Terms of Service

These Terms of Service ("Terms") govern your access to and use of the MatrixSentry email security platform and related services ("Services"). By using our Services, you agree to be bound by these Terms.

1. Services Overview

MatrixSentry provides automated threat detection, identity behavior analysis, and remediation services across enterprise communication platforms, including email and instant messaging (such as Microsoft Teams). Our platform analyzes messages for phishing, malware, business email compromise, spam, prompt injection, and other threats. When threats are detected, our platform may take remediation actions such as quarantining, moving, or deleting malicious messages, or applying data loss prevention (DLP) policies to chat messages.

2. Data Access and Retention

To provide our Services, MatrixSentry requires access to message data within your organization's communication platforms. This includes:

• Message metadata: Sender, recipient, subject lines, headers, and timestamps for email and chat messages.
• Message content: Message bodies and attachments for automated threat analysis.
• Remediation actions: The ability to move, quarantine, or delete email messages, or apply DLP policies to chat messages, when threats are identified.

All analysis is performed by automated systems. Data is retained according to the following schedule:

• Raw email content: Raw email bodies and attachments are retained for up to 14 days for processing and then permanently deleted.
• Raw chat content: Raw chat message content is retained for up to 7 days for processing and then permanently deleted. Chat metadata follows the same 30-day retention as email metadata.
• Message metadata: Identifiable message information (sender, recipient, subject, and remediation logs) is retained for up to 30 days to support investigation of recent threats.
• Threat intelligence: Anonymized, derived data (such as file hashes, URL patterns, and threat signatures) that cannot be reverse-engineered to reveal user content is retained for up to 90 days to improve global detection capabilities.

3. Post-Delivery Processing

You acknowledge that the Services operate on a post-delivery basis. Emails are analyzed after they have been delivered to user mailboxes, and there may be a brief interval during which malicious emails are accessible to users before remediation occurs. MatrixSentry is not responsible for any user interactions with malicious content (such as clicking links or downloading attachments) that occur before the Services have quarantined or removed the message.

4. Customer Responsibilities

As a customer, you are responsible for:

• Ensuring you have the authority to grant MatrixSentry access to your organization's email environment.
• Providing accurate account and organization information during onboarding.
• Notifying affected users within your organization that email security monitoring is in place.
• Maintaining the security of your dashboard credentials and API keys.

You explicitly agree NOT to:

• Reverse-engineer, decompile, or attempt to extract the source code, underlying AI models, prompts, or detection rules of the Services.
• Use the Services to develop a competing cybersecurity product or service.
• Subject the Services to competitive benchmarking, penetration testing, or artificial traffic generation without MatrixSentry's express prior written consent.

5. Data Handling

MatrixSentry processes email data solely for the purpose of threat detection, analysis, and remediation. We do not:

• Use your email data for advertising or marketing purposes.
• Sell or rent email content or metadata to third parties.
• Access email data for any purpose other than providing the Services.

Our core detection and remediation pipeline — including machine learning classification, prompt injection detection, and automated remediation — operates entirely within encrypted Google Cloud Platform environments in the United States. The only circumstance under which redacted content leaves our infrastructure is the optional AI-assisted analysis described below.

MatrixSentry uses third-party AI providers (Anthropic and Google) for real-time semantic threat analysis during classification and for AI-assisted rule tuning. In both cases, only PII-redacted content and metadata is transmitted. This applies to both email and Microsoft Teams/chat messages where applicable. These providers do not use your data for model training and delete it according to their published retention schedules (7–30 days). This feature can be disabled at your request. For full details, including sub-processor information and retention schedules, see our Privacy Policy.

6. Service Availability

We strive to maintain high availability of our Services but do not guarantee uninterrupted or error-free operation. The Services rely on third-party infrastructure and identity providers (including Google, Microsoft, and Cloudflare). MatrixSentry is not liable for any damages resulting from service interruptions, delayed threat detection, false positive classifications, or outages of third-party providers.

7. Remediation Actions

MatrixSentry may automatically move, quarantine, or delete emails identified as threats based on configured rules and detection confidence. While we strive for accuracy, automated systems may occasionally misclassify messages. Customers can review remediation actions through the MatrixSentry dashboard and restore messages if needed.

Customers are solely responsible for configuring the aggressiveness of automated remediation actions (e.g., choosing to quarantine versus permanently delete). MatrixSentry shall not be liable for any business disruption, lost communications, or financial damages resulting from the automated quarantine, delay, or deletion of legitimate emails (false positives).

8. Authorization and Revocation

Access to your email environment is granted through your email provider's authorization mechanism (such as Microsoft Entra admin consent or Google Workspace domain-wide delegation) or by configuring specific mail flow rules (such as journaling or connectors) to route traffic to MatrixSentry. You may revoke MatrixSentry's access at any time through your provider's admin console. Upon revocation, MatrixSentry will cease accessing your email environment. You may request immediate deletion of your retained data by contacting support, otherwise it will age out according to the standard retention schedule in Section 2.

Authentication and Service Access Scopes: Signing in to the MatrixSentry dashboard uses standard OpenID Connect (OIDC) authentication via your chosen identity provider (Google, Microsoft, or Okta). This login grants MatrixSentry access only to your name and email address for identity verification. Dashboard login does not grant MatrixSentry any access to your organization's email environment. Access to your email environment for threat detection and remediation is established separately through your email provider's administrative consent process, as described above.

9. Beta Services

From time to time, MatrixSentry may invite you to try "Beta", "Pilot", or "Early Access" features or services ("Beta Services") at no charge or at a reduced rate. You acknowledge that Beta Services are for evaluation purposes, may contain bugs, errors, or other defects, and are not considered part of the final Service.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, MATRIXSENTRY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, FOR BETA SERVICES, INCLUDING ANY WARRANTY OF AVAILABILITY, RELIABILITY, OR DATA INTEGRITY. BETA SERVICES ARE PROVIDED "AS IS." MATRIXSENTRY SHALL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH A BETA SERVICE.

10. Limitation of Liability

MatrixSentry provides email security services on an "as is" basis. To the maximum extent permitted by law, MatrixSentry shall not be liable for any indirect, incidental, or consequential damages arising from the use of our Services, including but not limited to damages from undetected threats, incorrectly classified messages, or user interactions with malicious content prior to remediation.

11. Indemnification

You agree to indemnify, defend, and hold harmless MatrixSentry and its officers, directors, and employees from any claims, damages, or expenses (including reasonable attorney's fees) arising from your use of the Services in violation of these Terms, your violation of applicable law, or any third-party claims resulting from your failure to obtain necessary consents or authorizations for email monitoring within your organization.

12. Feedback

If you provide suggestions, ideas, or other feedback regarding the Services ("Feedback"), you grant MatrixSentry a perpetual, irrevocable, royalty-free license to use and incorporate such Feedback into the Services without obligation to you.

13. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions. Any disputes arising under these Terms shall be resolved in the state or federal courts located in Delaware.

14. Changes to Terms

We may update these Terms from time to time. We will notify customers of material changes via email or through the MatrixSentry dashboard. Continued use of the Services after changes take effect constitutes acceptance of the updated Terms.

15. Contact Us

If you have any questions about these Terms of Service, please contact us at:

MatrixSentry Support
support@matrixsentry.com