Skip to content

Common Defense Terms of Service

Last updated: 2026-06-16

These Terms of Service govern the use by users (“users” or “you” or “your”) of the Common Defense website located at commondefense.ai (the “Site”) and the Common Defense Service (the “Service”) offered through the Site to registered User Account holders, as described below. The Site and Service are owned and provided by Common Defense AI Security, Inc. ("Common Defense", "we", "us", or "our").

PLEASE READ THESE TERMS OF SERVICE (“TERMS”) AND OUR PRIVACY POLICY CAREFULLY. BY USING THE SITE, YOU ARE INDICATING YOUR AGREEMENT THESE TERMS AND OUR PRIVACY POLICY. IF YOU DO NOT AGREE TO THESE TERMS OR THE PRIVACY POLICY, PLEASE DO NOT USE THE SITE.

YOU MAY USE OUR SITE WITHOUT REGISTERING FOR A USER ACCOUNT, BUT IN ORDER TO RECEIVE THE SERVICE, YOU MUST COMPLETE THE REGISTRATION PROCESS AND OPEN A USER ACCOUNT (“USER ACCOUNT”). YOU MUST BE AT LEAST 18 YEARS OLD TO CREATE A USER ACCOUNT. WHEN YOU REGISTER FOR A USER ACCOUNT, YOU WILL BE REQUIRED TO AFFIRMATIVELY CONSENT TO THESE TERMS IN ORDER TO ACTIVATE YOUR USER ACCOUNT AND USE THE SERVICE. WHEN YOU GIVE YOUR AFFIRMATIVE CONSENT, THESE TERMS WILL CREATE A BINDING CONTRACT BETWEEN YOU AND US.

WE RESERVE THE RIGHT, IN OUR SOLE DISCRETION, TO UPDATE OR REVISE THESE TERMS AND/OR THE PRIVACY POLICY. PLEASE CHECK PERIODICALLY FOR REVISIONS AND UPDATES. THE DATE AT THE TOP OF THESE TERMS AND PRIVACY POLICY REFLECT THE MOST RECENT VERSIONS. YOUR ACCESS AND/OR USE OF THE SITE AFTER ANY CHANGES TO THESE TERMS OR PRIVACY POLICY HAVE BEEN POSTED CONSTITUTES YOUR ACCEPTANCE OF THOSE CHANGES. IF YOU HAVE A USER ACCOUNT, YOU WILL BE NOTIFIED OF ANY CHANGES TO THESE TERMS WHEN YOU NEXT LOG IN. YOUR USE OF THE SERVICE AFTER SUCH NOTICE CONSTITUTES YOUR ACCEPTANCE.

1. The Service

The Common Defense Service scans incoming messages to your individual platform accounts (“Platform Account(s)”) on messaging platforms which include Gmail, Microsoft 365 / Outlook, Telegram, WhatsApp, and other such supported messaging platforms (each a “Messaging Platform” and collectively, “Messaging Platforms”).

The Service is an autonomous AI tool with no (or limited) human oversight and intervention unless specifically requested, required by law, or in the event of a security threat. The Service is designed to detect scams, phishing, and impersonations in your Platform Account messages and will alert you when it detects a threat. You will be able to review verdicts, see analytics, and change settings from the Common Defense dashboard which will be populated with your own verdicts, history, and settings. We may, in our sole discretion, update, modify, change, or discontinue certain features of the Service. We will notify you of any materially adverse changes to the Service, and you may discontinue using the Service, at your option, at any time.

For Gmail specifically, the Service operates as a reporting and monitoring service that improves the email experience by visibly flagging dangerous messages. (See Section 13 of these Terms for additional terms specific to Google APIs.)

2. Registering for Your User Account

In order to use the Service, you must register for an individual User Account. You may register your User Account through our Site by providing your email and creating your password. You must provide truthful and accurate information at registration. You are strictly prohibited from opening a User Account if you are under the age of 18. You must keep your registration information current. Each User Account is specifically tailored and intended to be used only by the individual Account holder. You may not share your User Account with any other person. You are responsible for protecting your login credentials from unauthorized use, and you are responsible for all activity that occurs on your User Account. You agree to notify us immediately if you believe that your login credentials have been accessed by anyone other than you, or if your User Account has been or may be used without your permission so that appropriate actions can be taken. We are not responsible for losses or damage caused by your failure to safeguard your login credentials or your User Account. All information that you provide through our Service is subject to our Privacy Policy.

3. Connecting to Messaging Platforms and Platform Accounts

When your User Account is activated, you are permitting Common Defense to connect our Service to your Messaging Platforms, and you are expressly authorizing the Common Defense Service to read incoming messages sent through that Messaging Platform to your Platform Account(s) for the purpose of scam and phishing detection, and to deliver alerts to you. When the Service first commences, it may be able to access a limited number of your Platform Account messages that were transmitted prior to activation of your User Account. You authorize Common Defense to access such prior messages and further authorize Common Defense to apply a clearly labeled flag to detected threats, or to move detected threats to the platform’s junk or spam folder, where the Messaging Platform supports it (for example, the Common Defense/Scam label in Gmail, or the Junk Email folder in Microsoft 365 / Outlook).

The Service does not, on any connected Messaging Platform:

  • send messages on your behalf,
  • delete your messages,
  • modify any other labels, folders, or message properties beyond the threat-flag label or junk-folder move described above.

You may disconnect any of your Platform Accounts at any time, and upon that disconnection, the Service will immediately cease monitoring that Platform Account. Please review our Privacy Policy to understand how your Content (as defined below) is used with the Service, retained under limited circumstances, and deleted after your Platform Accounts have been disconnected.

4. Content and License Rights.

You retain all ownership rights in the messages and the content of those messages (collectively, “Content”) that flow through the Service from your connected Platform Accounts. Nothing in these Terms grants Common Defense ownership of your Content. You grant Common Defense a limited, non-exclusive license to enable its Service to access, process, and store your Content as necessary to provide the Service and pursuant to these Terms and our Privacy Policy.

If you use a Messaging Platform other than Google, the foregoing license includes the right to use messages has been classified by the Service as suspicious (as described below) to train and refine the Service’s detection capabilities. A message that is classified as “suspicious” may mean and include, without limitation, a scam, phishing, or warning-tier classification. You may use the settings on your Common Defense dashboard to opt out of this portion of the license, and once you have opted out, the Service will be unable to use any future Content for training. For purposes of clarity, no Content obtained through Google Workspace APIs (including Gmail data) is used for any model training pursuant to Section 13 of these Terms and Section 13 of the Privacy Policy.

5. Prohibited Conduct.

The following are strictly prohibited:

  • using the Site or Service for any purpose that is unlawful or illegal or that enables or supports any unlawful or illegal purposes;
  • reverse engineering, decompiling, or attempting to extract our detection logic, models, technology, source code, or internal systems from our Site or the Service;
  • disrupting, overloading, or attacking the Site or Service;
  • harassing, surveilling, or targeting other Site users or User Account holders or making any unsolicited contact with other Site users or User Account holders;
  • sharing your User Account credentials with any other person;
  • reselling access to your User Account;
  • selling, publishing, displaying, or otherwise making the Service available to any other person, or creating any modifications, enhancements, derivatives of our Site or Service;
  • using your individual User Account on behalf of multiple individuals or organizations;
  • impersonating any person or entity or misrepresenting in any way your affiliation with a person or entity;
  • transmitting unsolicited mass e-mails, “spim,” or “spam;”; and
  • using the Site or Service in any manner not expressly authorized in these Terms or by us in writing.

6. Fees.

Certain fees may apply to use of the Service. If fees apply, those fees and the payment terms and payment methods will be disclosed to you during the User Account registration process.

7. Ownership and Intellectual Property Rights.

Common Defense is the sole owner of the Site and Common Defense Service, including our dashboards, models, methods, algorithms, code, interfaces, designs, name, marks, branding, and the Site and Service look, feel, and functionality, which are protected by United States copyright, trademark, and other intellectual property laws. In addition to the prohibitions in Section 5, you may not copy, modify, reproduce, or distribute our name, logo, trademarks, or Site content, or redistribute any of it without our prior written permission.

8. Warranty Disclaimers.

THE SITE AND SERVICE ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTY OF ANY KIND. YOUR USE OF THE SITE AND SERVICE IS AT YOUR SOLE RISK. TO THE FULLEST EXTENT PERMISSIBLE PURSUANT TO APPLICABLE LAW, WE DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD PARTY RIGHTS, AND FITNESS FOR A PARTICULAR PURPOSE. WE DO NOT WARRANT THAT THE FUNCTIONALITY OF THE SITE OR SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SITE OR SERVICE WILL BE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. WE DO NOT WARRANT THAT THIRD PARTY MESSAGING PLATFORMS WILL BE SECURED.

WE DO NOT MAKE ANY REPRESENTATIONS OR WARRANTIES CONCERNING THE ACCURACY, COMPLETENESS, SECURITY, OR ACCURACY OF THE SERVICE. WE CANNOT GUARANTEE THAT ALL THREATS WILL BE CAUGHT. CERTAIN LEGITIMATE MESSAGES MAY BE FLAGGED INCORRECTLY AS THREATS. COMMON DEFENSE IS ONE LAYER OF DEFENSE AND DOES NOT REPLACE YOUR OWN JUDGMENT, YOUR PLATFORM'S NATIVE PROTECTIONS, OR OTHER SECURITY MEASURES.

SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SOME OF THE FOREGOING EXCLUSIONS MAY NOT APPLY TO YOU. CHECK YOUR LOCAL LAWS FOR RESTRICTIONS OR LIMITATIONS REGARDING THE EXCLUSION OF IMPLIED WARRANTIES.

9. Limitation of Liability.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES WILL WE BE LIABLE TO YOU OR TO ANY OF YOUR SUCCESSORS, ASSIGNS, OR BENEFICIARIES FOR INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING, WITHOUT LIMITATION, LOSS OF BUSINESS OR BUSINESS OPPORTUNITIES, LOST PROFITS, LOSS OF DATA, COMPUTER VIRUSES, HARDWARE OR SOFTWARE FAILURES, OR USE OF OR INABILITY TO USE THE SITE OR SERVICE, INCLUDING DAMAGES OR ANY LOSSES ARISING FROM THREATS OUR SERVICE MISSED, MESSAGES OUR SERVICE INCORRECTLY FLAGGED, OR ACTIONS YOU TOOK BASED ON THE RESULTS OF THE SERVICE, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL FOUNDATION, WHETHER OR NOT WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING THE SITE OR SERVICE. TO THE EXTENT PERMITTED BY LAW, THE REMEDIES STATED FOR YOU IN THESE TERMS ARE EXCLUSIVE AND ARE LIMITED TO THOSE EXPRESSLY PROVIDED FOR HEREIN. IN NO EVENT WILL OUR LIABILITY TO YOU FOR ANY DAMAGES OF ANY KIND EXCEED THE TOTAL AMOUNT YOU PAID US IN THE TWELVE MONTHS PRECEDING THE EVENT FROM WHICH THE DAMAGE FIRST AROSE.

10. HIPAA.

Common Defense is not designed or intended to create obligations under the Health Insurance Portability and Accountability Act, as amended ("HIPAA"). We make no representation, warranty, or guarantee that the Service is HIPAA-compliant. The Service is not designed to filter protected health information (“PHI”) from messages that are transmitted to or from your Platform Accounts. Accordingly, you agree that you will not route and will take all necessary measures to prevent the routing of any Content containing PHI through any of your Platform Accounts monitored by the Service or where you have any expectations of HIPAA protections. You release us from any and all damages and liabilities arising from any Content containing PHI that is transmitted, stored, or processed through your Platform Accounts to which the Service has access.

11. Indemnification.

You agree to indemnify and hold harmless Common Defense, our affiliates, and respective officers, directors, and employees from any claims or damages arising out of your use of the Site or Service in contravention of these Terms.

12. User Account Suspension or Termination.

We may suspend or terminate your User Account if you violate any of these Terms. If the violation is curable, we will notify you and afford you a reasonable opportunity to cure the violation, after which, we will reactivate your User Account. If you fail to cure the violation within a reasonable period of time after we have notified you, or if the violation poses an immediate security or legal risk, we will permanently terminate your User Account. The Service may be temporarily unavailable from time to time during scheduled maintenance or emergency situations outside of our control. We reserve the right to cease providing the Service if prevented from doing so due to changes in law or events or circumstances outside of our control. You may discontinue your User Account at any time through the Common Defense dashboard or by emailing accounts@commondefense.ai. Content will be deleted in accordance with our Privacy Policy.

Upon termination, your access to the Service will be deactivated; OAuth tokens for all connected Messaging Platforms are revoked, your User Account, encrypted Platform Account credentials, your Content, and Account Data (as defined in the Privacy Policy) are deleted from our systems, and monitoring of all connected Messaging Platforms immediately ceases. Deletion of Content is described in our Privacy Policy.

13. Google Workspace API and Gmail Integration (Additional Terms)

The following terms apply to users who use Google Message Platform to connect their Platform Account to the Service, and supplement Sections 1, 3, and 4.

  • Limited Use commitment. The use of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The detailed commitments are in Section 13 of our Privacy Policy.
  • Approved use case. The Service uses Gmail APIs as a reporting and monitoring service for the benefit of users that improves the email experience.
  • No AI / ML training. Notwithstanding the detection-model training described in Section 4 of these Terms (which applies only to non-Gmail integrations), Common Defense does not retain Gmail data to develop, improve, or train any machine learning or artificial intelligence model, including foundational models. Gmail data is excluded from the Service’s training corpus.
  • Authorized actions only. Although the gmail.modify OAuth scope technically permits broader access, the Service’s use of the Gmail API is limited to (a) reading incoming Gmail messages for scam and phishing detection, and (b) applying a Common Defense/Scam label to messages identified as threats. Common Defense does not send mail, delete mail, modify any other labels, or take any other action on your Gmail Platform Account. Please note that when the Service first commences, it may be able to access a limited number of your emails that were transmitted prior to activation of your User Account.
  • Prohibited uses. Common Defense does not transfer or sell Gmail data to advertising platforms, data brokers, or other information resellers; does not use Gmail data for advertising, retargeting, or interest-based advertising; does not use Gmail data to determine credit-worthiness or for lending purposes; and does not access, aggregate, or analyze Gmail data so that it can be displayed, sold, or otherwise distributed to a third party conducting surveillance.
  • No scraping or permanent databases. Common Defense does not scrape Gmail, does not build or maintain a database of Gmail content for any purpose other than the live scam-detection feature, and does not retain cached Gmail content longer than the cache headers permit.
  • Transfers. Common Defense transfers Gmail data only as permitted under Limited Use: to deliver or improve the scam-detection feature with your consent, for security purposes, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets after obtaining your explicit prior consent.
  • Compliance by personnel and contractors. Common Defense ensures that its employees, agents, contractors, sub-processors, and successors comply with the Google API Services User Data Policy.
  • Post-termination. If Common Defense ceases to use the Gmail API, we will immediately stop calling the API, cease all use of Google brand features, and delete any cached or stored Gmail content as required by the Google APIs Terms of Service.

14. Governing Law and Venue.

These Terms are governed by the laws of the State of Delaware, without regard to conflict-of-laws principles. Disputes arising from these Terms will be resolved in the state or federal courts located in Delaware, and you consent to the personal jurisdiction of those courts.

15. Security.

For information on how our Service is secured, please see the attached Security Terms. You may also view our Security Terms.

16. Contact.

For questions or additional information, please contact us at: accounts@commondefense.ai.