Terms of Service

"Service" means the Satua platform, including all features accessible at satua.io and Tenant subdomains. "Tenant" or "Organization" means a business entity that has subscribed to the Service and been provisioned a subdomain. "User" means any individual authorized by a Tenant to access the Service. "Lead" means an individual data subject (a natural person) whose information is stored, processed, or communicated with through the Service. "Lead Data" means information about business contacts, companies, and prospects that is uploaded, imported, or synced from tenant-authorized third-party sources through the Service. Lead Data is a subset of personal information where it relates to an identifiable individual. "Tenant Content" means material authored by a Tenant or its Users through the Service, including AI prompts, email templates, company profile text, drafted email content, and other configuration. "Usage Data" means information about how Users interact with the Service, including feature usage, session data, clickstream, and similar signals. "De-Identified Data" means data derived from Lead Data or email communications from which direct identifiers (names, email addresses, phone numbers, and similar personal identifiers) have been removed or tokenized. "AI-Generated Content" means any text, email copy, or other content produced by artificial intelligence models through the Service. "Commercial Electronic Message" or "CEM" means any electronic message that has as one of its purposes to encourage participation in a commercial activity, as defined under applicable anti-spam legislation.

By accessing or using the Service, you agree to be bound by these Terms. If you are using the Service on behalf of an organization, you represent and warrant that you have authority to bind that organization to these Terms. You must be at least 18 years old and have the legal capacity to enter into a binding agreement. These Terms, together with our Privacy Policy, constitute the entire agreement between you and Cytisum Digital Consulting Inc. regarding the Service.

Satua is a product of Cytisum Digital Consulting Inc. It is an AI-powered B2B CRM and outreach platform that provides lead management, tenant-owned data ingestion orchestration, pipeline automation, and team collaboration tools. The Service is provided on a multi-tenant basis where organizations access the platform through their assigned subdomain. Satua does not provide, sell, broker, resell, license, or otherwise monetize Lead Data as a standalone data product. The Service relies on third-party infrastructure including Supabase, Postmark (tenant email delivery), Resend (system email), OpenRouter, Apify, Stripe where enabled for billing, Google where OAuth is used, and Railway. We are not responsible for downtime, errors, or service degradation caused by these third-party providers. See Section 22 for the full sub-processor list and email delivery data-flow description.

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must immediately notify us of any unauthorized use. Tenant administrators are responsible for managing users, controlling access permissions, and ensuring that all users within their organization comply with these Terms. The organization (Tenant) and its individual Users are jointly and severally responsible for compliance with these Terms. We reserve the right to refuse service, suspend, or terminate accounts in our sole discretion for violations of these Terms, applicable laws, or our Acceptable Use Policy.

You agree that you will NOT use the Service to:

Anti-Spam Violations: Send unsolicited commercial electronic messages to recipients who have not provided valid consent as required by applicable law; send messages to purchased email lists where recipients have not given consent to receive messages from you specifically; misrepresent or obscure the origin of any communication; fail to include a valid physical mailing address and functioning unsubscribe mechanism in commercial emails; send commercial emails to recipients who have previously unsubscribed; or use the Service to send messages on behalf of unidentified third parties.

Data Misuse: Scrape, collect, or store personal data in violation of applicable privacy laws; redistribute, sell, share, rent, license, broker, or otherwise commercialize Lead Data outside your organization; use Lead Data for purposes beyond your own B2B sales, marketing, customer, and account-management workflows; use the Service as a consumer report or for eligibility decisions involving credit, employment, housing, insurance, education, lending, or similar regulated purposes; or circumvent any data access controls or tenant isolation mechanisms.

Harmful Activities: Send messages containing malware, phishing links, or fraudulent content; use AI-Generated Content in a manner that is deceptive, misleading, or impersonates another person or entity; harass, threaten, or abuse any individual; attempt to gain unauthorized access to other Tenants' data or any system connected to the Service; use the Service in violation of any applicable law; or engage in activities that could damage, disable, or impair the Service.

Volume Abuse: Exceed reasonable sending volumes or send emails at a rate that could damage sender reputation or violate email service provider policies; or use automated tools to circumvent rate limits, quotas, or usage restrictions.

Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account without prior notice and may expose you to civil and criminal liability.

You are solely responsible for compliance with all applicable anti-spam and privacy legislation when using the email outreach and tenant-owned data-ingestion features of the Service.

Under CASL (Canada): Obtaining express or implied consent before sending CEMs; maintaining records of consent (including how and when obtained); including prescribed identification information (your name, business name, mailing address, contact information); providing a functioning unsubscribe mechanism effective within 10 business days; and honoring unsubscribe requests promptly.

Under CAN-SPAM (United States): Not using false or misleading header information; not using deceptive subject lines; identifying messages as advertisements where required; including a valid physical postal address; providing a clear opt-out mechanism; and honoring opt-out requests within 10 business days.

Under GDPR/ePrivacy (European Union): Having a lawful basis for processing recipients' personal data; obtaining prior consent for electronic marketing to individuals (with the limited "soft opt-in" exception for existing customers); and providing clear information about data processing in each communication.

Tenant Warranties. You represent and warrant that (a) you are the sender for CASL and CAN-SPAM purposes; (b) you have a lawful basis — express consent, implied consent, or an applicable exemption including the business-to-business exemption under section 4(c)(ii) of the CASL regulations — for every Commercial Electronic Message sent through the Service; (c) you maintain records of consent sufficient to satisfy the CRTC's evidentiary standard; and (d) your use of Lead Data falls within the business-contact-information exemption under PIPEDA section 4.01, BC PIPA section 3(2)(e), Alberta PIPA section 4(3)(d), Quebec Law 25 applicable carve-outs, or you have obtained any required consent from each Lead.

AI-Generated Content produced through the Service is created by third-party artificial intelligence models and is provided "as is." We do not guarantee that AI-Generated Content is accurate, complete, appropriate, non-infringing, or suitable for any particular purpose. You are solely responsible for reviewing, editing, and approving all AI-Generated Content before use. AI-Generated Content does not constitute legal, financial, or professional advice. You assume all risk and liability for your use of AI-Generated Content, including any claims arising from its accuracy, legality, or appropriateness. You are responsible for ensuring AI-Generated Content does not infringe third-party intellectual property rights, violate any applicable law, or contain defamatory, misleading, or harmful statements. AI output may be routed through third-party inference providers identified in our Privacy Policy, and may reflect training-data biases. Satua disclaims warranties of accuracy, originality, and non-infringement.

8.1 Tenant Data. As between you and Cytisum Digital Consulting Inc., your organization retains all right, title, and interest in (a) Tenant Content, (b) Lead Data uploaded, imported, or synced by your organization through the Service, and (c) Account Data of your Users.

8.2 License to Operate. You grant Cytisum a worldwide, non-exclusive, royalty-free license to host, store, transmit, display, process, and otherwise use Tenant Content, Lead Data, Usage Data, and Account Data to the extent necessary to provide, secure, support, and operate the Service, including through authorized sub-processors. This license does not permit Cytisum to sell, share, rent, broker, or license Lead Data to third parties as a standalone data product.

8.3 Service Improvement and De-Identified Analysis. Cytisum may use Tenant Content, Usage Data, and De-Identified Data derived from Lead Data and email communications to operate, secure, debug, evaluate, and improve the Service; develop product features; generate aggregate analytics and benchmarks; and evaluate artificial intelligence model performance. Cytisum will not use raw Lead personal information or raw outreach recipient content to train third-party foundation models. Cytisum will not disclose De-Identified Data in a manner that identifies a Tenant, User, Lead, recipient, or company unless authorized by the Tenant or required by law.

8.4 De-Identification. Before any Lead Data or email body content is used under Section 8.3, Cytisum will apply de-identification techniques to remove or tokenize direct identifiers (names, email addresses, phone numbers, and similar personal identifiers). De-Identified Data is treated as non-personal information.

8.5 Enterprise Carve-Out. Tenants on Enterprise plans may request, by written notice to privacy@satua.io and subject to execution of a Data Processing Addendum, that their Tenant Content be excluded from the Section 8.3 license. The exclusion applies prospectively only.

8.6 No Sale, Sharing, or Data-Broker Marketplace. Cytisum does not sell or share Account Data or Lead Data for cross-context behavioral advertising, and does not provide Lead Data to unrelated third parties for their independent marketing, resale, brokerage, enrichment, or list-building purposes. Lead Data access is provided exclusively to the Tenant that uploaded, imported, synced, or generated the record through its own authorized source, within the Service.

8.7 Tenant Warranties. You represent and warrant that you have all necessary rights, consents, and lawful bases to upload, process, and grant the licenses in this Section 8 for all data provided to the Service, and that your provision of data to Cytisum does not violate any law (including PIPEDA, BC PIPA, Alberta PIPA, Quebec Law 25, CASL, CAN-SPAM, and CPRA) or any third party's rights.

You agree to indemnify, defend, and hold harmless Cytisum Digital Consulting Inc. and its officers, directors, employees, agents, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your use of the Service, including any Lead Data you process, emails you send, or AI-Generated Content you use; (b) your violation of these Terms, including the Acceptable Use Policy; (c) your violation of any applicable law, regulation, or third-party right, including anti-spam legislation, privacy laws, data-provider terms, and intellectual property rights; (d) any claim by a third party (including email recipients, data subjects, provider licensors, or regulatory authorities) arising from your use of email outreach, tenant-owned data connections, pipelines, or data processing features; and (e) your representations and warranties proving to be false or misleading. The foregoing includes, without limitation, claims, complaints, investigations, orders, or administrative monetary penalties under CASL, PIPEDA, BC PIPA, Alberta PIPA, Quebec Law 25, CAN-SPAM, and the California Consumer Privacy Act (as amended by CPRA) arising from Tenant's use of the Service. This indemnification obligation survives termination of these Terms and your account.

Unless a separate Service Level Agreement has been executed, we do not guarantee any specific level of uptime, availability, or performance. We will use commercially reasonable efforts to maintain availability but are not liable for any downtime, whether planned or unplanned. We may perform scheduled and unscheduled maintenance that may temporarily affect availability.

13.1 Billing Cycles. Subscriptions are billed on a monthly basis from the date your account is provisioned, unless otherwise agreed in a signed order form. All fees are quoted and payable in the currency specified in your plan or order form (USD or CAD).

13.2 Invoicing and Payment Terms. Invoices are issued by Cytisum at the end of each billing period based on usage accrued during that period, and are due within fourteen (14) days of the invoice date (the "Payment Due Date"). Payment must be made by the method specified in your order form. If no payment method is specified, payment by bank transfer or electronic funds transfer is required.

13.2.1 Payment Processing via Stripe. Where a Tenant is configured to pay through our Service's integrated payment rail, Cytisum uses Stripe, Inc. ("Stripe") as its payment processor. By providing payment-method information to Stripe through the Service, you (a) authorize Cytisum to instruct Stripe to charge the designated payment method for amounts invoiced through the Service, including (where you have enabled automatic collection) recurring charges at each Payment Due Date; (b) agree to Stripe's Services Agreement and Privacy Policy, which govern Stripe's processing of your payment information; (c) acknowledge that payment-card numbers, bank account details, and similar payment credentials are collected and stored by Stripe — Cytisum does not see, receive, or store full payment credentials; and (d) are responsible for keeping the payment method on file current and for any decline, reversal, or chargeback. A reference to the Stripe-issued invoice (including its hosted-invoice URL and PDF) is made available to the Tenant within the Service; payment is considered received when Stripe confirms settlement.

13.2.2 Automatic Collection. If a payment method is on file and the Tenant's plan is configured for Stripe collection, Cytisum will instruct Stripe to attempt settlement of each invoice on or shortly after the Payment Due Date. If automatic collection is not configured (for example, because no card is on file), Cytisum may instead deliver the invoice via Stripe's hosted-invoice flow so the Tenant can pay directly. Stripe's standard smart-retry schedule applies to failed automatic charges. Sustained failure of automatic collection is treated as non-payment under Sections 13.4 and 13.5.

13.2.3 Chargebacks and Reversals. You agree not to initiate a chargeback, dispute, or reversal with your card issuer or bank for any charge that conforms to these Terms and a validly issued invoice. Where you have a good-faith billing dispute, the process in Section 13.6 applies first. Cytisum reserves the right to recover from you any chargeback fees, reversal fees, and associated costs that Stripe charges Cytisum as a result of a disputed or unauthorized reversal.

13.2.4 Tenant Administrator Actions. Only a Tenant administrator or a user specifically designated as the Tenant's billing contact may authorize the addition, replacement, or removal of payment methods and enrollment in Stripe-based automatic collection. Actions taken by such authorized users are binding on the Tenant.

13.3 Late Payments. If full payment is not received by the Payment Due Date, you are responsible for any costs Cytisum reasonably incurs in collecting overdue amounts, including legal fees and collection agency fees.

13.4 Grace Period and Service Suspension. If full payment is not received within seven (7) calendar days after the Payment Due Date (the "Grace Period"), Cytisum may suspend your access to the Service without further notice. During suspension, your data is retained but the Service is inaccessible to you and your Users. Cytisum is not liable for any losses, damages, disruption, or business harm arising from a suspension due to non-payment.

13.5 Account Lockout. If payment remains outstanding for more than thirty (30) calendar days after the Payment Due Date, Cytisum may lock your account. A locked account cannot be reinstated without full payment of all outstanding amounts. Cytisum reserves the right to permanently terminate the account and delete all Tenant data if payment is not received within sixty (60) calendar days after the Payment Due Date. Cytisum is not liable for any data loss resulting from termination for non-payment.

13.6 Disputed Invoices. If you dispute an invoice in good faith, you must notify Cytisum at billing@satua.io within seven (7) days of the invoice date with a written description of the dispute. Undisputed amounts remain due by the Payment Due Date. Failure to dispute an invoice within the stated period constitutes acceptance of the invoice in full.

13.7 Price and Plan Changes. Cytisum reserves the right to modify, at any time and at its sole discretion: (a) subscription fees; (b) included usage allowances (including, without limitation, emails, AI generations, lead-discovery runs, event-discovery runs, broker connections, CRM contacts, file storage, and seats); (c) per-unit pay-as-you-go overage rates; (d) capacity-pack pricing or terms; and (e) per-run, per-call, or per-record platform limits intended to maintain quality or operational integrity. Cytisum will provide at least thirty (30) days' written notice of any such change to the primary billing contact by email. Changes take effect at the start of the affected Tenant's next billing cycle that begins on or after the end of the notice period; the Tenant's current billing cycle is not affected. Continued use of the Service after the effective date constitutes acceptance. If the Tenant does not accept a change, the Tenant's sole remedy is to terminate the subscription effective at the end of the current billing cycle; fees already paid for the current cycle remain non-refundable per Section 13.9.

13.8 Taxes. All fees are exclusive of applicable taxes, including GST, HST, PST, and any other applicable taxes or levies. You are responsible for all taxes associated with your use of the Service, except for taxes on Cytisum's net income.

13.9 No Refunds. All fees are non-refundable except where required by applicable law or expressly agreed in writing. No refunds are issued for partial months of service, unused features, or periods during which the Service was suspended due to your non-payment or breach of these Terms.

By You: You may terminate your account at any time by contacting hello@satua.io.

By Us: We may suspend or terminate your account immediately, without prior notice, if: (a) you breach these Terms; (b) payment is overdue and not resolved within the periods specified in Section 13; (c) we receive a spam complaint, abuse report, or legal demand; (d) we are required to do so by law; (e) your account has been inactive for more than 12 months; or (f) we discontinue the Service.

Effect of Termination: Upon termination, your right to access the Service ceases immediately. We may delete your data within 90 days unless required by law to retain it. Outstanding payment obligations, limitation of liability, indemnification, intellectual property, and governing law provisions survive termination.

Data Export: You are responsible for exporting any data you wish to retain before termination. We are not obligated to provide data export assistance after termination.

The Service, including its design, features, code, algorithms, AI model configurations, documentation, and all related intellectual property, is owned by Cytisum Digital Consulting Inc. or its licensors. These Terms do not grant you any right, title, or interest in the Service except the limited right to use it in accordance with these Terms. "Satua," the Satua logo, and related marks are trademarks of Cytisum Digital Consulting Inc. If you provide feedback or suggestions regarding the Service, you grant us an unrestricted, irrevocable, perpetual, royalty-free license to use such feedback for any purpose without compensation.

If you believe that content available through the Service infringes your copyright, you may submit a notice to legal@satua.io containing: (a) identification of the copyrighted work; (b) identification of the infringing material and its location; (c) your contact information; (d) a statement of good faith belief that the use is not authorized; (e) a statement under penalty of perjury that the information is accurate; and (f) your physical or electronic signature.

Each Tenant's data is logically isolated from other Tenants. You may not attempt to access data belonging to other Tenants. Tenant administrators are responsible for managing users, controlling access, and ensuring organizational compliance. The organization (Tenant) and its individual Users are jointly and severally responsible for compliance with these Terms.

We reserve the right to modify these Terms at any time. Each version of these Terms is assigned a version identifier and date. By creating an account, you accept the version of these Terms in effect at that time, and by continuing to use the Service after a new version takes effect you accept the new version. For material changes we will notify each Tenant's primary billing contact by email and display an in-app banner for 30 days before the changes take effect. Non-material changes (clarifications, formatting, contact information updates) may take effect immediately on posting. If you do not agree to a new version, you must stop using the Service and terminate your account before the new version takes effect.

These Terms are governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles. Any dispute that cannot be resolved through negotiation shall be submitted to the exclusive jurisdiction of the courts of Ontario, Canada. Before initiating any formal dispute resolution, you agree to contact legal@satua.io and attempt to resolve the dispute informally for at least 30 days.

Class Action Waiver. To the fullest extent permitted by applicable law, you and Cytisum agree that each may bring claims against the other only in your or its individual capacity, and not as a plaintiff or class member in any purported class or representative proceeding. If a court decides that this class action waiver is unenforceable as to any claim, then that claim (and only that claim) shall be severed from any other claims, which remain subject to this waiver.

If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions remain in full force and effect. Our failure to enforce any provision does not constitute a waiver. You may not assign or transfer these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

For questions about these Terms, contact us at legal@satua.io.

Cytisum Digital Consulting Inc.
Operating as Satua
legal@satua.io

22.1 Sub-Processor List. We engage the following third-party sub-processors to deliver the Service. Each sub-processor receives only the data necessary to perform its function and is bound by data-processing terms consistent with our obligations under applicable law. Third-party data providers connected by a Tenant (currently Hunter.io) are connected under the Tenant's own provider account and are not Satua sub-processors; for the controller relationship that applies to data returned through such provider connections, see our Privacy Policy Section 2B:

Supabase, Inc. — United States — Managed database, authentication, and file storage provider. Holds Tenant Content, Lead Data, Account Data, and related platform records under standard data-processing terms. See supabase.com/privacy.

Google LLC — United States — OAuth identity provider for "Sign in with Google". Receives the authenticating user's email address and basic profile. See policies.google.com/privacy.

Postmark (ActiveCampaign, LLC) — United States — Tenant email delivery provider. Receives tenant-originated outreach email content, recipient addresses, sender identity, and associated delivery and engagement signals. Does not process system-to-user email. See postmarkapp.com/privacy-policy.

Resend (Resend, Inc.) — United States — Transactional system-email provider used for internal notifications (for example, workspace invites). Receives internal-user email addresses and notification content. Does not deliver tenant-originated lead outreach.

Stripe, Inc. — United States — Payment processor for Tenants that pay through the Service. Receives billing-contact identity and invoice amounts. Payment credentials (card, bank account, etc.) are collected directly by Stripe's hosted flows; Cytisum does not see or store full payment credentials. See stripe.com/privacy and stripe.com/legal/ssa.

OpenRouter Inc. — United States — Large-language-model gateway used to route prompts to underlying model providers. Receives prompts and related context necessary to produce AI output. Through OpenRouter, prompts and context may be processed by the following underlying model providers, each acting as an additional sub-processor under their own terms: OpenAI, L.L.C. — United States (general-purpose generation, including email drafting and the discovery planner), Anthropic, PBC — United States (general-purpose generation, where selected per workload), and Perplexity AI, Inc. — United States (web-search-grounded reasoning for Lead Discovery enrichment and Event Intelligence runs). No raw Lead personal data is used to train any of these providers' foundation models; prompts and outputs are processed for generation only.

Apify Technologies s.r.o. — Czech Republic — Web-scraping infrastructure used for Tenant-initiated data collection.

Railway Corp. — United States — Application hosting and compute provider. Runs the Service and holds operational configuration. See railway.com/legal/privacy.

22.2 Tenant Email Delivery Data Flow. Lead-outreach emails are delivered via our email provider using the customer's verified sending domain. DNS records (DKIM and a Return-Path CNAME) must be published at the customer's registrar for sending to begin. Messages are transmitted and stored by the provider with encryption in transit. Delivery, bounce, and engagement signals are returned to Satua and stored in your account for reporting.

22.3 Changes to Sub-Processors. We will provide at least 30 days' notice of additions or material changes to this sub-processor list by updating this Section and notifying each Tenant's primary billing contact by email.

This section provides notice required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CPRA), for California residents.

Categories of Personal Information we collect: identifiers (name, email, IP address); internet or other network activity information (usage data); commercial information (billing, account state); and professional or employment-related information (via Lead Data processed on a Tenant's behalf).

Purposes: providing and operating the Service, authenticating users, enabling tenant-directed communications, service improvement, product analytics, AI model evaluation as described in Section 8.3, and legal compliance.

No Sale or Sharing: Cytisum does not sell the Personal Information of California residents and does not share it for cross-context behavioral advertising. Satua is not a marketplace for buying, selling, brokering, licensing, or reselling Lead Data.

Your Rights: California residents may exercise rights to know, delete, correct, opt out of sharing, and limit the use of sensitive personal information by emailing privacy@satua.io. We will respond within the time frame required by applicable law. Requests regarding Lead Data must be directed to the Tenant that holds the data; we will facilitate forwarding such requests to the relevant Tenant within 10 business days.