Features Resources Pricing Blog Contact Get Started

Terms and Conditions

Effective date: 5 June 2026  •  Last updated: 5 June 2026  •  Version: 2026-06-05

These Terms and Conditions ("Terms") govern your access to and use of SafeForge (the "Service"), a cloud-hosted hazard and risk management application operated by SafeForge AI ("SafeForge AI", "we", "us", "our").

SafeForge AI (ABN 89190664116) operates SafeForge. We are based in Victoria, Australia; our full registered postal address is available on request via support@safeforge.ai.

By creating an account, starting a trial, subscribing to, or otherwise using the Service, you agree to these Terms. If you are agreeing on behalf of an organisation, you confirm you have authority to bind that organisation, and "you" and "your" refer to that organisation.

If you do not agree to these Terms, do not use the Service.

1. Definitions

  • "Service" — the SafeForge web application, its features, APIs, exports, and documentation, accessed at app.safeforge.ai or any successor address.
  • "Organisation" — the workspace created for your business or team within the Service. Each user account belongs to exactly one Organisation.
  • "Customer Data" — all data you or your users enter, import, or generate within the Service, including hazards, controls, threats, causes, consequences, requirements, assumptions, risk ratings, comments, audit history, and uploaded files.
  • "AI Features" — the optional, opt-in functionality within the Service that sends Customer Data content to a third-party large language model provider for analysis and returns advisory output.
  • "Organisation Admin" — a user holding the administrator role for an Organisation, with authority over billing, user management, and AI policy.
  • "Authorised User" — an individual you permit to access the Service under your subscription, occupying a paid seat.
  • "Subscription" — your paid plan for the Service, managed through our payment processor.

2. The Service

SafeForge is a tool for managing safety and risk information. It helps safety and engineering teams import, structure, analyse, visualise, review, and export hazard logs and associated risk data. It provides a structured change-control process, an audit trail, bow-tie visualisations, dashboards, collaborative review workflows, and optional AI-assisted analysis.

The Service is provided on a software-as-a-service basis. There is nothing to install; the Service is accessed through a web browser.

We may add, change, or remove features over time. We will not make changes that materially reduce the core functionality of your paid plan during a billing period without notice.

3. The Service is a Tool, Not a Safety Case

This section is fundamental to your use of the Service. Read it carefully.

SafeForge is an information management tool. It is not a safety case, a safety assessment, a regulatory submission, or a substitute for the professional judgement of a competent safety engineer.

You acknowledge and agree that:

  • Outputs are starting points, not conclusions. Every artefact the Service produces — including imported data, structured hazard logs, dashboards, visualisations, exports, and AI-generated suggestions — is a starting point for your own analysis. It is not a finished work product and must not be relied upon as one.
  • The safety engineer is responsible for every decision. Responsibility for the identification, assessment, treatment, and closure of every hazard, and for the adequacy of every control, rests entirely with you and the qualified people in your organisation. The Service does not make safety decisions; it assists the humans who do.
  • The Service is not safety-critical software. SafeForge is an information management tool — equivalent in function to a structured spreadsheet with better organisation and an audit trail. It is not developed, certified, or represented as compliant with software safety integrity standards such as DO-178C, EN 50128, EN 50657, IEC 61508, ISO 26262, or similar. The safety integrity of your hazard management process depends on the procedures and competent review your organisation wraps around the tool — not on the tool itself.
  • You must independently verify everything. You are responsible for independently checking the accuracy, completeness, and suitability of all data and outputs before relying on them for any safety, engineering, regulatory, commercial, or other purpose.
  • Not evidence of legal compliance. Use of the Service does not, on its own, demonstrate or establish that any statutory, regulatory, or contractual safety duty applicable to your jurisdiction has been discharged — including duties commonly expressed as "So Far As Is Reasonably Practicable" (SFAIRP), "As Low As Reasonably Practicable" (ALARP), "As Low As Reasonably Achievable" (ALARA), or any equivalent risk-reduction principle. Demonstrating that such a duty has been met requires the professional judgement of a competent person, the supporting analysis, and the wider safety case — not the artefacts produced or stored by a tool. The Service assists those judgements; it does not make them and is not a substitute for them.

4. AI Features

AI Features are optional and disabled by default. They are enabled per Organisation by an Organisation Admin, and then per project, and they can be disabled again at any time.

When you enable and use AI Features, you agree that:

  • AI output is advisory only. Suggestions produced by AI Features are advisory. They are never automatically applied to your hazard log. Every AI suggestion requires explicit, deliberate confirmation by an Authorised User before it has any effect on Customer Data. This confirmation step is built into the Service and is a core control on which these Terms rely.
  • AI output may be wrong. Large language models can produce output that is incorrect, incomplete, outdated, or inconsistent. AI output must be treated as a draft to be reviewed by a competent person, exactly as you would treat the AI provisions of Section 3. Never accept an AI suggestion you have not independently verified.
  • You control what is processed. When AI Features are enabled, the Service sends the textual content of the specific entities being analysed (for example, hazard titles and descriptions, control descriptions, threat and consequence descriptions) to our third-party AI provider. It does not send your Organisation name, user names, user email addresses, project metadata, or audit history. Full detail of what is and is not sent is in our Privacy Policy.
  • No autonomous action. AI Features do not take actions on your behalf. They return text for a human to consider. They cannot change, close, approve, or delete anything.

Inherent risks of generative AI; third-party provider terms. AI Features rely on large language models supplied by a third-party AI provider. SafeForge AI implements reasonable, industry-standard mitigations against known categories of AI misbehaviour — including input sanitisation against prompt-injection patterns, strict JSON-schema validation of AI output before display, role-anchored system prompts, and the absence of any tool-use or autonomous-action capability for the model. Even so, large language models can produce output that is offensive, biased, hallucinated, factually wrong, culturally inappropriate, or otherwise unsuitable. By enabling and using AI Features you acknowledge this inherent risk. SafeForge AI does not warrant the output of the third-party AI provider; that provider's own terms of service apply to the underlying model output, and SafeForge AI's liability for AI Features remains subject to Sections 10 and 11.

Authority and compliance. AI Features are enabled by an Organisation Admin on behalf of your Organisation. The person who enables them warrants that they have authority to make that decision for the Organisation, and that enabling AI Features — and the resulting processing of hazard and control content by the third-party AI provider — complies with your Organisation's own policies, procedures, and any regulatory or contractual obligations you are subject to. SafeForge AI is not responsible or liable for AI Features being enabled, or for content being sent for AI processing, where the Organisation Admin did so without authority or in breach of your Organisation's own policies. The decision, and responsibility for it, rests with you.

Acknowledgement of these AI terms. Acknowledgement of this Section 4 is required when AI Features are enabled for an Organisation, and again from each user before they use AI Features. If this Section changes materially, a renewed acknowledgement may be required before AI Features can continue to be used. This is in addition to your acceptance of these Terms generally.

5. Acceptable Use

You must use the Service lawfully and only for its intended purpose: managing safety and risk information.

You must not, and must not permit any Authorised User to:

  • use the Service to store or process content that you are not lawfully entitled to store or process;
  • attempt to gain unauthorised access to the Service, other Organisations' data, or our infrastructure;
  • probe, scan, or test the vulnerability of the Service, or breach or circumvent any security or authentication measure;
  • interfere with or disrupt the integrity or performance of the Service;
  • reverse engineer, decompile, or attempt to extract the source code of the Service, except to the extent this restriction is prohibited by law;
  • resell, sublicense, or provide the Service to third parties outside your Organisation except as expressly permitted (for example, inviting external collaborators into your Organisation as Authorised Users); or
  • use the Service to build a competing product.

Classified, controlled, and protectively-marked content. The following restriction applies in full and without modification:

Users must not store classified, export-controlled (ITAR/EAR), or protectively marked content. Describe hazards at the risk level, not the vulnerability level. Do not store specific exploit details, CVE identifiers, attack vectors, credentials, or penetration test results. SafeForge is a safety hazard management tool, not a vulnerability management tool.

Cyber security risk. The Service is a safety hazard management tool. It is not a cyber security risk management tool, a cyber risk register, an information security management system, or a vulnerability management tool, and must not be used as your system of record for any of those. A cyber attack may legitimately be recorded as a threat or cause within a safety hazard analysis — for example, where a cyber compromise could lead to a physical safety consequence — but the Service must not be used to manage cyber security risk in its own right, and, as set out above, must not hold vulnerability, exploit, credential, or penetration-test detail. Cyber security risk must be managed in systems built and, where applicable, accredited for that purpose.

Defence and military safety standards do not change this. The Service supports hazard log formats and risk frameworks associated with defence and military safety standards (for example, MIL-STD-882E and DEF STAN 00-56). Supporting these formats does not mean the Service is accredited, certified, or appropriate for security-classified, protectively-marked, or export-controlled defence content. Defence, government, and contractor customers must hold any classified or protectively-marked hazard analysis in systems accredited for that purpose, and may use the Service only for material at an unclassified, publicly-releasable level.

The Service is not accredited for handling classified or protectively-marked information. Customers with such requirements should contact us about other arrangements before storing any such content. You are solely responsible for any breach of this restriction and for any consequences arising from content you store in the Service.

6. Accounts and Organisations

  • One Organisation per account. Each user account belongs to exactly one Organisation. External collaborators are invited into your Organisation as Authorised Users.
  • Account security. Authentication is handled by our identity provider using passwordless sign-in (magic link and supported single sign-on). You are responsible for keeping access to your email account and any linked SSO accounts secure, and for all activity that occurs under your Authorised Users' accounts.
  • Roles. The Service uses per-project roles (Administrator, Engineer, Approver) and an Organisation-level administrator role. You are responsible for assigning roles appropriately and for the actions of the users to whom you grant them.
  • Accurate information. You must provide accurate account and billing information and keep it up to date.

7. Billing Authority of Organisation Administrators

Subscription billing requires a saved payment method that can be charged without re-entry of card details on each renewal or change. Because of this, the following clause applies in full and without modification:

Billing authority of organisation administrators. Any user with the "Organisation Admin" role in your SafeForge.AI organisation has authority to change seat quantity, replace the stored payment method, and cancel the subscription using your organisation's saved payment credentials, without re-entering card details. This is how all SaaS subscription billing works.

When you promote a user to Organisation Admin, you confirm you trust them with this billing authority. SafeForge.AI is not liable for charges resulting from changes made by Organisation Admins you have promoted, including changes made by the original founding admin or by users they have subsequently promoted.

SafeForge.AI provides the following safeguards: (a) Stripe Customer Portal shows a confirmation page with the new charge before applying any quantity change; (b) we send notifications to all Organisation Admins on subscription changes; (c) suspicious patterns (large jumps, rapid changes, exceeding our self-serve cap) trigger internal review by SafeForge.AI's risk team. None of these safeguards block changes — they are visibility and review controls.

You acknowledge this billing authority each time you promote a user to Organisation Admin.

8. Subscriptions, Trial, and Billing

  • Payment processor. All billing is handled by our third-party payment processor (Stripe). We do not store, process, or have access to your full card details. Your use of the payment processor is subject to its own terms.
  • Free trial. New subscriptions begin with a 14-day free trial. A valid payment method is required to start the trial. Unless you cancel before the trial ends, the subscription automatically converts to a paid subscription at the end of the 14-day trial period and your payment method is charged. You can cancel at any time during the trial through the customer billing portal, with no charge.
  • Fees and seats. Fees are charged per Authorised User seat, on the plan and at the prices shown at the time you subscribe. Adding seats increases your fees; changes take effect as described in the billing portal at the time of the change.
  • Renewal. Subscriptions renew automatically for successive billing periods until cancelled.
  • Cancellation. You may cancel at any time through the billing portal. Cancellation stops future renewals. Unless required by law, fees already paid are non-refundable, and you retain access until the end of the period you have paid for.
  • Failed payment. If a payment fails, we may suspend or downgrade access to the Service after a reasonable grace period.
  • Taxes. Fees are exclusive of taxes unless stated otherwise. You are responsible for any applicable taxes other than taxes on our income.
  • Price changes. We may change prices for future billing periods. We will give reasonable notice of any increase before it applies to you.

9. Customer Responsibilities

You are responsible for:

  • The accuracy and completeness of your hazard log and all other Customer Data. The Service organises and presents what you put into it; it does not guarantee that what you put into it is correct, complete, or current.
  • Your regulatory and contractual compliance. Determining and meeting the safety, engineering, regulatory, and contractual obligations that apply to your work is your responsibility. The Service does not assess or assure your compliance.
  • Who you share exports with. Exports (spreadsheets, HTML snapshots, share links, and similar) are generated at your direction. Once you download, send, or share an export, its distribution and security are entirely in your hands. You are responsible for the recipients of any export and for any share link you create.
  • Your users. You are responsible for the acts and omissions of your Authorised Users as if they were your own.
  • Backups of exported records. While the Service maintains your Customer Data and we keep our own backups, you are responsible for retaining your own exported copies of records you are legally or contractually required to retain.

10. Warranties and Disclaimers

The Service is provided "as is" and "as available".

To the maximum extent permitted by law, and subject to Section 12:

  • We make no warranty that the Service will be uninterrupted, error-free, secure, or free from data loss, or that it will meet your requirements.
  • We make no warranty of fitness for a particular purpose, including any safety, engineering, regulatory, certification, or assurance purpose.
  • We do not warrant the accuracy, completeness, reliability, or suitability of any data, analysis, visualisation, export, or AI output produced by or through the Service.
  • We disclaim all warranties, conditions, and representations not expressly stated in these Terms, whether express, implied, statutory, or otherwise.

Nothing in these Terms excludes, restricts, or modifies any guarantee, right, or remedy you have under the Australian Consumer Law or any other law that cannot lawfully be excluded, restricted, or modified (see Section 12).

11. Limitation of Liability

This section limits our liability to you. Read it carefully.

Subject to Section 12 (Australian Consumer Law) and to the maximum extent permitted by law:

  • Excluded losses. We are not liable for any indirect, incidental, special, consequential, or punitive loss; or for any loss of profit, revenue, business, goodwill, anticipated savings, or data; or for any loss arising from your reliance on the Service or its outputs for any safety, engineering, regulatory, or commercial decision — in each case however arising, whether in contract, tort (including negligence), statute, or otherwise.
  • Safety decisions. Without limiting the above, we are not liable for any incident, accident, injury, loss, damage, omission, regulatory finding, or decision arising from the use of the Service or from any hazard, control, risk rating, or AI suggestion recorded in, produced by, or omitted from the Service. Responsibility for safety decisions rests with you (see Section 3).
  • Liability cap. Our total aggregate liability to you for all claims arising out of or in connection with the Service or these Terms is limited, in aggregate, to the total fees you actually paid to us for the Service in the twelve (12) months immediately preceding the event giving rise to the claim.

Australian Consumer Law. Nothing in these Terms excludes, restricts, or modifies any consumer guarantee, right, or remedy conferred by the Competition and Consumer Act 2010 (Cth) (including the Australian Consumer Law) or any other applicable law that cannot lawfully be excluded, restricted, or modified. Where our liability for a breach of such a non-excludable guarantee can lawfully be limited, our liability is limited, at our option, to: (a) re-supplying the Service or the relevant part of it; or (b) paying the cost of having the Service or the relevant part of it re-supplied.

12. Customer Data, Intellectual Property, and Confidentiality

  • You own your Customer Data. As between you and us, you retain all right, title, and interest in your Customer Data. You grant us a limited licence to host, process, transmit, display, and back up your Customer Data solely to provide, secure, support, and improve the Service for you, and to the extent necessary to operate AI Features you have enabled.
  • Service improvement (aggregated and de-identified only). You also grant us the right to use Customer Data in aggregated and de-identified form — from which your Organisation and any individual cannot be identified — to maintain and improve the Service, in particular its import and column-mapping heuristics. This is not used to train AI models, and is not sent to any third-party AI provider. It is separate from, and does not widen, the per-project AI Features described in Section 4.
  • We own the Service. As between you and us, we (and our licensors) retain all right, title, and interest in the Service itself, including its software, design, templates, and documentation. These Terms grant you a non-exclusive, non-transferable, revocable right to use the Service during your Subscription. No other rights are granted.
  • Feedback. If you give us feedback or suggestions, we may use them without restriction or obligation to you.
  • Confidentiality. Each party must protect the other's confidential information and use it only as needed under these Terms. Your Customer Data is your confidential information. This does not apply to information that is public through no fault of the receiving party, or that must be disclosed by law.
  • Data portability. The Service provides export functionality so you can obtain your Customer Data in a usable format at any time during your Subscription.

13. Suspension and Termination

  • By you. You may stop using the Service and cancel your Subscription at any time through the billing portal (see Section 8).
  • By us. We may suspend or terminate your access if you materially breach these Terms (including Section 5), if your payment fails and is not resolved within a reasonable grace period, if your trial ends without conversion to a paid Subscription, or if required by law or to protect the Service or other customers. Where practical and lawful, we will give notice and an opportunity to remedy.
  • Effect of termination. On termination, your right to access the Service ends.
  • Data retention after termination. After your Subscription ends, your Customer Data is retained for a limited period to allow reactivation and final export, and is then permanently deleted. The current retention period is described in our Privacy Policy. Export any records you need to keep before your access ends. Our routine, encrypted backups age out on their own retention cycle thereafter.
  • Survival. Sections 3, 5, 7, 9, 10, 11, 12, 13, 14, and 16, and any other provision that by its nature should survive, survive termination.

14. Changes to These Terms

We may update these Terms from time to time. If we make a material change, we will give reasonable notice — for example, by email to Organisation Admins or by a notice in the Service — before the change takes effect. Your continued use of the Service after a change takes effect constitutes acceptance of the updated Terms. The "Last updated" date at the top of this document reflects the most recent version.

15. General

  • Entire agreement. These Terms, together with the Privacy Policy and any plan details shown at the time you subscribe, are the entire agreement between you and us regarding the Service, and supersede any prior understanding on that subject.
  • Assignment. You may not assign these Terms without our consent. We may assign them to a successor in connection with a merger, acquisition, or sale of assets.
  • Severability. If any provision is found unenforceable, the rest remains in effect.
  • No waiver. A failure to enforce a provision is not a waiver of it.
  • Force majeure. Neither party is liable for failure or delay caused by events beyond its reasonable control.
  • Notices. We may give notices to you by email to your Organisation Admins or in-Service. You may give notices to us at the contact address in Section 17.
  • Relationship. These Terms do not create any partnership, agency, or employment relationship between the parties.

16. Governing Law

These Terms are governed by the laws of the State of Victoria, Australia. You and we submit to the non-exclusive jurisdiction of the courts of Victoria, Australia and the courts competent to hear appeals from them.

17. Contact

Questions about these Terms can be sent to:

SafeForge AI
Email: support@safeforge.ai

SafeForge AI · ABN 89190664116 · Victoria, Australia · support@safeforge.ai

See also our Privacy Policy.