AI Features and Customer-Supplied API Key Terms

Aurora Command AI Features and Customer-Supplied API Key Supplemental Terms
Supplemental terms for optional AI-assisted features, usage quotas, and bring-your-own-provider credentials
Effective date: March 15, 2026
These Supplemental Terms apply only if Borealis makes AI-assisted features available to Customer or if Customer uses a Customer-Supplied API Key in connection with Aurora Command. They supplement the Aurora Command Self-Service Subscription Terms and control if there is a conflict on AI-specific matters.
1. Assistive Nature of AI Features
AI features are optional assistive tools. They may help draft, summarize, classify, retrieve, compare, organize, or otherwise work with customer-selected information, but they are not legal advice, audit advice, certification, compliance assurance, security assurance, or a substitute for human judgment.
AI output may be incomplete, incorrect, outdated, biased, inconsistent, or unsuitable for your use case. Customer remains solely responsible for reviewing, validating, approving, and deciding whether to rely on, publish, share, or act on any AI output.
Borealis may display short-form human-review or no-reliance warnings in product workflows, exports, reviewer packages, or related surfaces. The absence of a warning on a particular screen or output does not expand Borealis’s obligations or reduce Customer’s duty to review and validate AI-assisted content before reliance or external sharing.
2. Availability; Limits; Changes
Borealis may enable, disable, throttle, cap, change, replace, or discontinue AI features, models, providers, workflows, prompts, output formats, or usage rules at any time.
Unless Borealis expressly states otherwise, included AI message quotas or usage amounts expire at the end of the applicable billing period, do not roll over, have no cash value, and are not refundable. Borealis may impose hard caps, soft limits, queueing, or reduced throughput to protect the service or manage provider cost.
3. Customer Inputs and Permissions
    • Customer is solely responsible for all prompts, instructions, documents, and other inputs submitted to AI features.
    • Customer represents and warrants that it has all rights, permissions, and legal bases needed to submit those inputs and to direct Borealis and any underlying provider to process them.
    • Customer must not submit Restricted Data, unlawful content, export-controlled data, or other prohibited material to AI features unless Borealis expressly authorizes that use in writing.
4. Customer-Supplied API Keys
If Borealis permits Customer to supply its own API key, token, credential, or provider account details, Customer authorizes Borealis to use that credential solely to route the AI requests Customer initiates or configures through Aurora Command.
Customer is solely responsible for its relationship with the third-party AI provider, including account setup, payment obligations, provider terms, model availability, regional settings, retention settings, training settings, security settings, rate limits, and any legal disclosures or consents required for the provider’s processing.
Borealis does not control and is not responsible for any third-party provider’s availability, outputs, conduct, retention, deletion, security, training practices, permitted-use rules, suspension decisions, billing, or pricing changes.
    • Customer must provide only credentials it is authorized to use and may not share credentials that violate the provider’s terms.
    • Customer must rotate or revoke credentials promptly if they are exposed, compromised, or no longer authorized.
    • Borealis may reject, suspend, or remove a Customer-Supplied API Key at any time for security, operational, legal, policy, or provider-compatibility reasons.
5. Data Flow and Provider Risk Allocation
When AI features are used, Borealis may transmit prompts, context, metadata, and other relevant content to one or more third-party providers, subprocessors, or infrastructure services as necessary to generate or return output.
Where Customer uses a Customer-Supplied API Key, Customer directs that transmission and assumes the associated provider and transfer risk. Borealis makes no representation that the provider’s practices satisfy Customer’s internal policies, procurement requirements, or applicable law.
6. No Model-Training Commitment Unless Expressly Stated
Unless Borealis expressly states otherwise in a separate written commitment, Borealis does not promise any particular retention, deletion, zero-training, model-isolation, or data-residency setting for third-party AI providers.
Borealis may use de-identified, aggregated, or non-customer-specific telemetry and service data for security, analytics, service operations, abuse prevention, cost management, and product improvement, subject to the governing agreement and applicable law.
7. Suspension and Safety Controls
Borealis may block prompts, filter content, restrict models, suppress outputs, impose additional review steps, or suspend AI access where Borealis reasonably believes a security, safety, legal, abuse, provider, or operational concern exists.
Borealis is not liable for delays, refusals, missing outputs, or changes in behavior resulting from provider-side model updates, safety systems, outages, or other third-party changes.
8. Disclaimer and Limitation
THE AI FEATURES, ALL OUTPUTS, AND ANY CUSTOMER-SUPPLIED-KEY WORKFLOW ARE PROVIDED “AS IS” AND “AS AVAILABLE.” BOREALIS DISCLAIMS ALL WARRANTIES REGARDING ACCURACY, FITNESS, NON-INFRINGEMENT, OUTPUT QUALITY, TRAINING STATUS, RETENTION STATUS, AVAILABILITY, OR SUITABILITY FOR A PARTICULAR PURPOSE.
All risk associated with use of AI output, and all risk associated with a Customer-Supplied API Key or third-party provider selected by Customer, remains with Customer.
9. Precedence
These Supplemental Terms supplement, and do not limit, the acceptable-use restrictions, disclaimers, liability limits, and data restrictions in the governing Aurora Command agreement.
10. Probabilistic Outputs, Staleness, and Source Drift
AI features are probabilistic systems. Outputs may hallucinate, omit material facts, summarize incorrectly, overstate confidence, reflect stale or incomplete source material, misread attachments or metadata, or produce text that sounds authoritative even when it is wrong. The presence of citations, retrieval context, suggested mappings, or approved-source controls does not guarantee that an output is complete, current, correctly interpreted, or suitable for any legal, contractual, audit, security, procurement, or insurance purpose.
11. No Legal, Regulatory, Audit, or vCISO Judgment
Any policy draft, control suggestion, framework mapping, answer draft, risk statement, remediation suggestion, governance package, or other AI-assisted output is a workflow aid only. It is not legal advice, regulatory interpretation, audit advice, certification, a statement that Customer is compliant, or a substitute for review by qualified human personnel. Customer must independently validate all AI outputs, including outputs that appear to cite customer-approved materials, before using them internally or externally.
12. Specific Outcome Risk Allocation
Without limiting the disclaimers and liability limits in the governing Aurora Command agreement, Borealis is not responsible for fines, penalties, failed audits, failed reviews, contractual disputes, rejected questionnaires, regulator findings, lost deals, or other adverse consequences resulting from Customer’s use of AI outputs, Customer’s failure to validate those outputs, provider changes, model drift, safety filters, outages, latency, customer-supplied API key failures, or changes in laws, standards, framework expectations, or reviewer preferences.