Master Service Agreement

"Migration Window" means the thirty (30) calendar-day period following the initiation of an extraction run, during which the Customer retains access to the generated archive and associated deliverables.

"License" refers to the one-time purchase of an Evicta extraction tier: Basic ($499 USD) or Enterprise ($1,499 USD), unless otherwise agreed upon for custom or Partner API engagements.

"Local Mode" refers to the air-gapped execution of the Evicta engine within the Customer's own VPC or compute environment, utilizing a standalone CLI binary.

Evicta grants the Customer a non-exclusive, non-transferable license to use the platform for the purpose of extracting data from supported SaaS vendor APIs. The license covers a single extraction run (Basic) or a complete instance extraction with a 30-day Migration Window (Enterprise).

Local Mode. Evicta provides code for local execution "as-is." The User is solely responsible for the compute environment, Node.js runtime, and VPC security. Evicta does not have access to, and assumes no liability for, data processed in Local Mode.

Evicta utilizes Probabilistic AI Mapping (Claude Sonnet 4.6). The AI engine proposes schema transformations by analyzing source API responses and generating target schema recommendations.

The user is solely responsible for verifying the accuracy of the generated schema mapping before initiating the full extraction. Evicta does not guarantee that AI-proposed mappings will be free of errors or omissions.

Extracted archives are stored in an encrypted, non-indexed object store for the duration of the Migration Window (default 30 days) and are subsequently purged via automated lifecycle policies.

Evicta does not utilize staging databases. Source data is processed as a memory-resident stream and is not persisted to disk on Evicta infrastructure outside of the encrypted archive delivery.

Evicta is a third-party tool. We are not responsible for changes to the Zendesk API, rate-limit adjustments by the vendor, or the revocation of API tokens by the source provider. The Customer is responsible for maintaining valid API credentials and ensuring compliance with the source vendor's Terms of Service.

To the maximum extent permitted by applicable law, Evicta's total aggregate liability arising from or related to this Agreement shall not exceed the total amount paid by the Customer for the License.

Evicta shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of data, loss of profits, or business interruption.

Either party may terminate this Agreement at any time. Upon termination, Evicta will delete all Customer archives and associated data within fourteen (14) calendar days. Configuration metadata (field names, mapping logic) will be retained for a maximum of thirty (30) days to support post-termination inquiries.

Sections 3 (AI Mapping), 5 (Third-Party Dependency), 6 (Limitation of Liability), and 8 (Governing Law) shall survive termination.

This Agreement shall be governed by and construed in accordance with the laws of Sweden, without regard to its conflict of law principles.

Any disputes arising under this Agreement shall be resolved in the exclusive jurisdiction of the courts of Stockholm, Sweden. The Customer agrees to submit to the personal jurisdiction of such courts.

Partners accessing Evicta via the Partner API receive a Webhook Secret (prefixed whsec_) at onboarding. This secret is shown once and is never recoverable.

Webhook Signing. All outbound webhooks dispatched by Evicta are signed with HMAC-SHA256. Partners must verify the X-Evicta-Signature header on every received request by recomputing HMAC-SHA256(secret, timestamp + "." + rawBody) and comparing it in constant time. The Unix timestamp is supplied in the X-Evicta-Timestamp header. Partners should reject requests whose timestamp deviates by more than 300 seconds from the current time to prevent replay attacks.

Evicta is not liable for data processed by a partner endpoint that fails to perform signature verification. Partners are solely responsible for securing their webhook receiver.