Terms and Conditions

These Terms and Conditions ("Terms") govern your use of the SynkVault SaaS compliance platform ("Service"), including all features, tools, workflows, and optional assurance services provided by SynkVault Limited ("Company," "we," "us," "our").

By accessing or using the Service, you agree to be bound by these Terms. If you do not agree to any part of these Terms, you must not use the Service.

If you are using the Service on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these Terms.

2.1 Overview

SynkVault is a cloud-based compliance readiness platform designed for small, medium, and public-sector organisations. The Service guides readiness across:

• ISO 27001 (Information Security Management)
• Cyber Essentials (Cyber Security Certification)
• AI Governance (Responsible AI deployment)

The Service provides:

• AI-driven compliance workflows to structure readiness activities
• Automated evidence capture and document management
• Compliance checks and readiness assessments
• Regulatory mapping and control alignment
• Optional assurance services via a curated network of experienced consultants
• Audit-ready reporting and compliance documentation

2.2 Limitations

The Service provides guidance and readiness support, not legal or professional audit advice. The Company does not guarantee that using the Service will result in successful certification, compliance with any regulation, or passing any external audit.

Compliance outcomes depend on your organisation's implementation, control environment, and adherence to applicable frameworks. Optional assurance services provided through the consultant network are supplied by independent third parties and are subject to separate engagement agreements.

3.1 Eligibility

You must be:

• At least 18 years old
• Authorised to enter into binding agreements on behalf of your organisation
• Not subject to sanctions, export controls, or legal restrictions prohibiting use of the Service

3.2 Account and Credentials

You are responsible for:

• Maintaining the confidentiality of all login credentials and access tokens
• All activities that occur under your account
• Notifying us immediately of any unauthorised access or security breach
• Ensuring that all information provided during registration and ongoing use is accurate and complete

The Company is not liable for unauthorised access resulting from your failure to protect account credentials.

3.3 Prohibited Uses

You agree not to:

• Use the Service for any illegal purpose or in violation of any applicable law or regulation
• Access, disrupt, or interfere with the Service's security, systems, or infrastructure
• Reverse-engineer, decompile, or attempt to derive the source code or trade secrets
• Use the Service to develop competing products or services
• Transmit malware, viruses, or any code intended to harm systems or data
• Attempt to gain unauthorised access to other users' accounts or data
• Use automated tools, bots, or scrapers without written permission
• Misrepresent your identity or organisation
• Harass, defame, or infringe the rights of any third party

4.1 Company Ownership

All intellectual property in the Service—including software, workflows, algorithms, designs, documentation, and AI models—is owned by the Company or its licensors. Your use constitutes a non-exclusive, non-transferable, revocable licence to access and use the Service solely as permitted by these Terms and for your organisation's internal compliance purposes.

4.2 Your Content and Data

You retain all intellectual property rights in data, documents, and evidence you upload or create within the Service ("Your Data"). By uploading or creating content, you grant the Company a royalty-free, worldwide licence to:

• Store, process, and maintain Your Data
• Comply with legal obligations and respond to lawful requests

4.3 Feedback

Any feedback, suggestions, or feature requests you provide to the Company may be used freely without compensation or attribution.

5.1 Data Handling

The Company processes Your Data in accordance with the Privacy Policy, applicable data protection laws (including GDPR, UK GDPR, and applicable local regulations), and SynkVault's Data Processing Agreement ("DPA").

By using the Service, you consent to the processing of Your Data as described in the Privacy Policy and DPA. If you process personal data of data subjects (employees, customers, etc.), you are the Data Controller and must:

• Obtain necessary consents and legal basis for processing
• Ensure a lawful DPA is executed with the Company
• Maintain records of processing activities
• Implement appropriate security measures

5.2 Data Retention and Deletion

Your information remains securely stored throughout your active subscription period. Following subscription termination, we maintain your data for 90 days—or the specific timeframe outlined in your service agreement—to ensure proper backup procedures and complete secure removal from our systems.

Should you need to remove specific information earlier, simply contact our support team. We'll process your deletion request within seven business days.

In limited cases where regulatory or legal obligations require us to preserve certain records, we'll retain only what's necessary to meet those compliance requirements.

5.3 Subprocessors

The Company may engage third-party service providers (cloud providers, security vendors, analytics) to process Your Data. A current list of subprocessors is available upon request.

6.1 Audit Trail and Evidence

The Service maintains an automated audit trail of activities, changes, and evidence submissions. You acknowledge that:

• The audit trail may be used in demonstrating compliance to external auditors, regulators, or assessors
• The Company does not guarantee that the audit trail alone satisfies regulatory requirements; you remain responsible for supplementary documentation and controls
• The Service generates readiness assessments and reports for your use; you are responsible for validation and accuracy

6.2 External Audits and Assessments

You are responsible for:

• Engaging external auditors or assessors (e.g., ISO 27001 auditors, Cyber Essentials assessors)
• Providing them access to SynkVault-generated evidence as needed (subject to your organisation's confidentiality obligations)
• Obtaining appropriate confidentiality and liability waivers from auditors before sharing Service reports

6.3 Regulatory Compliance

The Service is designed to support compliance readiness but does not guarantee compliance with ISO 27001, Cyber Essentials, AI governance frameworks, or any regulation. Regulatory compliance is your organisation's responsibility.

7.1 Fees and Billing

Fees for the Service are stated in your subscription agreement or order confirmation. Fees are billed according to the billing cycle you select (monthly, annual, or custom). All fees are exclusive of applicable sales tax, VAT, or GST unless otherwise stated.

7.2 Payment Terms

Payment is due within 30 days of invoice unless otherwise agreed. Late payments may result in suspension of the Service at the Company's discretion.

7.3 Changes to Fees

The Company may change fees upon 30 days' written notice. Continued use of the Service after notice constitutes acceptance of new fees. If you do not accept new fees, you may terminate your subscription without penalty.

7.4 Refunds

Refunds are calculated on a pro-rata basis for any unused portion of your subscription term. If you cancel before your term ends, you'll receive a refund proportional to the remaining days of service.

For subscriptions purchased with promotional pricing or term-based discounts (such as annual subscriptions), refunds are calculated using our standard monthly rate. We deduct the value of services already consumed at the monthly rate from your total payment, then refund the balance. This ensures fair compensation whilst recognising the promotional benefit you received during your active service period.

Refund processing typically completes within 14 business days of your cancellation request.

8.1 Disclaimer

The Service is provided "as is" and "as available" without warranties of any kind, express or implied. The Company disclaims:

• Warranties of merchantability, fitness for a particular purpose, or non-infringement
• Warranties that the Service is error-free, secure, uninterrupted, or will meet your requirements
• Warranties regarding the accuracy, completeness, or timeliness of compliance guidance or automated checks

8.2 Caps on Liability

To the maximum extent permitted by law, the Company's total liability arising from or relating to these Terms or the Service shall not exceed one hundred and thirty five percent (135%) of the amount you paid for the Service in the 12 months preceding the claim. This cap applies to all claims, whether in contract, tort, negligence, strict liability, or otherwise.

8.3 Exclusions

In no event shall the Company be liable for:

• Indirect, incidental, special, consequential, or punitive damages
• Loss of profits, revenue, data, or business opportunity
• Any claim arising from your failure to implement recommended controls
• Any claim arising from third-party services, consultant conduct, or external assessments

8.4 Essential Terms

Nothing in these Terms limits or excludes our liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be limited or excluded under applicable law.

Company Indemnification

The Company agrees to indemnify, defend, and hold harmless you, your officers, directors, employees, and agents from and against any claims, damages, losses, costs, and liabilities (including reasonable legal fees) arising from or related to:

• Infringement of third-party intellectual property rights by the Service itself (excluding Your Data or third-party integrations)
• The Company's breach of these Terms
• The Company's gross negligence or willful misconduct in providing the Service
• The Company's violation of applicable data protection laws in its role as a data processor

Your Indemnification Obligations

You agree to indemnify, defend, and hold harmless the Company, its officers, directors, employees, and agents from and against any claims, damages, losses, costs, and liabilities (including reasonable legal fees) arising from or related to:

• Your use of the Service in violation of these Terms or applicable law
• Your Data or content you upload, including infringement of third-party intellectual property rights
• Your organisation's failure to comply with applicable regulations or frameworks
• Claims by data subjects or regulators relating to your processing of personal data (in your capacity as data controller)
• Your engagement with third-party consultants or external auditors

Indemnification Process

The indemnified party must:

• Promptly notify the indemnifying party in writing of any claim
• Provide reasonable cooperation in the defence
• Grant the indemnifying party sole control of the defence and settlement, provided such settlement does not impose obligations on the indemnified party without consent

10.1 Confidential Information

Each party agrees to maintain the confidentiality of the other party's non-public information and to use it solely to perform obligations or exercise rights under these Terms.

10.2 Exceptions

Confidentiality obligations do not apply to information that:

• Is publicly available through no breach by the receiving party
• Was rightfully obtained prior to disclosure
• Is independently developed without reference to the other party's information
• Is lawfully required to be disclosed by court order, regulation, or regulatory authority (with advance notice to allow opportunity to seek protection)

10.3 Company Confidential Information

You agree that the Service, algorithms, workflows, and AI models are the Company's confidential information. You shall not disclose them to third parties except as necessary for your use of the Service.

11.1 Term

Your subscription begins on the date you accept these Terms and continues for the billing period you selected, automatically renewing unless either party terminates in writing.

11.2 Termination for Convenience

Either party may terminate the subscription at the end of any billing period with 30 days' written notice. Upon termination for convenience, the Company will not refund fees for the current period.

11.3 Termination for Cause

The Company may terminate immediately without refund if you:

• Materially breach these Terms and do not cure the breach within 15 days of written notice
• Engage in prohibited use or misuse of the Service
• Fail to pay fees for more than 30 days past due
• Violate applicable law or become subject to regulatory enforcement

11.4 Effect of Termination

Upon termination:

• Your right to use the Service ceases immediately
• You remain liable for all fees accrued through the termination date
• The Company will delete Your Data within 90 days unless legally required to retain it
• Provisions relating to intellectual property, confidentiality, indemnification, and limitation of liability survive termination

12.1 Service Availability

The Company uses commercially reasonable efforts to maintain Service availability and security. However, we do not guarantee uninterrupted access due to maintenance, updates, technical issues, or external factors beyond our control.

12.2 Automated Checks and AI Guidance

The Service uses AI-driven algorithms to generate compliance checks, guidance, and assessments. You acknowledge that:

• AI systems may produce errors, false positives, or incomplete recommendations
• You are responsible for reviewing, validating, and interpreting all guidance before relying on it for compliance decisions
• The Company does not warrant the accuracy or completeness of AI-generated content
• Human oversight and consultant assurance services are optional and do not guarantee compliance outcomes

12.3 No Certification Guarantee

The Service does not guarantee successful certification, audit pass, or regulatory approval. Outcomes depend on your organisation's control implementation and adherence to applicable frameworks.

13.1 Governing Law

These Terms are governed by and construed in accordance with the laws of England and Wales, without regard to its conflict-of-laws principles.

13.2 Jurisdiction

Both parties consent to the exclusive jurisdiction of the courts of England and Wales for any dispute arising from these Terms.

13.3 Escalation and Informal Resolution

Before initiating legal proceedings, the parties agree to attempt to resolve disputes through good-faith negotiation between senior representatives. If negotiation does not resolve the dispute within 30 days, either party may pursue legal remedies.

14.1 Entire Agreement

These Terms, together with the Privacy Policy, Data Processing Agreement, and any order confirmation, constitute the entire agreement between you and the Company regarding the Service and supersede all prior understandings, agreements, and communications, whether written or oral.

14.2 Amendment

The Company may amend these Terms at any time by posting updated terms on the Service. Amendments become effective 30 days after posting. Your continued use of the Service after 30 days constitutes acceptance. If you do not accept amendments, you may terminate your subscription.

14.3 Severability

If any provision of these Terms is held invalid or unenforceable, the remaining provisions continue in full force, and the invalid provision is modified to the minimum extent necessary to make it valid.

14.4 No Waiver

The failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

14.5 Assignment

General Assignment: Neither party may assign or transfer its rights or obligations under these Terms without the other party's prior written consent, which shall not be unreasonably withheld.

Permitted Assignments: Either party may assign these Terms without consent in connection with:

• A merger, consolidation, or sale of substantially all assets
• Transfer to an affiliate or subsidiary
• Corporate reorganisation or restructuring

Customer Protections: If the Company assigns these Terms to a non-affiliate third party, and such assignment materially diminishes the Service quality or your rights under these Terms, you may terminate the agreement with thirty (30) days' written notice and receive a pro-rata refund for any prepaid, unused services.

Notice Requirement: The assigning party shall provide written notice of any assignment within thirty (30) days of the effective date.

14.6 Notices

All notices must be in writing and sent to the address specified on the Service website or to your registered organisation email. Notices are effective upon receipt.

14.7 Third-Party Beneficiaries

No third party has rights under these Terms except as expressly stated (e.g., indemnified parties in Section 9).

14.8 Relationship

Nothing in these Terms creates a partnership, joint venture, or agency relationship between the parties. You are not authorised to represent or bind the Company.

For questions about these Terms, requests for clarification, or disputes, please contact: