Terms of Use
1.Definitions
"Agreement" means these Terms of Use, together with any applicable Order Form, Service Level Agreement, Data Processing Addendum, or written amendment executed by both parties. "City of Hats" means City of Hats Inc., a corporation incorporated under the laws of Ontario, Canada, together with its affiliates, successors, and assigns. "Customer" means the individual or legal entity that registers for, accesses, or uses the Services. "Customer Data" means any data, content, files, or information uploaded, submitted, transmitted, or otherwise provided by Customer through the Services, excluding system-generated metadata. "Services" means the City of Hats platform, including but not limited to cybersecurity monitoring, threat intelligence, API services, Secure Channels, integrations, and associated web or mobile applications, tools, or features made available by City of Hats. "Order Form" means any ordering document, subscription confirmation, or purchase agreement referencing these Terms. "Effective Date" means the date Customer first accesses or uses any part of the Services, or the date specified in an Order Form, whichever is earlier. "Confidential Information" means any non-public information disclosed by either party that a reasonable person would understand to be confidential. "Authorized Users" means individuals authorized by Customer to access and use the Services on Customer's behalf.
2.Services
City of Hats shall provide the Services in accordance with this Agreement and any applicable Order Form. City of Hats may update, modify, enhance, or discontinue features of the Services, provided that such changes do not materially reduce the core functionality of an active paid subscription. Beta, preview, or early-access features are provided "as is", may be modified or withdrawn at any time, and are excluded from any SLA unless expressly stated. The Services may rely on third-party infrastructure, data feeds, or APIs. City of Hats is not responsible for third-party availability or performance except as expressly stated in an SLA.
3.Account Registration
Customers must provide accurate, current, and complete information when creating an account and must safeguard all credentials, including passwords and API keys. Customers must be at least 18 years old. If registering on behalf of an organization, the registrant represents authority to bind that organization. Customer is responsible for all activity under its account and must notify City of Hats immediately of any unauthorized access. City of Hats may suspend or terminate accounts containing false information or suspected compromise.
4.Customer Responsibilities
Customer shall use the Services only for lawful purposes and shall not: (a) attempt unauthorized access; (b) transmit malware or harmful code; (c) disrupt Service integrity; (d) reverse engineer or decompile the Services; (e) resell or sublicense access without authorization; (f) overload or impair infrastructure; (g) use automation outside documented APIs. Customer remains solely responsible for Customer Data legality and compliance.
5.Fees and Payment
Fees are defined in the applicable Order Form or plan. Fees are non-refundable unless required by law. Late payments may accrue interest. City of Hats may suspend Services for overdue accounts. Pricing changes apply at renewal with at least sixty (60) days' notice.
6.Term and Termination
This Agreement continues for the subscription term and renews automatically unless notice is given. Either party may terminate for uncured material breach. City of Hats may suspend or terminate immediately for violations of Sections 4 or 29. Upon termination, access ceases immediately. Customer Data may be retrieved within thirty (30) days unless otherwise restricted by Secure Channel destruction rules. Survival clauses apply.
7.Intellectual Property
City of Hats retains all intellectual property rights in the Services. Customer receives a limited, non-exclusive, non-transferable right to use the Services. Customer retains ownership of Customer Data. Feedback may be used by City of Hats without obligation.
8.Confidentiality
Each party shall protect Confidential Information using reasonable care. Exceptions include public information, prior knowledge, third-party disclosure, or independent development. Disclosure required by law is permitted with notice where legally allowed. Confidentiality survives for three (3) years; trade secrets remain protected indefinitely.
9.Data Protection
City of Hats processes Customer Data in accordance with applicable data protection laws, including GDPR, PIPEDA, and Thailand PDPA. Where required, a DPA applies. City of Hats maintains reasonable security measures and breach notification obligations. Customer remains responsible for lawful data collection and consent.
10.Warranties
City of Hats warrants reasonable care, conformity with documentation, authority to provide Services, and absence of intentionally malicious code. Customer warrants lawful use and authority. No guarantee of uninterrupted or error-free operation is provided.
11.Disclaimer
EXCEPT AS EXPRESSLY STATED, SERVICES ARE PROVIDED "AS IS". CITY OF HATS DISCLAIMS ALL IMPLIED WARRANTIES. SECURITY, RISK, OR THREAT DATA IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND DOES NOT GUARANTEE PREVENTION OF INCIDENTS.
12.Indemnification
Customer indemnifies City of Hats for misuse, unlawful data practices, or violations. City of Hats indemnifies Customer against third-party IP infringement claims arising from the Services. Defense and settlement procedures apply.
13.Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, INDIRECT OR CONSEQUENTIAL DAMAGES ARE EXCLUDED. CITY OF HATS' AGGREGATE LIABILITY SHALL NOT EXCEED FEES PAID IN THE PRECEDING 12 MONTHS; FREE-TIER LIABILITY IS CAPPED AT USD $100. Certain liabilities are not limited where prohibited by law.
14.Force Majeure
Neither party is liable for delays caused by events beyond reasonable control. Extended force majeure may result in termination without liability.
15.Publicity
City of Hats may reference Customer name and logo unless opted out. Case studies and press releases require consent.
16.Export Compliance
Customer shall comply with applicable export and sanctions laws and represents eligibility to use the Services.
17.Governing Law
This Agreement is governed by Ontario law, Canada, excluding conflict principles and CISG.
18.Dispute Resolution
Disputes proceed from negotiation to binding arbitration in Toronto, Ontario, except for injunctive relief.
19.Notices
Notices must be in writing. Routine operational communications are excluded from formal notice requirements.
20.Entire Agreement
This Agreement supersedes prior agreements. Order Forms prevail in case of conflict.
21.Amendments
Terms may be updated with notice. Continued use constitutes acceptance.
22.Assignment
Assignment is restricted except for affiliates or corporate transactions.
23.Severability
Invalid provisions are severed without affecting remaining terms.
24.Waiver
Waivers must be written and are non-precedential.
25.Miscellaneous
The parties are independent contractors. No third-party beneficiaries exist except as stated. Headings are for convenience. Survival clauses apply.
26.Secure Channels Definition & Scope
"Secure Channels" refers to City of Hats' ephemeral communication services, including Hats (temporary, anonymous communication identities) and Dead Drops (one-time or limited-retrieval encrypted message exchanges). Secure Channels are designed exclusively for time-limited and sensitive communications between verified organizational users. Secure Channels are ephemeral by design. Messages, identities, and associated channel data are automatically destroyed upon expiration, burn-on-read trigger, retrieval limit, or sender-initiated destruction. City of Hats does not retain, archive, back up, or have the technical ability to recover Secure Channel content after destruction. Secure Channels are not a general-purpose messaging service and must not be used or relied upon as a persistent communication, collaboration, or storage solution.
27.Secure Channel Eligibility & Access
Access to Secure Channels requires verification via a valid organizational (work) email address. Consumer email providers (including but not limited to Gmail, Yahoo, Hotmail) and disposable or anonymous email services are not accepted. Email verification serves solely as an access gate and does not create a persistent user identity tied to the email address. Each verified user operates within an isolated environment. Users sharing the same email domain are not linked, grouped, discoverable, or granted mutual visibility. City of Hats reserves the right to reject, suspend, revoke, or restrict Secure Channel access at any time, with or without notice, if eligibility requirements are not met or if misuse, abuse, or risk to platform integrity is suspected.
28.Secure Channel Data Handling & Zero-Knowledge Architecture
Secure Channels operate under a zero-knowledge architecture. City of Hats cannot access, decrypt, view, monitor, or recover the content of any Hat communication or Dead Drop. Message content is end-to-end encrypted and exists only for the duration of the active channel lifecycle. Upon expiration, burn event, retrieval limit, or manual destruction, all associated data is permanently and irreversibly deleted. Verification email addresses may be temporarily retained in hashed form only for rate-limiting, abuse prevention, and platform protection purposes, after which they are purged. City of Hats does not store plaintext email addresses, message content, recipient identities, message metadata, or communication history beyond the active session lifecycle. Users acknowledge and accept that destroyed Secure Channel data cannot be recovered by City of Hats under any circumstance, including but not limited to legal request, account recovery, technical error, or customer support inquiry.
29.Secure Channel Prohibited Use
Users shall not use Secure Channels to: (a) engage in, facilitate, or promote activities that violate applicable local, national, or international law; (b) transmit content involving harassment, threats, coercion, defamation, or incitement to violence; (c) knowingly attempt to circumvent lawful court orders, regulatory obligations, or compliance requirements applicable to the user; (d) distribute malware, exploit code, or content intended to compromise systems, networks, or data; (e) impersonate another individual, organization, or authority during verification or use; (f) attempt to reverse-engineer, de-anonymize, intercept, or compromise the ephemeral or encrypted nature of Secure Channels; (g) use automation, scripts, bots, or bulk mechanisms to create Hats, Dead Drops, or messages at scale. Violation of this section may result in immediate termination of Secure Channel access without refund. City of Hats may cooperate with law enforcement only to the extent required by applicable law, limited strictly to information lawfully available at the time of the request.
30.Secure Channel Limitations, Disclaimers & No Recovery
Users acknowledge and accept the following inherent limitations of Secure Channels: (a) once a Hat, message, or Dead Drop is burned, expired, retrieved beyond its limit, or destroyed, it cannot be restored or recovered; (b) Secure Channels do not provide persistent inboxes, contact lists, message history, read receipts, typing indicators, message synchronization, or notification services; (c) free-tier Secure Channel access is subject to usage limits, including but not limited to maximum concurrent Hats, monthly creation quotas, retrieval limits, and maximum channel duration, as published on the platform at the time of use; (d) City of Hats provides no service-level agreement (SLA) for free-tier Secure Channel usage, and availability is provided on a best-effort basis; (e) paid-tier upgrades may extend duration, concurrency, and quota limits but do not alter the ephemeral, encrypted, or zero-knowledge nature of Secure Channels. City of Hats reserves the right to modify, limit, suspend, or discontinue Secure Channel features, quotas, or availability at any time, with reasonable notice where practicable.