Skip to main content
Legal

Terms of Service

Effective Date: January 28, 2026  ·  Last Updated: February 19, 2026

Read This First

STET is a software tool. It automates the mechanical work of transaction matching and discrepancy flagging. It does not audit, certify, advise, or make professional determinations of any kind.

Every output STET produces — matches, discrepancy flags, confidence scores, audit logs, and export files — is a technical record of a software process. These outputs are not audit opinions under GAAS, PCAOB, ISA, or any other auditing standard.

The auditor, accountant, or financial professional using STET bears sole responsibility for reviewing all outputs, applying professional judgment, and determining what the results mean. STET assists; it does not decide.

What STET Is — and Is Not

STET Is
  • ·A software tool for transaction matching
  • ·A discrepancy-flagging engine
  • ·A workflow accelerator for reconciliation
  • ·A VDR (virtual data room) audit assistant
  • ·A record-keeping and export utility
  • ·A deterministic, reproducible processing engine
STET Is NOT
  • ·An auditor or audit firm
  • ·A provider of audit opinions or attestations
  • ·A substitute for CPA, CFA, or legal review
  • ·A regulatory compliance certifier
  • ·An accounting system or bookkeeping service
  • ·A fiduciary or financial advisor

Your Responsibility as the User

By using STET, you — the auditor, banker, accountant, or financial professional — acknowledge and accept the following:

You review every output.

STET's matches, discrepancy flags, confidence scores, and export files are inputs to your professional judgment — not conclusions. You are required to review them before any reliance.

You are responsible for data accuracy.

STET processes what you upload. If your source files contain errors, omissions, or manipulated data, STET will process them as-is. Garbage in, garbage out — STET does not validate source data.

You make all final determinations.

Whether a flagged discrepancy is material, fraudulent, or benign is your professional call. STET surfaces patterns; you interpret them.

You own the compliance obligation.

Your organization's obligations under SOX, GLBA, GDPR, MiFID II, PCAOB, or any other framework are yours. Using STET does not satisfy, waive, or modify those obligations.

You export and retain your own records.

STET processes data in-memory and does not back it up. SOX § 802 and GLBA require audit records to be retained for a minimum of 7 years. Export your audit logs and maintain copies independently.

You do not misrepresent STET's outputs.

You may not represent to any third party — including regulators, courts, investors, or counterparties — that STET's output constitutes a certified audit, regulatory attestation, or professional opinion.

Compliance Frameworks — Context and Scope

STET is designed with awareness of the following regulatory frameworks. This awareness informs our architecture and defaults but does not constitute compliance certification on STET's part or on yours.

SOX §§ 302 / 404 / 802Sarbanes-Oxley Act
  • ·§ 302 requires officers to certify the accuracy of financial reports and internal controls.
  • ·§ 404 requires management assessment and external auditor attestation of ICFR.
  • ·§ 802 requires audit records to be retained for 7 years. STET's export logs support this obligation.
  • ·STET does not satisfy § 302 or § 404 obligations. It is a tool that assists the preparatory reconciliation work leading up to those certifications.
GLBAGramm-Leach-Bliley Act
  • ·GLBA requires financial institutions to protect non-public personal information (NPI).
  • ·STET processes data in-memory with no server-side retention. Files are not persisted after the session.
  • ·GLBA's Safeguards Rule requires documented security programs. STET's architecture supports but does not replace that program.
  • ·GLBA record-retention requirements (7 years) apply to you as the institution. Export and retain your audit logs.
GDPR / UK GDPRGeneral Data Protection Regulation
  • ·If you upload files containing personal data of EU/UK residents, GDPR obligations are yours as the data controller.
  • ·STET acts as a data processor. By using STET, you confirm you have lawful basis for processing.
  • ·STET does not retain personal data after processing. No data is used for model training.
  • ·Data subject rights requests related to your Customer Data are your responsibility to fulfill.
CCPA / CPRACalifornia Consumer Privacy Act
  • ·CCPA obligations related to consumer personal information in your uploaded data are yours as the business.
  • ·STET does not sell, share, or retain consumer personal information.
  • ·California residents' data subject rights requests related to your data are your obligation to handle.
MiFID IIMarkets in Financial Instruments Directive II
  • ·MiFID II requires investment firms to maintain detailed transaction records for 5 years.
  • ·STET's export logs and audit certificates can serve as supporting documentation for your records.
  • ·STET does not replace trade reporting, best-execution documentation, or suitability assessments required under MiFID II.
  • ·Regulatory reporting obligations remain entirely yours.
PCAOB / GAAS / ISAAuditing Standards
  • ·STET does not perform audits under PCAOB, GAAS, or ISA standards.
  • ·STET's Audit Certificate is a technical record of software processing — not an auditor's report.
  • ·Audit opinions, attestations, and assurance engagements must be performed by licensed professionals under applicable standards.
  • ·STET can accelerate the reconciliation phase of an audit engagement but does not constitute or replace any phase of a statutory audit.
EU AI ActEU AI Act (Regulation 2024/1689)
  • ·STET uses a pre-trained, frozen sentence-transformer model (all-MiniLM-L6-v2) for semantic matching. This is a limited-purpose, narrowly scoped AI component.
  • ·STET's AI component produces similarity scores only. It does not make decisions, issue recommendations, or produce content.
  • ·Under the EU AI Act, STET is not classified as a high-risk AI system as defined in Annex III.
  • ·Human oversight is built into STET's workflow: all AI-assisted outputs (Pass 2.5 semantic matches) are labeled with confidence scores and require user review.
  • ·Transparency: STET discloses where AI-assisted matching is used and how it works. See the Matching Pipeline documentation.

Data Handling & Privacy

In-Memory Processing

Files are parsed, processed, and matched in memory. No uploaded data is written to a database or retained on STET's servers after your session ends.

No Model Training

Your transaction data is never used to train, fine-tune, or improve any machine learning model. The semantic matching model is pre-trained and frozen.

Encryption

Data in transit is encrypted via TLS. Account and billing data at rest is encrypted via AES-256.

Export Your Records

STET does not back up your audit logs. Export them immediately after each session. SOX and GLBA require 7-year retention — that obligation is yours, not STET's.

Full Terms of Service

Article 1 — Definitions

1.1 "Audit" — A discrete reconciliation, verification, or semantic analysis workflow executed within STET against Customer Data, producing Audit Results and, upon completion, an Audit Log.

1.2 "Audit Log" — A structured export of processing results, integrity hashes, and match/discrepancy summaries. An Audit Log is a technical record of processing performed. It is NOT an audit opinion.

1.3 "Audit Results" — Matches, discrepancy flags, confidence scores, and summary metrics produced by STET's matching engine.

1.4 "Customer Data" — All files, documents, and data uploaded by you to STET for processing.

1.5 "Deterministic Output" — Output produced by rule-based algorithms that, given identical inputs and configuration, produce byte-identical results.

1.6 "Semantic Output" — Output produced by STET's ML-assisted semantic matching (Pass 2.5). Semantic Outputs are probabilistic and require human verification before any reliance.

Article 2 — Scope of Service

STET provides: (a) deterministic transaction reconciliation; (b) document hash verification; (c) AI-assisted semantic matching (assistive only); (d) discrepancy flagging and triage; (e) audit log export.

STET expressly does NOT provide:

  • Audit opinions under any auditing standard (GAAS, ISA, PCAOB, or other)
  • Legal, regulatory, tax, or compliance advice
  • Bookkeeping, accounting services, or financial statement preparation
  • Regulatory certification or endorsement by any authority
  • Guarantees of accuracy of Customer Data or Audit Results
  • Final decision authority on business, compliance, or risk matters

Article 3 — Audit Outputs

Deterministic Outputs are reproducible given identical inputs. Semantic Outputs are probabilistic. All outputs reflect processing of Customer Data as provided — errors in your data produce errors in results.

An Audit Log is NOT: an audit opinion; a representation of data accuracy; a substitute for statutory audit; or evidence of regulatory compliance.

You are solely responsible for interpreting results and determining their suitability for your purposes.

Article 4 — Customer Responsibilities

You are solely responsible for: (a) accuracy and completeness of Customer Data; (b) having all rights to upload and process that data; (c) obtaining required consents for personal data; (d) reviewing all Audit Results before reliance; (e) all business, compliance, risk, and regulatory decisions.

STET provides information. You make decisions.

Article 5 — Acceptable Use

You shall not: upload data you are not authorized to process; misrepresent Audit Logs as statutory audits or regulatory certifications; rely solely on Semantic Outputs for regulated decisions; attempt to circumvent usage limits; use STET for illegal purposes.

Article 6 — Intellectual Property

You retain ownership of Customer Data. STET owns all rights in its software, algorithms, and interfaces. You receive a limited, non-exclusive, revocable license to use STET during your subscription.

Article 7 — Warranties & Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." STET DISCLAIMS ALL WARRANTIES INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND ACCURACY OF RESULTS.

STET DOES NOT PROVIDE AND NOTHING IN THE SERVICE CONSTITUTES AN AUDIT OPINION, ATTESTATION, ASSURANCE, OR CERTIFICATION UNDER ANY AUDITING STANDARD OR REGULATORY FRAMEWORK.

USE OF THE SERVICE DOES NOT IMPLY REGULATORY APPROVAL, CERTIFICATION, OR ENDORSEMENT.

Article 8 — Limitation of Liability

STET IS NOT LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES INCLUDING LOST PROFITS, BUSINESS INTERRUPTION, REPUTATIONAL HARM, OR COST OF SUBSTITUTE SERVICES.

STET's total aggregate liability is capped at the greater of: (a) fees paid in the 12 months preceding the claim; or (b) $100 for Free Plan users.

STET has no liability to any third party for claims arising from results shared by you, decisions made by your clients or counterparties based on results, or your representations about STET to third parties.

Article 9 — Indemnification

You shall indemnify STET from claims arising from Customer Data, your breach of these Terms, your misuse of Audit Results, or unauthorized access through your account.

Article 10 — Assumption of Risk

YOU EXPRESSLY ASSUME ALL RISKS ASSOCIATED WITH:

  • Using STET for high-stakes decisions, regulatory filings, M&A transactions, or legal proceedings
  • Discrepancies in Customer Data not detected by STET
  • Reliance on Audit Results without independent verification by qualified professionals
  • Processing sensitive, confidential, or regulated data through STET

Article 11 — No Fiduciary Duty

STET owes no fiduciary duty. The relationship is purely contractual for software services. STET is not an auditor, accountant, financial advisor, lawyer, or fiduciary.

Article 12 — AI and Machine Learning

STET's semantic matching uses a pre-trained, frozen AI model that produces probabilistic outputs. AI outputs may generate false positives or false negatives. They require human judgment to interpret. They are provided "as is" without warranty of accuracy.

You assume full responsibility for reviewing all AI-assisted outputs before reliance.

Article 13 — Governing Law & Disputes

These Terms are governed by Delaware law. Except for IP disputes, disputes are resolved by binding AAA arbitration in Wilmington, Delaware. Class action waiver applies. Claims must be filed within one (1) year of accrual.

Contact: legal@trystet.com

Article 14 — Amendments

STET may update these Terms with 30 days notice. Continued use constitutes acceptance.

By using STET, you acknowledge that you have read, understood, and agree to these Terms.

STET, Inc. · Wilmington, Delaware · legal@trystet.com

Docs|Security|Dashboard