Legal Notices

Legal Notice / Terms of Service

Effective Date: August 10, 2025
(for Nassau Technologies, LLC – SEYSOFT)

1. Introduction

These Terms of Service (“Terms”) govern your use of the SEYSOFT platform (“Service”), an all-in-one, modular business management solution owned and operated by Nassau Technologies, LLC (“Company,” “we,” “our,” or “us”). By creating an account, accessing, or using the Service, you irrevocably agree to these Terms. If you do not agree, you must discontinue use immediately.

2. Eligibility

You must be at least eighteen (18) years of age and legally capable of entering into binding contracts to use the Service. By registering, you represent and warrant that you meet this requirement.

3. Account Registration and Responsibilities

When creating an account, you agree to:

• Provide accurate, current, and complete information;
• Promptly update such information as necessary;
• Maintain the confidentiality of your credentials;
• Accept full responsibility for all activities occurring under your account.

The Company shall not be liable for loss or damages arising from your failure to secure your account.

4. User Responsibilities and Prohibited Conduct

A. User Responsibilities

• You are solely responsible for ensuring that all business, customer, vendor, employee, or financial data you enter into SEYSOFT is collected and used lawfully;
• You will obtain all necessary rights, consents, and authorizations before inputting any third-party data;
• The Company assumes no responsibility for Customer Data entered without appropriate authorization.

B. Prohibited Conduct

You may not use the Service to:

• Engage in illegal, unlawful, or fraudulent conduct;
• Upload, execute, or transmit malware, ransomware, or malicious code;
• Attempt to bypass, probe, or interfere with security or authentication systems;
• Reverse engineer, copy, or create derivative works of the Service;
• Upload or store sensitive categories of data without explicit authorization, including but not limited to:
  • Payment card data (PCI-DSS)
  • Social Security Numbers or government IDs
  • Protected health information (PHI) regulated under HIPAA
  • Biometric data

Violation of this section may result in immediate suspension or termination of your account.

5. Subscription Fees and Refund Policy

• Recurring Fees: The Service operates on a recurring subscription model. You authorize us to charge subscription fees per your plan.
• Monthly Subscriptions: Non-refundable under all circumstances.
• Annual Subscriptions: Refunds are prorated based on the subscription start date and the month of cancellation, calculated using the last day of the month.
• Policy Violation Termination: No refunds shall be provided if your account is terminated for violations of these Terms.

6. Termination

The Company may suspend or terminate your access to the Service at any time, with or without cause, at its sole discretion. Upon termination, your rights to use the Service will immediately cease.

7. Dispute Resolution, Arbitration, and Class Action Waiver

• Governing Law: These Terms are governed exclusively by the laws of the State of New York, without regard to conflict-of-law principles.
• Arbitration: Any dispute shall be resolved exclusively by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. Judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.
• Venue: To the extent court proceedings are permitted, venue shall be exclusively in the state and federal courts located in Nassau County, New York.
• Class Action Waiver: You may bring claims only in your individual capacity and not as a class, collective, or representative action.

8. Limitation of Liability and Disclaimer of Warranties

A. Disclaimer of Warranties

The Service is provided on an “AS IS” and “AS AVAILABLE” basis, without any warranties of any kind, express or implied, including merchantability, fitness for a particular purpose, title, or non-infringement.

B. Limitation of Liability

To the fullest extent permitted by law:

• No Liability for Third Parties: The Company shall not be liable for damages arising from unauthorized access, third-party misuse, or your own failure to use the Service lawfully.
• Exclusion of Damages: The Company shall not be liable for indirect, incidental, consequential, special, exemplary, or punitive damages, including loss of profits, data, or goodwill.
• Liability Cap: The aggregate liability of the Company to you shall not exceed the total fees paid during the calendar year in which the claim arose.

9. Indemnification

You agree to indemnify, defend, and hold harmless the Company, its affiliates, officers, directors, employees, agents, licensors, and service providers from any claims, liabilities, damages, or expenses (including attorneys’ fees) arising from or related to:

• Your use of the Service;
• Your violation of these Terms;
• Your violation of any applicable law;
• Any data, content, or materials you input into the Service.

10. Force Majeure

The Company shall not be liable for any failure or delay in performance due to events beyond its reasonable control, including but not limited to acts of God, natural disasters, epidemics, war, terrorism, government actions, labor disputes, denial-of-service attacks, power or Internet outages, or third-party service failures.

11. Severability

If any provision of these Terms is held invalid, illegal, or unenforceable, such provision shall be enforced to the maximum extent possible, and the remaining provisions shall remain valid and enforceable.

12. Entire Agreement

These Terms, together with the Privacy Policy, Security & Compliance Statement, Intellectual Property & DMCA Policy, Cookie Policy, and any incorporated addenda (including the Data Processing Addendum and Acceptable Use Policy), constitute the entire agreement between you and the Company regarding the Service and supersede all prior oral or written agreements or representations. No modification shall be effective unless in writing and signed by both parties.

13. Changes to Terms

We may update these Terms at any time. Updates shall take effect upon posting. Continued use of the Service after updates constitutes acceptance of the revised Terms.

14. Contact Information

Nassau Technologies, LLC
Email: support@seysoft.co

---

Privacy Policy

Effective Date: August 10, 2025
(for Nassau Technologies, LLC – SEYSOFT)

1. Introduction

This Privacy Policy (“Policy”) explains how Nassau Technologies, LLC (“Company,” “we,” “our,” or “us”) collects, uses, discloses, stores, and protects personal information when you use the SEYSOFT platform (“Service”), an all-in-one, modular business management solution.

This Policy applies to all users of the Service located within the United States and is governed by U.S. federal law and the laws of the State of New York, including the New York SHIELD Act. By creating an account or using the Service, you agree to the terms of this Policy.

2. Information We Collect

A. Account Registration Data (Mandatory)

• First Name
• Last Name
• Email Address
• Password (hashed securely)

B. Business Information (Optional, after payment)

• Business Name
• Business Address
• Business Phone Number
• Business Website

C. Customer/Vendor/Employee Data (Optional, entered by you)

In using SEYSOFT’s features, you may enter business records that include names, contact details, or transaction information related to your customers, vendors, or employees. This data is treated as Customer Data under this Policy.

D. Excluded Categories

We do not request or require the following categories of sensitive data:

• Social Security Numbers or government-issued identifiers;
• Payment cardholder data (processed directly by Stripe);
• Protected health information (PHI) subject to HIPAA;
• Biometric identifiers.

3. User Responsibility for Business Data

• You are solely responsible for ensuring that all Customer Data you input (customer lists, invoices, employee records, vendor information, etc.) is collected and processed lawfully;
• You will obtain all necessary rights, permissions, and consents before entering third-party personal data into SEYSOFT;
• The Company shall not be liable for unauthorized or unlawful data you upload.

4. How We Collect Information

• Direct Collection: Through account registration, payment, and data entry into SEYSOFT modules.
• Automated Collection: Minimal session information for authentication and platform security.
• No Third-Party Harvesting: We do not buy, rent, or import external customer data on your behalf.

5. How We Use Information

We use collected information solely to:

• Provide, operate, and improve the Service;
• Authenticate accounts and manage subscriptions;
• Enable you to manage business records, customers, vendors, and employees;
• Provide customer support;
• Conduct internal analytics to enhance performance and security;
• Comply with legal obligations.

We do not sell or share your data for advertising or marketing purposes.

6. Data Sharing and Subprocessors

We only share data with subprocessors essential to Service delivery:

• Stripe, Inc. – payment processing;
• U.S.-based hosting providers – infrastructure and storage.

We do not use advertisers, embedded analytics, or third-party tracking scripts.

7. Cookies and Tracking

• Essential Cookies: Used only for authentication, session management, and security.
• No Tracking Cookies: We do not use advertising or behavioral profiling cookies.

8. Data Retention

• Account Data: Retained until account deletion, then permanently deleted after 90 days.
• Customer Data: Retained until account deletion or removal by you, then deleted within 90 days.
• Backups: Encrypted backups follow the same retention and deletion policies.

9. Data Security

We protect information using layered safeguards, including:

• TLS encryption for data in transit;
• Encrypted backups at rest;
• Hashed password storage;
• Firewalls and access controls;
• MFA for administrator accounts;
• Secure coding practices (OWASP Top 10);
• Regular vulnerability scans and patch management.

No system is completely secure, and we cannot guarantee absolute protection.

10. Breach Notification

If we discover a data breach involving your information, we will notify you as soon as practicable and no later than seven (7) days after discovery, consistent with our Incident Response Plan.

11. Law Enforcement and Government Requests

We do not disclose Customer Data to law enforcement or government agencies except when legally compelled. Where permitted by law, we will provide prompt notice to you of such a request.

12. U.S. Jurisdiction Only

The Service is intended for use exclusively within the United States. If you access the Service from outside the U.S., you are solely responsible for compliance with local laws.

13. Changes to This Policy

We may update this Policy at any time. Updates take effect upon posting. Material changes will be communicated by email or platform notice.

14. Entire Agreement

This Privacy Policy forms part of the broader legal agreement governing your use of the Service and supersedes all prior communications regarding privacy and data protection.

15. Contact Information

Nassau Technologies, LLC
Email: support@seysoft.co

---

Security & Compliance Statement

Effective Date: August 10, 2025
(for Nassau Technologies, LLC – SEYSOFT)

1. Commitment to Security

Nassau Technologies, LLC (“Company,” “we,” “our,” or “us”) is committed to the confidentiality, integrity, and availability of Customer Data processed through the SEYSOFT platform (“Service”). We comply with the New York SHIELD Act, applicable U.S. federal laws, and align our security program with recognized best practices, including:

• NIST Cybersecurity Framework (CSF)
• Center for Internet Security (CIS) Critical Security Controls
• ISO/IEC 27005 (information security risk management)
• OWASP Top 10 (application security guidance)

2. Hosting & Infrastructure

• All production systems are self-managed and physically located within New York, United States.
• No Customer Data is stored outside the United States.
• Hosting environments are protected by restricted access, surveillance, and layered safeguards.

3. Data Protection

In Transit
All communications between Customer systems and SEYSOFT are encrypted using HTTPS/TLS 1.2+.

At Rest

• Passwords are hashed using industry-standard algorithms.
• Sensitive operational data is protected through access controls.
• Encrypted backups ensure redundancy.

Physical
Drives are secured in restricted-access facilities.

4. Security Controls

We employ layered technical and administrative controls, including:

• Firewalls and intrusion prevention;
• Multi-Factor Authentication (MFA) for administrator accounts;
• Role-Based Access Controls (RBAC);
• Input sanitization and parameterized queries (PDO);
• Fail2Ban and automated lockouts for brute-force attempts;
• Regular patching of operating systems and applications.

5. Activity Logging

SEYSOFT maintains logs for platform security and accountability, including sales, expenses, inventory, and employee activity.

Logs are retained until 90 days after account deletion and then securely deleted.

6. Vulnerability Management

• Regular vulnerability scanning across application and infrastructure layers;
• Secure development lifecycle informed by OWASP Top 10;
• Risk assessments aligned with ISO/IEC 27005;
• Prioritization of defenses using CIS Critical Security Controls;
• Continuous monitoring and timely remediation.

7. Backup & Recovery

• Encrypted backups are performed weekly.
• Backups are stored securely in U.S. facilities.
• Disaster recovery processes are tested periodically.

8. Incident Response & Breach Notification

• All suspected incidents are promptly investigated.
• If a confirmed breach occurs, we will notify affected Customers as soon as practicable and no later than seven (7) days after discovery.
• Notifications will include the nature of the breach, data affected, remedial measures, and recommended mitigation steps.

9. Subprocessors

We may engage trusted subprocessors limited to service delivery functions:

• Stripe, Inc. – payment processing;
• U.S.-based hosting providers – infrastructure and storage.

We require subprocessors to maintain security standards consistent with this Statement.

10. Compliance Scope

SEYSOFT is designed for U.S. business use. While our practices align with global standards (NIST, CIS, ISO, OWASP), our legal compliance is governed by:

• New York SHIELD Act;
• Applicable U.S. federal laws.

11. Force Majeure

The Company shall not be liable for any failure or delay caused by events beyond its reasonable control, including but not limited to natural disasters, war, terrorism, government actions, labor disputes, Internet or hosting outages, or denial-of-service attacks.

12. Contact Information

For security questions or to report incidents, contact:
Nassau Technologies, LLC
Email: support@seysoft.co

---

Intellectual Property & DMCA Policy

Effective Date: August 10, 2025
(for Nassau Technologies, LLC – SEYSOFT)

1. Intellectual Property Ownership

All rights, title, and interest in and to the SEYSOFT platform, including but not limited to its software code, architecture, APIs, design elements, user interface, documentation, trademarks, and branding, are and shall remain the exclusive property of Nassau Technologies, LLC (“Company,” “we,” “our,” or “us”).

Except as expressly permitted in writing, you may not copy, modify, distribute, reverse engineer, create derivative works of, or otherwise exploit any portion of the Service.

2. Customer Business Data

While the platform is owned by the Company, any business records or information you upload to SEYSOFT including customer data, invoices, vendor records, employee information, and uploaded files remain your property (“Customer Data”).

By submitting Customer Data to the Service, you grant the Company a limited, non-exclusive, worldwide, royalty-free license to host, process, and display such data solely as necessary to provide, support, and improve the Service. This license does not transfer ownership, and all rights to Customer Data remain with you.

You represent and warrant that you have all necessary rights, permissions, and consents to upload and use Customer Data within SEYSOFT.

3. User-Generated Content (UGC)

In addition to business data, the Service may allow you to upload or transmit other materials, including text, files, or images. You retain ownership of this content but grant the Company the same limited license described above.

The Company reserves the right to remove or disable access to any content if, in its sole discretion, it determines such content is unlawful, infringes third-party rights, or violates these Terms.

4. Copyright Infringement Policy

We respect the intellectual property rights of others and comply with the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 512.

We will respond promptly to properly submitted DMCA notices of alleged copyright infringement and to valid counter-notifications.

5. DMCA Designated Agent

All DMCA notices and counter-notices must be directed to:

DMCA Agent
PO Box 169
Freeport, NY 11520-0169
Email: Support@seysoft.com

6. Filing a DMCA Takedown Notice

If you believe your copyrighted work has been infringed on SEYSOFT, your notice must include:

• Identification of the copyrighted work claimed to have been infringed;
• Identification of the material claimed to be infringing and information reasonably sufficient to permit us to locate it;
• Your name, mailing address, phone number, and email address;
• A statement that you have a good faith belief that the use is not authorized by the copyright owner, its agent, or the law;
• A statement, under penalty of perjury, that the information is accurate and that you are authorized to act on behalf of the copyright owner;
• Your physical or electronic signature.

7. Counter-Notification Procedure

If your content was removed in error, you may submit a counter-notification containing:

• Identification of the material that was removed or disabled and its prior location;
• A statement, under penalty of perjury, that the removal was a mistake or misidentification;
• Your name, mailing address, phone number, and email address;
• A statement that you consent to the jurisdiction of the federal court in the Eastern District of New York and accept service of process from the complainant;
• Your physical or electronic signature.

Upon receipt of a valid counter-notification, we may restore the material unless the original complainant files an action seeking to restrain you.

8. Repeat Infringer Policy

In accordance with the DMCA, we may suspend or terminate the accounts of users who are repeat infringers of intellectual property rights.

9. Reservation of Rights

We reserve the right to remove or disable access to content that we believe, in our sole discretion, violates intellectual property rights, applicable law, or these Terms, whether or not a DMCA notice is filed.

10. Entire Agreement

This Policy forms part of the overall agreement between you and the Company regarding use of the Service. It supersedes all prior oral or written statements concerning intellectual property and content rights.

11. Contact Information

For general intellectual property concerns not involving DMCA notices, contact:
Nassau Technologies, LLC
Email: support@seysoft.co

---

Cookies Policy

Cookie Policy

Effective Date: August 10, 2025
(for Nassau Technologies, LLC – SEYSOFT)

1. Introduction

This Cookie Policy (“Policy”) explains how Nassau Technologies, LLC (“Company,” “we,” “our,” or “us”) uses cookies and similar technologies when you access the SEYSOFT platform (“Service”). This Policy should be read together with our Privacy Policy.

2. What Are Cookies?

Cookies are small text files placed on your device by your browser when you visit a website. They are widely used to enable websites to function properly, enhance security, and improve user experience.

Cookies may be:

• Session cookies (expire when the browser closes), or
• Persistent cookies (remain until manually deleted or expired).

3. Types of Cookies We Use

A. Essential Cookies

SEYSOFT uses only cookies that are strictly necessary to:

• Authenticate users and maintain secure sessions;
• Enable access to protected areas of the platform;
• Protect against security threats such as Cross-Site Request Forgery (CSRF).

These cookies are mandatory. Without them, SEYSOFT cannot operate.

B. Excluded Cookies

We do not use:

• Third-party advertising cookies;
• Behavioral or profiling cookies;
• Third-party analytics cookies (e.g., Google Analytics).

4. Cookies in Use

Purpose	Expiration	Type
Maintain logged-in session	Session-based	Essential
Protect against CSRF attacks	Session-based	Essential

5. Managing Cookies

Because SEYSOFT uses only essential cookies, disabling them will impair or prevent access to the Service.

You may disable cookies through your browser, but doing so will prevent you from logging in or maintaining a secure session.

6. Force Majeure

The Company shall not be liable for disruptions, errors, or failures in cookie operation arising from events outside its reasonable control, including browser-level restrictions, third-party changes, or network disruptions.

7. Changes to This Policy

We may update this Policy from time to time to reflect changes in practices or legal requirements. Updates shall take effect upon posting with a revised effective date.

8. Contact Us

If you have questions about this Policy, contact:
Nassau Technologies, LLC
Email: support@seysoft.co

---

Vulnerability Disclosure Policy (VDP)

Effective Date: August 10, 2025
(for Nassau Technologies, LLC – SEYSOFT)

1. Purpose

Nassau Technologies, LLC (“Company,” “we,” “our,” or “us”) values the contributions of the security community and is committed to maintaining the integrity of the SEYSOFT platform (“Service”). This Vulnerability Disclosure Policy (“Policy”) establishes the rules of engagement for security researchers who wish to report vulnerabilities responsibly and legally.

2. Scope

This Policy applies to:

• The SEYSOFT application, APIs, and related infrastructure owned and operated by the Company;
• Web domains and services under the Company’s direct control.

This Policy does not authorize testing of:

• Third-party vendors or services (e.g., Stripe);
• Customer or vendor systems not owned by the Company;
• Social engineering, phishing, or physical security attacks.

3. Safe Harbor for Good-Faith Research

If you act in good faith and comply with this Policy, the Company will not pursue legal action against you under the Computer Fraud and Abuse Act (CFAA), the Digital Millennium Copyright Act (DMCA), or related laws.

Safe harbor applies only if you:

• Report vulnerabilities promptly;
• Avoid accessing, modifying, or exfiltrating data;
• Refrain from exploiting vulnerabilities beyond what is necessary to demonstrate proof of concept;
• Do not disrupt the Service or harm other users.

Safe harbor does not apply to malicious activity, extortion, or intentional abuse.

4. Prohibited Activities

You must not:

• Access, copy, or alter Customer Data or business records that are not your own;
• Attempt denial-of-service (DoS), brute-force, or load/stress testing without authorization;
• Introduce malware or other harmful code into the Service;
• Engage in phishing, social engineering, or physical intrusion;
• Use automated vulnerability scanners without prior coordination.

5. Reporting Guidelines

To report a vulnerability, please include:

• A detailed description of the vulnerability, including affected systems or components;
• Steps to reproduce the issue (proof-of-concept if applicable);
• The potential impact and severity;
• Your contact information (or indicate if you prefer anonymity).

Reports must be sent to: support@seysoft.co.
We will acknowledge receipt of your report within seven (7) business days.

6. Company Commitments

Upon receiving a valid report, we will:

• Investigate promptly and in good faith;
• Provide an estimated timeline for remediation where possible;
• Notify you once the issue has been resolved;
• Credit you publicly for your contribution, unless anonymity is requested.

7. Out-of-Scope Issues

The following are considered out-of-scope:

• DoS or volumetric attacks;
• Vulnerabilities in third-party software or libraries not under Company control;
• Reports lacking sufficient detail to reproduce;
• Issues requiring physical access to Company systems.

8. Legal Compliance

Nothing in this Policy authorizes you to violate applicable laws. You are responsible for ensuring that your research complies with all federal, state, and local laws.

9. Indemnification

You agree to indemnify, defend, and hold harmless the Company from any claims, damages, or liabilities arising from your failure to comply with this Policy.

10. Entire Agreement

This Policy forms part of the broader legal agreement governing your use of SEYSOFT and supersedes prior discussions concerning vulnerability reporting.

11. Contact Information

Nassau Technologies, LLC
Email: security@seysoft.co

---

Acceptable Use Policy (AUP)

Effective Date: August 10, 2025
(for Nassau Technologies, LLC – SEYSOFT)

1. Introduction

This Acceptable Use Policy (“Policy”) sets forth the rules governing use of the SEYSOFT platform (“Service”), operated by Nassau Technologies, LLC (“Company,” “we,” “our,” or “us”). This Policy is incorporated by reference into the Terms of Service. By accessing or using the Service, you agree to comply with this Policy.

2. Authorized Use

You may use SEYSOFT solely for legitimate business purposes, including but not limited to:

• Managing customers, vendors, employees, sales, and business operations;
• Maintaining business records in compliance with applicable laws;
• Running lawful and authorized commercial activities.

You are solely responsible for ensuring you have the right to input any data into the Service.

3. Prohibited Uses

You may not use SEYSOFT to:

A. Illegal or Unlawful Activity

• Conduct, promote, or facilitate fraud, theft, money laundering, tax evasion, or any illegal activity;
• Upload, store, or distribute unlawful content or materials that infringe intellectual property rights.

B. Security Violations

• Attempt to probe, scan, or bypass any system, security, or authentication measure;
• Deploy or introduce malware, ransomware, or malicious code;
• Reverse engineer, copy, or create derivative works of the Service.

C. Abuse and Misuse

• Send spam, unsolicited messages, or harass other users;
• Create multiple accounts to abuse free trials or circumvent billing;
• Resell, sublicense, or share unauthorized access to the Service.

D. Restricted Data Categories

Unless expressly authorized in writing, you may not upload or process:

• Payment cardholder data (PCI-DSS);
• Social Security Numbers or government-issued identifiers;
• Protected health information (PHI) subject to HIPAA;
• Biometric identifiers;
• Confidential third-party data without authorization.

4. System Abuse

• Interfere with or disrupt the Service or networks connected to it;
• Circumvent monitoring, rate-limiting, or access-control mechanisms;
• Attempt to overload the Service through denial-of-service (DoS) or excessive API requests.

5. Enforcement

Violations of this Policy may result in:

• Suspension or termination of your account;
• Removal of prohibited data or content;
• Civil or criminal liability under applicable law;
• Notification to law enforcement when required.

The Company reserves the right, at its sole discretion, to determine whether conduct violates this Policy.

6. Indemnification

You agree to indemnify, defend, and hold harmless the Company, its affiliates, officers, directors, employees, and agents from all claims, liabilities, damages, and expenses (including reasonable attorneys’ fees) arising from or related to your violation of this Policy.

7. Force Majeure

The Company shall not be liable for any failure to enforce this Policy due to events beyond its reasonable control, including natural disasters, government actions, Internet outages, or malicious third-party activity.

8. Entire Agreement

This Policy forms part of the overall agreement between you and the Company and supersedes any prior communications regarding acceptable use of the Service.

9. Contact Information

For questions about this Policy, contact:
Nassau Technologies, LLC
Email: support@seysoft.co