Explore AI services from an experienced IT team.  Schedule a Free IT & AI Consultation →

LEGAL

Services Guide

Last Updated: May 2024    |    AI Services Provisions Added: March 2026

This Services Guide contains provisions that define, clarify, and govern the scope of the services described in the quote that has been provided to you (the “Quote”), as well as the policies and procedures that we follow (and to which you agree) when we provide a service to you or facilitate a service for you.  If you do not agree with the terms of this Services Guide, you should not sign the Quote and you must contact us for more information.

This Services Guide is our “owner’s manual” that generally describes all managed services provided or facilitated by Circle Twice, LLC (“CircleTwice,” “we,” “us,” or “our”); however, only those services specifically described in the Quote will be facilitated and/or provided to you (collectively, the “Services”).

This Services Guide is governed under our Master Services Agreement (“MSA”).  You may locate our MSA through the link in your Quote or, if you want, we will send you a copy of the MSA by email upon request. Capitalized terms in this Services Guide will have the same meaning as the capitalized terms in the MSA, unless otherwise indicated below.
Activities or items that are not specifically described in the Quote will be out of scope and will not be included unless otherwise agreed to by us in writing.  Please read this Services Guide carefully and keep a copy for your records.

Services Offered

One-Time Services
Recurring Services
Policies and Procedures

One-Time Services

Initial Audit / Diagnostic Services

In the Initial Audit/Diagnostic phase of our services, we audit your managed information technology environment (the “Environment”) to determine the readiness for, and compatibility with, ongoing managed services. Our auditing services may be comprised of some or all the following:

  • Audit to determine general Environment readiness and functional capability
  • Review of IT hardware and software configurations
  • Review of current vendor service and support agreements / warranty agreements
  • Basic security vulnerability check
  • Basic backup and file recovery solution audit
  • Speed test and ISP audit
  • Print output audit
  • Office telephone vendor service audit
  • Asset inventory
  • Email and website hosting audit
  • IT support process audit
  • AI Readiness Assessment (when applicable): Where Client has indicated interest in AI Services, the audit will also evaluate: current data organization and accessibility, workflow automation opportunities, existing software and API integration compatibility, data sensitivity classification relevant to AI processing, and readiness for AI tool deployment. The AI Readiness Assessment is a diagnostic service only and does not include implementation.

If deficiencies are discovered during the auditing process (such as outdated equipment or unlicensed software), we will bring those issues to your attention. Please note, unless otherwise expressly agreed by us in writing, auditing services do not include the remediation of any issues, errors, or deficiencies.

Onboarding Services

In the Onboarding phase of our services, we will prepare your IT environment for the monthly managed services described in the Quote. During this phase, we will work with your Authorized Contact(s) to review the information we need to prepare the targeted environment, and we may also:

  • Uninstall any monitoring tools or other software installed by previous IT service providers
  • Compile a full inventory and documentation of all IT services, software, and protected hardware
  • Uninstall any previous endpoint protection and install our managed security solutions
  • Install remote support access agents on each managed device to enable remote support
  • Configure Windows® and application patch management agents and check for missing security updates
  • Uninstall unsafe applications or applications that are no longer necessary
  • Optimize device performance including disk cleanup and endpoint protection scans
  • Review firewall configuration and other network infrastructure devices
  • Review and document current server configuration and status
  • Determine existing business continuity strategy and prepare backup/recovery options for consideration
  • Review existing policy against security best practices
  • Transition vendor and software license management (as needed)

The duration of the onboarding process depends on many factors, many of which may be outside of our control. We will keep you updated as the onboarding process progresses.

Ongoing / Recurring Services

Ongoing/recurring services are services that are provided to you or facilitated for you on an ongoing basis and, unless otherwise indicated in a Quote, are billed to you monthly.

End-User Support (Core)

Service includes unlimited helpdesk support and proactive monitoring and maintenance for every user and their associated workstation(s) in your organization as outlined in our Quote. Support includes remote and onsite support for any desktop and laptop to resolve any issues experienced by the client.

  • Full ticket tracking and categorization for trending information and proactive issue identification
  • Online status monitoring, alerting us to potential failures or outages
  • Capacity monitoring and performance monitoring
  • Implementation of next generation workstation antivirus and anti-malware protection
  • Routine operating system inspection and cleansing
  • Secure remote connectivity and collaborative screen sharing
  • Review and installation of updates and patches for Windows and supported software
  • Asset inventory and workstation information collection
  • New user onboarding / termination as defined with the client

End-User Support (Enhanced Security)

Service includes all features within the “End-User Support (Core)” offering as well as Ransomware detection and remediation, Next Generation Antivirus (NGAV), Security Awareness Training and phishing campaigns, Internet site filtering, and Endpoint Detection and Response (EDR).

End-User Support (Premium Security)

Service includes all features within the “End-User Support (Enhanced Security)” service as well as Microsoft 365 Enhanced Security and Monitoring and Managed Detection and Response (MDR).

Network Management and Maintenance

Implementation of a 24/7 proactive network monitoring, management and maintenance service to support your internal network including firewalls, switches, WiFi, cabling, etc.:

  • Monitors, updates, and supports firewall appliance
  • Network monitoring and optimization
  • Network device asset and inventory tracking
  • Hardware/system change notification
  • Prevention of unauthorized access while providing secure and encrypted remote network access
  • Remote support services during normal business hours to assist with device connectivity issues

Note: Any network devices supplied by Client cannot be older than five (5) years from the applicable device’s original date of manufacture, and in all cases must be supported by the manufacturer of the device(s).

Server Management and Maintenance

Implementation of a 24/7 proactive server monitoring, management and maintenance service:

  • Software agents installed in covered servers report status and IT-related events on a 24×7 basis
  • Implementation of next-generation antivirus and anti-malware protection
  • Online status, capacity, and performance monitoring
  • Server essential service monitoring
  • Routine operating system inspection and cleansing
  • Review and installation of updates and patches for Windows and supported software
  • Asset inventory and server information collection

Backup and File Recovery

Implementation and facilitation of a backup and file recovery solution from our designated Third-Party Provider(s). We offer four types of backup options: (1) Server backup appliance, (2) File backup, (3) SaaS backup for Microsoft 365 or GSuite, (4) Workstation backup.

All services include 24/7 monitoring. All backed-up data is encrypted in transit and at rest using 256-bit AES encryption. Data recovery requests should be submitted via email to Support@CircleTwice.com or by telephone at 206-596-0008.

Security Awareness Training and Phishing Campaigns

Implementation and facilitation of a security awareness training solution including online on-demand training videos, quizzes to verify employee retention, and simulated phishing email campaigns designed to educate employees about security threats.

Endpoint Detection and Response (EDR)

Implementation and facilitation of an endpoint malware protection solution with extended functionalities:

  • Real-time threat detection and response capabilities
  • Real-time remediation of threats without human intervention using artificial intelligence (AI)
  • Automated incident response for tracking, escalating, and responding to incidents
  • Automated correlation of data across multiple security layers
  • Next-generation deep learning malware detection, file scanning, and live protection
  • Data loss prevention, exploit prevention, malicious traffic detection, disk and boot record protection
  • On-demand endpoint isolation, advanced threat intelligence, and forensic data export

Internet Site Filtering (DNS Filtering)

Implementation and facilitation of an Internet site filtering (DNS filtering) service providing website and web content controls, blocking security threats and inappropriate content, with whitelist and blacklist management capabilities.

Managed Detection and Response (MDR)

Implementation and facilitation of a Managed Detection and Response service monitored 24/7/365 by an elite team of analysts and threat hunters. Includes threat hunting using MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and 365-day retention of data for historical analysis.

Microsoft 365 Enhanced Security and Monitoring

Implementation and facilitation of an enhanced security and monitoring service for real-time threat detection including: continuous 24/7 monitoring, AI-driven threat mitigation with alerting and immediate remediation, insider threat prevention, and detail logging of user 365 activities.

Mobile Device Management (MDM)

Implementation and facilitation of a Mobile Device Management solution through our trusted Third-Party provider providing centralized visibility, configuration, and control over all enrolled mobile devices across iOS, Android, and Windows. Key features include remote device configuration, lock and wipe capabilities, enforced encryption and passcode policies, role-based access and compliance reporting, and usage analytics.

Vulnerability Scanning

Implementation and facilitation of an industry-recognized vulnerability scanning solution. External vulnerability scans are run on a schedule as outlined in our Quote. Internal vulnerability scans are run at least annually. Vulnerability results will be discussed during business review meetings with Client.

Email Threat Protection / Spam Protection

Implementation and facilitation of a trusted email threat protection solution providing protection from phishing, BEC, SPAM, and email-based malware. Includes friendly name filters, social engineering protection, and display name spoofing protection.

Compliance Services / Compliance-as-a-Service (CaaS)

Implementation and facilitation of a regulatory compliance solution enabling Client to monitor compliance across multiple regulations including HIPAA Security, HIPAA Privacy, NIST, CIS, and SOC 2. Includes regular security audits, updates, staff training, and access to compliance templates.

Note: Compliance Services or CaaS requires Client’s ongoing cooperation and participation. Certification of completion of regulatory compliance is valid as of the date on which such certification is awarded and does not guarantee continued regulatory compliance in the future.

 

NIST 2.0 Framework Assessment Service

Our NIST 2.0 Framework Assessment Service aligns with the NIST Cybersecurity Framework (CSF) 2.0, covering the core functions of Govern, Identify, Protect, Detect, Respond, and Recover. This is a diagnostic and assessment service only.

Penetration Testing

Penetration testing simulates a cyberattack against your IT infrastructure to identify exploitable vulnerabilities. Pen testing may consist of External Pen Testing, Internal Pen Testing, PCI Pen Testing, and Web App Pen Testing.

Phone System / VOIP Support
Implementation and facilitation of an industry-recognized Phone/VoIP solution with scalable VoIP-based telephone service including call transferring, voicemail, caller ID, call hold, conference calling, and call waiting functionalities.

Important: There are additional terms related to VoIP service, including your use of E911 features, in the Additional Policies section below. Please read them carefully.

Printer Management Services

Implementation and facilitation of a managed print solution with real-time threat detection and response capabilities, automated incident response, and automated correlation of data across multiple security layers.

Security Camera Service

Implementation and support for a network-based IP camera system with web-based camera storage, anywhere access through computer or mobile device, and included troubleshooting and support.

✨ NEW — AI SERVICES POLICY

AI Services

The following AI Services are available as standalone engagements or as add-ons to existing managed IT plans. Only those AI Services expressly described in a Quote will be provided to Client. All AI Services are subject to the AI Services Policy in the Additional Policies section and to the MSA, including all Third Party Provider and liability provisions.

AI Strategy & Advisory

CircleTwice’s AI Strategy & Advisory service helps Client identify where AI can deliver measurable value in its business operations and provides a practical, prioritized roadmap for implementation.

Service includes:

  • AI Readiness Assessment: Structured evaluation of Client’s current operations, data environment, software stack, and security posture to identify AI-appropriate use cases and surface risks
  • AI Opportunity Mapping: Identification and prioritization of business processes where AI automation, augmentation, or analysis can deliver return on investment
  • AI Roadmap: Written roadmap with prioritized recommendations, estimated effort, and proposed sequence of implementation
  • AI Governance & Policy: Development or review of Client’s AI Usage Policy, covering acceptable AI tool use, data handling guidelines, employee responsibilities, and output review requirements
  • Quarterly AI Strategy Reviews (if subscribed): Ongoing review sessions to assess AI tool performance, surface new opportunities, and update the roadmap

Exclusions:

  • AI Strategy & Advisory does not include implementation, integration, or software development services unless expressly stated in a Quote
  • Advice provided under this service does not constitute legal, financial, or regulatory compliance advice
  • AI Outputs generated during advisory sessions are advisory in nature and should be reviewed by qualified personnel before being acted upon

AI Implementation & Integration

CircleTwice’s AI Implementation & Integration service deploys and connects AI tools to Client’s existing IT environment. Because CircleTwice manages IT infrastructure, integrations are designed to be secure, compatible, and aligned with Client’s existing systems.

Service includes:

  • Deployment of AI platforms and tools (e.g., Microsoft Copilot, ChatGPT Enterprise, Claude, and similar) into Client’s managed environment
  • Integration of AI tools with Client’s existing software stack, including CRM, ERP, Microsoft 365, ticketing systems, and other business applications, as specified in the Quote
  • Workflow automation configuration using platforms such as n8n, Zapier, Make, or similar tools
  • Security configuration: data access scoping, permission controls, and API security review
  • Staff training on deployed AI tools (standard, overview-level training; advanced or specialized training is out of scope unless expressly quoted)
  • Post-deployment support during the first thirty (30) days following go-live, as specified in the Quote

Exclusions:

  • Implementation does not include ongoing managed support of AI tools beyond the post-deployment period unless Client subscribes to a Managed AI Products plan
  • Integration scope is limited to systems expressly listed in the Quote; integrations with additional systems require a separate Quote
  • CircleTwice is not responsible for third-party platform outages, API rate limits, or changes to third-party AI platforms that require re-integration

Custom AI Application Development

CircleTwice’s Custom AI Application Development service designs and builds AI-powered software applications tailored to Client’s specific business processes, workflows, or customer-facing needs.

Service includes:

  • Requirements gathering and scoping of custom AI application
  • Application design, development, and testing
  • Integration with Client’s existing systems and data sources as specified in the Quote
  • Deployment to Client’s infrastructure or a cloud environment as specified in the Quote
  • Post-launch support period as specified in the Quote

Exclusions:

IMPORTANT — General Exclusions Clarification: The general exclusion in the Policies and Procedures section of this Services Guide that states “Customization of third-party applications, or programming of any kind” refers to customization of third-party applications within the scope of managed IT support tickets and does not apply to Custom AI Application Development or Application & Web Development engagements expressly quoted by CircleTwice. Custom AI Application Development is an expressly available service when described in a Quote.

  • Ongoing hosting, maintenance, or support of custom AI applications beyond the post-launch support period is out of scope unless Client subscribes to a Managed AI Products plan or a separate maintenance Quote is executed
  • Custom AI applications are developed based on requirements specified in the Quote; material changes to scope during development may require an amended Quote and additional fees
  • CircleTwice is not responsible for the accuracy, completeness, or fitness of AI Outputs generated by custom applications after delivery and acceptance by Client

Managed AI Products

CircleTwice’s Managed AI Products service provides Client with access to CircleTwice-developed AI-powered applications on a monthly subscription basis. These applications are purpose-built for small and mid-size businesses and are maintained, updated, and supported by CircleTwice.

Service includes:

  • Access to CircleTwice-developed AI application(s) as specified in the Quote
  • Ongoing maintenance, updates, and bug fixes for the subscribed application(s)
  • Helpdesk support for subscribed application(s) during normal business hours
  • Security patching and monitoring of application infrastructure

Exclusions:

  • Customization of Managed AI Products beyond the features described in the applicable product documentation is out of scope unless expressly quoted
  • Client data processed through Managed AI Products is subject to the AI Services Policy below and the applicable Third Party AI Model Provider terms

Policies and Procedures Applicable to Services

Software Licensing

All software provided to you by or through CircleTwice is licensed, not sold, to you (“Software”). Software may also be subject to end user license agreements (EULAs), acceptable use policies (AUPs), and other restrictions, all of which must be strictly followed by you and any of your authorized users.

Covered Environment

Services will be applied to the number of devices indicated in the Quote (“Covered Hardware”). Unless otherwise stated in the Quote, Covered Devices will only include technology assets owned by the Client’s organization.

Service Levels

Automated monitoring is provided on an ongoing (24x7x365) basis. Response, repair, and/or remediation services will be provided only during our business hours (currently M-F, 8 AM – 5 PM Pacific Time, excluding legal holidays), unless otherwise specifically stated in the Quote.

Trouble/Severity and Response Times:

  • Critical / Service Not Available (e.g., all users and functions unavailable) — Response within two (2) business hours
  • Significant Degradation (e.g., large number of users or business critical functions affected) — Response within four (4) business hours
  • Limited Degradation (e.g., limited number of users or functions affected) — Response within eight (8) business hours
  • Small Service Degradation (e.g., one user affected) — Response within two (2) business days
  • Long Term Project, Preventative Maintenance — Response within four (4) business days

Our service level target is 90% as measured over a calendar month. If we fail to adhere to the Target Service Level and Client timely brings that failure to our attention in writing, then Client will be entitled to receive a pro-rated service credit. Under no circumstances shall credits exceed 30% of the total monthly recurring service fees under an applicable Quote.

Fees

The fees for the Services will be as indicated in the Quote. Fees for certain Third-Party Services may begin to accrue prior to the “go-live” date of other applicable Services.

Travel Time

If onsite services are provided, we will travel up to 45 minutes from our office to your location at no charge. Time spent traveling beyond 45 minutes will be billed at our then-current hourly rates.

Term; Termination

The Services will commence, and billing will begin, on the date indicated in the Quote (“Commencement Date”). The Services will continue through the Initial Term until terminated as provided in the MSA, the Quote, or as indicated in this Services Guide. Regardless of the reason for the termination of the Services, you will be required to pay for all per seat or per device licenses that we acquire on your behalf.

Offboarding

Subject to the requirements in the MSA, CircleTwice will off-board Client from CircleTwice’s services by performing one or more of the following:

  • Removal / disabling of monitoring agents in the Environment
  • Removal / disabling of endpoint software from the Environment
  • Removal / disabling of Microsoft 365 from the Environment (unless licenses are being transferred)
  • Removal of credentials from the Environment
  • Removal of backup software from the Environment
  • AI Services Offboarding: For AI-related Services, offboarding will also include removal of CircleTwice-managed API credentials and access tokens, deletion or transfer (as applicable) of Client data stored in AI-related applications managed by CircleTwice, and guidance on decommissioning or transferring access to third-party AI platforms. Offboarding for custom AI applications will be handled as specified in the applicable Quote.

Additional Policies

Authenticity

Everything in the managed environment must be genuine and licensed, including all hardware, software, etc. All minimum hardware or software requirements must be implemented and maintained as an ongoing requirement of us providing the Services to you.

Monitoring Services; Alert Services

Unless otherwise indicated in the Quote, all monitoring and alert-type services are limited to detection and notification functionalities only.

Configuration of Third-Party Services

Any modifications of Configurations made by you without authorization could disrupt the Services and/or cause a significant increase in the fees charged for those third-party services. We strongly advise you to refrain from changing the Configurations unless we authorize those changes.

Modification of Environment

Changes made to the Environment without our prior authorization or knowledge may have a substantial, negative impact on the provision and effectiveness of the Services. You agree to refrain from moving, modifying, or otherwise altering any portion of the Environment without our prior knowledge or consent.

Anti-Virus; Anti-Malware

Our anti-virus / anti-malware solution will generally protect the Environment from becoming infected with new viruses and malware; however, Malware that exists in the Environment at the time that the security solution is implemented may not be capable of being removed without additional services. We do not warrant or guarantee that all Malware will be detected, avoided, or removed.

Breach / Cyber Security Incident Recovery

Unless otherwise expressly stated in the Quote, the scope of the Services does not include the remediation and/or recovery from a Security Incident. Such services, if requested by you, will be provided on a time and materials basis under our then-current hourly labor rates.

Business Review / IT Strategic Planning Meetings

We strongly suggest that you participate in business review/strategic planning meetings as may be requested by us from time to time. These meetings are intended to educate you about recommended modifications to your IT environment, as well as to discuss your company’s present and future IT-related needs.

Procurement

Equipment and software procured by CircleTwice on Client’s behalf may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible. CircleTwice is not a warranty service or repair center.

Sample Policies, Procedures

From time to time, we may provide you with sample (i.e., template) policies and procedures for use in connection with Client’s business. The Sample Policies are for your informational use only and do not constitute or comprise legal or professional advice.

Penetration Testing; Vulnerability Scanning

You understand and agree that security devices, alarms, or other security measures may be tripped or activated during the penetration testing and/or vulnerability scanning processes. You will be solely responsible for notifying any monitoring company and all law enforcement authorities of the potential for false alarms due to the provision of these services.

No Third-Party Scanning

Unless we authorize such activity in writing, you will not conduct any test, nor request or allow any third party to conduct any test (diagnostic or otherwise), of the security system, protocols, processes, or solutions that we implement in the managed environment.

Obsolescence

If at any time any portion of the managed environment becomes outdated, obsolete, reaches the end of its useful life, or acquires “end of support” status from the applicable manufacturer (“Obsolete Element”), then we may designate the device or software as “unsupported” or “non-standard” and require you to update the Obsolete Element within a reasonable time period.

VOIP — Dialing 911 (Emergency) Services

The following terms and conditions apply to your use of any VoIP service. By using VoIP services you agree to the provisions of the waiver at the end of this section.

There is an important difference in how 9-1-1 (i.e., emergency) services can be dialed using a VoIP service as compared to a traditional telephone line. Calling emergency services using a VoIP service is referred to as “E911.”

  • Registration: You are responsible for activating the E911 dialing feature by registering the address where you will use the VoIP service. This will not be done for you. If you do not take this step, then E911 services may not work correctly, or at all.
  • Address Changes: You must register a change of address with us through the VoIP control panel no less than three (3) business days prior to your anticipated move/address change.
  • Power Loss: If you lose power at the location where the VoIP services are used, then the E911 calling service will not function until power is restored.
  • Internet Disruption: If your internet connection or broadband service is lost, suspended, terminated or disrupted, E911 calling will not function until the internet connection is restored.

WAIVER: You hereby agree to release, indemnify, defend, and hold us and our officers, directors, representatives, agents, and any third party service provider that furnishes VoIP-related services to you, harmless from any and all claims, damages, losses, suits or actions arising from or related to the VoIP services, including any failure or outage of the VoIP services or incorrect routing or inability to use E911 dialing features. The foregoing waiver and release shall not apply to Claims arising from our gross negligence, recklessness, or willful misconduct.

✨ NEW — AI SERVICES POLICY

Artificial Intelligence Services Policy

This policy applies to all AI-related Services provided or facilitated by CircleTwice, including AI Strategy & Advisory, AI Implementation & Integration, Custom AI Application Development, and Managed AI Products, as well as any AI tools or components incorporated into other managed services.

1. Nature of AI Outputs

AI Outputs are generated by probabilistic machine learning models and are inherently subject to uncertainty, variability, and error. CircleTwice does not warrant or guarantee:

  • The accuracy, completeness, or fitness for a particular purpose of any AI Output
  • That AI Outputs will be free of factual errors, hallucinations, or omissions
  • That AI Outputs will be consistent across repeated queries with the same input
  • That AI Outputs are free of third-party intellectual property (see MSA Ownership provisions)

Client Responsibility for AI Output Review: Client is solely responsible for reviewing AI Outputs before relying upon or acting upon them, particularly in contexts involving legal, financial, medical, regulatory, employment-related, or other high-stakes decisions. CircleTwice recommends that Client establish an internal review process for AI Outputs before they are used in consequential business decisions or shared with third parties.

2. Approved AI Model Providers

CircleTwice will only use AI Model Providers that have been evaluated for security, data handling, and reliability. Where Client requests that CircleTwice use a specific AI platform or model not in CircleTwice’s standard toolkit, CircleTwice reserves the right to assess the platform’s suitability before proceeding. CircleTwice will maintain a list of current AI Model Providers being used for Client’s AI Services and will provide this list to Client upon written request.

3. Data Classification and AI Processing

Not all Client data is appropriate for AI processing. Prior to commencement of AI Services, Client must work with CircleTwice to classify data based on sensitivity:

  • Standard Business Data: Non-sensitive operational data, internal documents, and process descriptions that do not include personally identifiable information (PII), protected health information (PHI), payment card data, or other regulated categories. Generally suitable for AI processing with standard AI Model Provider safeguards.
  • Sensitive Business Data: Data including employee records, customer PII, financial details, or proprietary trade secrets. May be processed through AI tools only with Client’s explicit written authorization and only using AI Model Providers with appropriate data processing agreements in place.
  • Regulated Data (HIPAA, PCI DSS, GDPR, etc.): Data subject to specific legal or regulatory protection. CircleTwice will not process regulated data through AI Model Providers without first confirming that an appropriate legal framework (e.g., Business Associate Agreement for HIPAA, Data Processing Agreement for GDPR) is in place. Client must proactively identify regulated data to CircleTwice before AI Services commence.

CircleTwice is not responsible for adverse consequences, regulatory penalties, or data breaches arising from Client’s failure to accurately identify regulated or sensitive data prior to AI Services commencement.

4. AI Usage Policy for Client’s Organization

If CircleTwice deploys AI tools within Client’s managed environment, Client agrees to establish and enforce an AI Usage Policy governing its employees’ use of those tools. CircleTwice can assist in developing this policy as part of the AI Strategy & Advisory service. At minimum, Client’s AI Usage Policy should address:

  • Acceptable and prohibited uses of AI tools in Client’s business operations
  • Restrictions on entering sensitive, regulated, or confidential data into AI tools
  • Requirements for human review of AI Outputs before use in consequential decisions
  • Employee training obligations regarding AI tool use
  • Incident reporting procedures if AI-related data handling issues are suspected

5. AI Tool Modifications and Unauthorized Use

Client shall not, and shall ensure its employees do not:

  • Modify the configuration or settings of CircleTwice-deployed AI tools without CircleTwice’s prior written authorization
  • Connect unauthorized AI tools, plugins, or extensions to the managed environment
  • Attempt to circumvent, disable, or override safety configurations or output filters on CircleTwice-deployed AI tools
  • Use CircleTwice-deployed or CircleTwice-managed AI tools for any purpose that violates applicable law, the MSA, or this Services Guide

Any services required to diagnose or remediate issues arising from unauthorized modifications to AI tool configurations or unauthorized AI tool deployments in the managed environment are not covered under the applicable Quote and will be billed at CircleTwice’s then-current hourly rates.

6. AI Regulatory Compliance

The legal and regulatory landscape governing AI is rapidly evolving. Client is responsible for assessing and satisfying its own obligations under applicable AI-related laws and regulations, including but not limited to:

  • Washington State privacy laws and any applicable state AI transparency or automated decision-making regulations
  • Federal agency guidance on AI use in regulated industries (financial services, healthcare, etc.)
  • The European Union AI Act (for Clients with EU customers, employees, or operations)
  • Any sector-specific AI regulations applicable to Client’s industry

CircleTwice’s AI Services are designed to assist Client’s business operations and do not constitute AI regulatory compliance solutions unless expressly stated in a Quote. CircleTwice strongly recommends that Client consult qualified legal counsel before deploying AI tools in consumer-facing applications, automated decision-making workflows, or contexts involving regulated industries.

7. Third-Party AI Model Provider Terms

AI Services rely on Third Party AI Model Providers whose terms of service, acceptable use policies, and data processing agreements govern the use and handling of data submitted to their platforms. By engaging CircleTwice for AI Services, Client acknowledges and agrees that:

  • Client data submitted to AI Model Providers is subject to those providers’ terms of service, which CircleTwice will make available to Client upon request
  • AI Model Providers may update their terms of service, data handling practices, or model capabilities, and CircleTwice is not responsible for changes made by AI Model Providers
  • CircleTwice will notify Client of material changes to AI Model Provider terms that CircleTwice becomes aware of and that materially affect Client’s AI Services

8. No Guarantee of AI Service Continuity

CircleTwice does not guarantee the continuous availability of any specific AI model, platform, or feature. AI Model Providers may deprecate models, change APIs, modify capabilities, or experience outages outside of CircleTwice’s control. CircleTwice will use commercially reasonable efforts to notify Client of such changes and to provide alternative solutions where available.

Acceptable Use Policy

The following policy applies to all hosted services provided to you, including hosted applications, hosted websites, hosted email services, and hosted infrastructure services (“Hosted Services”). CircleTwice does not routinely monitor the activity of hosted accounts except to measure service utilization, security-related purposes, and billing-related purposes; however, we reserve the right to monitor Hosted Services at any time to ensure your compliance with the terms of this AUP and our MSA.

Violations of this AUP

The following constitute violations of this AUP:

  • Harmful or illegal uses: Use of a Hosted Service for illegal purposes or in support of illegal activities, to cause harm to minors, or to transmit any material that threatens or encourages bodily harm or destruction of property is prohibited.
  • Fraudulent activity: Use of a Hosted Service to conduct any fraudulent activity or to engage in any unfair or deceptive practices is prohibited.
  • Forgery or impersonation: Adding, removing, or modifying identifying network header information to deceive or mislead is prohibited.
  • SPAM: Use of a Hosted Service to transmit any unsolicited commercial or unsolicited bulk email is prohibited.
  • Cryptomining: Using any portion of the Hosted Services for mining cryptocurrency, or using any bandwidth or processing power made available by or through a Hosted Service for mining cryptocurrency, is prohibited.
  • Unauthorized AI Workloads: Using CircleTwice-managed infrastructure, hosted services, or bandwidth to run unauthorized AI workloads, deploy non-approved AI models, or execute AI-related compute tasks not covered under an applicable Quote is prohibited. This includes but is not limited to: running self-hosted large language models or image generation models on Client’s hosted environment without CircleTwice authorization, scraping or extracting data through AI tools in violation of third-party terms of service, and using CircleTwice-managed resources to process AI workloads on behalf of third parties.
  • AI-Facilitated AUP Violations: Using AI tools (whether CircleTwice-deployed or third-party) to generate, distribute, or facilitate content or actions that would otherwise violate this AUP is prohibited. This includes but is not limited to: using AI to generate spam, phishing content, fraudulent materials, harassing content, or content that infringes third-party intellectual property rights.
  • Unauthorized access: Use of the Hosted Services to access, or to attempt to access, the accounts of others, or to penetrate CircleTwice’s or another entity’s security measures, is prohibited.
  • IP infringement: Use of a Hosted Service to transmit any materials that infringe any copyright, trademark, patent, trade secret, or other proprietary rights of any third party is prohibited.
  • Collection of personal data: Use of a Hosted Service to collect, or attempt to collect, personal information about third parties without their knowledge or consent is prohibited.
  • Disruptive Activity: Use of the Hosted Services for any activity which affects the ability of other people or systems to use the Hosted Services or the internet is prohibited.
  • Excessive use or abuse of shared resources: Misuse of network resources in a manner which impairs network performance is prohibited.

Revisions to this AUP

We reserve the right to revise or modify this AUP at any time. Changes to this AUP shall not be grounds for early contract termination or non-payment.

If you have any questions about any of the services outlined in this Services Guide, please reach out to your account manager or contact us at ai@circletwice.com.

Get A Quote
Get A Quote