Welcome to https://breacher.ai (the “Site”). We understand that privacy online is important to users of our Site, especially when conducting business. This statement governs our privacy policies with respect to those users of the Site (“Visitors”) who visit without transacting business and Visitors who register to transact business on the Site and make use of the various services offered by Breacher.ai (BBAC LLC) and Breacher.ai C-Corp (Delaware) (collectively, “Services”) (“Authorized Customers”).
Our promise to you: As security practitioners we respect your privacy and limit the amount of analytics being used on our site. In areas where we collect phone numbers or identifiable information, we allow users to opt in and will not contact unless we have explicit consent from you the user.
We maintain as minimal data as possible to reduce risk. Our approach is to remove records, data and any other information we possibly can with the goal to retain as little data as possible.
# PLATFORM TERMS OF SERVICE AND PRIVACY POLICY
**Social Engineering Simulation Platform – Breacher**
**Last Updated: February 1, 2026**
—
> **IMPORTANT:** This Platform provides tools for authorized security testing only. By using this Platform, you acknowledge that you are solely responsible for ensuring all activities conducted through this Platform are lawful and properly authorized. Unauthorized use of this Platform to conduct social engineering attacks, phishing campaigns, deepfake creation, or any other activities without proper consent is strictly prohibited and may violate federal, state, and international laws.
—
# PART I: TERMS OF SERVICE
## 1. Definitions
**”Platform”** means the Breacher social engineering simulation software, services, APIs, and related tools provided by the Platform operator.
**”Platform operator”** means the entity that owns and operates the Platform and provides the services to Platform Customer.
**”Platform Customer”** means any entity or individual that has entered into a contract with the Platform operator to use the Platform, including but not limited to: (a) Managed Service Providers (MSPs) conducting security assessments on behalf of their clients; (b) red team consultants and penetration testing firms; (c) internal information security teams conducting authorized testing within their organization; and (d) any other authorized users who have accepted these Terms. References to Platform Customer include the parent company or entity that holds the contractual relationship with the Platform operator.
**”Target Organization”** means any company, entity, or organization whose employees or systems are the subject of simulations conducted through the Platform.
**”Target Individual”** means any person who is the recipient of simulated social engineering activities conducted through the Platform.
**”Simulation”** means any social engineering test, phishing campaign, vishing call, smishing message, deepfake content, or other security assessment activity conducted through the Platform.
**”Voice Clone”** or **”Deepfake Content”** means any AI-generated audio, video, or visual content that replicates or simulates the voice, likeness, or identity of a real person.
**”Customer Data”** means all data uploaded, submitted, or generated by Platform Customer through use of the Platform, including but not limited to employee lists, contact information, campaign configurations, simulation results, voice samples, likeness data, and analytics.
**”Third-Party Services”** means external services integrated with or used by the Platform, including but not limited to OpenAI, Anthropic, Amazon Web Services (AWS), ElevenLabs, Deepgram, and Daily.
## 2. Acceptance of Terms
2.1. By accessing or using the Platform, Platform Customer agrees to be bound by these Terms of Service and Privacy Policy (collectively, **”Terms”**). If Platform Customer does not agree to these Terms, Platform Customer must not use the Platform.
2.2. Platform Customer represents and warrants that they have the legal authority to bind themselves and, if applicable, their organization to these Terms.
2.3. **Order of Precedence; Master Services Agreement.** If Platform Customer has entered into a written Master Services Agreement (“MSA”) with the Platform operator, the terms of the MSA shall control and supersede these Terms in the event of any conflict. These Terms apply only to the extent not addressed or inconsistent with the MSA.
## 3. Authorization and Consent Requirements
### 3.1. General Authorization
Platform Customer represents, warrants, and covenants that prior to conducting any Simulation through the Platform:
(a) Platform Customer has obtained all necessary authorizations, permissions, and consents required by applicable law to conduct the Simulation;
(b) Platform Customer has verified that the Simulation complies with all applicable federal, state, local, and international laws and regulations;
(c) Platform Customer has the legal right to target the Target Organization and Target Individuals;
(d) The Simulation falls within the scope of a legitimate security assessment engagement.
### 3.2. Employee Data Upload Attestation
By uploading employee information, contact lists, or any personal data to the Platform, Platform Customer attests and confirms that: (a) Platform Customer has obtained all necessary consents from the Target Organization and, where required by law, from Target Individuals to include them in security awareness Simulations; (b) Platform Customer accepts full responsibility for obtaining such consent; (c) Platform Customer has provided adequate notice to Target Individuals regarding the nature and purpose of security testing, to the extent required by applicable law and organizational policy; and (d) Platform Customer indemnifies and holds harmless the Platform operator from any claims arising from insufficient or invalid consent.
### 3.3. Voice Clone and Deepfake Consent
Platform Customer acknowledges that the Platform enables creation of Voice Clones and Deepfake Content. By uploading voice samples, images, videos, or other biometric data, Platform Customer represents and warrants that:
(a) Platform Customer has obtained explicit, informed consent from each individual whose voice, likeness, or identity will be replicated;
(b) Such consent includes authorization to create AI-generated content replicating the individual’s voice or likeness for security testing purposes;
(c) The individual whose voice or likeness is being cloned is an authorized representative of the Target Organization (such as an executive, manager, or employee);
(d) Platform Customer will not use Voice Clones or Deepfake Content for any purpose other than authorized security testing;
(e) Platform Customer accepts full liability for any misuse of Voice Clone or Deepfake Content.
### 3.4. Third-Party Engagements
When Platform Customer conducts Simulations on behalf of a third party (such as an MSP conducting testing for a client, or a consultant engaged by a Target Organization), Platform Customer attests that: (a) Platform Customer has a valid contractual relationship with the Target Organization authorizing the security assessment; (b) the scope of the Simulation falls within the authorized engagement; (c) Platform Customer has obtained all necessary permissions from the Target Organization to conduct the specific type of Simulation; and (d) Platform Customer bears sole responsibility for ensuring proper authorization chains are in place.
### 3.5. Written Authorization Requirement
Prior to conducting any Simulation, Platform Customer must provide the Platform operator with written authorization from the Target Organization describing the scope of the authorized security assessment.
Platform Customer acknowledges that the Platform operator may rely on this authorization as evidence of lawful use of the Platform. Platform Customer agrees to promptly provide updated or additional authorization documentation upon request.
Failure to provide such authorization may result in suspension or termination of Platform access.
Platform operator may disclose such authorization to law enforcement, regulators, or legal counsel where reasonably necessary to investigate misuse, comply with legal process, or demonstrate lawful use of the Platform.
### 3.6. Biometric Data and Voice/Likeness Consent
Platform Customer acknowledges that voice samples, facial images, video recordings, and likeness data used to create Voice Clones or Deepfake Content may constitute biometric identifiers or biometric information under applicable law.
Platform Customer represents and warrants that it has obtained prior written, informed consent from each individual whose biometric data is used, specifically authorizing:
(a) the capture of voice, image, or likeness data;
(b) the creation of AI-generated content replicating that voice or likeness for security testing;
(c) the processing of such data by the Platform and its subprocessors; and
(d) the retention and deletion practices described in the Privacy Policy.
Platform Customer indemnifies the Platform operator from any claims arising from failure to obtain legally sufficient biometric consent.
## 4. Prohibited Uses
Platform Customer shall not use the Platform to:
(a) Conduct any Simulation without proper authorization from the Target Organization;
(b) Engage in actual fraud, identity theft, financial crimes, or any illegal activity;
(c) Harvest credentials, financial information, or personal data for purposes other than authorized security testing and reporting;
(d) Create Voice Clones or Deepfake Content of individuals without their explicit consent;
(e) Harass, threaten, defame, or cause emotional distress to any individual;
(f) Distribute malware, ransomware, or other malicious code;
(g) Violate any applicable law, regulation, or third-party rights;
(h) Access, test, or target systems or individuals outside the authorized scope;
(i) Resell, sublicense, or provide access to the Platform to unauthorized third parties;
(j) Attempt to reverse engineer, decompile, or extract source code from the Platform;
(k) Use the Platform in violation of export control laws, sanctions regulations, or trade restrictions, including use by individuals or entities located in sanctioned jurisdictions.
### 4.1. Monitoring and Enforcement Rights
The Platform operator reserves the right to monitor, review, and audit Simulations for compliance with these Terms and applicable law.
Platform Customer acknowledges that the Platform operator may review campaign content, targets, and configuration prior to or during execution.
The Platform operator may suspend or terminate any Simulation or account that appears to violate these Terms or applicable law, without prior notice.
## 5. Platform Customer Responsibilities
5.1. **Legal Compliance.** Platform Customer is solely responsible for ensuring that all use of the Platform complies with all applicable laws and regulations, including but not limited to: the Computer Fraud and Abuse Act (CFAA); state computer crime laws; wiretapping and electronic surveillance laws; data protection and privacy regulations (including GDPR, CCPA, and other applicable privacy laws); anti-fraud statutes; employment laws; and telecommunications regulations.
5.2. **Industry-Specific Compliance.** Platform Customer acknowledges that certain industries are subject to additional regulatory requirements (such as HIPAA for healthcare, PCI-DSS for payment card data, GLBA for financial institutions, etc.). Platform Customer is solely responsible for understanding and complying with any industry-specific regulations applicable to their use of the Platform.
5.3. **Documentation.** Platform Customer is responsible for maintaining adequate documentation of authorizations, consents, and engagement scope for all Simulations conducted through the Platform. Platform Customer must retain copies of all authorizations and consents for at least two (2) years following each Simulation.
5.4. **Account Security.** Platform Customer is responsible for maintaining the security of their account credentials and for all activities conducted under their account.
5.5. **Cooperation with Investigations.** Platform Customer agrees to cooperate fully with any inquiry, investigation, or legal request relating to Simulations conducted through the Platform, including providing proof of authorization and consent within 24 hours of request.
5.6. **Sanctions Representation.** Platform Customer represents that it is not located in, organized under the laws of, or owned or controlled by parties in sanctioned jurisdictions. Platform Customer agrees to comply with all applicable U.S. sanctions programs administered by OFAC and all applicable export control laws.
## 6. Disclaimer of Warranties
6.1. THE PLATFORM IS PROVIDED **”AS IS”** AND **”AS AVAILABLE”** WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. THE PLATFORM OPERATOR EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
6.2. THE PLATFORM OPERATOR DOES NOT WARRANT THAT: (A) THE PLATFORM WILL MEET PLATFORM CUSTOMER’S REQUIREMENTS; (B) THE PLATFORM WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE; (C) THE RESULTS OBTAINED FROM USE OF THE PLATFORM WILL BE ACCURATE OR RELIABLE; OR (D) ANY ERRORS IN THE PLATFORM WILL BE CORRECTED.
6.3. THE PLATFORM OPERATOR MAKES NO REPRESENTATIONS REGARDING THE LEGALITY OF PLATFORM CUSTOMER’S USE OF THE PLATFORM IN ANY JURISDICTION. PLATFORM CUSTOMER IS SOLELY RESPONSIBLE FOR DETERMINING THE LEGALITY OF THEIR ACTIVITIES.
## 7. Limitation of Liability
7.1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM OPERATOR SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, OR OTHER INTANGIBLE LOSSES, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE OR WHETHER THE PLATFORM OPERATOR WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7.2. THE PLATFORM OPERATOR SHALL NOT BE LIABLE FOR ANY DAMAGES, CLAIMS, OR LOSSES ARISING FROM: (A) PLATFORM CUSTOMER’S USE OF THE PLATFORM WITHOUT PROPER AUTHORIZATION; (B) PLATFORM CUSTOMER’S FAILURE TO OBTAIN REQUIRED CONSENTS; (C) PLATFORM CUSTOMER’S VIOLATION OF ANY APPLICABLE LAW OR REGULATION; (D) CLAIMS BY TARGET INDIVIDUALS OR TARGET ORGANIZATIONS ARISING FROM SIMULATIONS; (E) ANY UNAUTHORIZED ACCESS TO OR USE OF PLATFORM CUSTOMER’S ACCOUNT; OR (F) ANY THIRD-PARTY CLAIMS RELATED TO PLATFORM CUSTOMER’S USE OF THE PLATFORM.
7.3. THE PLATFORM IS A TOOL. THE PLATFORM OPERATOR PROVIDES THE TECHNICAL CAPABILITIES FOR CONDUCTING SIMULATIONS BUT DOES NOT CONTROL, DIRECT, OR ASSUME RESPONSIBILITY FOR HOW PLATFORM CUSTOMER USES THOSE CAPABILITIES. ALL LIABILITY FOR THE CONDUCT OF SIMULATIONS RESTS SOLELY WITH PLATFORM CUSTOMER.
7.4. **Liability Cap.** To the maximum extent permitted by law, the total aggregate liability of the Platform operator arising out of or related to these Terms shall not exceed the total fees paid by Platform Customer to the Platform operator in the one (1) month preceding the event giving rise to the claim, unless otherwise specified in an applicable MSA. This limitation shall not apply to claims arising from the Platform operator’s gross negligence, willful misconduct, or data protection obligations.
## 8. Indemnification
8.1. Platform Customer agrees to indemnify, defend, and hold harmless the Platform operator, its officers, directors, employees, agents, affiliates, successors, and assigns from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:
(a) Platform Customer’s use of the Platform;
(b) Any Simulation conducted by Platform Customer;
(c) Platform Customer’s breach of these Terms;
(d) Platform Customer’s violation of any law, regulation, or third-party rights;
(e) Any claim by a Target Individual or Target Organization;
(f) Platform Customer’s failure to obtain required authorizations or consents;
(g) Any use of Voice Clones or Deepfake Content created through the Platform;
(h) Any dispute between Platform Customer and any third party.
8.2. This indemnification obligation shall survive termination of these Terms and Platform Customer’s use of the Platform.
8.3. **No Agency or Participation.** The Platform operator provides technical tools only and does not design, direct, control, or participate in any Simulation. Platform Customer acts independently and not as an agent, partner, or representative of the Platform operator.
## 9. Third-Party Services
9.1. The Platform utilizes Third-Party Services including, but not limited to, OpenAI, Anthropic, Amazon Web Services (AWS), ElevenLabs, Deepgram, and Daily. Platform Customer acknowledges that:
(a) Use of the Platform may be subject to the terms of service and acceptable use policies of these Third-Party Services;
(b) The Platform operator is not responsible for the availability, performance, or policies of Third-Party Services;
(c) Customer Data may be processed by Third-Party Services in accordance with their respective privacy policies;
(d) Changes to Third-Party Services may affect Platform functionality;
(e) Where the Platform utilizes enterprise APIs from providers such as OpenAI, Anthropic, ElevenLabs, and Deepgram, Customer Data is not used by those providers to train generalized AI or voice models. The Platform operator contracts for enterprise tiers of these services that prohibit model training on Customer Data.
9.2. Platform Customer agrees to comply with all applicable Third-Party Service terms when using the Platform.
## 10. Termination
10.1. The Platform operator may suspend or terminate Platform Customer’s access to the Platform immediately, without prior notice or liability, for any reason, including but not limited to: (a) breach of these Terms; (b) suspected unauthorized or illegal use; (c) upon request by law enforcement or government agency; or (d) for any other reason at the Platform operator’s sole discretion.
10.2. Upon termination, Platform Customer’s right to use the Platform will immediately cease. Sections 3, 4.1, 5.3, 5.5, 6, 7, 8, 12, and Part II (Privacy Policy) shall survive termination.
## 11. Modifications to Terms
The Platform operator reserves the right to modify these Terms at any time. Material changes will be communicated to Platform Customer through the Platform or via email. Continued use of the Platform after such modifications constitutes acceptance of the updated Terms.
## 12. Governing Law and Dispute Resolution
12.1. These Terms shall be governed by and construed in accordance with the laws of the United States and the State of Florida, without regard to conflict of law principles.
12.2. Any dispute arising out of or relating to these Terms or the Platform shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, except that either party may seek injunctive relief in any court of competent jurisdiction. Arbitration will take place in Florida, and each party will bear its own attorneys’ fees unless the arbitrator awards otherwise.
—
# PART II: PRIVACY POLICY
## 13. Information We Collect
### Controller and Processor Roles
For all personal data relating to Target Individuals, Platform Customer acts as the Data Controller and the Platform operator acts solely as a Data Processor processing such data on behalf of Platform Customer.
### 13.1. Platform Customer Account Information
We collect information provided during account registration and use, including: company name, contact information, billing details, and account credentials.
### 13.2. Target Data
We collect and process data that Platform Customer uploads or generates through the Platform, including: employee lists and contact information (names, email addresses, phone numbers); organizational structure and department information; campaign configuration and targeting parameters; and Simulation results (click rates, response rates, credential submissions for testing purposes, call recordings, message interactions).
### 13.3. Voice and Likeness Data
For Voice Clone and Deepfake Content creation, we collect: voice samples and audio recordings; images and video content; and AI-generated models and content derived from such samples. Raw voice, video, and image samples are deleted immediately after processing. Only the resulting voice or likeness model is retained to enable continued service delivery.
### 13.4. Biometric Data Handling and Retention
Voice samples, likeness data, and biometric inputs are used solely to create Voice Clones and Deepfake Content for the Platform Customer that provided the data.
Raw audio, video, and image files are deleted immediately after processing and model creation.
Resulting voice or likeness models are retained solely to provide ongoing services to that specific Platform Customer and are never used to train generalized models or for any other purpose.
Biometric data is not sold, disclosed, or used for any purpose other than providing the Platform services to the originating Platform Customer.
Any re-training of the resulting voice or likeness model is performed solely for the benefit of the originating Platform Customer and only using inputs provided by or on behalf of that Platform Customer.
### 13.5. Usage and Technical Data
We automatically collect: log data, IP addresses, browser information; Platform usage patterns and feature utilization; and performance and error data.
## 14. How We Use Information
We use collected information to: provide and maintain the Platform; process and execute Simulations as directed by Platform Customer; generate reports and analytics; improve Platform functionality and develop new features; communicate with Platform Customer about their account and services; ensure Platform security and prevent abuse; and comply with legal obligations.
Processing of Target Individual data is performed solely on the lawful basis determined by Platform Customer as Data Controller. Platform operator does not determine the lawful basis for Target Individual processing.
## 15. Data Sharing and Disclosure
15.1. **Third-Party Service Providers.** We share data with Third-Party Services necessary to operate the Platform, including OpenAI, Anthropic, AWS, ElevenLabs, Deepgram, and Daily. These providers process data in accordance with their respective privacy policies and our data processing agreements. A list of subprocessors may be provided upon request or as described in the DPA.
15.2. **Legal Compliance.** We will disclose information when required to do so by law or in response to valid legal process, including subpoenas, court orders, search warrants, national security letters, or other lawful requests by public authorities. We will comply with any lawful request for data from law enforcement or government agencies. Where legally permitted, we will attempt to notify Platform Customer of such requests.
15.3. **Protection of Rights.** We may disclose information when we believe disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.
15.4. **Business Transfers.** In the event of a merger, acquisition, or sale of assets, Customer Data may be transferred to the acquiring entity.
## 16. Data Retention
16.1. We retain Customer Data for as long as Platform Customer’s account remains active and as requested by Platform Customer. Platform Customer may request deletion of specific data or their entire account at any time.
16.2. Only resulting voice or likeness models (not raw audio, video, or image files) may be retained to enable continued service delivery and customer-requested re-training for that specific Platform Customer. Raw audio, video, and image samples are deleted immediately after processing. Models may be deleted upon Platform Customer request, subject to legal retention requirements.
16.3. We may retain certain data as required by law or for legitimate business purposes, such as maintaining security logs or complying with legal obligations, even after account termination.
## 17. International Data Transfers
17.1. The Platform operates from the United States. If Platform Customer is located outside the United States (including in the United Kingdom, Germany, Malaysia, Philippines, India, or other jurisdictions), Platform Customer acknowledges that their data will be transferred to and processed in the United States.
17.2. For Platform Customers subject to the General Data Protection Regulation (GDPR) or UK GDPR, we rely on appropriate legal mechanisms for international data transfers, which may include Standard Contractual Clauses or other lawful transfer mechanisms.
17.3. Platform Customer is responsible for ensuring that their use of the Platform complies with applicable data protection laws in their jurisdiction, including obtaining any necessary consents for international data transfers.
## 18. GDPR and International Privacy Rights
18.1. For Platform Customers and Target Individuals located in the European Economic Area, United Kingdom, or other jurisdictions with similar privacy laws, the following rights may apply, subject to applicable law: the right to access personal data; the right to rectification of inaccurate data; the right to erasure (“right to be forgotten”); the right to restrict processing; the right to data portability; the right to object to processing; and rights related to automated decision-making.
18.2. Platform Customer acknowledges that, as the controller of Target Individual data, Platform Customer is responsible for responding to data subject requests from Target Individuals. The Platform operator will provide reasonable assistance to Platform Customer in fulfilling such requests.
18.3. Platform Customer is responsible for ensuring compliance with all applicable privacy laws, including providing required notices to Target Individuals and establishing appropriate legal bases for processing.
### Data Processing Addendum
The Platform operator’s Data Processing Addendum (“DPA”) is incorporated by reference into these Terms and applies to all processing of personal data under this Privacy Policy.
## 19. California Privacy Rights
For California residents, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) may provide additional rights. These include the right to know what personal information is collected, the right to delete personal information, the right to opt-out of sale or sharing, and the right to non-discrimination for exercising privacy rights. We do not sell personal information. To exercise these rights, contact us using the information provided below.
## 20. Data Security
20.1. We implement reasonable administrative, technical, and physical security measures designed to protect Customer Data. We are actively pursuing SOC 2 certification to demonstrate our commitment to security best practices.
20.2. However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect Customer Data, we cannot guarantee absolute security. Platform Customer is responsible for maintaining the security of their account credentials.
## 21. AI and Machine Learning
21.1. The Platform uses artificial intelligence and machine learning technologies, including large language models provided by OpenAI and Anthropic, and voice synthesis technology provided by ElevenLabs and Deepgram.
21.2. Customer Data may be processed by these AI systems to generate Simulation content, create Voice Clones, and provide Platform functionality.
21.3. Platform Customer acknowledges that AI-generated content may not be perfect and should be reviewed before use. The Platform operator is not responsible for any inaccuracies or unintended outputs generated by AI systems.
## 22. Children’s Privacy
The Platform is not intended for use against or involving individuals under the age of 18. Platform Customer represents and warrants that no Target Individuals are minors and agrees to indemnify the Platform operator for any violation of this provision.
## 23. Changes to Privacy Policy
We may update this Privacy Policy from time to time. We will notify Platform Customer of material changes through the Platform or via email. Continued use of the Platform after such changes constitutes acceptance of the updated Privacy Policy.
## 24. Contact Information
For questions about these Terms or our privacy practices, Platform Customer should contact their designated account representative or refer to the contact information provided in their service agreement.
—
## Acknowledgment and Acceptance
BY USING THE PLATFORM, PLATFORM CUSTOMER ACKNOWLEDGES THAT THEY HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS OF SERVICE AND PRIVACY POLICY. PLATFORM CUSTOMER FURTHER ACKNOWLEDGES THAT THEY ARE SOLELY RESPONSIBLE FOR ENSURING THAT ALL USE OF THE PLATFORM IS LAWFUL AND PROPERLY AUTHORIZED, AND THAT THE PLATFORM OPERATOR PROVIDES ONLY A TOOL AND ASSUMES NO LIABILITY FOR HOW THAT TOOL IS USED.
Platform Customer accepts full responsibility for any legal consequences arising from their use of the Platform, including but not limited to civil liability, criminal prosecution, regulatory penalties, and third-party claims.
—
## Appendix A: In-Product Biometric Consent Notice
The following consent notice must be presented at the point of voice or likeness capture within the Platform:
> **Biometric Consent Notice**
>
> By clicking “I Agree” and providing/recording this voice sample, you consent to the collection and processing of your voice as biometric information (where defined by applicable law) for the purpose of creating an AI-generated voice model for authorized security testing on behalf of the Target Organization.
>
> Your raw recording will be deleted after processing, and only the resulting voice model will be retained for use by the Platform Customer that requested it. You may request deletion of the voice model by contacting the Platform Customer or the Platform operator.
>
> [Link to Privacy Policy]
**Implementation Requirements:**
– Require an unchecked-by-default checkbox labeled “I Agree”
– Provide a link to the Privacy Policy and a short retention summary
– Capture and retain: timestamp, IP address, campaign identifier, and identity of consenting individual (as available)
support@breacher.ai
