Terms of Service

Horus-i is designed for internal security awareness, employee coaching, and defensive testing authorized by the organization that controls the account.

You may not use Horus-i to harass, deceive, extort, compromise accounts, collect real credentials, deliver malware, impersonate unauthorized third parties, or run campaigns outside the organization or scope you are authorized to test.

You are responsible for obtaining any required approvals, employee notices, legal review, works council approvals, and sender domain authorization before launching a campaign.

Administrators are responsible for the accuracy of company, employee, sender, campaign, and scheduling information entered into Horus-i.

Administrators must review generated simulation content before approval and sending. Generated or fallback drafts are previews until explicitly approved.

Administrators must not upload sensitive personal data that is unnecessary for security awareness campaigns, including home addresses, family data, health data, political or religious information, private personal contact details, or secrets.

Horus-i may prepare simulations using employee records, safe campaign fields, sanitized professional enrichment, and LLM-generated or deterministic fallback content.

Only approved, validated, safe, non-excluded simulations are eligible for delivery. Campaigns remain draft when no simulation is accepted for delivery.

Delivery depends on configured providers, including Resend and verified sender details. Production dry-run sending is blocked, and duplicate accepted sends are prevented by delivery safeguards.

Horus-i uses third-party services to operate the platform, including Supabase, People Data Labs when enrichment is enabled, a configured LLM provider, and Resend.

Your use of Horus-i must comply with applicable third-party provider requirements, email laws, anti-abuse rules, and sender reputation policies.

Third-party service availability, rate limits, webhook delivery, provider failures, and email recipient infrastructure may affect campaign delivery and reporting.

Customer data remains the responsibility of the customer. Horus-i processes customer data to provide authentication, campaign preparation, simulation review, delivery, reporting, employee feedback, and operational safeguards.

You grant Horus-i the limited right to process submitted data and generated content as needed to operate and secure the service.

You must not use Horus-i to create or send unlawful, discriminatory, abusive, deceptive beyond authorized simulation scope, or otherwise harmful content.

Horus-i reports awareness behavior using Horus-i event logs for opens, clicks, submissions, and awareness redirects.

Previews, pending sends, failed sends, bounced sends, suppressed sends, excluded simulations, unapproved simulations, unsafe simulations, and production dry-run rows are not intended to count as reportable campaign results.

Reports and exports are provided for security awareness and operational decision-making, not as a guarantee of future employee behavior or protection from security incidents.

We may suspend or restrict access if use appears unsafe, unauthorized, unlawful, abusive, harmful to deliverability, or inconsistent with these Terms.

We may update the service and these Terms as the product evolves. Continued use after updates means you accept the revised Terms.

Horus-i is provided without warranties of uninterrupted availability, error-free operation, or complete prevention of phishing or social engineering risk.