Terms of service

FireTun is operated and offered by Eer Technology SPA (hereinafter, “Eer Technology”, “the Company” or “we”), a Chilean SpA (Sociedad por Acciones, a stock corporation under Chilean law) duly incorporated and existing under the laws of the Republic of Chile. References in this document to “FireTun” (the “Platform” or the “Service”) shall be understood as provided by Eer Technology SPA.

FireTun provides a zero trust network access solution (ZTNA VPN) together with zero touch identity and device provisioning mechanisms (ZTP). In practical terms, we enable our customers to define who can reach which resources of their organization, verify the state of connecting devices, log all activity, and manage onboarding and offboarding of users in an automated fashion.

The contract becomes effective when the customer expressly accepts these terms during the registration flow and pays for the corresponding plan. From that moment, customer and FireTun are bound by this document, the privacy policy, the refund policy and any annex the parties have signed.

• Customer: natural person or legal entity that subscribes to the Service.
• End users:employees, collaborators or persons authorized by the Customer who use the Platform to access the Customer's corporate resources.
• Tenant: logically isolated environment within the Platform, allocated to a Customer, containing its users, policies, devices and data.
• Dedicated tenant: configuration in which the Customer has additional exclusive infrastructure resources, with associated costs and minimum contracting terms.
• Agent: client software that the end user installs on their device to connect to the tenant of their organization.
• DPA: Data Processing Agreement between the Customer (as data controller) and Eer Technology (as data processor), in compliance with the GDPR and Chilean Law 21,719.

The Service runs on cloud infrastructure operated by FireTun. Customers manage their configuration through a web admin panel and, when applicable, through programmatic interfaces. The Service includes, depending on the contracted plan: user and group management, definition of access policies, device management with posture verification, generation of connection configurations, audit logging, security alerts and operational support.

FireTun reserves the right to modify, add to, or discontinue Service functionality, while preserving the essential usefulness contracted. Significant changes will be communicated with reasonable advance notice.

The Customer is solely responsible for maintaining the confidentiality of its admin panel credentials, as well as those of its end users. Any activity performed within the Customer's tenant is presumed to be performed by the Customer or persons authorized by it.

To the maximum extent permitted by applicable law, FireTun's liability is limited in connection with the theft, loss, leakage or misuse of credentials occurring outside the Platform's systems. This includes, without limitation, cases where a Customer's employee shares their password with third parties, falls for a targeted phishing attack, uses a weak password or reuses credentials originating from compromised external services. The Platform offers robust authentication mechanisms — including multi-factor authentication, key rotation and suspicious pattern detection — but its liability for incidents originating outside its technical and operational perimeter is limited to what applicable law allows.

The Customer agrees to notify FireTun immediately of any suspicion of unauthorized access so that we can take appropriate measures.

The Platform enables remote access to the Customer's resources but does not provide or license the software the Customer installs or runs within its own infrastructure, nor the operating systems, applications or services accessed through the Service.

To the maximum extent permitted by applicable law, FireTun assumes no liability for the Customer's use of third-party software licenses, nor for the legal, financial or administrative consequences arising from mis-licensed deployments, expired licenses, misapplied licenses, purchase or renewal errors, or any other situation related to third-party licensing outside the Platform. The Customer is solely responsible for ensuring that it holds the licenses necessary for all software it runs, accesses, transmits or processes through the Service.

Protecting our customers' data is a cornerstone of the Service. We apply every reasonable technical and organizational measure within our reach to safeguard information. Such measures include, but are not limited to:

• Strict logical separation between tenants so that one Customer's information and operations cannot be accessed by another.
• Encryption of information at rest using per-customer independent keys, managed through a secure custody system. Even if, hypothetically, an attacker obtained access to a Customer's stored data, they could not decrypt the data belonging to another.
• Encryption of all communications between end-user devices, connection agents and the Service's servers, using modern protocols and secure-by-default configurations.
• Role-based access control, mandatory multi-factor authentication for sensitive operations, and a least-privilege principle applied both to FireTun personnel and to Customer administrators.
• Audit logging of all relevant actions in the panel and in the network plane, with sufficient retention to investigate any incident.
• Continuous monitoring of the infrastructure, anomaly detection and incident response according to documented procedures.

Data Processing Agreement (DPA). Where the Customer processes personal data through the Service, a Data Processing Agreement (DPA) is available upon request at privacy@firetun.com and forms an integral part of these Terms. The DPA complies with Article 28 of the General Data Protection Regulation (GDPR), with Chilean Law 21,719 on personal data protection, and with applicable equivalent regulations.

Subprocessors. FireTun relies on trusted infrastructure providers to deliver the Service. The current list of authorized subprocessors — including compute, network, transactional email, key custody and payment-processing providers — is published at /subprocessors. We will notify the Customer with reasonable advance notice of any addition or change of subprocessor with access to personal data.

Despite these measures, no digital platform can guarantee absolute security. FireTun does everything within its reach to prevent information leaks and to maintain isolation among the different customers of the Platform, but cannot assume unlimited liability for force majeure events (Section 14), extraordinarily sophisticated third-party attacks or malicious conduct beyond its control. See our Security page for additional descriptions of our practices.

The Customer agrees to use the Service only for lawful purposes and in accordance with applicable regulations. The following is expressly prohibited:

• Using the Platform to commit, facilitate or conceal crimes, including fraud, attacks against third parties, distribution of malware or infringement of intellectual property.
• Reverse engineering the Service, attempting to circumvent the isolation or encryption mechanisms, or exploiting vulnerabilities without written authorization from FireTun.
• Using the Service to conceal activities for the purpose of evading sanctions, embargoes or legal proceedings.
• Interfering with the normal operation of the Service, whether intentionally or through negligence (for example, through disproportionate or abusive resource consumption).

Failure to comply with these obligations may result in immediate suspension of the Service and termination of the contract, without any right to refund for services already rendered.

FireTun uses commercially reasonable efforts to ensure continuous availability of the Service. Nonetheless, interruptions may occur due to scheduled maintenance, security updates, failures of infrastructure providers or force majeure events (defined in Section 14). When possible, maintenance windows will be communicated in advance and executed during low-impact hours.

Service level agreements (SLA) with specific percentage commitments apply only to the plans that expressly include them in their commercial description or in a signed annex between the parties.

Some Service features may be designated as “beta”, “preview” or “early access”. These features are provided “as-is”, without warranties of fitness for a particular purpose and are expressly excluded from any service level commitments (SLA). The Customer assumes the risk of using such features and acknowledges that they may be modified, restricted or removed at any time without giving rise to any right to compensation or refund.

Plan prices are published on the pricing page. Unless expressly stated otherwise, prices are denominated in United States Dollars (USD). Charges are billed in advance according to the selected billing period (monthly or annual). The Customer authorizes Eer Technology to charge the corresponding amount through the registered payment method. In case of non-payment, the Service may be suspended after a reasonable notice period.

Merchant of Record for international payments. For all orders processed through Paddle, Paddle.com Market Ltd and/or Paddle.com Inc. act as the Merchant of Record (MoR). In that capacity, Paddle handles billing, the collection and remittance of applicable taxes, and customer payment inquiries. For payments processed in Latin America via MercadoPago, Eer Technology SPA acts directly as the issuing entity of the invoice.

Applicable taxes will be itemized on the corresponding receipt or added by the Merchant of Record at checkout, in accordance with the tax regulations applicable to the Customer's jurisdiction.

The refund policy is detailed in a separate document available at Refund policy. By subscribing to the Service, the Customer acknowledges having read and accepted that policy, which provides a general 14-calendar-day full-refund window from the first payment, in addition to country-specific statutory periods where applicable.

To the maximum extent permitted by applicable law, the aggregate liability of FireTun and Eer Technology SPA toward the Customer for any matter related to the Service (whether contractual, extra-contractual or otherwise) shall be limited to the amount effectively paid by the Customer during the twelve months immediately preceding the event giving rise to the claim.

In no event shall FireTun be liable for indirect or consequential damages, lost profits, data losses attributable to third-party acts beyond its control, reputational damages or any other loss that does not arise directly and immediately from its own willful or grossly negligent breach.

This limitation does not exclude liability for willful misconduct or for cases where applicable law expressly prohibits its limitation (for example, damages arising from personal injury caused by gross negligence).

The Customer agrees to indemnify, defend and hold harmless Eer Technology SPA, its affiliates, officers, directors, employees and agents, from and against any claim, demand, damage, cost or expense (including reasonable attorneys' fees) arising from: (i) the use of the Service by the Customer or its end users in violation of these Terms or applicable law; (ii) breach of the Acceptable Use Policy (Section 7); (iii) the traffic, content or activity routed through the Customer's tenant that infringes third-party rights, including intellectual property or privacy rights; or (iv) any data or content uploaded to or processed through the Service by the Customer or its end users that infringes the law or third-party rights.

Eer Technology will promptly notify the Customer of any claim giving rise to this obligation, will allow the Customer to reasonably direct its defense and will cooperate as needed.

Neither party shall be liable for failure or delay in performance under this contract caused by events beyond its reasonable control, including, without limitation: natural disasters, acts of war or terrorism, civil unrest, supervening governmental or regulatory actions, extended failures of infrastructure or telecommunications providers, pandemics, general strikes, mass cyber-attacks against the underlying infrastructure, or export restrictions or sanctions affecting the Service.

The affected party shall notify the other party as promptly as possible and shall resume performance as soon as the circumstances reasonably allow.

All intellectual and industrial property rights over the Platform, its code, its documentation, its trademarks, its designs and its components belong to Eer Technology SPA or its licensors. The contract does not transfer any intellectual property rights to the Customer, beyond the limited, non-exclusive, non-transferable and revocable license of use necessary to use the Service during the term of the contract.

Conversely, the data and content that the Customer uploads to the Platform remain the property of the Customer. FireTun claims no ownership over them and processes them only to provide the Service in accordance with the privacy policy and, where applicable, the DPA.

Both parties undertake to treat as confidential all non-public information received from the other under this contract, to use it only for the intended purposes, and to protect it with the same level of care they apply to their own confidential information. This obligation shall survive for two years after the termination of the contract.

The contract has the duration of the contracted plan (monthly or annual) and will automatically renew for equivalent periods unless the Customer cancels the subscription.

The Customer may cancel the subscription at any time from the admin panel or from the “Manage subscription” link in the payment receipt. Cancellation takes effect at the end of the paid billing period: the Customer keeps access to the Service until that date and no new charges are generated thereafter. No advance notice is required to cancel.

Eer Technology may terminate the contract for material breach by the Customer, persistent non-payment, misuse of the Service or legal requirement.

Data export and deletion. Upon termination of the contract, the Customer will have a period of thirty (30) days to export its data through the tools available in the admin panel. After ninety (90) days from termination, the Customer's data will be permanently deleted, except where a legal retention obligation (tax, accounting or data protection) requires a longer period; in such case, the data will be kept under minimum legal retention and deleted upon the end of the obligation.

The following sections of these Terms shall survive any termination or expiration of the contract and shall continue to be fully enforceable between the parties:

• Section 4 — Accounts and credential responsibility.
• Section 6 — Data protection, DPA and subprocessors.
• Section 12 — Limitation of liability.
• Section 13 — Customer indemnification.
• Section 14 — Force majeure.
• Section 15 — Intellectual property.
• Section 16 — Confidentiality.
• Section 17 — Data export and deletion timelines.
• Section 20 — Governing law and jurisdiction.

Eer Technology may update these terms to reflect legal, operational or product changes. Substantial modifications will be communicated to the Customer at least thirty (30) daysin advance through the following channels combined: (i) email to the registered contact address and (ii) a persistent banner in the admin panel. Minor or non-substantive corrections will be published on this page with their last update date. Continued use of the Service after the new terms enter into force constitutes acceptance thereof, without prejudice to the Customer's right to cancel the subscription.

This contract is governed by the laws of the Republic of Chile, without prejudice to the imperative application of the European data protection regulation (GDPR) where appropriate due to the data subject or the processing. The parties submit to the competent courts of the city of Santiago, Chile, for any dispute arising from the contract, except where applicable consumer protection law requires another jurisdiction in favor of the consumer.

Prevailing language. These Terms are published in Spanish and English. In case of interpretive discrepancy between the versions, the Spanish version shall prevail, except where the Customer is a consumer protected by legislation that requires the prevailing application of the version in their local language, in which case that version shall prevail.

If any clause of these terms is found to be null or unenforceable, the remaining clauses shall retain full force and the affected clause shall be replaced by another that, complying with the law, reflects the parties' original intent to the greatest extent possible. Tolerance by one party of a breach by the other shall not be deemed a waiver of future compliance. The Customer may not assign the contract without the prior written consent of Eer Technology.

FireTun is operated by Eer Technology SPA, a Chilean SpA (Sociedad por Acciones) incorporated under the laws of the Republic of Chile. For any contractual or legal matter regarding these terms, write to legal@firetun.com. For privacy, DPA and subprocessor matters, the channel is privacy@firetun.com. For operational and support matters, the channel is support@firetun.com.