InStage Terms of Service

2.1 Institutional use. Users accessing under an institutional subscription represent they have appropriate authorization from their institution.

2.2 Competitors. You may not access the Services for benchmarking or competitive analysis without our prior written consent.

2.3 Minors. You represent you are at least the age of majority (or ≥13 with parental/guardian consent if not enrolled at a post‑secondary institution). The Services are not for children under 13.

3.1 Accounts. You must create an account and keep credentials secure; you're responsible for activity under your account.

3.2 Grant of rights. Upon registration and subject to fees, we grant a limited, non‑exclusive, non‑transferable right to access/use the Services during the subscription term.

3.3 Orders. Access to the Services is provisioned under an executed Order Form that incorporates these Terms.

3.4 Admin seats. Institutional admins may provision seats; user subscriptions are for named users and cannot be shared.

5.1 Your content. You retain ownership of any content you upload ("User Content").

5.2 License for service delivery.

By uploading User Content, you grant InStage and its in‑app tool providers a non‑exclusive, royalty‑free license to host, process, and display that content only to provide and support the Services to you during your subscription term and for a reasonable decommissioning/export period thereafter.

5.3 Service improvement (de‑identified). We may use anonymized/aggregated data to operate and improve the Services; it will not identify you.

5.4 Education‑Created Content (instructor tools). (a) Ownership. As between the parties, Customer (including its institution and instructors) owns all right, title, and interest in any materials, lesson plans, prompts, rubrics, feedback templates, recordings, or similar content created or uploaded using the instructor/admin tools ("Education-Created Content").

(b) Limited license to operate the Services. Customer grants InStage a non-exclusive, worldwide, royalty-free license to host, store, reproduce, and display Education-Created Content solely to provide, maintain, secure, and support the Services for Customer during the Subscription Term and for a reasonable decommissioning/export period after termination or expiry (not to exceed 7 days), to allow Customer to retrieve its data.

(c) No broader rights. Except for the limited license in 5.4(b), no rights are granted to InStage in Education-Created Content. InStage will not use Education-Created Content for model training, product development, marketing, or any other purpose without Customer's prior written consent. InStage may sublicense only to its subprocessors as necessary to provide the Services, subject to written confidentiality obligations.

5.5 Removal & moderation. We may remove content that violates these Terms or the law; we may request information to assess takedown requests.

5.6 Feedback. We welcome feedback and suggestions. You grant InStage a royalty‑free, worldwide, irrevocable, perpetual license to use and incorporate feedback into the Services. (This license does not grant InStage rights in your User Content or Education‑Created Content beyond those otherwise provided in these Terms.)

5.7 Copyright & Notice–and–Takedown. If you believe content on the Services infringes your rights, email legal@instage.io with: (i) your signature; (ii) the copyrighted work; (iii) the URL of the allegedly infringing material; (iv) your contact info; (v) a statement of good‑faith belief; and (vi) a statement under penalty of perjury that the notice is accurate and you are the owner or authorized agent. We may remove content and terminate repeat infringers.

6.1 Privacy Policy. Our processing of personal information is described in the InStage Privacy Policy, which is incorporated by reference. We comply with Canadian privacy law (including PIPEDA) and support institutions' compliance obligations.

6.2 FERPA. Where we provide services to U.S. institutions, we act as a "school official" with a legitimate educational interest and will not disclose personally identifiable information from education records except as permitted by FERPA or by the institution. Rights of parents/students under FERPA remain with the institution, and we will reasonably assist the institution in responding to FERPA requests.

6.3 Security incident notice. We maintain an Incident Response Plan addressing assessment, containment, notification, and record‑keeping under PIPEDA and other applicable law, including Ontario FIPPA §40.1 and BC FOIPPA §§30.5(2) and 36.3. For institutional customers that are public bodies, we will immediately notify the head of the public body of any unauthorized disclosure of personal information in their custody or control and will support required notifications to regulators (e.g., Ontario IPC, BC OIPC) and affected individuals without unreasonable delay where thresholds are met.

6.4 Accessibility. You may report accessibility issues via Intercom or by email to team@instage.io. We acknowledge reports within 1 business days, triage severity, and aim to resolve accessibility‑related issues within 1-5 business days, providing updates through the original communication channel. We track issues internally and conduct periodic audits to maintain alignment with accessibility best practices.

7.1 Scope. "Recordings" means video captured during sessions; "Audio‑only" means session audio captured without associated video; "Transcripts" means text auto‑generated from audio; "Usage Data & Security Logs" means operational metadata (e.g., access, performance, and security events).

7.2 Default retention (institution‑configurable).

(a) Recordings (video, if applicable): deleted after 90 days by default.

(b) Audio‑only: deleted after 12 months by default.

(c) Transcripts: deleted after 12 months by default

(d) Institutional controls: An Institution Administrator may shorten, extend, or disable specific capture/retention settings in the admin console. The Institution's settings control for its tenant.If the Institution indicates that Recordings, Audio‑only, or Transcripts are used to make a decision about an individual, the Institution must configure retention to meet applicable statutory minima (e.g., BC FOIPPA §31; Ontario FIPPA §40(1)) or ensure compliant retention elsewhere; the Services will display warnings and export options when setting a shorter retention.

7.3 Export. Institutions may export Recordings, Audio‑only files, and Transcripts at any time within their retention windows.

7.4 Deletion on request. Upon written request from an Institution, InStage will delete Customer Content (including personal information contained therein) held within the Services, subject to lawful exceptions (e.g., security or fraud logs) and the technical limitations of backups as described below.

7.5 Backups & disaster recovery. Backups are encrypted and rotated on a 30‑day schedule; deletions propagate upon backup expiry, with residual copies purged within 7 days thereafter

7.6 Security logs and operational telemetry. Security and operational logs are retained for at least 365 days to ensure auditability, reliability, and abuse prevention. These logs are separate from Customer Content and do not include video or audio payloads.

7.7 De‑identification. InStage may retain and use de‑identified metrics (which do not identify an individual) to operate, secure, and improve the Services.

7.8 FERPA/PIPEDA. For U.S. institutions, rights of parents/students under FERPA remain with the Institution; InStage will reasonably assist the Institution in responding to FERPA requests. InStage handles breach notification and recordkeeping consistent with PIPEDA and applicable law.

8.1 Controls. InStage maintains administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of the Services. Encryption is applied in transit and at rest, with cryptographic keys managed in AWS Canada (Central). Summaries of our security program are available on request.

8.2 Due diligence package (document‑based). Upon reasonable request no more than once per twelve (12) months, and subject to confidentiality obligations, Customer may conduct a remote, document‑based review of InStage's security and privacy program. As available, InStage will provide:

(a) the current Subprocessor Register and data‑location summary;

(b) a Web RTC Voice Transfer Impact Assessment (TIA) summary addressing the ephemeral, in‑memory processing performed in Microsoft East US 2 and confirming no storage, no logging of audio payloads, and no model training;

(c) InStage's standard Order/DPA Rider — Web RTC Voice (No Storage; No Training; Notice) for execution;

(d) a Web RTC Voice Attestation letter for Customer's tenant;

(e) the most‑recent third‑party web‑application penetration test executive summary and retest closure date;

(f) HECVAT‑Lite or HECVAT‑Full responses, as appropriate; and

(g) concise security‑program summaries and the retention & deletion schedule (Annex A).

The review is document‑based only and remains subject to §§8.3–8.5 (scope limits, frequency, and confidentiality).

8.3 Scope limits. The review in §8.2 is remote and document‑based only. It does not include access to production environments, source code, vulnerability scanners, or raw logs, and does not permit penetration testing, scans, or interviews with non‑designated personnel.

8.4 No Customer‑mandated testing. InStage is not obligated to commission new audits, assessments, or penetration tests at Customer's request. If Customer requests a bespoke assessment and InStage agrees in writing, (i) scope and timing will be mutually agreed, and (ii) Customer will bear all third‑party costs.

8.5 Frequency and confidentiality. Reviews under §8.2 may occur no more than once per 12 months and are subject to confidentiality obligations. InStage may reasonably redact information that would create security risk if disclosed.

8.6 Data location. Platform storage runs in Canada (AWS Canada Central). Web RTC Voice features use a Microsoft service operating from East US 2 (Virginia) with ephemeral, in‑memory processing only; no audio from these sessions is stored or used for model training.

8.7 How to request due‑diligence artifacts. Requests must come from an Institution Administrator to legal@instage.io. Artifacts may be provided under a mutual NDA. InStage may update artifacts from time to time; the most current versions will be provided during the review.

8.8 Web RTC Voice Rider; precedence. If executed by the parties, the Order/DPA Rider — Web RTC Voice (No Storage; No Training; Notice) forms part of the Agreement. To the extent of any conflict regarding Web RTC voice processing (region, storage, telemetry, or change‑notice), the Rider controls over §8.6 (Data location)

8.9 Telephony (Twilio - optional). Certain optional phone‑call features use Twilio to connect calls. By default, Twilio processes call data in US1 (U.S.) and may store telephony metadata in accordance with its policies; InStage does not store call audio and call recording is disabled. Institutions may opt out at the tenant level. (This section is governed by the Order/DPA Rider — Telephony (Twilio), which controls in case of conflict.)

13.1 Access to and accuracy of the Services. Your use of the Website and access to the Services is at your own risk. Neither InStage, nor its licensors and their officers, directors, employees, affiliates, or agents, warrants that the Services will be uninterrupted or error‑free, or that results obtained from the Services or licensed content will be accurate, reliable, or suitable for your purposes. No advice or information (oral or written) obtained from InStage or through the Services creates any warranty not expressly stated here.

13.2 "AS IS" / "AS AVAILABLE". The Services and all content are provided "as is" and "as available," without any warranties of any kind, express or implied, including implied warranties of merchantability, fitness for a particular purpose, non‑infringement, title, and quiet enjoyment, to the maximum extent permitted by law.

13.3 Exclusions. To the maximum extent permitted by law, InStage and its licensors will not be liable for any incidental, indirect, special, punitive, exemplary, or consequential damages (including lost profits, goodwill, data loss, service interruption, computer failure or malfunction), even if advised of the possibility of such damages and regardless of the theory of liability. These exclusions apply to claims arising from mistakes, omissions, interruptions, deletion of files, errors, defects, viruses, delays, failures of performance, acts of God, communications failures, theft, destruction, or unauthorized access to records, programs, or systems.

13.4 Liability cap and carve‑outs. To the maximum extent permitted by law, InStage's aggregate liability for all claims arising out of or related to the Services will not exceed the amounts you paid for the Services in the 12 months before the event giving rise to liability. The foregoing cap and the disclaimers above do not limit liability for: (a) breach of confidentiality or data‑protection obligations; (b) willful misconduct or gross negligence; or (c) infringement or misappropriation of a party's intellectual property rights.

13.5 Consumer law. Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages; to that extent, the above limitations apply to the maximum extent permitted by applicable law.

13.6 Reliance on Information. Content on the Website and within the Services (including any third‑party licensed or authored content) is provided for general information and educational purposes only. We do not guarantee that such content is complete, accurate, current, or suitable for any particular use, and we have no obligation to update it. You rely on any content at your own risk, and we disclaim responsibility for any reliance placed on such content. Nothing in the Services constitutes advice.

14.1 By you. You will indemnify, defend, and hold harmless InStage and its affiliates, officers, directors, employees, and agents from and against third‑party claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) to the extent arising out of: (a) your unlawful content or misuse of the Services; or (b) your breach of these Terms.

14.2 By InStage. InStage will indemnify and defend you against third‑party claims alleging that the Services, when used as permitted, infringe a third party's intellectual‑property right. If such a claim is made, InStage may, at its option and expense, (i) modify the Services, (ii) replace the Services with a substantially equivalent service, or (iii) if neither is reasonably feasible, refund prepaid, unused fees for the affected portion and terminate the applicable subscription.

14.3 Procedures; exclusions. The indemnified party must promptly notify the indemnifying party in writing, give sole control of the defense and settlement (except that no settlement may impose non‑monetary obligations or admit fault of the indemnified party without consent), and provide reasonable assistance at the indemnifying party's expense. Neither party indemnifies the other for the other party's negligence, willful misconduct, or breach of these Terms.

16.1 Suspension/termination for cause. We may suspend or terminate your access to the Services for breach of these Terms or the Acceptable Use Policy, for suspected unlawful activity, or as required by law. Upon suspension or termination, your right to use the Services ceases immediately.

16.2 Effect of termination. Upon termination or expiry: (a) all rights and licenses granted to you terminate immediately; (b) your access to the Services will be disabled; (c) we will allow a reasonable period for export of Customer Content unless prohibited by law or institutional settings require retention; and (d) provisions that by their nature should survive (e.g., fees owed, confidentiality, IP ownership, disclaimers, limitations of liability, indemnities, governing law, notices, and miscellaneous) will survive. Deletion will occur in accordance with our retention/deletion schedule and backup rotation.

16.3 No liability for service changes. We are not liable to you or any third party for modification, suspension, or discontinuance of the Services as permitted under these Terms.

18.1 To InStage. Legal notices must be sent to legal@instage.io.

18.2 To you. We may provide notices via email to your account email, in‑product messaging, posting to the Services, or to your admin contact.

18.3 Deemed receipt. Notices are deemed received: immediately when posted in the Services, 24 hours after an email is sent, or three (3) days after mailing a letter properly addressed and stamped. You are responsible for keeping your contact information current.

19.1 Governing law and venue. This Agreement is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, excluding conflict‑of‑laws rules and the U.N. Convention on Contracts for the International Sale of Goods. The parties irrevocably submit to the exclusive jurisdiction and venue of the courts located in Toronto, Ontario, Canada for all disputes not subject to another written dispute process; each party waives objections to jurisdiction and venue (including forum non conveniens).

19.2 Mediation before litigation. Before commencing litigation (other than to seek urgent injunctive relief), the parties will participate in a good‑faith, non‑binding mediation with a mutually agreed mediator, to occur within 45 days after a written mediation request. Each party will bear its own costs; mediator fees are split equally.

19.3 Limitations period. To the maximum extent permitted by local law, any cause of action arising out of or related to the Services must commence within one (1) year after the cause of action accrues; otherwise, such cause is permanently barred.

20.1 Assignment. You may not assign, transfer, or delegate any rights or obligations under these Terms without our prior written consent; any attempted assignment in violation of this section is void. We may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all assets.

20.2 Severability. If any provision is held invalid or unenforceable, it will be deemed modified to the minimum extent necessary to make it valid and enforceable, and the remaining provisions will remain in full force and effect.

20.3 Compliance with laws. Each party will comply with all applicable laws, rules, and regulations in connection with its activities under these Terms.

20.4 Waiver. No waiver of any term or right is effective unless in writing and signed by the waiving party; a waiver on one occasion is not a waiver on subsequent occasions.

20.5 Entire agreement; order of precedence. These Terms, together with your Order Form and any incorporated policies (e.g., Privacy Policy, DPA), constitute the entire agreement and supersede all prior or contemporaneous agreements on the subject. In case of conflict, the Order Form/DPA controls for the conflicting subject matter.

20.6 Independent contractors; no third‑party beneficiaries. The parties are independent contractors; these Terms create no partnership, joint venture, employment, franchise, or agency relationship. There are no third‑party beneficiaries.

20.7 Equitable relief. A breach of confidentiality or IP rights may cause irreparable harm; the non‑breaching party may seek injunctive relief in addition to other remedies.

20.8 Force majeure. Neither party is liable for failure or delay due to causes beyond its reasonable control (e.g., acts of God, internet failures, civil or military authority, labor disputes, or government actions), provided the affected party uses reasonable efforts to mitigate and resume performance.

20.9 Export & Sanctions. You must comply with applicable export, import, and sanctions laws. You represent that you are not a restricted party or located in an embargoed jurisdiction and will not permit users who are to access the Services.

20.10 Publicity. During the Subscription Term, InStage may identify you as a customer (name and logo) on our website and marketing materials, subject to your right to withdraw consent by written notice.

2. Default retention windows (per session artifact)

• Video recordings: retained 90 days from capture, then automatically deleted.

• Audio recordings: retained 12 months from capture, then automatically deleted.

• Transcripts: retained 12 months from capture, then automatically deleted.

• Derived analytics/feedback: (scores, tags, and non‑identifying aggregates) retained for the life of the account and may be anonymized and used indefinitely after de‑identification.