of the next term; fees for the current term are not reduced or refunded except as provided in Section 6.4.

On the effective date of a transition to a no-charge tier or a downgrade, the account’s Entitlements automatically adjust to the limits of the then-current tier. Entitlements beyond those limits become inactive. Inactive Entitlements are preserved but may not be used or modified by Customer, except for deletion, until the account is upgraded or otherwise brought within limits. The Company may view, access, preserve, or modify inactive Entitlements as necessary to operate, secure, or maintain the Service; to comply with law, legal process, or a governmental request; or to enforce these Terms and the Policies. By default, the most recently created Entitlements remain active up to the applicable limit (with the remainder marked inactive), or as otherwise indicated in the dashboard. The Company may enforce these limits by blocking creation, changes, or transfers that would exceed the current allocation. Previously inactive Entitlements may be re-activated if the account is later upgraded or additional capacity is purchased.

The Company will retain inactive Entitlements (and any associated data within the Service) for at least thirty (30) days from the effective date of the downgrade or transition (the “Retention Window”). After the Retention Window, the Company may permanently delete inactive Entitlements at any time in its discretion, without notice, unless retention is required by law or otherwise agreed in writing. Nothing in this Section limits Customer’s ability to delete inactive Entitlements at any time.

Fees are non-refundable for the elapsed portion of any term; cancellation takes effect at term end. A pro-rata refund for the unused portion may be issued upon Customer’s written request only if the Company determines that, during the term, one of the following applies: (a) Material Unavailability, where core functionality was unavailable for 24 or more consecutive hours in any seven-day period due to the Company’s acts or omissions (excluding scheduled maintenance, events outside the Company’s reasonable control including denial-of-service attacks, Third-Party Services, and Customer’s systems); or (b) Material Misrepresentation, where a feature expressly represented as available in the Order or the Company’s official documentation at purchase was not provided.

Forward-looking statements, roadmaps, and illustrative metrics (such as latency or throughput) are not commitments. Requests must be made within 30 days after the affected period and include reasonable details; any approved refund is issued to the original payment method. No refunds are provided for downgrades effective next term, changes permitted by these Terms, suspensions or enforcement for violations, or usage below purchased capacity. Refunds are provided to the extent required by law.

For Customer Content, Customer acts as controller (or equivalent) and the Company acts as processor (or equivalent), processing only on Customer’s documented instructions as set out in these Terms, the Policies, the documentation, and Customer’s configuration in the dashboard. The Company may act as an independent controller for account, billing, security, and usage data to operate, secure, bill for, and improve the Service and to comply with law. Customer will not submit sensitive personal data or information about minors unless expressly permitted by the Policies or an applicable DPA and configured accordingly.

The Privacy Policy is incorporated by reference. Where Customer acts as a controller of personal data subject to applicable data protection laws, the Company’s Data Processing Addendum (DPA) governs the Company’s processing of Customer Content as processor and forms part of these Terms; in case of conflict on data-protection matters, the DPA controls. Processing may occur in locations where the Company or its Subprocessors operate; no data-residency commitments are provided under these Terms.

The Company may engage Subprocessors, and Customer authorizes such engagement. The Company will impose appropriate contractual protections on Subprocessors and remains responsible for their performance. A list of Subprocessors may be maintained separately and updated from time to time; any notice or objection rights (if applicable) are set out in the DPA or the Policies.

The Company implements reasonable administrative, technical, and organizational safeguards to protect the Service (e.g., encryption in transit/at rest, access controls, and least-privilege practices). The Company may require or offer additional protections (such as multi-factor authentication or credential rotation) and may suspend or restrict access to address security risks or incidents. Backups are not guaranteed. Customer is responsible for secure configuration, protecting access credentials, and maintaining the security of its systems and devices.

Report suspected vulnerabilities privately to security@blazeauth.net with steps to reproduce, impact, scope, and affected components. Do not publicly disclose or share proof-of-concept code until the Company agrees or the issue is fixed.

• Safe harbor. The Company will not pursue legal action or refer to law enforcement for good-faith testing that (i) adheres to this Section, (ii) avoids privacy violations, data destruction, service degradation, or access to data beyond the minimum necessary to demonstrate an issue, and (iii) is promptly reported and cooperatively remediated. This permission is limited to application-layer testing of the Service and does not permit denial-of-service, stress testing, social engineering, phishing, spam, physical intrusion, or attacks against third-party services.
• Scope and accounts. Test only against your own accounts or environments you are authorized to use. Do not attempt to access another Customer’s or End User’s data.
• Triage and fixes. The Company will triage reports and may contact you for details; no SLA is provided for response or remediation.
• Recognition. The Company strongly supports good-faith research and will endeavor to provide recognition or a token reward where appropriate. Any reward or recognition remains wholly discretionary and is not promised, guaranteed, or owed.
• Use of submissions. By submitting a report, you grant the Company a non-exclusive, royalty-free license to use your submission to test, repair, and improve the Service.

The Company may restrict testing areas, change these guidelines, or decline a report (including duplicative or out-of-scope findings). Violations of this Section may result in suspension or other actions under these Terms.

The Company will use commercially reasonable efforts to operate and maintain the Service, but the Service is provided “as is” and without any service-level commitment or guarantees. The Company may perform scheduled or emergency maintenance and may suspend or restrict access to protect the Service or address incidents. No backups or recovery point/time objectives are committed. Any sample metrics, roadmaps, or forward-looking statements are illustrative only.

The Company may modify, deprecate, or discontinue features; introduce updates; and adjust technical or usage limits. Material adverse changes (including material pricing changes) will be notified in advance (typically 30 days) unless earlier action is reasonably required for security, legal, or operational reasons. Policies incorporated by reference may be updated from time to time; material updates will be communicated in the same manner. Continued access or use after the effective date of a notified change constitutes acceptance of the change. The Company is not responsible for changes made by third parties (for example, platform or provider updates) that affect integrations.

This Section concerns measures applied to Customer’s account and credentials. The Company may suspend or restrict Customer’s access to the Service (in whole or in part), including specific features, operations, or credentials, if: (a) necessary to address a security, availability, or legal risk; (b) there is suspected or actual violation of these Terms or the Policies; (c) payment is overdue under Section 6.1; (d) required by law, legal process, or a governmental request; or (e) Customer’s use imposes undue burden or interferes with the Service. Where practicable, the Company will provide notice and an opportunity to cure before suspension; otherwise, notice will follow promptly.

Upon termination or expiration, Customer’s right to access the Service ceases, and the Company may disable the account. No refunds are due except as provided in Section 6.4. The Company has no obligation to provide data export or continued storage except where required by law.

Unless deletion is required sooner by law or requested by Customer, the Company may retain Customer Content for a limited post-termination period and then delete it in the ordinary course of operations (for clarity, inactive Entitlements are handled under Section 6.3, including the 30-day Retention Window). Customer remains responsible for any amounts accrued and unpaid. Sections that by their nature should survive (including ownership, license restrictions, fees and payment, disclaimers, security and responsible disclosure, content/intellectual property provisions, data protection, limitation of liability, dispute resolution, and miscellaneous) survive termination.

These Terms are governed by the laws of the Russian Federation, without regard to conflict-of-laws rules. The language of these Terms and any proceeding is English. The U.N. Convention on Contracts for the International Sale of Goods does not apply.

Before starting any proceeding, the parties will negotiate in good faith and then engage in non-binding mediation. If a dispute is not resolved within 30 days after a written request for mediation, either party may commence arbitration under Section 12.3.

Any dispute arising out of or relating to these Terms or the Service will be finally resolved by arbitration administered by the Russian Arbitration Center (RAC) under its Rules.

• Seat (place) of arbitration. Moscow, Russia.
• Tribunal. One arbitrator.
• Confidentiality. The existence of and materials in the arbitration are confidential to the extent permitted by law.

The arbitral award is final and binding and may be entered in any court of competent jurisdiction.

Notwithstanding Section 12.3, either party may seek temporary or injunctive relief in courts of competent jurisdiction to protect its rights or lawful interests. If Section 12.3 is ever held unenforceable as to a claim, such claim will be subject to the exclusive jurisdiction of the courts located in the Russian Federation (Moscow), and the parties consent to personal jurisdiction there.

Disputes must be brought on an individual basis only; class, collective, consolidated, or representative actions are not permitted.

The Company may provide notices by email to the address associated with the account, by in-product messaging or banners in the dashboard, or by posting on the Site. Customer consents to receive electronic communications and agrees that such communications satisfy any legal requirements for written notice.

Email notices are deemed given when sent; notices posted in the dashboard or on the Site are deemed given when posted. Customer is responsible for maintaining accurate contact details in the account.

Legal notices and general contract notices: seo@blazeauth.net.

Security reports and vulnerability disclosures: security@blazeauth.net.

Intellectual property claims: as set out in Section 5.3.

Service of process and other procedural documents must be effected as required by applicable law and Section 12. Electronic copies may be sent to the addresses above for convenience.

Neither party is liable for delay or failure to perform due to events beyond its reasonable control (including natural disasters, acts of government, war, terrorism, civil unrest, labor issues, utility or telecommunication failures, and internet or platform outages). Obligations resume once the event ends.

These Terms, the Policies, and any Orders constitute the entire agreement between the parties regarding the Service and supersede prior or contemporaneous agreements or communications on that subject.

There are no third-party beneficiaries of these Terms; End Users and other third parties have no rights under them.

The parties are independent contractors. These Terms do not create a partnership, joint venture, fiduciary, or employment relationship.

A failure or delay to enforce a provision is not a waiver. A waiver must be in writing and signed, and applies only to the specific instance.

If any provision is held unlawful or unenforceable, it will be enforced to the maximum extent permitted, and the remainder will remain in full force.

Click-through acceptances, electronic signatures, and electronic records related to these Terms are valid and enforceable to the fullest extent permitted by law.

Each party will comply with applicable laws in connection with these Terms and the Service. The Company may limit or suspend access as reasonably necessary to comply with law or a lawful order. Nothing in these Terms requires the Company to provide the Service where doing so would be unlawful.

Headings are for convenience only. “Including” means including without limitation. References to “law” include applicable statutes, regulations, and binding orders.