Terms of Service

Effective: February 25, 2026

1. Acceptance of Terms

By accessing or using the Carlquist platform ("Service"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms. If you do not agree, do not use the Service.

2. Service Description

Carlquist provides enterprise middleware that connects legacy data sources to modern applications through secure adapters, canonical schema mappings, and managed API endpoints. The Service includes the Carlquist CLI, SDK, dashboard, and associated infrastructure.

3. Accounts and Access

• You are responsible for maintaining the confidentiality of your account credentials and API keys.
• You must notify us promptly at security@carlquist.app if you suspect unauthorized access.
• You may not share credentials across organizations or use the Service for purposes that violate applicable law.

4. Acceptable Use

You agree not to:

• Use the Service to process, store, or transmit data in violation of applicable data protection laws.
• Attempt to circumvent access controls, rate limits, or security measures.
• Reverse-engineer, decompile, or disassemble any part of the Service.
• Use the Service to transmit malware, spam, or conduct denial-of-service attacks.
• Resell or sublicense access to the Service without written authorization.

5. Data Handling

• Your Data: You retain all rights to data processed through the Service. Carlquist does not claim ownership of customer data.
• Processing: Adapter payloads are transformed in memory and delivered to your configured endpoints. We do not persistently store your business data unless required for dead-letter queue retries (retained for 7 days, then purged).
• Confidentiality: We treat all customer data and configuration as confidential. Access is limited to authorized personnel on a need-to-know basis.
• Privacy: Our handling of personal data is governed by our Privacy Policy.

6. Security Commitments

We commit to maintaining reasonable and appropriate security measures, including:

• Encryption of all data in transit (TLS 1.3) and at rest (AES-256).
• Role-based access controls and scoped API keys.
• Audit logging of all API calls, configuration changes, and administrative actions.
• Prompt notification if we become aware of a breach affecting your data.

For full details, see our Security page and Trust Center.

7. Service Levels

Carlquist targets 99.95% uptime for the managed platform. Specific service level agreements (SLAs), including uptime commitments, measurement methodology, and service credits, are available under Enterprise agreements. Contact us to discuss your requirements.

8. Support

Support is provided via email at support@carlquist.app. Response targets vary by plan and severity level. Enterprise customers receive dedicated support channels and priority response as defined in their agreement.

9. Intellectual Property

• Carlquist retains all rights to the Service, including software, documentation, and trademarks.
• We grant you a limited, non-exclusive, non-transferable license to use the Service during the term of your subscription.
• You retain all rights to your data, schemas, and configurations created using the Service.

10. Limitation of Liability

To the maximum extent permitted by applicable law, Carlquist's aggregate liability for all claims arising from or related to the Service shall not exceed the fees paid by you in the twelve (12) months preceding the claim. Carlquist shall not be liable for indirect, incidental, consequential, or punitive damages, including lost profits or data loss.

11. Termination

• Either party may terminate with 30 days' written notice.
• We may suspend access immediately if we reasonably believe you have violated these Terms.
• Data Return: Upon termination, you may export your configuration and mappings for 30 days. After this period, we will delete your data in accordance with our retention policy.

12. Data Processing Addendum

A Data Processing Addendum (DPA) is available for customers who require one for compliance with GDPR, CCPA, or other data protection regulations. Contact legal@carlquist.app to request a DPA.

13. Changes to Terms

We may update these Terms from time to time. Material changes will be communicated via email or in-product notification at least 30 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance.

14. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes will be resolved in the state or federal courts located in Delaware.

15. Contact

For questions about these Terms, contact us at legal@carlquist.app.