These Terms of Service ("Terms") govern access to and use of the Stellarbridge services (the "Service") operated by epyklab, LLC, doing business as Stellarbridge ("Stellarbridge," "we," "us," or "our").

By accessing or using the Service, you agree to be bound by these Terms.

---

1. Who the Customer Is

• For personal use, the individual creating the account is the Customer.
• For business or organizational use, the organization is the Customer, and individuals using the Service do so on behalf of and under the authority of the organization.
• Pro+ and Enterprise plans are available only to organizations.
• Individuals purchasing or using the Service on behalf of an organization represent and warrant that they are authorized to bind the organization to these Terms.

2. Description of the Service

Stellarbridge provides secure file transfer and storage services that allow Customers to send, receive, store, and manage files subject to plan-specific limits, retention periods, and available features.

The Service includes audit logging and chain-of-custody reporting designed to support security, compliance, and accountability requirements.

3. Customer Responsibilities and Shared Responsibility Model

The Customer is responsible for:

• Maintaining the confidentiality and security of account credentials
• Managing user access, permissions, and authentication controls
• Ensuring all use of the Service complies with applicable law and these Terms
• Ensuring that users acting on the Customer's behalf are properly authorized and trained
• Determining whether use of the Service is appropriate for the type and sensitivity of data transmitted

The Customer is solely responsible for all activity conducted under its account, including any acts or omissions of its users.

Shared Responsibility for Security

The Customer acknowledges and agrees that the security of the Service operates under a shared responsibility model, as documented at: https://docs.stellarbridge.app/docs/compliance/compliance-with-stellarbridge/

Under this model:

• Stellarbridge is responsible for security measures within the Service infrastructure and platform; and
• The Customer is responsible for security measures within its control, including but not limited to account configuration, credential management, access controls, endpoint security, and adherence to Stellarbridge's documented security requirements.

Assumption of Risk

The Customer assumes all risks arising from its failure to implement, maintain, or follow reasonable security practices or Stellarbridge-provided security guidance. Stellarbridge shall have no responsibility for any unauthorized access, data loss, or security incident resulting from the Customer's acts, omissions, misconfigurations, or failure to adhere to the shared responsibility model.

4. Acceptable Use and Prohibited Data

The Service may be used only for lawful purposes.

Explicitly Prohibited

The Customer may not use the Service to transmit, store, or process:

• Classified information
• Controlled Unclassified Information (CUI)
• Federal Contract Information (FCI)
• International Traffic in Arms Regulations (ITAR)
• Any content whose transmission, storage, or processing would violate applicable law or regulation

Permitted With Conditions

• Protected Health Information (PHI) may be transmitted only where legally permitted, and only where the Customer has determined that use of the Service complies with its legal and regulatory obligations. Stellarbridge does not access or inspect file contents.

Stellarbridge reserves the right to suspend or restrict access to the Service to protect security, comply with law, or prevent abuse.

5. Data Ownership

The Customer retains all ownership rights in and to files and data uploaded to the Service.

Stellarbridge does not claim ownership of Customer data.

6. Access to File Contents

Stellarbridge does not access or inspect file contents, except where required by law (for example, pursuant to a valid court order).

7. Use of Non-Content Data

Stellarbridge may collect and use non-content data (including metadata, audit logs, and usage information) in aggregated or de-identified form to:

• Operate and maintain the Service
• Maintain security and integrity
• Improve reliability and performance
• Meet legal, regulatory, and compliance obligations

Stellarbridge does not use Customer data for advertising, resale, or third-party marketing purposes.

8. Third-Party Service Providers

Stellarbridge uses third-party service providers ("Subprocessors") to operate the Service, including for infrastructure, storage, email delivery, and monitoring.

Subprocessors act only on Stellarbridge's behalf and are subject to confidentiality and security obligations consistent with these Terms.

9. Security

Stellarbridge maintains administrative, technical, and organizational safeguards designed to protect the Service and Customer data in accordance with recognized industry standards.

The Customer acknowledges that no system can guarantee absolute security and that the effectiveness of security controls depends in part on the Customer's compliance with its responsibilities under these Terms and the shared responsibility model.

Stellarbridge shall not be responsible for security incidents caused by Customer-controlled factors, including but not limited to credential compromise, misconfiguration, failure to enable available security controls, or unauthorized access resulting from Customer actions or omissions.

10. Data Retention and Deletion

• File retention periods are fixed by plan, unless the Customer deletes files earlier.
• Upon account termination, Customer files are deleted immediately, except as required by law or as otherwise noted below.
• Audit logs are retained for three (3) years for security, compliance, and chain-of-custody purposes.

11. Customer Rights

Customers may:

• Access and download their own data directly through the Service
• Request data deletion, subject to compliance-related retention requirements

12. Service Availability

Stellarbridge does not provide uptime, availability, or performance guarantees under these Terms.

Any Service Level Agreements (SLAs) are provided only to Enterprise customers under a separate written agreement.

13. Suspension and Termination

Stellarbridge may suspend or restrict access to the Service at any time to:

• Protect the security or integrity of the Service
• Prevent abuse or misuse
• Comply with legal or regulatory obligations
• Address compliance or risk concerns

Customers may terminate their account at any time.

14. Limitation of Liability

To the maximum extent permitted by applicable law, Stellarbridge shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of data, profits, revenue, or goodwill, even if advised of the possibility of such damages.

Stellarbridge's total aggregate liability under these Terms shall not exceed the amount paid by the Customer to Stellarbridge in the twelve (12) months preceding the event giving rise to the claim.

Security-Related Limitation of Liability

Without limiting the foregoing, Stellarbridge shall have no liability for any claims, damages, losses, or expenses arising from or related to the Customer's failure to comply with its security obligations, the shared responsibility model, or Stellarbridge's documented security requirements, except to the extent caused by Stellarbridge's gross negligence or willful misconduct.

15. Changes to These Terms

• Non-material changes will be posted on the Stellarbridge website.
• Material changes will be communicated by email and posted on the website.
• Continued use of the Service after the effective date constitutes acceptance of the updated Terms.

16. Governing Law

These Terms are governed by the laws of the State of Utah, without regard to conflict-of-law principles.

17. Contact Information

For questions regarding these Terms, contact:

epyklab, LLC (DBA Stellarbridge)
Email: support@stellarbridge.com