Version: 1.0 • Effective Date: Enero 1, 2025
By ordering, accessing, or using the ITSL SMART AI Agents services (the “Services”), you (“Customer”) agree to these Terms & Conditions (“T&Cs”). Each signed Order Form, online checkout, or statement of work (each, an “Order”) is governed by these T&Cs. If there is a conflict, the Order controls solely for pricing, quantities, and term. “Documentation” means the then-current user and technical materials for the Services. “Confidential Information” has the meaning in Section 10. “ITSL” means Eminent Solutions Integration, Inc. d/b/a IT Support Leaders.
The Services include configuration, management/maintenance, quality assurance reviews/training, and usage‑based voice minutes, as described in your Order. In the event of conflict, the following order of precedence applies: (a) Business Associate Agreement (BAA), if executed; (b) Data Processing Addendum (DPA); (c) these T&Cs; (d) documents referenced herein.
3.1 Fees. Customer will pay the fees in the Order, including any one‑time setup, monthly subscription (base MRR), and usage‑based minutes beyond included quotas at the then‑applicable tier rates.
3.2 Billing Cadence. Unless the Order states otherwise: base MRR is invoiced monthly in advance; usage is invoiced monthly in arrears. For accounts with expected or observed usage > $5,000/month, ITSL may bill usage weekly and/or require prepayment or a refundable deposit per Section 4.
3.3 Payment Method. Amounts are due upon receipt. Customer authorizes ITSL to debit a card or ACH for all invoiced amounts and will keep payment methods current and funded. The Services may be suspended temporarily for a payment or funding failure.
3.4 Credit‑Card Surcharge. Credit‑card payments incur a 3.0% card surcharge (credit only; no surcharge on debit/prepaid). The surcharge will be disclosed prior to payment and itemized on receipts.
3.5 Taxes/Regulatory Fees. Prices exclude taxes and regulatory fees, which Customer will pay, excluding taxes on ITSL’s income.
3.6 Late Fees; Suspension. Late amounts accrue the lesser of 1.5% per month or the maximum permitted by Florida law. ITSL may suspend the Services for non‑payment and may terminate for continued delinquency or require additional deposits.
ITSL may: (a) require prepayment of minute blocks; (b) require a refundable security deposit up to two (2) weeks of projected usage; (c) establish a credit limit; and (d) require top‑ups when 80% of the limit or prepaid balance is reached. If the limit is reached without top‑up or a payment method fails, ITSL may throttle to essential flows or pause new calls after notice.
5.1 Zero Retention. Conversational payloads are processed transiently to deliver outputs (e.g., email/SMS, call transfers) and then purged from ITSL servers upon successful delivery. ITSL retains only de‑identified operational metadata necessary for billing and call detail verification; such metadata contains no ePHI or PII and is not reasonably linkable to an individual.
5.2 Privacy Laws & Addenda. To the extent applicable, ITSL processes personal data in accordance with applicable privacy laws (e.g., CCPA/CPRA). For EU/UK data, the Parties will execute a DPA with SCCs. For HIPAA workflows, the Parties must execute a BAA; absent a BAA, Customer will not transmit PHI to the Services.
5.3 Security Alignment. ITSL aligns safeguards with industry frameworks including HIPAA Security Rule (via BAA), GLBA Safeguards Rule (as applicable), NAIC Insurance Data Security Model Law (as adopted), SOC 2 principles, ISO/IEC 27001 controls, NIST CSF, and PCI DSS for card acceptance. ITSL attests to conformance and does not represent certification unless explicitly stated in an Order.
5.4 Subprocessors. ITSL may use vetted subprocessors for hosting, telephony, messaging, and AI components. Subprocessors are responsible for adhering to their representations and responsibilities to safeguard sensitive information. In the event of a subprocessor breach involving Customer’s sensitive information, ITSL will coordinate incident response with Customer consistent with law.
5.5 Security Incidents. ITSL will notify Customer without undue delay upon confirming a security incident impacting Customer data and will cooperate as required by applicable law.
Customer will provide accurate configuration inputs, escalation rules, and notification recipients; ensure it has a lawful basis to share any personal data; and provide end‑user notices as required. Customer will not use the Services to transmit unlawful content, spam, or malicious code; to infringe rights; or in violation of telemarketing/TCPA, privacy, or other applicable laws.
The Services are provided on a best‑efforts basis. Given the probabilistic nature of AI systems and dependencies on third‑party carriers/platforms and Customer inputs, ITSL does not guarantee any particular outcome or metric (including accuracy, error‑free operation, response times, conversion rates, revenue, or compliance outcomes). Service level targets are objectives and not warranties or guarantees. Customer must review outputs and make final decisions.
ITSL may modify pricing and/or per‑minute tier tables on a prospective basis upon notice. Changes do not apply retroactively to invoices already issued or payments already received. Any discounts or special pricing must be expressly approved by ITSL in writing; unauthorized pricing is non‑binding.
ITSL retains all right, title, and interest in and to the Services, Documentation, and underlying intellectual property. During the subscription term, ITSL grants Customer a non‑exclusive, non‑transferable right to use the Services for its internal business purposes, subject to these T&Cs and the Order. ITSL may use feedback without restriction.
Each party may disclose non‑public information that is marked or reasonably understood as confidential (“Confidential Information”). The receiving party will use such Confidential Information only to perform under these T&Cs and will protect it with at least reasonable care. Standard exclusions and required disclosure obligations apply.
EXCEPT AS EXPRESSLY PROVIDED IN AN ORDER, THE SERVICES ARE PROVIDED “AS IS.” ITSL DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON‑INFRINGEMENT, AND ANY ARISING FROM COURSE OF DEALING OR USAGE. THE SERVICES AND OUTPUTS ARE NOT LEGAL, MEDICAL, ACCOUNTING, OR OTHER PROFESSIONAL ADVICE.
Defense & Payment. ITSL will defend, indemnify, and hold harmless Customer from any third‑party claim alleging that the Services, as provided by ITSL and used by Customer in accordance with the Documentation and these T&Cs, infringe a U.S. patent, copyright, or trade secret, and will pay damages and reasonable attorneys’ fees finally awarded by a court of competent jurisdiction or agreed in a settlement approved by ITSL, subject to: (i) Customer’s prompt written notice; (ii) ITSL’s sole control of the defense and settlement (no settlement may admit Customer fault or impose non‑monetary obligations on Customer without Customer’s consent, not to be unreasonably withheld); and (iii) Customer’s reasonable cooperation.
Exclusions. ITSL has no obligation to the extent a claim arises from: (a) Customer Content or Customer instructions; (b) combinations of the Services with items not provided by ITSL; (c) modifications not made by ITSL; or (d) use of the Services not in accordance with the Documentation or these T&Cs.
Exclusive Remedies. If the Services are, or in ITSL’s opinion are likely to be, enjoined for infringement, ITSL may, at its option and expense: (1) procure the right for Customer to continue using the Services; (2) modify the Services to be non‑infringing; (3) replace the Services with a non‑infringing alternative of substantially equivalent functionality; or (4) if (1)–(3) are not commercially reasonable, terminate the affected Services and refund prepaid fees for the unused remainder of the term for the affected Services. This Section 12 sets forth Customer’s sole and exclusive remedies for any third‑party IP infringement claim regarding the Services.
Sole Monetary Recourse to Insurance. TO THE FULLEST EXTENT PERMITTED BY LAW, CUSTOMER’S SOLE AND EXCLUSIVE MONETARY RECOURSE FOR CLAIMS INDEMNIFIED UNDER THIS SECTION 12 IS LIMITED TO THE PROCEEDS OF ITSL’S APPLICABLE INSURANCE POLICIES, AND ITSL WILL HAVE NO DIRECT MONETARY LIABILITY BEYOND SUCH PROCEEDS. ITSL WILL MAINTAIN PROFESSIONAL LIABILITY / TECHNOLOGY E&O COVERAGE OF USD $1,000,000 PER CLAIM AND USD $3,000,000 AGGREGATE, AND MAY MAINTAIN CYBER LIABILITY COVERAGE AT COMMERCIALLY REASONABLE LIMITS. UPON REASONABLE REQUEST, ITSL WILL PROVIDE CERTIFICATES OF INSURANCE.
Customer Indemnity. Customer will defend, indemnify, and hold harmless ITSL from third‑party claims to the extent arising from Customer Content, Customer instructions, or use of the Services in violation of the Documentation, these T&Cs, or applicable law.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY IS LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR LOST PROFITS/REVENUE/GOODWILL/DATA, EVEN IF ADVISED OF THE POSSIBILITY. EXCEPT FOR (i) breaches of Confidentiality (Section 10); (ii) obligations under Section 5 (Data Security) to the extent resulting from a party’s failure to comply with its security obligations; and (iii) indemnity obligations under Section 12 (which are subject to the Sole Monetary Recourse to Insurance stated in Section 12), EACH PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE T&Cs WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO ITSL IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. MULTIPLE CLAIMS WILL NOT ENLARGE THIS CAP. THE EXCLUSIONS AND CAPS IN THIS SECTION APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.
ITSL may suspend the Services for non‑payment, security threats, or material breach after notice (except immediate suspension as needed to protect the Services or third parties). Either party may terminate for material breach not cured within fifteen (15) days after written notice. Upon termination, Customer will cease use and pay all amounts due. Sections 5, 9–13, and 15–17 survive.
These T&Cs are governed by the laws of Florida, without regard to conflicts rules. The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in Miami‑Dade County, Florida. The parties will first seek resolution through good‑faith executive escalation; if unresolved after thirty (30) days, either party may pursue its remedies in court (or arbitration if both parties agree in writing).
16.1 Notices. Notices may be sent to the addresses in the Order (or as updated) by email with confirmation, courier, or certified mail.
16.2 Updates to T&Cs. ITSL may update these T&Cs prospectively by posting a new version with a new version/date identifier. The version referenced in the Order applies to that Order term unless otherwise agreed. Any new version with significant material changes will apply if Customer continues to use the Services.
16.3 Entire Agreement. These T&Cs, together with the Order and any executed BAA/DPA, constitute the entire agreement for the Services and supersede prior discussions.
16.4 Contact and Notices. IT Support Leaders (“ITSL”) is a DBA for Eminent Solutions Integration, Inc. Mailing Address: IT Support Leaders, 13378 SW 128th ST, Miami, FL 33186. Email Notices: assist@itsupportleaders.com.
ITSL will maintain during the subscription term: (a) commercial general liability at commercially reasonable limits; (b) professional liability / technology errors & omissions insurance with limits of USD $1,000,000 per claim and USD $3,000,000 aggregate; and (c) cyber liability insurance at commercially reasonable limits. Upon reasonable request, ITSL will provide a certificate of insurance evidencing such coverage. Customer acknowledges that, pursuant to Section 12, for indemnified IP claims Customer’s monetary recourse is limited to insurance proceeds.
Version: 1.0 • Effective Date: Enero 1, 2025
This AUP applies to all use of the Services. Capitalized terms have the meanings in the T&Cs.
ITSL may investigate suspected violations and suspend or terminate access for breaches of this AUP. Where required by law or carrier policy, ITSL may block abusive traffic and notify relevant authorities.
Version: 1.0 • Effective Date: Enero 1, 2025
This page summarizes the security practices for the ITSL SMART AI Agents platform. For detailed assessments or questionnaires, contact assist@itsupportleaders.com.
Our security program aligns to SOC 2 principles, ISO/IEC 27001 controls, and NIST CSF. For HIPAA workflows, controls align to the HIPAA Security Rule under an executed BAA. We continuously improve based on risk assessments and audits.
Calls and messages are processed through redundant carriers and AI components. Conversational payloads are handled transiently (zero‑retention) to produce outputs (e.g., email/SMS, ticket creation), then purged. Minimal de‑identified operational metadata is retained for billing and service integrity.
Encryption in transit and at rest where data persists; secure key management; secrets rotation; hardened configurations; least‑privilege access with MFA.
Role‑based access control, SSO/MFA for administrative access, periodic access reviews, and logging with audit trails.
Secure SDLC, code review, dependency scanning, secret scanning, and environment separation. Penetration testing may be performed periodically; summaries available upon request under NDA.
Segmentation, firewalls, WAF, DDoS protections, vulnerability scanning, and hardened baselines.
Centralized logging, alerting, anomaly detection, and a documented incident response plan with executive escalation and customer notification consistent with law.
High‑availability architecture with redundancy for telephony/messaging; disaster recovery tested periodically; backups for persistent systems.
Risk‑based due diligence, contractual data protection requirements, and ongoing monitoring; current subprocessor list available upon request.
Maintain accurate configurations, escalation paths, and lawful sources; review outputs; secure your endpoints and identities; promptly notify us of suspected compromise.
We welcome good‑faith security reports at assist@itsupportleaders.com. Do not perform testing that could impact service availability without written authorization.
Version: 1.0 • Effective Date: Enero 1, 2025
This DPA forms part of the Agreement between Customer (controller) and ITSL (processor) for the provision of the Services. In case of conflict, this DPA prevails over the T&Cs with respect to Personal Data processing.
Subject Matter: processing of Personal Data submitted to or generated by the Services to provide AI‑assisted intake, routing, and task automation.
Duration: the term of the Agreement and any wind‑down period required by law.
Nature & Purpose: hosting and transient processing of conversational payloads and related operational metadata to provide, secure, and support the Services.
Customer is the controller; ITSL is the processor. ITSL will process Personal Data only on documented instructions from Customer, including as set out in the Agreement and this DPA.
ITSL ensures personnel are bound by confidentiality obligations and receive appropriate data protection and security training.
ITSL implements appropriate technical and organizational measures aligned to SOC 2 principles, ISO/IEC 27001 controls, NIST CSF, and HIPAA Security Rule (where applicable). See Annex II (Security Measures).
Customer authorizes ITSL to use subprocessors for hosting, telephony, messaging, and AI components. ITSL will enter into written agreements with subprocessors imposing data protection obligations no less protective than this DPA. ITSL will provide a list of subprocessors upon request and notify Customer of material changes where required.
Where ITSL or its subprocessors transfer Personal Data outside the originating jurisdiction, ITSL will implement appropriate transfer mechanisms (e.g., EU/UK SCCs). For EU/EEA transfers, the parties agree the SCCs (Module 2: Controller→Processor) are incorporated by reference, with ITSL as the data importer.
Taking into account the nature of processing, ITSL will reasonably assist Customer with data subject requests, DPIAs, and consultations with supervisory authorities, at Customer’s expense where permitted.
ITSL will notify Customer without undue delay after becoming aware of a Personal Data Breach and provide information reasonably available to assist Customer in meeting breach‑reporting obligations.
Upon termination or at Customer’s written request, ITSL will delete or return Personal Data, unless retention is required by law. Transient payloads are purged per the zero‑retention model.
Upon reasonable written request, ITSL will make available information necessary to demonstrate compliance with this DPA (e.g., summaries of third‑party assessments) and allow audits by Customer or an appointed auditor no more than annually, subject to confidentiality and reasonable scheduling.
Where workflows involve PHI, the parties will execute a Business Associate Agreement. In case of conflict between this DPA and a BAA regarding PHI, the BAA prevails.
Liability is as set out in the Agreement Terms and Conditions. In case of conflict between this DPA and the Agreement T&C’s on Personal Data processing, this DPA controls.
Data Subjects: customers, patients/clients of Customer, end users, Customer personnel.
Categories of Data: contact details, scheduling information, policy/account identifiers, interaction transcripts (transient), and any data provided by Customer in the course of using the Services.
Special Categories: not intended; Customer must not submit special‑category data unless required by workflow and covered by applicable law and this DPA/BAA.
Frequency: continuous as determined by Customer’s use.
Retention: transient for payloads; minimal operational records retained as required for billing and legal obligations.
A current list will be provided upon request from Client on a need-to-know basis.
