TERMS AND CONDITIONS OF USE

Nimbus BCI Services

Effective Date: December 10, 2025
Last Updated: December 10, 2025

1. ACCEPTANCE OF TERMS

These Terms and Conditions ("Terms") constitute a legally binding agreement between you ("User", "you", or "your") and Nimbus BCI Inc., a Delaware corporation ("Nimbus BCI", "Company", "we", "us", or "our"), governing your access to and use of the Nimbus BCI services, including the Nimbus Studio platform, the Nimbus SDK, and all associated software, services, documentation, and application programming interfaces (collectively, the "Services").

BY ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, YOU MUST NOT ACCESS OR USE THE SERVICES.

If you are accepting these Terms on behalf of an organization or legal entity, you represent and warrant that you have the authority to bind such organization to these Terms, and references to "you" or "your" shall refer to such organization.

2. SERVICE DESCRIPTION

2.1 Services Overview

Nimbus BCI provides proprietary, closed-source commercial software products for Brain-Computer Interface (BCI) applications. The Services include:

2.1.1 Nimbus Studio

The Nimbus Studio is a web-based platform designed for the creation, configuration, execution, and management of BCI processing pipelines. Nimbus Studio enables:

• Visual pipeline design and configuration for BCI experiments
• Processing of electroencephalography (EEG) and other neurophysiological signals
• Training and evaluation of machine learning models for BCI applications
• Real-time streaming and inference capabilities with hardware device integration
• Storage and management of pipeline configurations, trained models, and execution results

2.1.2 Nimbus SDK

The Nimbus SDK (NimbusSDK.jl) is a Julia-based software development kit for Bayesian BCI inference. The SDK enables:

• Local inference using Bayesian models including RxLDA, RxGMM, and RxPolya (Bayesian MPR)
• Sub-20ms inference latency with full uncertainty quantification
• Batch and streaming inference modes
• Training and calibration of subject-specific models
• Integration with existing BCI preprocessing pipelines

Important Privacy Notice: The Nimbus SDK processes all EEG and neurophysiological data locally on your machine. Your research data never leaves your computer. Only API authentication and optional usage metrics are transmitted to Nimbus BCI servers.

2.2 Intended Use

The Services (including both Nimbus Studio and Nimbus SDK) are intended for research, development, and experimental purposes only in the field of brain-computer interfaces and neurophysiological signal processing. The Services are:

• NOT a medical device as defined by the U.S. Food and Drug Administration (FDA) or equivalent international regulatory bodies
• NOT intended for clinical diagnosis, treatment, cure, mitigation, or prevention of any disease or medical condition
• NOT approved or cleared for use in medical decision-making or patient care
• NOT suitable for use in life-critical, safety-critical, or mission-critical applications

2.3 Prohibited Uses

You may NOT use the Services for:

• Clinical diagnosis or treatment of patients
• Medical decision-making or clinical care delivery
• Any application where failure could result in death, personal injury, or severe property damage
• Any use regulated by FDA, CE Mark, or similar medical device regulations without appropriate regulatory clearances
• Processing of protected health information (PHI) as defined by HIPAA without a Business Associate Agreement
• Any illegal, fraudulent, or harmful purpose

3. ACCOUNT REGISTRATION AND SECURITY

3.1 Account Requirements

3.1.1 Nimbus Studio Accounts

To access Nimbus Studio, you must:

• Create an account through our authentication provider (Clerk)
• Provide accurate, current, and complete information during registration
• Be at least 18 years of age or the age of majority in your jurisdiction
• Have the legal capacity to enter into binding contracts
• Comply with all applicable laws and regulations in your jurisdiction

3.1.2 Nimbus SDK API Keys

To access the Nimbus SDK, you must:

• Request an API key by contacting hello@nimbusbci.com
• Provide accurate information about your intended use and organization
• Accept the applicable licensing tier based on your usage requirements
• Be at least 18 years of age or the age of majority in your jurisdiction

3.2 Account and API Key Security

You are responsible for:

• Maintaining the confidentiality of your account credentials and API keys
• All activities that occur under your account or using your API keys
• Immediately notifying us of any unauthorized access, security breach, or compromised API keys
• Ensuring your account information remains accurate and up-to-date
• Not sharing API keys with unauthorized parties or embedding them in public repositories

We reserve the right to suspend or terminate accounts and revoke API keys that violate these Terms or pose security risks.

3.3 Authentication

3.3.1 Nimbus Studio Authentication

Nimbus Studio uses third-party authentication services (Clerk) and JSON Web Tokens (JWT) for secure access. By using Nimbus Studio, you consent to authentication data being processed in accordance with our Privacy Policy and Clerk's terms of service.

3.3.2 Nimbus SDK Authentication

The Nimbus SDK uses API keys for authentication and licensing verification. API keys are used to:

• Verify your license and usage tier
• Download pre-trained models from the Nimbus model registry
• Track inference counts for licensing purposes (aggregated metrics only)
• Enable optional analytics for service improvement

API keys should be stored securely and never committed to version control systems or shared publicly.

4. DATA OWNERSHIP, PRIVACY, AND SECURITY

4.1 Your Data Ownership

You retain all ownership rights to:

• EEG and neurophysiological data you upload to Nimbus Studio or process with the Nimbus SDK ("User Data")
• Pipeline configurations you create
• Custom processing algorithms or models you develop
• Results and outputs generated from your data

4.1.1 SDK Local Processing

When using the Nimbus SDK, all User Data is processed locally on your machine. Nimbus BCI does not have access to, collect, or store your EEG or neurophysiological data processed through the SDK. Only the following data is transmitted to Nimbus BCI servers:

• API key for authentication and license verification
• Aggregated usage metrics (inference counts, model usage statistics)
• Model download requests from the Nimbus model registry

Your research data never leaves your computer when using the Nimbus SDK.

4.2 Nimbus BCI's Rights

4.2.1 Nimbus Studio

By using Nimbus Studio, you grant Nimbus BCI a limited, non-exclusive, worldwide license to:

• Process, store, and transmit your User Data solely to provide the Service
• Use aggregated, de-identified, anonymized data for service improvement, research, and development
• Generate and use technical metadata about platform usage for operational purposes

This license terminates when you delete your data or close your account, except for data retained for legal compliance purposes.

4.2.2 Nimbus SDK

By using the Nimbus SDK, you grant Nimbus BCI a limited, non-exclusive, worldwide license to:

• Collect and use aggregated usage metrics (inference counts, model usage) for licensing and service improvement
• Track API key usage for license compliance and security monitoring

Nimbus BCI does not receive or have any license to your User Data processed through the SDK, as all processing occurs locally on your machine.

4.3 EEG and Neurophysiological Data

IMPORTANT NOTICE: EEG and brain data may be considered sensitive personal information or biometric data under various privacy laws including:

• European Union General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• State biometric privacy laws (e.g., Illinois Biometric Information Privacy Act - BIPA)

You are solely responsible for:

• Obtaining all necessary consents, approvals, and authorizations before uploading any EEG or brain data to the Platform
• Ensuring compliance with applicable data protection laws and research ethics requirements
• Obtaining Institutional Review Board (IRB) or Ethics Committee approval where required
• Obtaining informed consent from data subjects
• De-identifying or anonymizing data as required by applicable regulations

4.4 Data Security Measures

We implement industry-standard security measures including:

• TLS/SSL encryption for data in transit
• Secure authentication via Clerk (JWT tokens)
• User-isolated data storage in PostgreSQL databases
• Access controls and authorization mechanisms
• Regular security updates and monitoring

However, no system is completely secure. We cannot guarantee absolute security of your data.

4.5 Data Storage and Retention

• User data is stored on secure cloud infrastructure (Railway, Vercel)
• Pipeline configurations and execution results are stored in PostgreSQL databases
• Trained models and artifacts are stored in file-based storage systems
• We retain your data only as long as necessary to provide the Service or as required by law
• You may request deletion of your data at any time, subject to legal retention requirements

4.6 Data Location and Transfer

Your data may be processed and stored in:

• United States (primary data centers)
• Other jurisdictions where our service providers operate

By using the Platform, you consent to the transfer of your data across international borders. We implement appropriate safeguards for international data transfers as required by applicable law.

4.7 Third-Party Data Sources

The Platform provides access to public BCI datasets including:

• BCI Competition IV Dataset 2a and 2b
• PhysioNet EEGMMIDB
• PhysioNet bigP3BCI

These datasets are subject to their original licenses and terms of use. You are responsible for complying with the terms of any third-party datasets you access through the Platform.

5. INTELLECTUAL PROPERTY RIGHTS

5.1 Platform Ownership

The Platform, including all software code, algorithms, user interfaces, documentation, trademarks, logos, and proprietary technology (collectively, "Nimbus BCI Property"), is and shall remain the exclusive property of Nimbus BCI Inc. and its licensors.

The Platform is protected by:

• United States and international copyright laws
• Trade secret laws
• Patent laws (where applicable)
• Other intellectual property laws and treaties

5.2 Proprietary Technology

The Platform contains proprietary technology including:

• Visual pipeline builder interface (React Flow-based)
• Graph execution engine (Julia-based)
• NimbusSDK integration for Bayesian BCI inference
• Real-time streaming architecture
• WebSocket-based communication protocols
• Database schemas and data structures
• Node registry and validation systems

5.3 Restrictions

You may NOT:

• Reverse engineer, decompile, disassemble, or attempt to discover the source code of the Platform
• Copy, modify, adapt, or create derivative works based on the Platform
• Distribute, sublicense, lease, rent, loan, or transfer the Platform to any third party
• Remove, alter, or obscure any copyright, trademark, or proprietary notices
• Use the Platform to develop competing products or services
• Extract, scrape, or harvest data from the Platform using automated means (except via documented APIs)
• Attempt to gain unauthorized access to any systems or data
• Interfere with or disrupt the Platform's operation or servers

5.4 User-Generated Content

You retain ownership of:

• Custom pipeline configurations you create
• Data processing algorithms you implement
• Models you train using your data
• Analysis results and visualizations

However, if you share pipelines or extensions publicly through any future marketplace or community features, you grant Nimbus BCI and other users a license to use such shared content according to the terms of the applicable sharing mechanism.

5.5 Feedback and Suggestions

If you provide feedback, suggestions, or ideas about the Platform ("Feedback"), you grant Nimbus BCI a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such Feedback into our products and services without any obligation to you.

6. ACCEPTABLE USE POLICY

6.1 Compliance with Laws

You agree to use the Platform in compliance with:

• All applicable local, state, national, and international laws and regulations
• Export control laws and regulations
• Data protection and privacy laws (GDPR, CCPA, etc.)
• Research ethics guidelines and institutional policies
• Professional codes of conduct

6.2 Prohibited Conduct

You may NOT:

• Upload malicious code, viruses, or harmful software
• Attempt to gain unauthorized access to systems or data
• Interfere with the Platform's operation or other users' access
• Use the Platform to harass, abuse, or harm others
• Violate others' privacy, intellectual property, or other rights
• Impersonate any person or entity
• Engage in any fraudulent or deceptive practices
• Use the Platform for any illegal purpose
• Circumvent any security features or access controls
• Overload or stress-test the Platform without authorization

6.3 Research Ethics Requirements

If using the Platform for human subjects research, you must:

• Obtain IRB or Ethics Committee approval before collecting data
• Obtain informed consent from all participants
• Protect participant privacy and confidentiality
• Follow all applicable research ethics guidelines (Declaration of Helsinki, Belmont Report, etc.)
• Comply with institutional biosafety and data management policies

6.4 Content Standards

Any content you upload, create, or share must:

• Be accurate and not misleading
• Respect intellectual property rights
• Not contain sensitive personal information (unless properly authorized and de-identified)
• Comply with applicable regulations regarding biometric data
• Not include protected health information (PHI) unless appropriate safeguards are in place

7. SUBSCRIPTION PLANS, FEES, AND PAYMENT

7.1 Service Tiers

7.1.1 Nimbus Studio Tiers

Nimbus Studio offers multiple subscription tiers (subject to change):

• Free Tier: Limited access to basic features for research and educational purposes
• Professional Tier: Enhanced features including unlimited pipelines, advanced models, and priority support
• Enterprise Tier: Custom solutions with dedicated support, on-premise deployment options, and SLA guarantees

7.1.2 Nimbus SDK Tiers

The Nimbus SDK offers inference-based licensing tiers (subject to change):

• Free Tier: 10,000 monthly inferences, basic models
• Research Tier: 50,000 monthly inferences, all features
• Commercial Tier: 500,000 monthly inferences, priority support
• Enterprise Tier: Unlimited inferences, custom models, on-premise deployment options

To obtain an API key and discuss licensing options, contact hello@nimbusbci.com.

7.2 Pricing and Payment Terms

• Current pricing is available on our website (nimbusbci.com)
• Fees are charged on a subscription basis (monthly or annual)
• All fees are in U.S. Dollars unless otherwise specified
• Payment is processed through secure third-party payment processors
• Fees are non-refundable except as required by law or as specified in Section 7.5

7.3 Automatic Renewal

Subscriptions automatically renew at the end of each billing period unless you cancel before the renewal date. You will be charged the then-current rate for your subscription tier.

7.4 Fee Changes

We reserve the right to modify fees with at least 30 days' notice. Continued use of the Platform after the fee change effective date constitutes acceptance of the new fees.

7.5 Refund Policy

• Free Tier: No fees, no refunds applicable
• Paid Subscriptions: Refunds may be provided at our discretion within 14 days of initial purchase
• No refunds for partial subscription periods or unused features
• Refunds for service outages may be provided as service credits according to applicable SLA

7.6 Taxes

You are responsible for all applicable taxes, duties, and government charges (excluding taxes based on Nimbus BCI's income). If we are required to collect or pay taxes, they will be invoiced separately.

7.7 Suspension for Non-Payment

We may suspend or terminate your access if payment is not received within 10 days of the due date. Suspension does not relieve you of payment obligations.

8. PROPRIETARY SDK AND DEPENDENCIES

8.1 Nimbus SDK

The Nimbus SDK (NimbusSDK.jl) is a proprietary Bayesian inference framework for BCI applications. Use of the Nimbus SDK, whether standalone or integrated with Nimbus Studio, is subject to:

• These Terms and Conditions
• The applicable licensing tier and inference limits
• API key terms and security requirements
• Fair use policies

Full SDK Terms of Service: Complete SDK-specific terms, including detailed licensing provisions, are available upon request at hello@nimbusbci.com.

8.2 Third-Party Dependencies

The Services incorporate various open-source and proprietary third-party components including:

Nimbus Studio:

• Backend: Julia, HTTP.jl, JSON3.jl, RxInfer.jl, BrainFlow.jl, PostgreSQL drivers
• Frontend: React, TypeScript, React Flow, Vite, Tailwind CSS, Clerk Authentication
• Infrastructure: Railway, Vercel, PostgreSQL

Nimbus SDK:

• Core: Julia 1.9+, RxInfer.jl (reactive message passing for Bayesian inference)
• Models: RxLDA, RxGMM, RxPolya implementations
• Preprocessing: Compatible with MNE-Python, EEGLAB, BrainFlow (external)

These components are governed by their respective licenses. We make no warranties regarding third-party components.

8.3 API Usage

• API access is provided for programmatic interaction with the Services
• API keys must be kept confidential and secure
• API usage is subject to rate limits, inference limits, and fair use policies
• SDK API keys are used for authentication, license verification, and model distribution
• We reserve the right to modify, restrict, or discontinue API access
• Abuse of API access or exceeding licensed inference limits may result in suspension or termination

9. DISCLAIMERS AND LIMITATIONS OF LIABILITY

9.1 NO MEDICAL USE WARRANTY

IMPORTANT: THE PLATFORM IS NOT INTENDED FOR MEDICAL USE.

THE PLATFORM IS PROVIDED FOR RESEARCH AND EXPERIMENTAL PURPOSES ONLY. WE EXPRESSLY DISCLAIM ANY WARRANTY THAT THE PLATFORM:

• IS SUITABLE FOR CLINICAL OR MEDICAL USE
• COMPLIES WITH FDA, CE MARK, OR OTHER MEDICAL DEVICE REGULATIONS
• CAN BE USED FOR DIAGNOSIS, TREATMENT, OR MEDICAL DECISION-MAKING
• PRODUCES CLINICALLY ACCURATE OR RELIABLE RESULTS

USE OF THE PLATFORM FOR ANY MEDICAL PURPOSE IS STRICTLY PROHIBITED AND IS AT YOUR SOLE RISK.

9.2 Service "AS IS" and "AS AVAILABLE"

THE PLATFORM IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

• Merchantability: We do not warrant that the Platform is suitable for any particular purpose
• Fitness for a Particular Purpose: We do not warrant that the Platform meets your specific requirements
• Non-Infringement: We do not warrant that the Platform does not infringe third-party rights
• Accuracy: We do not warrant that results, outputs, or data are accurate, reliable, or error-free
• Availability: We do not warrant uninterrupted, timely, secure, or error-free operation
• Data Loss: We do not warrant against data loss, corruption, or unauthorized access

9.3 Research and Experimental Nature

You acknowledge that:

• The Platform uses experimental algorithms and methods
• Results may vary and may not be reproducible
• Outputs should be independently validated before reliance
• The Platform is under active development and may contain bugs or errors
• Features may be added, modified, or removed without notice

9.4 Third-Party Datasets

We make no warranties regarding:

• Accuracy, completeness, or quality of third-party datasets
• Availability or continued access to third-party datasets
• Compliance of third-party datasets with applicable regulations
• Intellectual property rights in third-party datasets

9.5 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

A. EXCLUSION OF DAMAGES

NIMBUS BCI INC., ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, AND LICENSORS SHALL NOT BE LIABLE FOR:

• ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
• LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES
• LOSS OF OR DAMAGE TO RESEARCH DATA OR RESULTS
• COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
• BUSINESS INTERRUPTION OR LOSS OF USE
• LOSS OF REPUTATION OR GOODWILL

WHETHER ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR USE OF THE PLATFORM, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

B. CAP ON LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NIMBUS BCI'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE PLATFORM SHALL NOT EXCEED THE GREATER OF:

• $100 (ONE HUNDRED U.S. DOLLARS), OR
• THE TOTAL FEES PAID BY YOU TO NIMBUS BCI IN THE 12 MONTHS PRECEDING THE CLAIM

C. BASIS OF THE BARGAIN

YOU ACKNOWLEDGE THAT THE LIMITATIONS OF LIABILITY IN THIS SECTION REFLECT A REASONABLE ALLOCATION OF RISK AND ARE FUNDAMENTAL ELEMENTS OF THE BARGAIN BETWEEN YOU AND NIMBUS BCI. THE PLATFORM WOULD NOT BE PROVIDED WITHOUT THESE LIMITATIONS.

9.6 Exceptions

Some jurisdictions do not allow the exclusion or limitation of certain warranties or damages. In such jurisdictions, the limitations and exclusions in this Section shall apply to the maximum extent permitted by applicable law.

9.7 No Liability for User Conduct

We are not responsible for:

• Your use or misuse of the Platform
• Your violation of these Terms or applicable laws
• Your failure to obtain necessary approvals or consents
• Decisions made based on Platform outputs
• Actions taken by third parties based on data you share

10. INDEMNIFICATION

10.1 Your Indemnification Obligations

You agree to indemnify, defend, and hold harmless Nimbus BCI Inc., its affiliates, officers, directors, employees, agents, licensors, and suppliers (collectively, "Indemnified Parties") from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to:

A. Your Use of the Platform

• Your access to or use of the Platform
• Your violation of these Terms
• Your violation of any applicable law or regulation

B. Your Data and Content

• Any User Data you upload, process, or store on the Platform
• Your failure to obtain necessary consents, approvals, or authorizations for User Data
• Claims that your User Data infringes or misappropriates third-party rights
• Your violation of data protection, privacy, or research ethics requirements

C. Medical or Clinical Use

• Any use of the Platform for medical, clinical, or patient care purposes
• Any harm resulting from medical or clinical applications of Platform outputs
• Any violation of medical device regulations or healthcare laws

D. Third-Party Claims

• Claims by research participants or data subjects
• Claims by institutions, collaborators, or partners
• Claims by regulatory authorities or government agencies

10.2 Defense and Settlement

We reserve the right to assume exclusive defense and control of any matter subject to indemnification by you, in which case you will cooperate with us in asserting any available defenses. You may not settle any claim without our prior written consent.

10.3 Notice

You must promptly notify us of any claims, and we must notify you if we assume defense of a claim.

11. TERM, TERMINATION, AND SUSPENSION

11.1 Term

These Terms commence when you first access the Platform and continue until terminated in accordance with this Section.

11.2 Termination by You

You may terminate these Terms at any time by:

• Closing your account through the Platform interface
• Ceasing all use of the Platform
• Providing written notice to hello@nimbusbci.com

Upon termination, you remain responsible for:

• All fees incurred up to the termination date
• Downloading or backing up any data you wish to retain
• Compliance with obligations that survive termination

11.3 Termination or Suspension by Nimbus BCI

We may suspend or terminate your access to the Platform immediately, without notice or liability, if:

• You violate any provision of these Terms
• You fail to pay fees when due
• Your use poses security, legal, or operational risks
• We are required to do so by law or regulation
• We discontinue the Platform (with reasonable notice)

11.4 Effect of Termination

Upon termination:

A. Access Termination

• Your right to access and use the Platform immediately ceases
• Your account and all associated data may be deleted
• You must cease all use of Nimbus BCI Property

B. Data Retention and Deletion

• We may retain your data for up to 30 days for recovery purposes
• After 30 days, we may permanently delete your data
• We may retain certain data as required for legal, accounting, or regulatory compliance
• We may retain aggregated, de-identified data indefinitely

C. No Refunds

• Termination does not entitle you to a refund of prepaid fees (except as required by law)
• You remain responsible for all fees incurred up to the termination date

11.5 Survival

The following provisions survive termination:

• Sections 4 (Data Ownership), 5 (Intellectual Property), 6 (Acceptable Use as it relates to past conduct), 9 (Disclaimers and Limitations), 10 (Indemnification), 11.4 (Effect of Termination), and 14 (General Provisions)
• Any payment obligations accrued before termination
• Any liabilities that arose during the Term

12. REGULATORY COMPLIANCE AND EXPORT CONTROLS

12.1 Export Control Laws

The Platform and underlying technology may be subject to export control laws and regulations, including:

• U.S. Export Administration Regulations (EAR)
• U.S. International Traffic in Arms Regulations (ITAR)
• Office of Foreign Assets Control (OFAC) sanctions programs
• Export laws of other applicable jurisdictions

You represent and warrant that you are not:

• Located in, under the control of, or a national or resident of any embargoed country
• On any U.S. government list of prohibited or restricted parties (e.g., SDN List, Entity List)
• Subject to any export restrictions or prohibitions

You agree not to:

• Export, re-export, or transfer the Platform or any related technology in violation of applicable laws
• Use the Platform for any purpose prohibited by export control laws
• Provide access to the Platform to any prohibited or restricted party

12.2 Research Compliance

If you use the Platform for research involving human subjects, you must:

• Obtain and maintain all required IRB or Ethics Committee approvals
• Comply with:
  • Declaration of Helsinki
  • Belmont Report
  • Common Rule (45 CFR Part 46) in the U.S.
  • Good Clinical Practice (GCP) guidelines where applicable
  • Institutional biosafety and data management policies
• Maintain proper documentation of approvals and consents
• Report adverse events or data breaches as required by institutional policies

12.3 Data Protection Compliance

You are responsible for compliance with all applicable data protection laws including:

A. GDPR (European Union)

• Obtain lawful basis for data processing
• Provide required notices to data subjects
• Honor data subject rights (access, rectification, erasure, etc.)
• Implement appropriate technical and organizational measures
• Report data breaches within required timeframes

B. CCPA (California)

• Provide privacy notices as required
• Honor consumer rights requests
• Do not sell personal information without authorization

C. HIPAA (United States, if applicable)

• Platform is NOT HIPAA-compliant by default
• Do NOT upload PHI without a Business Associate Agreement
• If processing PHI, you must execute a BAA with Nimbus BCI before uploading any data

D. Biometric Privacy Laws (e.g., Illinois BIPA)

• Obtain informed written consent before collecting biometric data
• Publish retention and destruction policies
• Protect biometric data with reasonable security measures

12.4 Medical Device Regulations

You acknowledge that:

• The Platform is NOT a medical device
• The Platform has NOT been cleared or approved by FDA, EMA, or other regulatory bodies
• You are solely responsible for determining whether your use requires regulatory approval
• If you develop a medical device using the Platform, you are responsible for all regulatory compliance

13. CHANGES TO TERMS AND SERVICE

13.1 Modifications to Terms

We reserve the right to modify these Terms at any time. We will provide notice of material changes by:

• Posting the updated Terms on the Platform with a new "Effective Date"
• Sending notice to your registered email address
• Displaying a prominent notice on the Platform

Changes become effective:

• 30 days after notice for material changes
• Immediately upon posting for minor, non-material changes

Your continued use of the Platform after the effective date constitutes acceptance of the modified Terms.

13.2 Modifications to the Service

We may, at our discretion:

• Add, modify, or remove features or functionality
• Change pricing or subscription tiers (with notice)
• Impose usage limits or restrictions
• Discontinue the Platform or any portion thereof (with reasonable notice)

We will make reasonable efforts to notify users of material changes to the Service.

13.3 Objection to Changes

If you do not agree to modified Terms or Service changes, your sole remedy is to:

• Discontinue use of the Platform
• Terminate your account
• Request a pro-rata refund for prepaid fees covering the period after the effective date (at our discretion)

14. GENERAL PROVISIONS

14.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of laws principles.

The United Nations Convention on Contracts for the International Sale of Goods shall not apply.

14.2 Dispute Resolution

A. Informal Resolution

Before initiating formal proceedings, you agree to attempt to resolve disputes informally by contacting us at hello@nimbusbci.com. We will attempt to resolve disputes within 60 days.

B. Arbitration Agreement

Any dispute, claim, or controversy arising out of or relating to these Terms or the Platform that cannot be resolved informally shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules.

• Location: Arbitration shall be conducted in Wilmington, Delaware
• Arbitrator: One arbitrator mutually agreed upon by the parties, or appointed by AAA if no agreement
• Language: English
• Costs: Each party bears its own attorneys' fees; arbitrator's fees shall be split equally unless the arbitrator determines otherwise
• Confidentiality: Arbitration proceedings and results shall be confidential

C. Class Action Waiver

YOU AND NIMBUS BCI AGREE THAT DISPUTES WILL BE RESOLVED ONLY ON AN INDIVIDUAL BASIS AND NOT AS A CLASS ACTION, CONSOLIDATED ACTION, OR REPRESENTATIVE ACTION.

D. Exceptions to Arbitration

Either party may seek injunctive relief or other equitable remedies in any court of competent jurisdiction for:

• Intellectual property infringement
• Misappropriation of trade secrets
• Violation of confidentiality obligations
• Urgent security or safety concerns

14.3 Jurisdiction and Venue

For matters not subject to arbitration, you consent to the exclusive jurisdiction and venue of the state and federal courts located in Delaware for any legal proceedings.

You waive any objection to jurisdiction or venue in these courts.

14.4 Entire Agreement

These Terms, together with our Privacy Policy and any other policies referenced herein, constitute the entire agreement between you and Nimbus BCI regarding the Platform and supersede all prior or contemporaneous agreements, communications, or understandings.

14.5 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable:

• That provision shall be modified to the minimum extent necessary to make it valid and enforceable
• If modification is not possible, the provision shall be severed
• The remaining provisions shall remain in full force and effect

14.6 Waiver

No waiver of any provision of these Terms shall be deemed a further or continuing waiver of that or any other provision. Our failure to enforce any right or provision shall not constitute a waiver.

14.7 Assignment

You may not assign or transfer these Terms or any rights hereunder without our prior written consent. We may assign these Terms without your consent in connection with a merger, acquisition, reorganization, or sale of substantially all assets.

14.8 No Third-Party Beneficiaries

These Terms do not create any third-party beneficiary rights except as expressly stated in Section 10 (Indemnification).

14.9 Force Majeure

We shall not be liable for any failure or delay in performance due to circumstances beyond our reasonable control, including:

• Acts of God, natural disasters, or severe weather
• War, terrorism, civil unrest, or government actions
• Strikes, labor disputes, or supply chain disruptions
• Cyberattacks, denial-of-service attacks, or system failures
• Failures of third-party services or infrastructure providers
• Pandemics, epidemics, or public health emergencies

14.10 Notices

All notices under these Terms must be in writing and sent to:

To Nimbus BCI: Nimbus BCI Inc.
Attention: Legal Department
588 El Camino Real, Santa Clara, CA 95050 United States
Email: hello@nimbusbci.com

To You: To the email address associated with your account

Notices are deemed received:

• Email: 24 hours after sending (if no delivery failure)
• Mail: 3 business days after mailing

14.11 Interpretation

• Headings are for convenience only and do not affect interpretation
• "Including" means "including but not limited to"
• Singular includes plural and vice versa
• "Or" is not exclusive unless context requires otherwise

14.12 Language

These Terms are drafted in English. Any translations are provided for convenience only. In case of conflict, the English version prevails.

14.13 U.S. Government Rights

If you are a U.S. government entity, the Platform is "commercial computer software" and "commercial computer software documentation" as defined in FAR 12.212 and DFARS 227.7202. Use, duplication, or disclosure is subject to restrictions as set forth in these Terms.

15. CONTACT INFORMATION

For questions, concerns, or notices regarding these Terms or the Platform:

Nimbus BCI Inc.
Email: hello@nimbusbci.com
Support: hello@nimbusbci.com
Website: https://nimbusbci.com

For technical support and platform issues: hello@nimbusbci.com
For privacy-related inquiries: hello@nimbusbci.com
For legal and compliance matters: hello@nimbusbci.com

16. ACKNOWLEDGMENT

BY CLICKING "I AGREE", CREATING AN ACCOUNT, OR ACCESSING THE PLATFORM, YOU ACKNOWLEDGE THAT:

1. You have read and understood these Terms
2. You agree to be bound by these Terms
3. You understand that the Platform is for research purposes only and is not approved for medical use
4. You are responsible for compliance with all applicable laws, regulations, and ethical requirements
5. You accept the limitations of liability and disclaimer of warranties
6. You consent to the dispute resolution provisions, including arbitration and class action waiver

Last Updated: December 10, 2025
Version: 1.1

© 2025 Nimbus BCI Inc. All rights reserved.

APPENDIX A: DEFINITIONS

"API Key" means a unique authentication credential issued by Nimbus BCI for accessing the Nimbus SDK and related API services.

"BCI" means Brain-Computer Interface.

"EEG" means Electroencephalography or electroencephalogram.

"Nimbus BCI Property" means the Services and all associated intellectual property, including software, algorithms, interfaces, and documentation.

"Nimbus SDK" or "NimbusSDK" means the proprietary Julia-based Bayesian inference software development kit (NimbusSDK.jl) for BCI applications, which can be used standalone or integrated with Nimbus Studio.

"Nimbus Studio" means the web-based platform for visual BCI pipeline design, configuration, and execution.

"PHI" means Protected Health Information as defined by HIPAA (45 CFR §160.103).

"Platform" means the cloud-hosted Nimbus BCI products and interfaces, including Nimbus Studio (the web-based interface), associated APIs, and any other web-accessible or cloud-based components of the Services. The term "Platform" is used interchangeably with "Services" throughout this document when referring to Nimbus BCI's hosted offerings.

"SDK" means Software Development Kit, referring specifically to the Nimbus SDK unless otherwise specified.

"Services" means all Nimbus BCI products and services, including Nimbus Studio, Nimbus SDK, and associated APIs. When the term "Platform" is used in this document, it refers to the same scope as "Services" unless the context specifically indicates otherwise (e.g., when referring to the Nimbus SDK used locally, the term "SDK" is preferred).

"User Data" means EEG data, neurophysiological signals, and other data uploaded to Nimbus Studio or processed using the Nimbus SDK.

"IRB" means Institutional Review Board, an ethics committee that reviews and approves research involving human subjects.

"GDPR" means the General Data Protection Regulation (EU) 2016/679.

"CCPA" means the California Consumer Privacy Act of 2018.

"HIPAA" means the Health Insurance Portability and Accountability Act of 1996.

"FDA" means the U.S. Food and Drug Administration.

APPENDIX B: ACCEPTABLE DATA PRACTICES

Recommended Practices for Using the Platform

1. Data Collection

• Obtain informed consent from all participants
• Document consent procedures and approvals
• Provide participants with clear information about data use
• Implement secure data transfer methods

2. Data Anonymization

• Remove or encrypt personally identifiable information
• Use coded identifiers instead of names or identification numbers
• Remove metadata that could identify individuals
• Consider k-anonymity or differential privacy techniques where appropriate

3. Data Security

• Use strong, unique passwords for accounts
• Enable two-factor authentication if available
• Encrypt sensitive data before upload
• Limit access to authorized personnel only
• Do not share credentials or API keys

4. Research Documentation

• Maintain records of IRB approvals
• Document data processing procedures
• Keep logs of data access and modifications
• Maintain audit trails for compliance

5. Data Sharing and Publication

• Only share de-identified or aggregated results
• Obtain additional consent if required for data sharing
• Comply with journal and institutional data sharing policies
• Credit the Platform appropriately in publications

6. Incident Response

• Report security incidents or data breaches immediately
• Document incidents and remediation actions
• Notify affected parties as required by law
• Cooperate with investigations

This document is provided for legal compliance purposes. Users should consult with qualified legal counsel regarding their specific use cases and obligations.