CMX EULA

ComplianceMetrix Inc. End User Subscription TERMS

Last Updated: May 29, 2026

These End User Subscription Terms (the “Agreement”) is entered into by and between ComplianceMetrix, Inc., a Delaware corporation, with offices at 4660 La Jolla Village Drive, Suite 100, La Jolla, California 92122 (“Company” or “ComplianceMetrix”) and the individual or entity placing an order for or accessing the Services (“Customer” or “you”). This Agreement consists of the terms and conditions set forth below, any exhibits or addenda identified below, and any ordering documents, online registration, or order confirmations referencing this Agreement. No waiver, alteration, or modification of any of the provisions hereof shall be binding on CMX (or the Reseller, if applicable) unless made in writing and signed by an authorized representative of CMX (or the Reseller, if applicable). CMX’s (or, if applicable, its Reseller’s) provision of the Services, and Customer’s access to the Services is conditional upon Customer’s acceptance of this Agreement. If you are an employee or agent of an employer and are entering into this Agreement to obtain the Services for use by you and/or the employer for which you work, you hereby represent that you have the authority to bind the employer to the terms and conditions of this Agreement.

PLEASE NOTE THAT THIS AGREEMENT IS SUBJECT TO CHANGE BY COMPANY IN ITS SOLE DISCRETION AT ANY TIME. When changes are made, Company will make a new copy of the Agreement available through the Services and will update the “Last Updated” date at the top of the Agreement. Unless otherwise communicated to you, any updated Agreement shall become effective immediately upon posting. Company may require you to provide consent to the updated Agreement in a specified manner before further use of the Services is permitted. If you do not agree to any change(s) to this Agreement, you shall stop using the Services. Otherwise, your continued use of the Services constitutes your acceptance of such change(s). PLEASE REGULARLY CHECK THE SERVICES TO VIEW THE THEN-CURRENT AGREEMENT.

1. 1. Definitions. Capitalized terms shall have the meanings set forth in this section, or in the section where they are first used.
1. 1.1 “Affiliate” means, with respect to party, any person or entity that, at any time during the term of this Agreement, directly or indirectly controls, is controlled by, or is under common control with such party. For purposes of this Section 1.1, “control” means ownership of fifty percent (50%) or more of the voting power of the outstanding voting securities (but only as long as such person or entity meets these requirements).
2. 1.2 “Aggregated Data” means aggregated, anonymized, or de-identified data, metrics, telemetry, statistics, analyses, or other information derived from the use, performance, security, support, or operation of the Services, AI Services, or AI-Assisted Features, in each case in a form that does not identify Customer, any user, any site or facility, any household, or any natural person. Aggregated Data may be used to train, fine-tune, develop, evaluate, or otherwise improve CMX models and AI Services, provided it remains Aggregated Data and complies with applicable law.
3. 1.3 “AI & Data Protection Statement” means CMX’s then-current CMX1 AI & Data Protection Statement, as incorporated by reference into the Master Terms, located at https://www.cmx1.com/ai-data-protection-statement.
4. 1.4 “AI-Assisted Features” means features of the Services that use artificial intelligence, machine learning, automated processing, or similar technology to generate, summarize, classify, extract, translate, transcribe, retrieve, recommend, analyze, or otherwise process Customer Content. AI-Assisted Features are part of the AI Services.
5. 1.5 “AI Services” means any artificial intelligence, generative artificial intelligence, machine learning, or similar components, features, or functionality made available by CMX as part of or in connection with the Services, including AI-Assisted Features.
6. 1.6 “CMX” means Company and all its Affiliates, including without limitation, ComplianceMetrix, Inc.
7. 1.7 “Content” means, without limitation, any and all information, data, results, ideas, plans, sketches, texts, files, links, images, photos, video, sound, inventions (whether or not patentable), notes, works of authorship, articles, feedback, or other materials.
8. 1.8 “Customer Content” means any Content, data, text, files, images, audio, video, prompts, queries, inputs, outputs to the extent owned by Customer under the Master Terms, or other materials provided, imported, uploaded to, generated within, or otherwise used by or on behalf of Customer with the Services, AI Services, or AI-Assisted Features. Customer Content excludes Aggregated Data, Usage Data, the Services, AI Services, AI-Assisted Features, Software, Documentation, CMX prompts, CMX output formats, report templates, orchestration methods, methodologies, models, tools, templates, technology, and other CMX materials or intellectual property.
9. 1.9 “Data Processing Addendum” or “DPA” means CMX’s then-current Data Processing Addendum, if applicable to Customer’s use of the Services under the Master Terms, located at https://www.cmx1.com/data-processing-addendum.
10. 1.10 “De-Identified Data” means data that has been processed so that it cannot reasonably be used, alone or in combination with other reasonably available information, to identify Customer, any user, any site or facility, any household, or any natural person
11. 1.11 “Documentation” means the specifications and functional requirements published by CMX (or the Reseller, if applicable) for the Services and provided to Customer in either electronic, online help files or hard copy format. Marketing materials shall not be considered Documentation hereunder.
12. 1.12 “Enterprise Cloud AI Service” means an enterprise-grade hosted AI service offered by a cloud service provider under contractual terms that prohibit use of customer prompts, completions, or fine-tuning data to train the provider’s or any third party’s models.
13. 1.13 “Foundation Model” means a large, general-purpose machine-learning model trained on broad data at scale and intended to be adapted to many downstream tasks, including large language models and large multimodal models.
14. 1.14 “Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or service mark rights (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.
15. 1.15 “Master Terms” means any master software and services terms, subscription agreement, order form, statement of work, data processing addendum, AI & Data Protection Statement, reseller agreement, or other written agreement governing Customer’s or Customer’s organization’s access to or use of the Services.
16. 1.16 “Model Developer” means an organization that researches, trains, or publishes a Foundation Model.
17. 1.17 “Reseller” means, if applicable, the CMX authorized Reseller from whom Customer has purchased a subscription to the CMX Services (or rebranded CMX Services if applicable).
18. 1.18 “Sensitive Data” means any of the following: (i) patient, medical, health insurance, or other protected health information regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) or similar state, federal, or industry laws; (ii) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards (“PCI DSS”) ; (iii) social security numbers, driver’s license numbers, or other government ID numbers; (iv) any information deemed to be special categories of data as set forth in Article 9 of the EU General Data Protection Regulation or similar laws; or (v) other personal or sensitive information subject to regulation or protection under the Gramm-Leach-Bliley Act, the Children’s Online Privacy Protection Act or similar foreign or domestic laws.
19. 1.19 “Services” means the online services delivered by CMX to Customer using the Software hosted by CMX and made available through the access methods described in this Agreement or the applicable Master Terms, including any AI Services and AI-Assisted Features to the extent enabled or made available to Customer.
20. 1.20 “Software” means CMX’s proprietary computer software programs, including any updates and new releases thereto, made available to you through the Services, including any software, models, orchestration logic, interfaces, modules, tools, and related technology used to provide the AI Services or AI-Assisted Features.
21. 1.21 “Third Party Content” means any Content that is either (a) provided by third parties (including other customers of the Services) to the Services; or (b) made available on third party websites and linked to on the Services.
2. 2. Intellectual Property.
1. 2.1 Access. Subject to the terms and conditions of this Agreement, including without limitation, the continuous and timely payment of the fees owed by Customer to CMX (or the Reseller, if applicable) hereunder, CMX grants to Customer a limited, non-exclusive, non-sublicenseable, non-transferable right during the Term, solely for Customer’s internal business purposes, to use the Services in accordance with the Documentation, this Agreement, the applicable Master Terms, the AI & Data Protection Statement, and all applicable laws. Customer shall not: (i) permit any party to access and/or use the Services other than authorized users permitted under the applicable Master Terms; (ii) rent, lease, loan, or sell access to the Services; (iii) interfere with, disrupt, alter, translate, or modify the Services or any part thereof, or create an undue burden on the Services or the networks or services connected to the Services, including without limitation, the external websites that contain Third Party Content and that are linked to on the Services; (iv) reverse engineer, decompile, disassemble, or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Software, Services, AI Services, AI-Assisted Features, models, prompts, orchestration logic, or other CMX technology; (v) without CMX’s express written permission, introduce software or automated agents or scripts to the Services so as to produce multiple accounts, generate automated searches, requests and queries, or to strip or mine data from the Services; (vi) perform or publish any performance or benchmark tests or analyses relating to the Services or the use thereof; or (vii) cover or obscure any page or part of the Services via HTML/CSS, scripting, or any other means, if any; (viii) use the Services, AI Services, or AI-Assisted Features to violate, misappropriate, or infringe the rights of any third party; (ix) use the AI Services or AI-Assisted Features to make final legal, regulatory, safety, employment, credit, housing, health care, insurance, or other regulated decisions without appropriate human review and oversight; or (x) falsely state or imply that output generated by the AI Services or AI-Assisted Features was created by a human. Customer shall comply with all applicable laws and regulations in its use of the Services.
2. 2.2 Usernames and Passwords. CMX (or the Reseller, if applicable) will provide you with a unique username and password to enable you to access the Services pursuant to this Agreement. CMX (or the Reseller, if applicable) reserves the right to change or update these username and passwords in its sole discretion from time to time. Your username and password may only be used to access the Services during one (1) concurrent login session and shall comply with CMX’s then-current policies and/or security requirements regarding usernames and passwords (collectively, “CMX Security Requirements”). Customer acknowledges and agrees that only Customer and its authorized users, as permitted under the applicable Master Terms, are entitled to access the Services with the username and password provided to Customer. Customer is responsible for maintaining the confidentiality of its username and password, and is solely responsible for all activities that occur under these usernames. Customer agrees to notify CMX (or the Reseller, if applicable) promptly of any actual or suspected unauthorized use of its account, usernames or passwords, or any other breach or suspected breach of this Agreement. Notwithstanding anything contained herein to the contrary, if you request to be permitted to deviate from the CMX Security Requirements, then CMX’s agreement to such request (if applicable) is conditioned upon CMX not being responsible for any unauthorized access and/or use of the Services by someone using a username and/or password that is not in strict compliance with the CMX Security Requirements (each a “Noncompliant Username/Password”). Accordingly, you hereby accept all responsibility for the use of any Noncompliant Username/Password and hereby release, discharge and waive all causes of action or other claims, including without limitation, all damages, liabilities , judgments, costs and expenses, arising out of or related to any Noncompliant Username/Password, including without limitation, any unauthorized access and/or use of the Services by someone using a Noncompliant Username/Password.
3. 2.3 IP Ownership. The Services and all Intellectual Property Rights in the Services are the exclusive property of CMX. Except as expressly set forth herein, no express or implied license or right of any kind is granted to Customer regarding the Services and Software, or any part thereof, including any right to obtain possession of any source code, data or other technical material relating to the Software. All rights not expressly granted to Customer are reserved to CMX. Without limiting the foregoing, CMX owns and retains all right, title, and interest in and to the Services, Software, AI Services, AI-Assisted Features, models, prompts, orchestration logic, methodologies, templates, output formats, report structures, Documentation, Usage Data, Aggregated Data, and all modifications, improvements, enhancements, derivatives, and Intellectual Property Rights in or to any of the foregoing, subject to Customer’s ownership of Customer Content as set forth in this Agreement and the applicable Master Terms.
3. 3. Customer Content and Emails.
1. 3.1 Customer Content. Customer is solely responsible for the accuracy, content, and legality of all Customer Content. Customer represents and warrants that any Customer Content shall not (a) infringe any copyright, trademark, or patent; (b) misappropriate any trade secret; (c) be deceptive, defamatory, obscene, pornographic or unlawful; (d) contain any viruses, worms or other malicious computer programming codes able to damage the Services, any Third Party Content, or other data of the Services; or (e) otherwise violate the rights of a third party. Customer further represents and warrants that Customer has made all necessary disclosures and obtained or otherwise possesses all consents, permissions and other rights required or necessary to (i) collect, share, and use Customer Content as contemplated in this Agreement and/or in connection with Customer’s use of the Services, and (ii) provide the Customer Content to CMX and for CMX to use the Customer Content pursuant to this Agreement, the applicable Master Terms, the DPA, and the AI & Data Protection Statement. CMX may, but is not obligated to, backup any Customer Content that is posted on the Services. Customer is solely responsible for creating backup copies of any Customer Content posted on the Services at Customer’s sole cost and expense. Customer agrees that any use of the Services contrary to or in violation of the representations and warranties of the Customer in this section constitutes improper and unauthorized use of the Services. Customer hereby grants to CMX a non-exclusive, non-transferable right and license to use the Customer Content during the term of this Agreement for the limited purposes of performing CMX’s obligations and exercising its rights hereunder, including providing, securing, maintaining, supporting, and improving the operation of the Services, AI Services, and AI-Assisted Features, subject to the restrictions on Customer Content, personal data, and model training in the applicable Master Terms, DPA, and AI & Data Protection Statement. Additionally, CMX may use any Customer Content as set forth in the Privacy Policy (as defined herein), the applicable Master Terms, the DPA, and the AI & Data Protection Statement.
2. 3.2 No Sensitive Data. Customer specifically agrees not to use the Services to collect, store, process or transmit any Sensitive Data. Customer acknowledges that CMX is not a Business Associate or subcontractor (as those terms are defined in HIPAA) or a payment card processor and that the Services are not compliant with HIPAA or PCI-DSS. CMX shall have no liability under this Agreement for Sensitive Data, notwithstanding anything to the contrary herein.
3. 3.3 Customer Emails. If you enable the Services to allow email correspondence (including attachments) to be sent outside of the Services (“Customer Emails”), you acknowledge that CMX has absolutely no control over the content, format, or legality of Customer Emails or the email addresses to which Customer Emails are sent. Accordingly, you hereby accept all responsibility for Customer Emails and hereby release, discharge and waive all causes of action or other claims, including without limitation, all damages, liabilities judgments, costs and expenses, arising out or related to any Customer Emails, including, without limitation, the use or publication of any content contained in any Customer Emails.
4. 3.4 AI Services and Customer Content. To the extent Customer enables or uses AI Services or AI-Assisted Features, Customer instructs CMX to process Customer Content as reasonably necessary to provide, secure, maintain, support, operate, and improve the operation of the AI Services and AI-Assisted Features in accordance with this Agreement, the applicable Master Terms, the DPA, and the AI & Data Protection Statement. Such processing may include submitting prompts, queries, uploaded files, embeddings, vectorized representations, and other Customer Content to Enterprise Cloud AI Services for inference and related processing necessary to provide the AI Services or AI-Assisted Features.
5. 3.5 AI Training; De-Identified Data. CMX may use De-Identified Data and/or Aggregated Data to train, fine-tune, develop, evaluate, or otherwise improve the AI Services, AI-Assisted Features, and CMX models, provided that such data does not identify Customer, any user, any site or facility, any household, or any natural person, and is processed and used in compliance with applicable law. CMX will not use Customer Content that is not De-Identified Data (including any identifiable personal data) to train, fine-tune, develop, evaluate, or otherwise improve any Foundation Model, embedding model, third-party model, or CMX-internal model, except to the extent Customer expressly agrees otherwise in writing.
6. 3.6 Human Oversight. AI Services and AI-Assisted Features are designed to assist users and are not intended to replace human review, professional judgment, regulatory judgment, legal advice, safety judgment, or compliance oversight. Customer is responsible for determining whether its use of the AI Services or AI-Assisted Features is appropriate for its use case and complies with applicable laws, rules, regulations, notices, consents, impact assessments, data subject rights, and other obligations applicable to Customer.
7. 3.7 Outputs. Outputs generated by AI Services or AI-Assisted Features may be incomplete, inaccurate, duplicative, or unsuitable for Customer’s intended purpose. Customer is responsible for reviewing, validating, and determining whether to use or rely on any output. Ownership of outputs, CMX prompts, CMX output materials, CMX property, and other CMX technology and materials is governed by the applicable Master Terms.
4. 4. Third Party Content. CMX makes no representations or warranties regarding any Third Party Content found on or through the Services or that is otherwise available using the Services. Customer represents and warrants that any Third Party Content that it uses or has access to shall not be copied, altered, or redistributed by Customer without the prior written consent of the owner of such Third Party Content.
5. 5. CMX use of Information.
1. 5.1 Usage Data. CMX collects information and data on how the Services are used by customers, including information about platform usage, workflow activity, system performance, feature usage, support, security, search terms, and related operational metrics (“Usage Data”). CMX owns all Usage Data and may use Usage Data to provide, secure, maintain, support, analyze, improve, optimize, and operate the Services, AI Services, and AI-Assisted Features, in each case in accordance with this Agreement, the applicable Master Terms, the DPA, the AI & Data Protection Statement, and CMX’s privacy policy set forth at www.compliancemetrix.com/privacy (the “Privacy Policy”).
2. 5.2 Aggregated Data. CMX may create and use Aggregated Data for benchmarking, analytics, testing, demonstration, system improvement, security monitoring, fraud prevention, support, service optimization, and related internal business purposes, provided that such Aggregated Data does not identify Customer, any user, any site or facility, any household, or any natural person and is not used for model training prohibited by this Agreement, the applicable Master Terms, the DPA, or the AI & Data Protection Statement.
3. 5.3 CMX Review of Customer Content. CMX has the right (but not the obligation) to review any Content and delete or modify any Content that in CMX’s reasonable judgment violates this Agreement, the applicable Master Terms, the DPA, the AI & Data Protection Statement, or applicable law, or which may otherwise violate the rights of, harm, or threaten the safety of any customer or user of the Services or any other person, or create liability for CMX or any customer or user of the Services. CMX reserves the right (but has no obligation) to investigate and take appropriate legal action in CMX’s discretion against Customer if Customer violates this provision or any other provision of this Agreement, including without limitation, removing prohibited content from the Services, suspending or terminating access to the Services, reporting Customer to law enforcement authorities, and taking legal action against Customer. Any use of the Services in violation of this Agreement may result in, among other things, termination or suspension of Customer’s rights to use the Services.
6. 6. Warranty Disclaimer
1. 6.1 Performance. CMX warrants that the Services, when used as permitted by CMX and in accordance with the instructions in the Documentation, will operate as described in the Documentation in all material respects. Except as set forth in any Service Level Agreement executed in writing between Customer and CMX, CMX will, at its own expense and as its sole obligation and Customer’s exclusive remedy for any breach of this warranty, correct any reproducible error in the Services reported to CMX (or the Reseller, if applicable, and then by the Reseller to CMX) by Customer in writing during the subscription term. This warranty does not apply to No-Charge Services, beta features, trial features, or AI-generated outputs.
2. 6.2 Disclaimer. Except as set forth in Section 6.1, the Services, AI Services, AI-Assisted Features, outputs, Third Party Content, and third party services are provided “As-Is” and as available and CMX makes no (and hereby disclaims all) warranties, representations, or conditions, whether written, oral, express, implied or statutory, including, without limitation, any implied warranties of merchantability, title, noninfringement, or fitness for a particular purpose. CMX does not warrant that any output generated by AI Services or AI-Assisted Features will be accurate, complete, unique, error-free, non-infringing, or suitable for Customer’s intended purpose. Customer is responsible for reviewing and validating outputs before using or relying on them.
7. 7. Limitation of Liability. In no event shall CMX, (and the Reseller, if applicable), or its suppliers be liable to Customer for any special, indirect, incidental or consequential damages, including damages or costs due to loss of profits, data, use or goodwill, personal or property damage resulting from or in connection with CMX’s performance hereunder or the use, misuse, or inability to use the Services, AI Services, AI-Assisted Features, outputs, Third Party Content, third party services, or Enterprise Cloud AI Services, or other products or services hereunder. the maximum liability of CMX (and the Reseller, if Applicable) arising out of or in any way connected to this Agreement shall not exceed the fees paid by Customer to CMX (or the Reseller, if Applicable) during the six (6) months preceding the claim. The existence of one or more claims under this Agreement will not increase CMX’s liability.
8. 8. Indemnification. Customer will defend at its expense any suit brought against CMX, (and the Reseller, if applicable), and will pay any settlement Customer makes or approves or any damages finally awarded in such suit insofar as such suit is based on a claim by any third party based upon, resulting from or related to: (a) Customer’s use of the Services, AI Services, AI-Assisted Features, outputs, or Customer Content; (b) any improper or unauthorized use of the Services, AI Services, or AI-Assisted Features by Customer; (c) repeat infringement of copyright, irrespective of whether Customer cures such infringement; (d) Customer’s violation of applicable law, including laws relating to privacy, data protection, AI, automated decision-making, consumer protection, employment, safety, or regulated decisions; or (e) Customer’s failure to provide required notices, obtain required consents, conduct required assessments, provide required human oversight, or honor required opt-out, appeal, or similar rights in connection with Customer’s use of the Services, AI Services, or AI-Assisted Features.
9. 9. Term And Termination. This Agreement shall automatically expire at the end of the applicable subscription term. CMX may terminate your subscription and this Agreement immediately if you are in material breach of any term or condition of this Agreement. Without limiting the foregoing, CMX may suspend your access to and use of the Services immediately if CMX has not timely received all applicable fees. Upon termination or expiration of this Agreement for any reason, all rights granted by CMX to you in this Agreement will immediately cease to exist and you must discontinue all use of the Services and Software. Upon termination or expiration of this Agreement for any reason all rights and obligations of both parties, including all licenses granted to Customer hereunder, shall immediately terminate. Sections 1, 2.3, 3-10 will survive expiration or termination of this Agreement for any reason. Any rights or obligations relating to Customer Content, Usage Data, Aggregated Data, confidentiality, disclaimers, limitations of liability, indemnification, and compliance with the applicable Master Terms, DPA, and AI & Data Protection Statement will survive to the extent required by their terms or by applicable law.
10. 10. Miscellaneous.
1. 10.1 Master Terms; Order of Precedence. Customer’s use of the Services shall be in accordance with this Agreement, all applicable laws, the Master Terms, the DPA, and the AI & Data Protection Statement. In the event of any conflict between this Agreement and the Master Terms, the Master Terms will govern, except that this Agreement will govern individual end-user access obligations to the extent not inconsistent with the Master Terms. To the extent CMX has access to or processes Customer personal data, CMX shall comply with the DPA, if applicable. To the extent of any conflict or inconsistency between this Agreement and the AI & Data Protection Statement with respect to the AI Services, AI-Assisted Features, Customer Content processed by or in connection with the AI Services or AI-Assisted Features, Aggregated Data used in connection with AI-Assisted Features, or CMX’s AI-related data protection commitments, the AI & Data Protection Statement will govern unless the applicable Master Terms or DPA expressly states that a specific provision controls over the AI & Data Protection Statement.
2. 10.2 Governing Law and Venue. This Agreement and any action related thereto will be governed, controlled, interpreted, and defined by and under the laws of the State of California without giving effect to any conflicts of laws principles that require the application of the law of a different state. Customer hereby expressly consents to the personal jurisdiction and venue in the state and federal courts located in the county in California where CMX has its primary office for any lawsuit filed there against Customer by CMX arising from or related to this Agreement.
3. 10.3 Severability. If any provision of this Agreement is unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.
4. 10.4 No Assignment. This Agreement, and Customer’s rights and obligations herein, may not be assigned, subcontracted, delegated, or otherwise transferred by Customer without CMX’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void. CMX may freely assign this Agreement. The terms of this Agreement shall be binding upon assignees.
5. 10.5 Force Majeure. CMX shall not be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder for any cause which is beyond its reasonable control.
6. 10.6 Independent Contractors. Customer’s relationship to CMX is that of an independent contractor, and neither party is an agent or partner of the other. Customer will not have, and will not represent to any third party that it has, any authority to act on behalf of CMX.