Calibrant
Legal

Terms of Service

Effective date: March 24, 2026

1. Acceptance of Terms

By accessing or using Calibrant (the “Service”), operated by Trees and Rain, LLC (“Company,” “we,” “us,” or “our”), you agree to be bound by these Terms of Service (“Terms”). If you are entering into these Terms on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms. If you do not agree to these Terms, you may not access or use the Service.

2. Description of Service

Calibrant is a business-to-business software-as-a-service platform available at calibrant.ai. The Service provides tools for measuring, securing, and optimizing Microsoft 365 environments, including:

  • Tenant Healthcheck — Automated analysis of Microsoft 365 tenant configuration across categories including Entra ID, Exchange, Teams, SharePoint, OneDrive, Power Platform, and Intune.
  • Security Checkup — Compliance scanning against industry security frameworks including CIS Microsoft 365 Foundations Benchmark, CISA SCuBA M365 Security Baselines, and CIS Dynamics 365 & Power Platform Benchmark. Includes automated checks, manual attestation, and remediation guidance.
  • Agent Optimizer — AI-powered evaluation and autonomous optimization of Microsoft 365 Copilot Studio agents, including instruction tuning, persona-based testing, and performance measurement.
  • Relay Infrastructure — An optional on-premises component deployed in Customer's Azure environment that executes PowerShell-based scans against Microsoft 365 services using a managed identity with administrative permissions.

The specific features available to you depend on your subscription tier.

3. Account Registration

To use the Service, you must create an account by authenticating through a supported identity provider. You agree to provide accurate, complete, and current information and to keep your account credentials secure. You are responsible for all activity that occurs under your account. You must notify us immediately of any unauthorized use of your account or any other breach of security. We reserve the right to suspend or terminate accounts that violate these Terms.

4. Subscription & Billing

Calibrant offers multiple subscription tiers. Paid subscriptions are billed on a recurring monthly or annual basis through Stripe, our payment processor. By subscribing to a paid plan, you authorize us to charge your designated payment method on a recurring basis until you cancel.

  • Credits. Usage of certain Service features is metered through a credits system. Credits are consumed when you run scans, evaluations, optimizations, and other operations. Credit allocations vary by subscription tier and do not roll over between billing periods unless otherwise stated.
  • Auto-Renewal. Paid subscriptions automatically renew at the end of each billing period unless you cancel before the renewal date. You may cancel your subscription at any time through the Service or by contacting us. Cancellation takes effect at the end of the current billing period.
  • Refunds. All fees are non-refundable except as required by applicable law. Downgrading your subscription does not entitle you to a refund for the current billing period.
  • Price Changes. We may change subscription pricing with at least 30 days' notice. Continued use of the Service after a price change takes effect constitutes acceptance of the new pricing.

5. Bring Your Own Key (BYOK)

Certain subscription tiers allow you to provide your own Anthropic API key (“BYOK Mode”). When using BYOK Mode:

  • You are solely responsible for all costs, usage, and rate limits associated with your Anthropic API key.
  • Your API key is stored in an encrypted vault within our infrastructure. While we use industry-standard encryption practices, you acknowledge and accept the inherent risks of providing third-party credentials to any service.
  • We do not monitor, control, or assume liability for charges incurred on your Anthropic account as a result of using the Service.
  • You may revoke or rotate your API key at any time. Removing your key will disable features that depend on it.

6. Privileged Access & Relay Infrastructure

The Service requires administrative-level access to Customer's Microsoft 365 tenant and may involve deploying infrastructure (the “Relay”) in Customer's Azure environment. Customer acknowledges and agrees that:

  • The person granting admin consent represents and warrants that they have the organizational authority to do so.
  • Customer is responsible for understanding the specific permissions requested during the admin consent process, which are documented in our setup documentation.
  • Customer may revoke admin consent and disconnect the Service at any time through the Microsoft Entra admin center.
  • The Relay operates with a managed identity that holds read-level administrative permissions across Microsoft 365 services. Customer is responsible for ensuring that granting such access complies with Customer's own security policies and regulatory requirements.
  • Calibrant will use such access solely for the purposes described in the Service documentation and will implement commercially reasonable security measures to protect such access.
  • Customer is responsible for maintaining appropriate backups of tenant configurations prior to making any changes based on Service recommendations.

7. Acceptable Use

You agree not to use the Service to:

  • Violate any applicable law, regulation, or third-party right.
  • Interfere with, disrupt, or attempt to gain unauthorized access to the Service, its servers, or connected networks.
  • Reverse engineer, decompile, or disassemble any part of the Service.
  • Use the Service to build a competing product or service, or to benchmark the Service for publication without our prior written consent.
  • Transmit malware, viruses, or other harmful code through the Service.
  • Share account credentials or allow unauthorized third parties to access the Service through your account.
  • Circumvent any usage limits, credit allocations, or access controls imposed by the Service.
  • Present scan results, compliance scores, or assessment outputs as formal compliance certifications, professional security audits, or official attestations to third parties.

We reserve the right to suspend or terminate your access if we reasonably believe you are violating these acceptable use requirements.

8. Intellectual Property

Our IP. The Service, including its software, design, documentation, algorithms, and branding, is owned by Trees and Rain, LLC and protected by intellectual property laws. These Terms do not grant you any ownership interest in the Service. We grant you a limited, non-exclusive, non-transferable, revocable license to use the Service in accordance with these Terms.

Your Data. You retain all rights to data you upload or create through the Service (“Customer Data”), including agent configurations, evaluation suites, attestation responses, and optimization results. You grant us a limited license to use Customer Data solely to provide and improve the Service. We will not sell, share, or use Customer Data for purposes unrelated to operating the Service without your consent.

Third-Party Frameworks. CIS Benchmarks, CISA SCuBA, and other security frameworks referenced by the Service are the intellectual property of their respective owners. Calibrant's implementation of checks against these frameworks does not imply endorsement by or affiliation with the framework owners.

9. Data & Privacy

Our collection and use of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the Service, you acknowledge that you have read and understand our Privacy Policy. The Service accesses Microsoft 365 tenant configuration data (not email content, files, or user communications) and stores OAuth tokens and, when you opt into BYOK Mode, Anthropic API keys using encrypted vault storage. We use cookie-less analytics (PostHog) to understand Service usage patterns without tracking individual users across the web.

The Service is designed for and primarily directed at organizations based in the United States. All data is processed and stored in the United States (AWS us-west-2). We do not currently offer a Data Processing Agreement (DPA) or guarantee compliance with the EU General Data Protection Regulation (GDPR) or similar international data protection frameworks. If your organization is subject to such regulations, you are responsible for determining whether your use of the Service is appropriate.

10. Third-Party Services

The Service integrates with and relies upon third-party services, including but not limited to:

  • Microsoft 365 and Azure for tenant connectivity, security scanning, and Copilot Studio agent integration.
  • Anthropic Claude API for AI-powered evaluation, analysis, and optimization of agent instructions.
  • Stripe for payment processing and subscription management.

Your use of these third-party services is subject to their respective terms and conditions. We are not responsible for the availability, accuracy, or performance of any third-party service. Changes to third-party APIs, pricing, or terms may affect Service functionality and are outside our control.

11. Security & Compliance Disclaimers

INFORMATIONAL PURPOSE ONLY. The security assessments, compliance checks, healthcheck results, scores, and recommendations provided by the Service are for informational purposes only and do not constitute professional security advice, legal advice, or a guarantee of compliance with any regulatory framework, industry standard, or benchmark, including but not limited to CIS Benchmarks, CISA SCuBA, or any other framework.

NO GUARANTEE OF SECURITY. The Service evaluates configurations against published benchmarks and best practices but does not guarantee the security of Customer's environment. A passing score does not mean Customer's environment is secure. A failing score does not necessarily indicate that a vulnerability is being actively exploited. Automated checks may produce false positives or false negatives due to API limitations, configuration complexity, or changes to third-party platforms.

NOT A SUBSTITUTE FOR PROFESSIONAL AUDIT. The Service's automated checks are not a substitute for a professional security audit, penetration test, or formal compliance assessment by a qualified auditor. Customer should not rely solely on the Service for compliance obligations.

CUSTOMER RESPONSIBILITY. Customer is solely responsible for evaluating the applicability and accuracy of any recommendations, deciding whether to implement changes to their environment, and consulting qualified security professionals before making configuration changes based on the Service's output.

12. AI-Powered Features

Certain features of the Service use artificial intelligence to evaluate, suggest, or implement changes to Customer's configurations (“AI Features”), including but not limited to the Agent Optimizer and AI-generated analysis summaries. Customer acknowledges that:

  • AI Features may produce unexpected, inaccurate, or suboptimal results.
  • Customer is solely responsible for reviewing, approving, and monitoring any changes made or suggested by AI Features.
  • Calibrant is not liable for any damages arising from actions taken by AI Features, including but not limited to changes to agent configurations, instructions, or behaviors.
  • Customer must maintain backups of all configurations before enabling AI Features.
  • AI Features are provided on an “as-is” basis without any warranty of accuracy, completeness, or fitness for any particular purpose.

HUMAN OVERSIGHT REQUIRED. Customer agrees to maintain appropriate human oversight of all AI-powered features and to promptly disable any AI Feature that produces undesired results. The Service is designed as a tool to assist qualified personnel, not to replace human judgment.

13. Service Availability & General Disclaimers

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

We do not guarantee that the Service will be uninterrupted, error-free, or secure. We may perform scheduled or unscheduled maintenance that temporarily affects availability. We are not liable for any downtime, data loss, or service degradation resulting from maintenance, third-party outages, or events beyond our reasonable control.

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL TREES AND RAIN, LLC, ITS OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICE, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY, AND REGARDLESS OF WHETHER WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

WITHOUT LIMITING THE FOREGOING, CALIBRANT SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM: (A) CUSTOMER'S DECISION TO IMPLEMENT OR NOT IMPLEMENT ANY RECOMMENDATION OR REMEDIATION SUGGESTED BY THE SERVICE; (B) CHANGES MADE TO CUSTOMER'S ENVIRONMENT BASED ON THE SERVICE'S OUTPUT; (C) SECURITY INCIDENTS OCCURRING DESPITE A PASSING COMPLIANCE SCORE; OR (D) ACTIONS TAKEN BY AI-POWERED FEATURES.

OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100). THIS LIMITATION APPLIES REGARDLESS OF WHETHER WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

15. Indemnification

You agree to indemnify, defend, and hold harmless Trees and Rain, LLC and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or in connection with: (a) your use of the Service; (b) your violation of these Terms; (c) your violation of any third-party right, including intellectual property rights; (d) your Customer Data; (e) your decision to implement or not implement any recommendation, remediation, or configuration change suggested by the Service; (f) your failure to maintain appropriate human oversight of AI-powered features; or (g) claims by third parties arising from changes made to your environment based on the Service's output.

16. Termination

You may terminate your account at any time by contacting us or using the account settings within the Service. We may suspend or terminate your access to the Service at any time, with or without cause, and with or without notice.

Upon termination: (a) your right to use the Service ceases immediately; (b) we may delete your Customer Data after a reasonable retention period of 30 days; (c) any outstanding fees remain due and payable; (d) Customer should revoke admin consent in Microsoft Entra and remove any deployed Relay infrastructure; and (e) provisions of these Terms that by their nature should survive termination will survive, including Sections 8, 9, 11, 12, 13, 14, 15, and 18.

17. Modifications to Terms

We reserve the right to modify these Terms at any time. If we make material changes, we will notify you by updating the effective date at the top of this page and, where practicable, by sending notice to the email address associated with your account. Material changes will require re-acceptance of the updated Terms before continued use of the Service. If you do not agree to the revised Terms, you must stop using the Service and terminate your account.

18. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Washington, United States, without regard to its conflict of law provisions. Any disputes arising under or in connection with these Terms shall be subject to the exclusive jurisdiction of the state and federal courts located in the State of Washington. Each party consents to the personal jurisdiction of such courts.

19. Contact Information

If you have any questions about these Terms, please contact us at:

Trees and Rain, LLC
Email: legal@calibrant.ai
Website: calibrant.ai