Terms and Policies

2.1 License Grant

Subject to your compliance with these Terms, Conway grants you a non-exclusive, non-transferable, non-sublicensable right to access and use the Platform during your subscription period for your internal business purposes. Each Authorized User must have a unique account. Account credentials may not be shared.

2.2 Use Restrictions

You shall not, and shall not permit any Authorized User to:

• Copy, modify, or create derivative works of any Conway intellectual property;
• Rent, lease, lend, sell, license, sublicense, assign, distribute, or transfer the Platform to any third party;
• Reverse engineer, disassemble, decompile, or attempt to derive source code from the Platform;
• Use the Platform for competitive analysis or to develop a competing product;
• Bypass or breach any security device or access the Platform other than through valid credentials;
• Upload unlawful content, malware, or content that infringes third-party rights;
• Use the Platform for life-critical applications, emergency services, or autonomous vehicles;
• Use Output to develop AI models that compete with Conway's products or services.

3.1 Conway Intellectual Property

Conway owns all right, title, and interest in and to the Platform, Documentation, and all related intellectual property. Nothing in these Terms grants you any ownership rights in Conway's intellectual property.

3.2 Customer Data and Output

You retain all ownership rights in your Customer Data. To the extent permitted by applicable law, you own all Output generated for you. Output may not be unique; other users may receive similar content.

1.1 What We Collect

Customer Data includes any information, data, or content you or your Authorized Users submit through the Platform. You control what Customer Data you provide.

1.2 How We Use Customer Data

Conway uses Customer Data solely to:

• Provide you with the Platform and generate Output;
• Comply with applicable law; and
• Enforce Conway's policies.

Conway does not sell Customer Data. Conway does not share Customer Data for cross-context behavioral advertising. Conway does not use Customer Data outside the direct business relationship with you.

1.3 Ownership

You retain all ownership rights in your Customer Data. You grant Conway a license to use Customer Data solely to provide the Platform to you.

2.1 What We Collect

Usage Data includes:

• Diagnostic, performance, and usage information related to the Platform;
• Activity logs and metadata;
• Data used to identify source and destination of communications;
• Support inquiries and account administrator contact details.

2.2 How We Use Usage Data

Conway uses Usage Data to:

• Monitor, maintain, and optimize the Platform;
• Investigate and prevent system abuse;
• Conduct internal research and development;
• Create anonymized datasets for training or evaluation of services.

2.3 Ownership

Conway owns all Usage Data.

3.1 How AI Works

The Platform includes features powered by artificial intelligence. You provide Customer Data and receive Output based on that data.

3.2 Output Ownership

To the extent permitted by law, you own Output generated for you. However, Output may not be unique. Other users may receive similar content from the Platform, and such similar content is not considered your Output.

3.3 Output Limitations

You acknowledge that Output:

• May contain errors or misleading information;
• May perpetuate biases present in training data;
• May struggle with tasks requiring complex reasoning or judgment; and
• Is provided "AS IS" without warranties of any kind.

You are solely responsible for evaluating Output for accuracy and appropriateness, including by utilizing human review where appropriate.

1.1 Security Leadership

Conway has designated a Chief Information Security Officer (CISO) responsible for establishing and maintaining our security strategy, policies, and program. Security considerations are integrated at the highest level of decision-making.

1.2 Security Governance

Our Board of Directors and Risk and Governance Executive Committee provide oversight of security and compliance. An Information Technology Leadership Committee meets monthly to review security issues and take corrective action as necessary.

1.3 Policies and Procedures

Conway maintains comprehensive security policies covering access control, data classification, incident response, change management, network security, vendor management, and business continuity. Policies are reviewed and updated at least annually.

2.1 Background Checks

All employees and contractors complete background checks prior to joining. Results are reviewed in accordance with local laws.

2.2 Confidentiality Agreements

All personnel sign confidentiality agreements before accessing sensitive information.

2.3 Security Training

Employees complete security awareness training upon hire and at least annually. Training covers secure coding practices, data handling, incident reporting, and emerging threats.

3.1 Least Privilege

Conway adheres to the principle of least privilege. Users are granted access only to the systems and data necessary for their job functions. Administrative access to production systems is restricted to authorized personnel.

3.2 Authentication

Multi-factor authentication (MFA) is enforced for administrative access to production systems, email, version control, and cloud infrastructure. Passwords must be at least eight characters and complex.

3.3 Access Reviews

Access privileges for high-risk and critical systems are reviewed at least quarterly. Access is revoked within one business day upon termination.

4.1 Encryption

Customer Data is encrypted in transit using TLS 1.2 or higher over public networks. Data at rest is encrypted using industry-standard encryption technologies. Encryption keys are managed through our cloud provider's key management service.

4.2 Data Classification

Conway classifies data into four tiers (Public, Internal, Confidential, Restricted) with corresponding handling requirements. Customer Data is classified as Confidential or Restricted and handled accordingly.

4.3 Data Loss Prevention

Conway uses data loss prevention (DLP) software to prevent sensitive information from being transmitted inappropriately.

5.1 Cloud Hosting

Production systems are hosted in cloud environments with physical security controls managed by our cloud provider. We review our cloud provider's SOC 2 report annually.

5.2 Network Security

Networks are protected by firewalls and intrusion detection systems. Traffic is explicitly blocked except for business-required protocols. Development, production, and corporate environments are logically separated.

5.3 Endpoint Security

Anti-virus and malware protection software is installed on all production servers and configured to scan continuously. Endpoint devices are managed through mobile device management (MDM) software with enforced security policies.

Security Incident Notification

Conway will notify you without undue delay after becoming aware of a security incident affecting your Customer Data. Notifications will include the nature of the incident, measures taken to mitigate and contain the incident, and the status of the investigation.

Compliance Certifications

Conway maintains compliance certifications and undergoes independent audits. Customers may request copies of relevant compliance certifications and audit reports.

Customer Audits

Customers may audit Conway's compliance with security commitments annually upon reasonable written notice, during normal business hours, and in a manner that does not materially disrupt operations. Where a recent certification or SOC 2 report addresses the audit scope, Conway may provide this documentation in lieu of a physical audit.