1. Acceptance of Terms
By accessing or using CostOptix ("Service," "Platform," "we," "us," or "our"), operated by Yosolix Inc., a Delaware corporation, you ("User," "Customer," "you," or "your") agree to be bound by these Terms of Service ("Terms"). If you are entering into these Terms on behalf of a company or organisation, you represent that you have the authority to bind that entity to these Terms.
2. Service Description
2.1 Platform Overview
CostOptix is a multi-cloud cost management and financial operations (FinOps) platform provided as a Software-as-a-Service (SaaS) solution. It provides:
- Unified cost visibility across AWS, Microsoft Azure, Google Cloud Platform, Heroku, Kubernetes, and additional providers
- Cost anomaly detection and budget forecasting
- Resource-level cost attribution and analytics
- Automated alerting and webhook notifications
- Optional AI-powered cost insights (where enabled)
2.2 Service Delivery Model
- Web Application: Accessed via https://costoptix.com
- API Service: RESTful API for programmatic access
- Optional Agents: Lightweight Kubernetes agents deployed in your infrastructure to collect metrics
2.3 Service Availability
- The Service is provided on a SaaS basis, hosted in the United States
- We strive for 99.5% uptime on Starter and Professional plans; 99.9% SLA is available on Enterprise plans
- Scheduled maintenance will be announced with reasonable notice
2.4 Infrastructure
- Starter & Professional: Logically isolated tenancy on CostOptix managed, shared infrastructure hosted in the United States
- Business: Dedicated resources managed by CostOptix, providing stronger performance and compliance isolation, hosted in the United States
- Enterprise: Fully self-hosted deployment within your own environment — on-premise or your preferred cloud provider, in a location of your choosing
2.5 Beta Features
Features marked as "beta," "preview," or "experimental" are provided AS-IS without warranties and may be modified or discontinued without notice.
3. Account Registration and Security
3.1 Account Creation
- You must provide accurate, complete, and current information
- You are responsible for maintaining the confidentiality of your account credentials
- You must be at least 18 years old to create an account
- One person or entity may not maintain multiple free accounts
3.2 Organisation Accounts
- Organisations may invite multiple users with role-based permissions
- Organisation administrators are responsible for managing user access
- You are responsible for all activities under your organisation account
3.3 Security Obligations
You are solely responsible for:
- Safeguarding your login credentials and API keys
- Immediately notifying us of any unauthorised access
- Implementing appropriate security measures on your end
- Rotating credentials regularly per industry best practices
4. Cloud Provider Credentials
4.1 Credential Storage and Use
CRITICAL: CostOptix requires read-only access to your cloud provider accounts to function. By providing credentials, you acknowledge:
- AWS: Access keys with read-only IAM policies for Cost Explorer and billing data
- Azure: Service principal credentials (Client ID, Client Secret, Tenant ID) with "Reader" and "Cost Management Reader" roles
- GCP: Service account keys with "Billing Account Viewer" permissions
- Heroku: API keys with read-only access
- Kubernetes: Agent deployment with metrics collection permissions only
4.2 Credential Security
- Credentials are encrypted at rest using AES-256-GCM
- Credentials are encrypted in transit using TLS 1.3
- We implement role-based access control and multi-tenant isolation
- Credentials are stored in organisation-specific isolated databases
4.3 Read-Only Access Requirement
You must only provide read-only credentials. CostOptix:
4.4 Your Responsibilities
- Verify permissions before providing credentials
- Use dedicated service accounts with minimal required permissions
- Rotate credentials if you suspect compromise
- Revoke credentials before account termination
4.5 Credential Deletion
Upon account termination, we will delete your credentials within 30 days unless legally required to retain them longer.
5. Data Privacy and Usage
5.1 Data Collection
We collect and process:
- Cloud billing and cost data from your connected accounts
- Usage metrics, resource metadata, and cost attribution data
- Account information, user emails, and organisation details
- Product analytics and session data via PostHog
- Technical logs and error reports for service improvement
5.2 Data Ownership
You own your data. We claim no ownership rights to:
- Your cloud cost data
- Your organisation information
- Your usage patterns or configurations
5.3 Data Location
Your data is stored and processed in the United States. If you are located in the EU/EEA or UK, by using CostOptix you consent to the transfer of your data to the United States. We rely on Standard Contractual Clauses (SCCs) for lawful transfers from the EU/EEA/UK. A Data Processing Agreement (DPA) is available upon request at legal@costoptix.com.
5.4 Data Usage Rights
We may use aggregated, anonymised data for:
- Service improvement and feature development
- Industry benchmarking and research (with no personally identifiable information)
- Creating anonymised usage statistics
We will NEVER:
- Sell your personal or cost data to third parties
- Share identifiable data without your explicit consent
- Use your data to compete with you or provide insights to your competitors
5.5 Data Retention
- Active account data is retained for the duration of your subscription
- Historical cost data follows your subscription tier limits (30 days – unlimited)
- Deleted data is purged within 90 days except where legally required
5.6 Data Export
You may export your cost data in CSV format at any time through the platform interface.
5.7 GDPR and Privacy Compliance
For users in the European Economic Area (EEA), UK, or Switzerland:
- We process data as a Data Processor under GDPR
- You maintain rights to access, rectify, delete, and port your data
- Our Data Processing Agreement (DPA) with Standard Contractual Clauses is available upon request
- See our Privacy Policy for full GDPR details
6. Artificial Intelligence Features
6.1 AI-Powered Insights
Where AI features are enabled, CostOptix uses:
- Cloudflare AI Gateway for multi-model AI access
- Large language models (LLMs) such as Google Gemini for cost analysis and recommendations
- AI quota limits are enforced per subscription tier
6.2 AI Disclaimer
AI-GENERATED CONTENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY:
- AI insights may contain errors, inaccuracies, or outdated information
- AI recommendations should be validated by qualified professionals
- We do not guarantee the accuracy of AI-generated forecasts or suggestions
- AI features may change without notice
6.3 No Financial Advice
AI insights do not constitute financial, investment, or professional advice. You should consult qualified professionals before making spending decisions, validate all AI recommendations against your business requirements, and not rely solely on AI outputs for critical financial decisions.
6.4 Third-Party AI Providers
When using AI features:
- On Starter, Professional, and Business plans, your prompts and cost data context may be sent to third-party AI providers (e.g., Google Gemini) via Cloudflare AI Gateway
- Third-party AI providers have their own terms and privacy policies
- We are not responsible for third-party AI provider actions or data handling
- You may opt out of AI features at any time
Enterprise (self-hosted): You can supply your own AI provider API keys via your deployment configuration. AI calls are made directly from your infrastructure to your chosen provider — CostOptix never receives, stores, or processes your AI provider keys or the prompts sent through them.
7. Subscription Plans and Pricing
7.1 Subscription Tiers
CostOptix offers four subscription tiers. All prices are in USD. Business and Enterprise pricing is custom — contact sales@costoptix.com for a proposal.
Starter — Free forever
- 2 cloud accounts, 1 user
- 30 days historical data
- 5 AI insights / month
- API access (100 calls/day)
- Webhook integrations
- Shared managed infrastructure (United States)
- No credit card required
Professional — $150 / month · $1,500 / year
- 5 cloud accounts, up to 3 users
- 90 days historical data
- Advanced anomaly detection and budget forecasting
- Tag Explorer
- API access (1,000 calls/day)
- Slack / Microsoft Teams / Discord webhooks
- Shared managed infrastructure (United States)
- Annual billing saves approximately 17%
Business — Contact sales
- 50 cloud accounts, up to 50 users
- 12 months historical data
- 100 AI insights / month
- API access (10,000 calls/day)
- SSO (OIDC)
- Dedicated managed infrastructure (United States)
- Priority support
Enterprise — Contact sales
- Unlimited cloud accounts and users
- Unlimited historical data and AI insights
- Bring your own AI provider keys
- SSO (OIDC)
- White-label options
- Self-hosted deployment on your own infrastructure
- Dedicated account manager
- 99.9% SLA
- 24/7 premium support
7.2 Billing
- Subscription fees are billed monthly in advance, or annually at the discounted rate
- Prices are in USD unless otherwise specified
- Accepted payment methods: credit card (all tiers); additional methods available for Business and Enterprise
7.3 Price Changes
- We may change pricing with 30 days' written notice
- Existing customers are grandfathered for 12 months after a price increase
- You may cancel before new pricing takes effect
7.4 Refund Policy
- No refunds for monthly subscription fees already charged
- Pro-rated refunds for annual subscriptions if cancelled within the first 30 days
8. Acceptable Use Policy
8.1 Prohibited Uses
You may NOT:
- Violate any laws, regulations, or third-party rights
- Use the Service to compete with us or build a competitive product
- Reverse engineer, decompile, or disassemble the platform
- Circumvent security features or authentication mechanisms
- Share API keys or login credentials with unauthorised parties
- Use the Service for unauthorised access to cloud accounts
- Scrape, crawl, or excessively burden our infrastructure
- Upload malware, viruses, or malicious code
- Provide false or misleading information
8.2 Fair Use
- You must not abuse API rate limits (enforced per tier)
- Excessive usage beyond tier limits may result in throttling or additional charges
8.3 Enforcement
We reserve the right to:
- Suspend or terminate accounts violating these Terms
- Report illegal activity to authorities
- Seek legal remedies for damages
9. Intellectual Property
9.1 Our IP Rights
CostOptix, including all software, designs, trademarks, logos, and documentation, is owned by Yosolix Inc. and protected by copyright, trademark, and other intellectual property laws.
9.2 Limited License
We grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Service in accordance with these Terms.
9.3 User Feedback
If you provide feedback, suggestions, or ideas:
- We may use them without compensation or attribution
- You grant us a perpetual, worldwide, royalty-free licence to use them
9.4 Open Source
Some components use open-source software. Applicable licences are referenced in our documentation.
10. Disclaimers and Limitations of Liability
10.1 Cost Data Accuracy
CRITICAL DISCLAIMER:
- Cost data is sourced from third-party cloud provider APIs (AWS, Azure, GCP, etc.)
- We do not guarantee the accuracy, completeness, or timeliness of cost data
- Cloud providers may have delays of 24–48 hours before cost data is available
- Forecasts and predictions are statistical estimates, not guarantees
- Always verify costs directly with your cloud provider billing portals
10.2 Service "AS IS"
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, OR RELIABILITY.
10.3 Third-Party Services
We integrate with third-party services (cloud providers, AI providers, webhook endpoints). We are not responsible for third-party service outages, errors, data loss, API changes, or their terms of service.
10.4 Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE ARE NOT LIABLE FOR:
- Indirect, incidental, consequential, or punitive damages
- Lost profits, revenue, data, or business opportunities
- Damages exceeding the amount you paid us in the 12 months before the claim
EXCEPTIONS (liability is not excluded for):
- Gross negligence or wilful misconduct
- Fraud or fraudulent misrepresentation
- Death or personal injury caused by our negligence
- Violations of law that cannot be excluded by contract
10.5 Force Majeure
We are not liable for delays or failures caused by events beyond our reasonable control, including natural disasters, government actions, internet or telecommunications failures, cloud provider outages, or API changes.
11. Indemnification
11.1 Your Indemnification Obligations
You agree to indemnify, defend, and hold harmless Yosolix Inc., CostOptix, and their officers, directors, employees, and agents from any claims, liabilities, damages, losses, and expenses (including legal fees) arising from your violation of these Terms, misuse of the Service, your cloud provider credentials or data, or negligence or wilful misconduct by you or your users.
11.2 Our Defence Rights
We reserve the right to assume exclusive defence and control of any matter subject to indemnification by you.
12. Data Security and Breaches
12.1 Our Security Measures
- Encryption at rest (AES-256-GCM) and in transit (TLS 1.3)
- Multi-tenant database isolation per organisation
- Role-based access control (RBAC)
- Network-level access controls and Tailscale-restricted admin access
- Logging and monitoring for suspicious activity
12.2 Your Security Obligations
- Use strong, unique passwords
- Protect your API keys and credentials
- Monitor your account for unauthorised access
- Promptly report security incidents to us
12.3 Breach Notification
In the event of a data breach affecting your account, we will notify you within 72 hours of discovery, provide details of the breach and remediation steps, and notify authorities as required by applicable law.
12.4 Limitation of Breach Liability
Our liability for data breaches is limited to direct damages up to 12 months of subscription fees. We are not liable for breaches caused by your negligence or third-party attacks.
13. Termination
13.1 Termination by You
- You may cancel your subscription at any time through your account settings
- Cancellation takes effect at the end of your current billing period
- You will not receive refunds for unused time (see Section 7.4)
13.2 Termination by Us
We may suspend or terminate your account immediately if you violate these Terms, use the Service for illegal activities, fail to pay fees owed, or if we are legally required to do so.
13.3 Effect of Termination
- Your access to the Service will cease immediately
- We will delete your data within 30 days (unless retention is legally required)
- You must pay all outstanding fees
- Provisions that should survive (indemnification, disclaimers) remain in effect
13.4 Account Reactivation
Terminated accounts may be reactivated within 90 days upon request, subject to approval.
14. Export Compliance
14.1 Export Control Laws
The Service may be subject to applicable US and international export control laws and regulations. You agree not to export or re-export the Service to embargoed countries, and not to use the Service if you are on a relevant government restricted party list.
14.2 Prohibited Jurisdictions
Use of the Service is prohibited in countries subject to applicable US or international sanctions.
15. Dispute Resolution
15.1 Governing Law
These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.
15.2 Informal Resolution
Before initiating any formal proceedings, you must contact us at support@costoptix.com to attempt informal resolution for a period of 60 days.
15.3 Arbitration Agreement (U.S. Customers)
PLEASE READ THIS CAREFULLY:
- Any dispute arising from these Terms will be resolved through binding arbitration
- Arbitration will be conducted by the American Arbitration Association (AAA)
- You waive your right to a jury trial and to participate in class actions
Exceptions:
- You may opt out of arbitration by emailing us within 30 days of account creation
- Either party may seek injunctive relief in court for IP violations
15.4 Jurisdiction (Non-U.S. Customers)
For customers outside the U.S., disputes will be resolved in the federal or state courts located in Delaware, United States, and you consent to personal jurisdiction in those courts.
16. Modifications to Terms
16.1 Right to Modify
We may update these Terms. Changes take effect immediately for non-material changes (typos, clarifications) and after 30 days' notice for material changes (pricing, liability, rights).
16.2 Notice of Changes
We will notify you of material changes via email to your registered address and via in-app notification upon login.
16.3 Acceptance of Changes
Continued use of the Service after changes take effect constitutes acceptance. If you disagree, you must terminate your account.
17. General Provisions
17.1 Entire Agreement
These Terms constitute the entire agreement between you and Yosolix Inc. regarding the Service and supersede all prior agreements.
17.2 Severability
If any provision is found invalid or unenforceable, the remaining provisions remain in full effect.
17.3 No Waiver
Our failure to enforce any right or provision does not constitute a waiver of future enforcement.
17.4 Assignment
You may not assign these Terms without our written consent. We may assign these Terms to any successor or affiliate.
17.5 Notices
Legal notices must be sent to legal@costoptix.com. Notices to you will be sent to your registered email address.
18. Contact Information
18.1 Support
- Email: support@costoptix.com
- Response time: Within 2 business days (Enterprise: 24 hours)
18.2 Legal Inquiries
- Legal: legal@costoptix.com
- Data Protection / DPA: privacy@costoptix.com
18.3 Sales
- Business & Enterprise pricing: sales@costoptix.com
18.4 Security Issues
- Security Team: security@costoptix.com
- Responsible Disclosure: We encourage responsible disclosure of vulnerabilities