Terms of Service | TileBack

1 Introduction and Agreement

Key Point By using TileBack, you agree to these terms. If you don't agree, please don't use the service.

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User", "you", or "your") and MWANGI ("we", "us", or "our"), governing your access to and use of TileBack ("Service"), a form backend service accessible at tileback.com and related domains.

By creating an account, accessing, or using the Service in any manner, you confirm that:

You have read, understood, and agree to be bound by these Terms
You are at least 18 years of age or have reached the age of majority in your jurisdiction
You have the legal capacity to enter into binding contracts
If accepting on behalf of an organization, you have authority to bind that entity

If you do not agree to these Terms, you must immediately discontinue use of the Service.

2 Service Description

TileBack is a form backend service that enables you to:

Receive form submissions from your websites or applications via API endpoints
Store submitted form data in secure databases
Receive email notifications of form submissions
Access, manage, export, and analyze form submission data through our dashboard
Configure form settings, notifications, and integrations

We handle your form submissions so you don't have to build backend infrastructure. Point your forms at us, and we'll capture, store, and notify you about submissions.

The Service operates on a tiered pricing model with different feature sets and usage limits as described on our pricing page.

3 Beta Features and Experimental Services

3.1 Beta Features

From time to time, we may offer certain features or functionality designated as "beta," "preview," "experimental," or similar designations ("Beta Features"). Beta Features are provided for testing and evaluation purposes only.

Important Notice Beta Features may be incomplete, unreliable, or subject to change without notice. They are provided "as is" without any warranties or service level guarantees.

3.2 File Uploads Beta

File upload functionality is currently in beta ("File Uploads Beta"). During the beta period:

Access to file upload features may be limited or restricted to specific users or plans
File upload limits, retention periods, and allowed file types may change without notice
Performance, reliability, and uptime for file uploads are not guaranteed
We reserve the right to modify, suspend, or discontinue file upload features at any time
Uploaded files may be subject to additional review or scanning for security purposes

File uploads are new and we're still testing them. Things might break, limits might change, and we might need to make adjustments. If you need rock-solid file uploads right now, contact our sales team to discuss your needs.

3.3 Beta Feature Disclaimers

By using Beta Features, you acknowledge and agree that:

Beta Features are provided for evaluation and feedback purposes
Beta Features may contain bugs, errors, or defects that could cause system failures or data loss
We may collect usage data and feedback about Beta Features to improve them
Beta Features may be discontinued at any time, with or without notice
Data associated with Beta Features may not be retained when features are discontinued
We are not liable for any damages, losses, or issues arising from the use of Beta Features
Beta Features are excluded from any service level agreements or uptime guarantees

3.4 Early Access Requests

If you wish to request early access to Beta Features, you may contact our sales team at tileback.com/sales. Early access is granted at our sole discretion and may be subject to additional terms or requirements.

4 Security Practices

TileBack implements comprehensive security measures to protect your data and ensure the integrity of our Service. This section outlines our security commitments.

4.1 Technical Security Safeguards

Defense-in-Depth Architecture We employ multiple layers of security controls across our infrastructure, application, and data storage systems.

Encryption in Transit: All data transmitted to and from TileBack is encrypted using TLS/SSL (minimum TLS 1.2)
Encryption at Rest: Database encryption for sensitive data and AES-256 encryption for file uploads stored on AWS S3
Password Security: Industry-standard bcrypt hashing with salt for all user passwords (never stored in plain text)
Secure Authentication: JWT-based authentication with httpOnly cookies to prevent XSS attacks
CSRF Protection: Cross-Site Request Forgery tokens on all authenticated endpoints
Input Validation: Comprehensive input sanitization and validation to prevent injection attacks
Rate Limiting: API rate limits to prevent brute force attacks and service abuse
DDoS Mitigation: Infrastructure-level protection against distributed denial-of-service attacks

4.2 Organizational Security Controls

Access Controls: Limited employee access to production systems on a need-to-know basis
Audit Logging: Comprehensive logging of security events, access attempts, and administrative actions
Security Training: Regular security awareness training for personnel handling data
Vendor Management: Due diligence and security assessments for third-party service providers
Incident Response: Documented procedures for detecting, responding to, and recovering from security incidents

4.3 Application Security

Secure Development Lifecycle: Security considerations integrated throughout the development process
Dependency Scanning: Automated vulnerability scanning of third-party libraries and packages
Code Reviews: Security-focused peer review for all code changes
Penetration Testing: Periodic security assessments by qualified security professionals
Spam Protection: Honeypot fields and content analysis to prevent spam and abuse

4.4 Infrastructure Security

Hosting Providers: Infrastructure hosted on reputable providers with SOC 2 and ISO 27001 certifications
Network Isolation: Database and application servers on private networks with strict firewall rules
Backup & Recovery: Automated daily backups with 90-day retention for disaster recovery
Security Monitoring: Real-time monitoring for suspicious activity, anomalies, and security threats

4.5 Responsible Disclosure

Found a security vulnerability? Please report it responsibly. We appreciate and acknowledge security researchers who help keep TileBack secure.

If you discover a security vulnerability, please report it to: [email protected]

We commit to:

Acknowledging your report within 48 hours
Investigating and validating the reported vulnerability
Providing updates on remediation progress
Crediting researchers who report vulnerabilities responsibly (with permission)

Please do not: Publicly disclose vulnerabilities before we have had a reasonable opportunity to address them, access or modify user data beyond what is necessary to demonstrate the vulnerability, or perform actions that could degrade service availability.

5 Account Registration and Security

5.1 Account Creation

To use the Service, you must create an account by providing accurate, current, and complete information including a valid email address. You agree to promptly update your account information to maintain its accuracy.

5.2 Account Security

You are solely responsible for:

Maintaining the confidentiality of your account credentials (email and password)
All activities that occur under your account, whether authorized by you or not
Immediately notifying us of any unauthorized access or security breach
Ensuring your account is not shared with or accessed by unauthorized third parties

Important We will not be liable for any loss or damage arising from your failure to maintain account security. You may be held liable for losses incurred by us or other users due to unauthorized use of your account.

5.3 Account Restrictions

Each user may maintain only one account unless expressly authorized by us in writing. Accounts are non-transferable and may not be sold, assigned, or shared without our prior written consent.

6 Acceptable Use and Prohibited Activities

6.1 Lawful Use

You agree to use the Service only for lawful purposes and in compliance with:

Laws applicable in your jurisdiction
International laws applicable to your use of the Service
These Terms and any applicable policies

6.2 Prohibited Activities

You expressly agree NOT to:

Spam and Abuse: Use the Service to send, facilitate, or store spam, unsolicited commercial messages, phishing attempts, or any form of harassment
Illegal Content: Submit, store, or transmit content that is illegal, fraudulent, defamatory, obscene, threatening, or violates any third-party rights
Malicious Activity: Upload malware, viruses, or any code designed to damage, interfere with, or extract data from the Service or third-party systems
Unauthorized Access: Attempt to gain unauthorized access to the Service, other accounts, systems, or networks
System Interference: Overload, disable, damage, or impair the Service or interfere with other users' access
Scraping and Mining: Use automated systems to extract data from the Service without written permission
Reverse Engineering: Decompile, disassemble, reverse engineer, or attempt to discover the source code of the Service
Reselling: Resell or redistribute the Service without explicit authorization
Circumvention: Bypass usage limits, security measures, or access controls
Competitive Use: Use the Service to develop competing products or services

6.3 Anti-Spam Policy

Zero Tolerance for Spam We maintain a zero-tolerance policy for spam. If we determine, in our sole discretion, that your account is being used for spam or unsolicited communications, we may immediately suspend or terminate your account without notice or refund.

6.4 Content Responsibility

You are solely responsible for all data, information, and content submitted through your forms ("User Content"). You represent and warrant that:

You own or have necessary licenses and permissions for all User Content
User Content does not infringe third-party intellectual property, privacy, or other rights
You have obtained all necessary consents to collect and process data submitted through your forms
Your use of the Service complies with applicable data protection laws

7 Data Handling and Privacy

Your use of the Service involves the processing of personal data. Our data handling practices are governed by our Privacy Policy, which forms an integral part of these Terms.

You're the boss of the data submitted through your forms. We're just the processor handling it on your behalf. You're responsible for getting proper consent from your users and complying with data protection laws.

7.1 Data Controller vs. Data Processor

You acknowledge and agree that:

For form submission data: YOU are the data controller; WE are the data processor acting on your instructions
For your account data: WE are the data controller
You are solely responsible for ensuring lawful collection and processing of form submission data
You must provide adequate privacy notices to form submitters explaining what data you collect and how you use it
You must obtain all necessary consents, permissions, and legal bases required under applicable law before collecting personal data

7.2 Your Data Protection Obligations

Critical Compliance Requirement You are solely responsible for compliance with the Kenya Data Protection Act (2019), GDPR (if you have EU users), and any other applicable data protection laws in your jurisdiction and your users' jurisdictions.

You expressly represent and warrant that:

You have lawful authority to collect and process all data submitted through your forms
You have obtained all required consents from data subjects (form submitters)
Your forms include appropriate privacy notices and disclosures
You will honor data subject rights requests (access, deletion, correction, portability)
You will not use the Service to collect sensitive personal data (health data, biometric data, financial account details, children's data) without implementing appropriate legal and technical safeguards
You will immediately notify us if you discover any data breach involving form submission data

7.3 File Uploads (Starter and Pro Plans)

For plans that support file uploads:

You are responsible for ensuring uploaded files do not contain malware, viruses, or illegal content
You must obtain appropriate consents to collect and store uploaded files
Files are subject to the same data retention periods as form submissions
We reserve the right to scan uploaded files for malware and delete files that pose security risks
Maximum file sizes and quantities are enforced per plan limits

7.4 Data Processing and Storage

We may process, store, and transfer data as necessary to provide the Service, including:

Storing data on secure servers in Kenya or other jurisdictions
Transmitting data via third-party service providers (AWS SES for email delivery)
Creating backups for disaster recovery (retained for up to 90 days)
Processing data for spam detection and security purposes

Detailed information about data processing is available in our Privacy Policy.

8 Subscription Plans and Payment Terms

8.1 Pricing Plans

The Service is offered under the following pricing tiers:

Free Plan: $0/month - 1 form, 100 submissions per month, 30-day data retention, email notifications, spam protection
Starter Plan: $9/month - 5 forms, 500 submissions per month, 90-day data retention, file uploads (1 file, 10MB), webhook forwarding
Pro Plan: $29/month - Unlimited forms and submissions, 1-year data retention, file uploads (up to 10 files, 25MB each), webhooks, priority support

All prices are in USD. Current pricing, features, and limitations are available at our pricing page. We reserve the right to modify pricing with 30 days' written notice to existing subscribers.

8.2 Billing and Payment

For paid plans:

Fees are billed in advance on a monthly recurring basis
Payment is processed through Stripe, our third-party payment processor
You authorize us to charge your designated payment method automatically each billing cycle
All fees are non-refundable except as required by law or expressly stated in these Terms
Fees are exclusive of all taxes, duties, and assessments; you are responsible for all applicable taxes
Failed payments will result in immediate suspension of your account and loss of access to paid features
If payment fails for 7 days, your account may be downgraded to the Free plan and data exceeding Free plan retention limits may be deleted
You are responsible for maintaining valid payment information and ensuring sufficient funds

8.3 Subscription Changes and Cancellation

You may upgrade, downgrade, or cancel your subscription at any time through your account dashboard. Changes take effect as follows:

Upgrades: Immediate effect; you will be charged a prorated amount for the remainder of the billing cycle
Downgrades: Effective at the end of the current billing cycle; data exceeding the new plan's limits will be subject to that plan's retention period
Cancellations: Your account remains active until the end of the current paid period; no refunds for partial months or unused services

8.4 Data Retention and Plan Limits

Critical: Data Deletion Based on Plan Each plan has different data retention periods. When you downgrade or your payment fails, data older than your new plan's retention period will be automatically deleted after the transition period ends.

Data retention periods by plan:

Free Plan: 30 days - submissions older than 30 days are permanently deleted
Starter Plan: 90 days - submissions older than 90 days are permanently deleted
Pro Plan: 365 days - submissions older than 1 year are permanently deleted

You are solely responsible for exporting and backing up your data before downgrading or canceling. We are not liable for any data loss resulting from plan changes or retention period expirations.

Cancel anytime. We won't hold you hostage, but we also don't offer refunds for unused time. Export your data before downgrading - we auto-delete old stuff based on your plan tier.

9 Intellectual Property Rights

9.1 Our Intellectual Property

The Service, including all software, code, designs, interfaces, documentation, trademarks, logos, and content ("Our IP"), is owned by MWANGI and protected by international intellectual property laws. These Terms grant you no ownership rights to Our IP.

9.2 Limited License to Use

We grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service solely for its intended purpose in accordance with these Terms. This license terminates upon termination of these Terms.

9.3 User Content License

You retain all ownership rights to User Content. By using the Service, you grant us a worldwide, non-exclusive license to use, store, process, transmit, and display User Content solely to provide the Service to you. This license terminates when you delete the content or close your account, subject to technical and legal retention requirements.

Your data is yours. We just need permission to handle it to make the service work. When you delete it, we delete it (after backups expire).

10 Service Availability and Modifications

10.1 Service Availability

While we strive to maintain high availability, we do not guarantee uninterrupted or error-free operation of the Service. The Service is provided "as is" and "as available" without warranties of any kind.

We may experience downtime due to:

Scheduled maintenance (we will provide advance notice when reasonably possible)
Emergency maintenance or security updates
Third-party service provider failures
Events beyond our reasonable control (force majeure)

10.2 Service Modifications

We reserve the right to modify, suspend, or discontinue any aspect of the Service at any time, with or without notice. We will not be liable to you or any third party for any modification, suspension, or discontinuation of the Service.

11 Termination and Suspension

11.1 Termination by You

You may terminate your account at any time by following the account closure process in your dashboard or contacting our support team. Upon termination, your access to the Service will cease at the end of your current billing period for paid accounts, or immediately for free accounts.

11.2 Termination by Us

We reserve the right to suspend or terminate your account and access to the Service immediately, without prior notice or liability, for any reason, including but not limited to:

Violation of these Terms or any applicable policies
Engagement in prohibited activities or illegal conduct
Non-payment of fees for paid accounts
Fraudulent, abusive, or harmful behavior
Extended inactivity (dormant accounts may be deleted after 12 months of inactivity with 30 days' notice)
Legal or regulatory requirements
Risk to the security, integrity, or availability of the Service

11.3 Data Retrieval and Deletion

Export Your Data Before Closing Before account termination, you are solely responsible for exporting any data you wish to retain. We are not obligated to provide access to your data after account closure. All data will be permanently deleted within 30 days of account closure.

Upon account termination:

Active systems will delete your data within 30 days
Backup systems may retain data for up to 90 days before permanent deletion
We may retain certain metadata for legal compliance, fraud prevention, and dispute resolution as permitted by law
Deleted data cannot be recovered - export before closing your account

12 Disclaimers and Limitation of Liability

12.1 Disclaimer of Warranties

AS IS - No Warranties The Service is provided "AS IS" and "AS AVAILABLE" without any warranties whatsoever. Use at your own risk.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO:

Warranties of merchantability, fitness for a particular purpose, title, or non-infringement
Warranties that the Service will be uninterrupted, timely, secure, or error-free
Warranties regarding the accuracy, reliability, or completeness of any data or content
Warranties that defects will be corrected or that the Service is free from viruses or harmful components
Warranties regarding results obtained from using the Service

WE EXPLICITLY DISCLAIM ALL LIABILITY FOR:

Data loss, corruption, or deletion (you are responsible for maintaining backups)
Service interruptions, downtime, or unavailability
Third-party service failures (Stripe, AWS SES, hosting providers)
Security breaches beyond our reasonable control
Your failure to comply with data protection laws
Actions or inactions of form submitters or third parties

12.2 Limitation of Total Liability

Liability Cap Our total aggregate liability to you for all claims arising from or relating to the Service shall not exceed the greater of: (1) the total amount you paid to us in the 12 months immediately preceding the event giving rise to liability, or (2) $100 USD.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MWANGI, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, CONTRACTORS, OR AFFILIATES BE LIABLE FOR:

Indirect Damages: Any indirect, incidental, special, consequential, exemplary, or punitive damages
Business Losses: Loss of profits, revenue, business, contracts, anticipated savings, or business opportunities
Data Losses: Loss of data, loss of use of data, or corruption of data (including form submissions)
Reputational Harm: Loss of goodwill, reputation, or business interruption
Intangible Losses: Any other intangible losses of any kind
Security Incidents: Damages resulting from unauthorized access, data breaches, or cyber attacks
Third-Party Actions: Actions or omissions of third-party service providers, form submitters, or other users
Regulatory Fines: Fines, penalties, or sanctions imposed by regulatory authorities for your non-compliance with data protection laws

THESE LIMITATIONS APPLY REGARDLESS OF THE LEGAL THEORY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

12.3 Jurisdictional Limitations

Some jurisdictions do not allow the exclusion or limitation of certain warranties or liabilities. In such jurisdictions, the above exclusions and limitations shall apply only to the maximum extent permitted by law. Nothing in these Terms excludes or limits our liability for death or personal injury caused by our negligence, fraud, or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by law.

12.4 Your Responsibility for Backups

We are NOT a backup service. You must maintain your own backups of all critical data. If data is lost, corrupted, or deleted (for any reason, including our mistakes), you cannot hold us liable.

You acknowledge and agree that:

You are solely responsible for maintaining independent backups of all form submission data
The Service is not a backup or archival system
We are not liable for any data loss, regardless of cause
You should export critical data regularly and store it securely outside the Service

13 Indemnification

You agree to indemnify, defend, and hold harmless MWANGI, its officers, directors, employees, agents, affiliates, and service providers from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from:

Your use or misuse of the Service
Your violation of these Terms or any applicable law or regulation
Your violation of any third-party rights, including intellectual property, privacy, or data protection rights
User Content you submit or process through the Service
Your collection, use, or processing of data from form submitters

If your use of TileBack gets us into legal trouble, you're responsible for the cleanup.

14 Third-Party Services and Links

The Service integrates with and relies upon third-party services, including but not limited to:

Stripe for payment processing
Amazon Web Services (AWS) Simple Email Service (SES) for email delivery
Other infrastructure and service providers

Your use of third-party services is subject to their respective terms and privacy policies. We are not responsible for the availability, accuracy, or content of third-party services.

15 Dispute Resolution and Governing Law

15.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Republic of Kenya, without regard to its conflict of law provisions.

15.2 Jurisdiction and Venue

Any disputes arising out of or relating to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of Nairobi, Kenya.

15.3 Informal Resolution

Got a problem? Talk to us first. We're reasonable humans who prefer solving issues over legal battles.

Before initiating formal proceedings, you agree to contact us to attempt to resolve the dispute informally. We will make good faith efforts to resolve disputes amicably.

16 General Provisions

16.1 Entire Agreement

These Terms, together with our Privacy Policy and any other policies referenced herein, constitute the entire agreement between you and MWANGI regarding the Service.

16.2 Notices

We may provide notices to you via email to the address associated with your account or by posting on the Service. Notices shall be deemed given 24 hours after email is sent.

16.3 Assignment

You may not assign or transfer these Terms without our prior written consent. We may assign or transfer these Terms, in whole or in part, without restriction.

17 Changes to Terms

We reserve the right to modify these Terms at any time. When we make changes, we will:

Update the "Last updated" date at the top of this page
Notify you via email or through a notice on the Service
For material changes, provide at least 30 days' notice before the changes take effect

If we change these terms, we'll let you know. Your continued use means you accept the changes. Don't like them? You can cancel anytime.

18 Contact Information

Get in Touch

TileBack is operated by MWANGI. For questions, concerns, or notices regarding these Terms or the Service:

Email: [email protected]
Website: mwangi.co.ke
Terms Reference: mwangi.co.ke/terms