Terms of Service

Effective Date: 04 September 2025  |  Last Updated: February 2026

These Terms of Service (“Terms”) govern your access to and use of CRMSON and related software and services (“Services”) provided by Involo (“we,” “our,” or “us”). By creating an account or using the Services, you agree to be bound by these Terms. If you do not agree, do not use the Services.

  • CRMSON is an AI-powered Crew Resource Management (CRM) training and safety culture platform for aviation professionals. The Services include scenario-based training, a CRM knowledge base, operational language support, personalised learning, and organisational safety culture analytics. The Services are not intended for use in safety-critical, life-critical, or medically regulated systems and should not be relied upon as a substitute for formal training or operational procedures.

  • CRMSON is an AI-powered Crew Resource Management (CRM) training and safety culture platform for aviation professionals. The Services include scenario-based training, a CRM knowledge base, operational language support, personalised learning, and organisational safety culture analytics. The Services are not intended for use in safety-critical, life-critical, or medically regulated systems and should not be relied upon as a substitute for formal training or operational procedures.

  • You agree not to, and not to permit any third party to:

    •       Use the Services in violation of any applicable law, regulation, or these Terms.

    •       Upload, transmit, or store content that infringes intellectual property rights, privacy rights, or other rights of third parties.

    •       Attempt to gain unauthorised access to, interfere with, or disrupt the Services, servers, or networks.

    •       Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of any part of the Services.

    •       Use the Services for competitive analysis, benchmarking, or to develop a competing product.

    •       Use automated tools (bots, scrapers, etc.) to access the Services without our prior written consent.

    •       Misrepresent your identity or impersonate any person.

    We reserve the right to suspend or terminate your access for any violation of these Terms.

  • The Services, including all software, documentation, content, logos, trademarks, and underlying technology, are and remain the exclusive property of Involo and its licensors. We grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Services in accordance with these Terms. You retain ownership of your personal data and content you submit. By using the Services, you grant Involo a non-exclusive, worldwide, royalty-free licence to use, process, and store your submitted content solely for the purpose of providing and improving the Services, and for generating de-identified, aggregated analytics as described in the Privacy Policy.

  • The Services use artificial intelligence, including both proprietary models or third-party large language model providers (such as OpenAI or Anthropic), to generate responses, scenarios, and recommendations. AI-generated content is provided for training and educational purposes only. It may not always be accurate, complete, or suitable for every operational context. You should exercise professional judgement and not rely on AI-generated content as a substitute for qualified training, regulatory guidance, or operational decision-making.

  • If you subscribe to a paid plan, you agree to pay all applicable fees. Payment is processed by Stripe or another PCI-DSS compliant provider. Fees are non-refundable except where required by law. We may change pricing with at least 30 days’ notice. Continued use after a price change constitutes acceptance.

  • If you access the Services on a free or trial basis, they are provided “as is” without warranties or dedicated support. We may modify, limit, or discontinue free or trial access at any time without notice.

  • THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.

  • TO THE FULLEST EXTENT PERMITTED BY LAW: (A) OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICES SHALL NOT EXCEED THE GREATER OF THE FEES YOU PAID TO US IN THE 12 MONTHS PRECEDING THE CLAIM, OR USD $100; AND (B) WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL. THESE LIMITATIONS APPLY REGARDLESS OF THE LEGAL THEORY ON WHICH A CLAIM IS BASED.

  • You agree to indemnify, defend, and hold harmless Involo, its officers, directors, employees, and affiliates from any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of or related to: (a) your use or misuse of the Services; (b) your violation of these Terms; (c) content you submit through the Services; or (d) your violation of any applicable law or third-party rights.

  • We may suspend or terminate your access at any time, with or without notice, for violation of these Terms or as required by law. You may stop using the Services at any time. Upon termination, your right to use the Services ceases immediately. Sections 4, 8, 9, 10, and 12 survive termination.

  • These Terms are governed by the laws of the State of Washington, USA, without regard to conflict of law principles. Any dispute arising from these Terms or the Services shall be resolved exclusively in the state or federal courts located in Washington, or through binding arbitration under the rules of the American Arbitration Association. You waive any right to participate in a class action or class-wide arbitration.

  • We may update these Terms from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. Continued use of the Services after changes become effective constitutes acceptance.

  • If you have questions about these Terms, contact us at: info@involo.tech

Privacy Policy

Effective Date: 04 September 2025  |  Last Updated: February 2026

Involo (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use and protect it, who we share it with, and your rights regarding your data.

  • We collect only the information necessary to provide the Services:

    a) Account Information

    Name, email address, organisation affiliation, and authentication credentials (managed by AWS Cognito).

    b) Biometric Authentication Data

    If you enable biometric login (Face ID, Touch ID, or fingerprint), authentication is handled entirely by your device’s operating system. No biometric data is transmitted to, collected by, or stored on Involo’s servers. We store only a cryptographic token confirming successful authentication.

    c) Usage and Interaction Data

    Conversation content (scenario interactions, reflections, and queries submitted to the AI), feature usage patterns, session duration, and interaction frequency. This data is used to personalise your experience and, in aggregated and de-identified form, to generate safety culture analytics.

    d) Technical and Device Data

    IP address, device type, operating system, browser type, app version, and crash/diagnostic data for security monitoring and performance improvement.

    e) Payment Information

    Processed by Stripe or another PCI-DSS compliant provider. We do not store credit card numbers, CVVs, or full payment details on our servers.

    f) Communications

    Messages, feedback, and support inquiries you send to us.

  • We use collected information for the following purposes:

    •       To provide, maintain, and improve the Services, including personalised training and AI-generated content.

    •       To authenticate users and secure accounts.

    •       To generate de-identified, aggregated safety culture analytics for partner organisations.

    •       To communicate with you about updates, support, security alerts, and service notices.

    •       To detect, prevent, and respond to security incidents, fraud, and abuse.

    •       To comply with legal and regulatory obligations.

    •       To conduct internal research and development to improve our AI models and training effectiveness.

  • We do not sell or rent your personal information. We may share data with:

    •       Service Providers: Including AWS (cloud hosting and authentication), Stripe (payments), and large language model providers such as OpenAI or Anthropic (AI processing). These providers process data on our behalf under contractual obligations to protect it.

    •       Partner Organisations: Such as airlines, operators, or training providers, in the form of de-identified, aggregated analytics only. Individual user data is never shared with partner organisations without your explicit consent.

    •       Legal Authorities: Where required by applicable law, regulation, subpoena, or court order.

    •       Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to a successor entity, subject to the commitments in this Privacy Policy.

  • To deliver AI-powered features, your interaction content may be processed by third-party large language model providers (currently OpenAI, Anthropic, Pleias, Mistral). We mostly rely on AI providers who operate under zero-data-retention policies. Queries hashes might be cached up to 24hours. We use API-based integrations and do not permit these providers to use your data to train their models. We select providers that offer enterprise-grade data handling commitments. For current details on sub-processor data practices, contact us at info@involo.tech.

  • We implement industry-standard technical and organisational safeguards, including:

    •       Encryption of data in transit (TLS 1.2+) and at rest (AES-256).

    •       Full-disk encryption and endpoint protection on employee devices.

    •       Multi-factor authentication (MFA) on all business and infrastructure accounts.

    •       Role-based access controls, with data access limited to personnel who require it.

    •       Regular security reviews and vulnerability assessments.

    No system is completely secure, and we cannot guarantee absolute protection against all threats.

  • We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer required, it is securely deleted or irreversibly anonymised. Account data is typically deleted within 90 days of account closure, unless retention is required by law.

  • Our Services are operated primarily in the United States, with some operations in Australia and Europe. Depending on agreements, data residency might be located, transferred to and processed in these countries, which may have data protection laws that differ from your jurisdiction. By using the Services, you consent to such transfers. Where required by law (e.g., GDPR), we implement appropriate safeguards such as standard contractual clauses.

  • Depending on your location, you may have rights under privacy laws such as the GDPR (EU/EEA/UK), the CCPA/CPRA (California), or Australia’s Privacy Act 1988. These may include the right to:

    •       Access a copy of your personal data.

    •       Request correction of inaccurate personal information.

    •       Request deletion of your personal data (subject to legal exceptions).

    •       Object to or restrict certain types of processing.

    •       Request data portability in a machine-readable format.

    •       Withdraw consent at any time, where processing is based on consent.

    •       Lodge a complaint with your local data protection authority.

    To exercise any of these rights, contact us at info@involo.tech. We will respond within the timeframe required by applicable law.

  • The Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

  • The Services may use essential cookies and similar technologies for authentication, security, and basic functionality. We do not use third-party advertising cookies or tracking pixels. Analytics, where used, are based on aggregated, non-identifying data.

  • We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The “Last Updated” date at the top indicates the most recent revision.

  • If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

    Involo

    Email: info@involo.tech

    Website: https://www.involo.tech