Terms &
Policies

Last updated: June 10, 2026

Terms and Conditions

1.1 Acceptance of Terms

By accessing or using the Sector platform (‘Platform’) operated by Undersea, Inc. (‘Company,’ ‘we,’ ‘us,’ or ‘our’), you agree to be bound by these Terms and Conditions (‘Terms’). If you do not agree to all of these Terms, you must not access or use the Platform. These Terms constitute a legally binding agreement between you and the Company. If you are accessing the Platform on behalf of an institution, organization, or employer, you represent that you have the authority to bind that entity to these Terms.

1.2 Description of Service

Sector is a managed data access and research infrastructure platform that enables data owners including individuals, research groups, companies, and institutions, to grant controlled, auditable access to sensitive datasets, including health data. The Platform supports two primary modes:

Connected Access: Data owners connect the Platform to datasets that remain hosted in their own environment. Sector acts as an access-control and computation layer only; no underlying data is transferred to or stored on Company servers.

Hosted Analysis: Data owners may upload datasets directly to Company-managed infrastructure for analysis. In this mode, data is stored on Company secure servers and governed by the data storage and deletion terms in Section 1.8.

In both modes, the Platform provides:

  • Secure, access-controlled connections to data sources
  • Analysis tools (exploratory analysis, statistical functions, and genomics tooling)
  • AI-assisted features, including a conversational research interface and automated report generation (see Section 3.7)
  • Audit logging and access governance for data owners
  • A personal data library for each user, containing datasets they own and datasets shared with them

1.3 Eligibility and Account Registration

To use the Platform, you must be at least 18 years of age and capable of entering into legally binding contracts. Use of the Platform by individuals under 18 is strictly prohibited. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify us immediately at [email protected] of any unauthorised access or security breach.

1.4 Pilot and Early Access Terms

Access to the Platform during any designated pilot or early access phase may be granted pursuant to a signed Access Agreement or Memorandum of Understanding. Pilot and early access participants acknowledge that:

  • Features and functionality are subject to change without notice during the pilot period
  • Service level commitments during the pilot are governed by the applicable written agreement, not these Terms alone
  • Feedback provided during the pilot may be used by the Company to improve the Platform without compensation

1.5 Acceptable Use

You agree to use the Platform only for lawful purposes and in accordance with these Terms. You must not:

  • Attempt to access data for which you have not been granted explicit authorisation by the data owner
  • Attempt to re-identify, de-anonymise, or link de-identified datasets to individuals
  • Use the Platform to transmit, store, or process data in violation of applicable law, including HIPAA, GDPR, the Nigerian Data Protection Act, or equivalent regulations
  • Reverse-engineer, decompile, or otherwise attempt to extract source code from the Platform
  • Circumvent, disable, or interfere with security or access-control features
  • Use the Platform to train machine learning models for commercial purposes without a separate written license from the Company
  • Share, sublicense, or resell access to the Platform without prior written consent
  • Use the AI-assisted chat interface to craft prompts or inputs designed to elicit data beyond your authorised access scope, circumvent access controls, or extract model parameters or training data (prompt injection)
  • Attempt to extract, infer, or reconstruct another user’s data or query results through the AI-assisted features or any other means not expressly permitted by these Terms

1.6 Data Owner Responsibilities

Data owners whether individuals, companies, research groups, or institutions, who connect or upload datasets to the Platform retain full ownership of and responsibility for their data. Data owners are responsible for:

  • Ensuring they hold the appropriate legal right or authority to share, upload, or grant access to connected or uploaded datasets
  • Configuring access controls, permissions, and any applicable query restrictions in accordance with their obligations to data subjects
  • Obtaining any required ethics approvals, regulatory clearances, or participant consents before connecting or uploading datasets
  • Notifying the Company promptly of any legal hold, regulatory inquiry, or change in data governance status affecting a connected or hosted dataset

1.7 Intellectual Property

All software, algorithms, interfaces, documentation, and trademarks associated with the Sector platform are the exclusive property of Undersea, Inc. or its licensors. These Terms grant you a limited, non-exclusive, non-transferable license to access and use the Platform for your authorised purposes.

Data and datasets you connect or upload to the Platform remain your property. You grant the Company a limited license to store and process such data solely as necessary to provide the Platform services and for no other purpose.

1.8 Hosted Data, Deletion, and Workspace Archival

Where a data owner uploads datasets to Company-managed infrastructure under the Hosted Analysis mode, the following terms apply:

  • Data Storage: Uploaded datasets are stored on Company servers solely to enable analysis through the Platform. The Company does not use hosted data for any other purpose.
  • Dataset Deletion: When a data owner deletes a dataset, that dataset is permanently and irreversibly deleted from Company servers. No copy is retained by the Company. Deletion is final and cannot be undone.
  • Workspace Archival: When a user deletes a workspace, the workspace enters an archived state for 30 days from the date of deletion. During this period, the owner may submit a restoration request. After the 30-day archival window closes, the workspace and all associated content are permanently deleted. The Company makes no guarantee of recoverability after this window.
  • Owner Responsibility: The Company is not liable for loss of data arising from a data owner’s deliberate deletion of datasets or failure to initiate restoration within the archival window.

1.9 Fees and Billing

Access may be subject to fees as set out in a separate Order Form or Access Agreement. During designated pilot periods, access may be provided at no charge. The Company reserves the right to introduce or modify fees with at least 30 days’ written notice.

1.10 Term and Termination

These Terms remain in effect for as long as you access the Platform. The Company may suspend or terminate your access immediately if you breach these Terms or if required by law. Upon termination, your right to access the Platform ceases immediately. For hosted data, termination triggers the same deletion and archival processes described in Section 1.8. Sections 1.7, 1.11, 1.12, and 1.13 survive termination.

1.11 Indemnification

You agree to indemnify, defend, and hold harmless Undersea, Inc. and its officers, directors, employees, and advisors from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of: (a) your violation of these Terms; (b) your use or misuse of the Platform; (c) any breach of applicable data protection laws by you or your organization; or (d) any third-party claims related to data you connected or uploaded to the Platform.

1.12 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR GOODWILL, ARISING FROM YOUR USE OF OR INABILITY TO USE THE PLATFORM. IN NO EVENT SHALL THE COMPANY’S TOTAL CUMULATIVE LIABILITY EXCEED THE GREATER OF (A) THE AMOUNTS PAID BY YOU TO THE COMPANY IN THE TWELVE MONTHS PRECEDING THE CLAIM OR (B) ONE HUNDRED US DOLLARS (USD $100).

1.13 Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict-of-law provisions. Any disputes arising under these Terms shall be submitted to binding arbitration under the rules of the American Arbitration Association, with proceedings conducted in Delaware. Notwithstanding the foregoing, either party may seek injunctive relief in any court of competent jurisdiction.

1.14 Modifications

We reserve the right to modify these Terms at any time. We will provide at least 14 days’ notice of material changes via the Platform or by email. Continued use after the effective date of any modification constitutes acceptance of the revised Terms.

1.15 Contact

For questions regarding these Terms, contact us at: [email protected]

Privacy Policy

2.1 Overview

Undersea, Inc. (‘we,’ ‘us,’ or ‘our’) operates the Sector platform. This Privacy Policy explains how we collect, use, and protect information about users of the Platform. We are committed to privacy by design: our core infrastructure is built to minimise unnecessary data movement. In the Connected Access mode, sensitive data never leaves the data owner’s environment. In Hosted Analysis mode, uploaded datasets are stored only for the duration of active use and are permanently deleted upon the data owner’s request.

2.2 Information We Collect

We collect the following categories of information:

  • Account and Identity Information: Name, email address, job title, and organization name provided at registration or through an access request.
  • Usage and Access Logs: Records of queries executed, datasets accessed, analysis jobs run, timestamps, and session metadata. These logs are core to the Platform’s audit function and are accessible to the data owners who granted you access.
  • Hosted Dataset Content: Where a data owner uploads datasets under the Hosted Analysis mode, that content is stored on Company secure servers solely to enable analysis. It is not used for any other purpose and is permanently deleted upon the data owner’s deletion request (see Section 1.8 of the Terms).
  • AI Feature Inputs: Where you interact with AI-assisted features, your inputs and any derived analytical context such as summary statistics, analysis results, schema metadata, and user-authored queries, may be processed by third-party LLM infrastructure providers under data processing agreements (see Sections 2.3 and 2.5). Raw dataset records are never transmitted to LLM providers.
  • Technical Data: IP addresses, browser type, operating system, and device identifiers collected automatically when you access the Platform.
  • Communications: Correspondence you send to us, including support requests, feedback, or legal inquiries.

2.3 How We Use Information

We use collected information to:

  • Authenticate users and enforce access-control policies configured by data owners
  • Store and process uploaded datasets solely to provide analysis functionality under the Hosted Analysis mode
  • Provide, operate, and improve the Platform
  • Generate audit trails available to data owners
  • Communicate with you about your account, security alerts, and Platform updates
  • Comply with legal obligations and respond to lawful government requests
  • Conduct product analytics and usage research to improve our services
  • Route derived analytical context including summary statistics, analysis outputs, schema metadata, and user-authored inputs, to third-party LLM API providers solely to deliver AI-assisted features, including research guidance, analysis interpretation, and report generation. Raw dataset records are never included in requests to LLM providers. This routing is governed by data processing agreements with those providers and is subject to the disclosure in Section 2.5.

We do not sell your personal information to third parties. We do not use your data or uploaded datasets to train AI or machine learning models without your explicit written consent. Third-party LLM providers used for AI-assisted features are contractually prohibited from using your data for model training.

2.4 Legal Basis for Processing (GDPR / International)

For users in the European Economic Area, United Kingdom, or other jurisdictions with equivalent data protection laws, our legal bases for processing personal data are:

  • Contract performance: processing necessary to provide the Platform under your access agreement
  • Legitimate interests: security monitoring, fraud prevention, and product improvement
  • Legal obligation: compliance with applicable laws and regulatory requirements
  • Consent: where we have obtained your explicit consent for specific processing activities

2.5 Data Sharing and Disclosure

We may share your information with:

  • Data Owners: Your access logs and query history are accessible to the data owners who granted you access to their datasets, as part of the Platform’s audit function.
  • LLM Infrastructure Providers: When you use AI-assisted features, derived analytical context including summary statistics, analysis outputs, schema metadata, and user-authored inputs is transmitted to third-party large language model API providers. Raw dataset records are never transmitted to LLM providers. These providers act as data processors under data processing agreements that prohibit use of your data for model training or any purpose beyond providing the requested inference. Data owners may request a list of current LLM providers by contacting [email protected].
  • Service Providers: Trusted vendors who assist in operating the Platform (hosting, security, analytics) under contractual data processing agreements.
  • Legal Authorities: When required by law, court order, or to protect the rights and safety of our users.
  • Business Transfers: In connection with a merger, acquisition, or sale of substantially all assets, with prior notice to affected users.

We do not share your personal information with advertisers or data brokers.

2.6 Data Retention

Account information is retained for as long as your account is active and for up to 3 years afterward, or as required by applicable law. Audit logs are retained in accordance with the data governance terms applicable to each dataset, typically 5–7 years. Hosted datasets (Hosted Analysis mode) are retained only while the data owner has not deleted them. Upon deletion, datasets are permanently and immediately removed from Company servers with no retention period. Archived workspaces are retained for 30 days following deletion, after which they are permanently destroyed. You may request deletion of your account data by contacting us at [email protected].

2.7 Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorised access, disclosure, alteration, or destruction, including:

  • Encryption: All data is encrypted in transit using TLS 1.2 or higher. Data stored under the Hosted Analysis mode is encrypted at rest using AES-256 or equivalent industry-standard encryption.
  • Access Controls: Role-based access controls and least-privilege principles govern internal access to Company systems. Multi-factor authentication is required for administrative access.
  • Network Segmentation: Platform infrastructure employs network-level isolation and multi-tier VPC architecture to prevent unauthorised data movement between environments.
  • Audit Logging: All data access events are logged and available to data owners through the Platform’s audit function. Internal access to production data is logged and reviewed.
  • Security Assessments: We conduct regular internal security reviews and engage third-party security assessments of our infrastructure on a periodic basis.
  • Compliance Program: We are actively pursuing SOC 2 Type II certification. Institutional partners may request information about our current security program and controls documentation by contacting [email protected].
  • Breach Notification: In the event of a data breach affecting your personal information or hosted data, we will notify affected parties without undue delay and in accordance with applicable law, including within 72 hours where required by GDPR or equivalent regulation.

No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

2.8 International Data Transfers

The Platform is operated from the United States. If you access the Platform from outside the US — including from jurisdictions in Africa, Europe, or elsewhere — your information may be transferred to and processed in the US. We implement appropriate safeguards, including standard contractual clauses, for international transfers subject to GDPR or equivalent frameworks.

2.9 Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal information, subject to audit retention requirements
  • Object to or restrict certain processing
  • Receive your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law).

2.10 Cookies and Tracking

The Platform uses essential cookies and session tokens required for authentication and security. We do not use advertising or cross-site tracking cookies. You may configure your browser to reject cookies, but doing so may impair Platform functionality.

2.11 Children’s Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, contact us immediately at [email protected].

2.12 Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting a prominent notice on the Platform or via email at least 14 days before the changes take effect.

2.13 Contact

Privacy inquiries: [email protected]

Undersea, Inc., incorporated in Delaware, United States.

Disclaimer

3.1 No Medical or Clinical Advice

The Sector platform is a data access and research infrastructure tool. Nothing on the Platform constitutes medical advice, clinical guidance, diagnostic interpretation, or health recommendations. Outputs from analysis tools are provided for research and informational purposes only and should not be used as the basis for clinical decisions, patient care, or medical treatment without independent professional evaluation.

3.2 No Warranty on Platform Availability or Accuracy

THE SECTOR PLATFORM AND ALL CONTENT, TOOLS, AND ANALYSIS OUTPUTS ARE PROVIDED ‘AS IS’ AND ‘AS AVAILABLE’ WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. UNDERSEA, INC. EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

  • Merchantability and fitness for a particular purpose
  • Accuracy, completeness, or timeliness of data or analysis outputs
  • Uninterrupted or error-free access to the Platform
  • Freedom from viruses, malicious code, or other harmful components

3.3 Research Use Caveat

Data accessed or analysed through the Platform may contain known or unknown limitations, biases, and collection artefacts inherent to the source datasets. Users are responsible for critically evaluating analysis outputs in the context of these limitations. Where AI-assisted features are used to interpret analysis results, users should be aware that AI outputs add an additional layer of uncertainty on top of underlying dataset limitations (see Section 3.7). Publication or commercial use of research derived from Platform access must comply with the data use terms established by the relevant data owner.

3.4 Third-Party Data and Integrations

The Platform may connect to third-party data sources or integrate with external tools. The Company makes no representations regarding the accuracy, completeness, security, or legal status of third-party data or services. Use of third-party integrations is governed by the respective third parties’ terms.

3.5 Regulatory Compliance Responsibility

While the Platform is designed with data governance and regulatory compliance in mind, it is the responsibility of each data owner and user to independently ensure their use of the Platform complies with all applicable laws and regulations, including but not limited to HIPAA, GDPR, the Nigerian Data Protection Act (NDPA), and any applicable ethics regulations governing human subjects research. The Company does not provide legal or regulatory compliance advice.

3.6 Forward-Looking Statements

Any statements on the Platform or in Company communications regarding planned features, integrations, roadmap items, or performance targets are forward-looking and subject to change. The Company makes no commitment to deliver any feature or capability within any particular timeframe.

3.7 AI-Assisted Features and Generated Content

The Platform includes AI-assisted features powered by large language model (LLM) technology, including a conversational interface for research guidance, automated interpretation of analysis outputs, and generation of summary reports (collectively, ‘AI Features’). By using these features, you acknowledge and agree to the following:

  • AI outputs may contain errors. AI-generated content, including research guidance, statistical interpretation, and generated reports, is probabilistic in nature and may contain errors, omissions, hallucinations, or outputs that do not accurately reflect the underlying data. The Company does not warrant the accuracy, completeness, or reliability of any AI-generated output.
  • AI Features are not expert advice. Outputs from AI Features do not constitute expert statistical, clinical, epidemiological, regulatory, or legal advice. AI-generated content should be independently verified by a qualified professional before use in any publication, clinical application, regulatory submission, or consequential decision.
  • Generated reports require human review. Reports generated through AI Features are AI-assisted drafts and must be reviewed, validated, and approved by a qualified human reviewer prior to use, distribution, or reliance. The Company accepts no liability for decisions made in reliance on AI-generated reports without such independent review.
  • AI Features are not a substitute for peer review. AI-generated analysis interpretation does not constitute peer review, expert statistical consultation, or professional judgment. Users should not treat AI outputs as a substitute for these processes.
  • Only derived context is processed externally. When you use the AI chat interface, only derived analytical context such as summary statistics, analysis outputs, schema metadata, and your own user-authored inputs is transmitted to third-party LLM infrastructure providers. Raw dataset records are never transmitted to LLM providers. This processing is conducted in accordance with Sections 2.3 and 2.5 of our Privacy Policy. Users should nonetheless exercise judgment about the sensitivity of any context or inputs included in AI Feature requests.
  • Compounding uncertainty. Where AI Features are used to interpret outputs derived from datasets with known limitations or biases (see Section 3.3), the resulting AI interpretation carries compounded uncertainty. Users are responsible for accounting for both dataset-level and AI-level limitations in any downstream use.

The Company accepts no liability for decisions made in reliance on AI-generated outputs, interpretations, or reports without independent human verification by a qualified professional.

3.8 Limitation on Consequential Damages

IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO YOUR USE OF THE PLATFORM OR RELIANCE ON ANY ANALYSIS OUTPUT OR AI-GENERATED CONTENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

3.9 Jurisdictional Variations

Some jurisdictions do not permit the exclusion of implied warranties or limitation of certain damages. To the extent such exclusions or limitations are not permitted in your jurisdiction, they shall apply to the maximum extent permitted by applicable law.

3.10 Contact

For questions about this Disclaimer, contact us at: [email protected]