Terms/Security
WinMoreBD.ai works in your
secure environment with CUI data
secure environment with CUI data
Built in AWS GovCloud (US) with US-only processing, customer-isolated enclaves, encryption in transit & at rest, SSO + RBAC, and 24-hour incident notice. Controls align to CMMC 2.0 Level 2 (NIST 800-171) and NIST 800-53 Moderate.
We never train models on your data.
Compliance
Currently:
- Controls align with NIST 800-171 / 800-53 (Moderate) standards.
- Annual 3rd-party assessments have been initiated.
- There is U.S.-only data processing.
CUI/FCI Handling: We are working toward DoD FedRAMP Moderate Equivalent.
Our platform works with GCC High: We connect to Microsoft 365 GCC High via the U.S. Government Graph and SharePoint/OneDrive (.us) endpoints with least-privilege admin consent in your Azure Government tenant.
Data Use and Terms
Here are the cliff notes of our terms so that you can review at a glance:
No training on your data:
- No cross-tenant sharing.
- US-only processing.
- Deletion within 60 days after termination upon request.
Access & use:
- Subscription for your authorized users
Acceptable Use:
- No reverse engineering.
- No security testing without written authorization.
- Don’t upload data into the platform that you don’t have rights to.
Security standards:
- NIST 800-53 (Moderate) / 800-171 alignment.
- Annual 3rd-party assessments.
- U.S.-only data processing.
Incidents:
- 24-hour notification time.
IP & confidentiality:
- You own your content while own the platform.
- Both parties protect each other’s confidential information.
Warranties & liability:
- “AS IS” except for explicit security/U.S.-only storage commitments.
- Standard caps/exclusions apply.
Export controls & USG rights:
- Standard ITAR/EAR/OFAC and FAR/DFARS commercial software terms.
Human review required:
- AI-generated content may be incorrect, incomplete, or non-compliant.
- You are responsible for reviewing and validating outputs before use.
We are happy to answer any questions related to security and terms.