Terms of Service
Last updated: 13 April 2026
1. Definitions
In these Terms:
- "Crown Signet", "we", "our", "us" means Crown Signet LLC, trading as VeriGRC.
- "VeriGRC" means the GRC software platform and services accessible at verigrc.com and related subdomains.
- "Customer" or "you" means the organisation or individual who has registered for or is accessing VeriGRC.
- "Authorised Users" means the employees, contractors, or agents of the Customer who are permitted to use VeriGRC under these Terms.
- "Customer Data" means all data submitted to VeriGRC by or on behalf of the Customer, including vendor assessment responses, evidence documents, and configuration data.
2. Acceptance of terms
By registering for, accessing, or using VeriGRC or verigrc.com, you agree to be bound by these Terms of Service and our Privacy Policy. If you are accepting on behalf of an organisation, you represent that you have authority to bind that organisation. If you do not agree to these Terms, do not use the services.
3. Description of services
VeriGRC is a multi-tenant, cloud-based GRC platform providing modules for third-party risk management, security ratings, external attack surface management, AI-assisted compliance, reporting, and related functions. Access is provided on a subscription basis. The specific modules and features available to a Customer depend on the subscription tier agreed with Crown Signet. Crown Signet reserves the right to modify, add, or discontinue features with reasonable notice.
4. Accounts and access
The Customer is responsible for maintaining the confidentiality of account credentials and for all activities that occur under its account. Customers must ensure that Authorised Users comply with these Terms. Account credentials must not be shared between individuals. Local human accounts require multi-factor authentication. This includes customer-organisation local accounts and vendor local accounts, and users with local accounts must complete MFA enrolment before they can sign in. Where single sign-on is configured, authentication may be handled through the customer organisation's identity provider. The Customer must notify Crown Signet immediately if they suspect unauthorised access to their account.
Vendor portal invitees may access VeriGRC only for the limited purpose of responding to assigned assessments, evidence requests, or related items made available to them.
5. Acceptable use
Customers and Authorised Users must not:
- Use VeriGRC to store, process, or transmit unlawful, harmful, or fraudulent data;
- Attempt to circumvent multi-tenant data isolation, access another tenant's data, or probe the platform for vulnerabilities without Crown Signet's written consent;
- Use VeriGRC to send unsolicited communications or engage in any activity that violates applicable law;
- Reverse-engineer, decompile, or disassemble any component of VeriGRC;
- Resell, sublicense, or make VeriGRC available to third parties other than Authorised Users and vendor portal invitees as intended by the platform.
Customers must not submit highly sensitive or regulated data — including payment card data, protected health information, government-issued identifiers, secrets, credentials, or other restricted data — unless expressly permitted in a separate written agreement.
Crown Signet reserves the right to suspend accounts found to be in breach of this section pending investigation. Crown Signet may also suspend access where needed to protect the platform, other customers, or third parties from security risk, suspected abuse, unlawful activity, or material breach.
6. Subscription and billing
Subscription fees are agreed between the Customer and Crown Signet prior to account activation. Detailed pricing is available on request. Invoices are issued in accordance with the agreed billing cycle. Late payments may result in suspension of access after reasonable notice. For enterprise customers, binding commercial terms are set out in a Master Services Agreement (MSA) which, in the event of conflict, takes precedence over these Terms.
7. Service availability and security
Crown Signet uses commercially reasonable efforts to make VeriGRC available, excluding planned maintenance, emergency maintenance, third-party outages, force majeure events, and issues outside Crown Signet's reasonable control. Any binding uptime commitments, service credits, or remedies apply only if stated in a separate MSA, order form, or SLA.
Crown Signet will notify affected customers of confirmed security incidents involving Customer Data without undue delay and in accordance with applicable law and any applicable written agreement.
8. Customer data ownership
The Customer retains all ownership of and responsibility for Customer Data. The Customer is responsible for the accuracy, legality, quality, and rights or permissions associated with Customer Data, including vendor evidence, assessment responses, uploaded documents, and integration data, and must ensure it has the rights and lawful basis needed to submit, process, and share Customer Data through VeriGRC. Crown Signet processes Customer Data to provide, secure, maintain, support, and improve the VeriGRC services, as described in our Privacy Policy and any applicable agreement. Crown Signet does not sell Customer Data. On account termination, Customer Data is available for export for 90 days, after which it is securely deleted.
9. Intellectual property
VeriGRC, including its software, workflows, user interface, documentation, designs, trademarks, and related materials, is and remains the property of Crown Signet or its licensors. These Terms do not transfer ownership of third-party technologies, open-source software, or third-party AI models. These Terms grant the Customer a limited, non-exclusive, non-transferable licence to access and use VeriGRC solely for the Customer's internal business purposes during the subscription term. No other rights are granted. Feedback or suggestions provided by the Customer may be used by Crown Signet to improve the platform without compensation or attribution.
10. Confidentiality
Each party agrees to keep the other's confidential information — including Customer Data, pricing, and technical specifications — strictly confidential and not to disclose it to third parties without prior written consent, except as required by law. Confidentiality obligations survive for three years after termination, except for trade secrets and highly sensitive information, which remain protected for as long as they remain confidential under applicable law.
11. Warranties and disclaimers
VeriGRC is provided "as is" for evaluation and free-tier accounts, without warranty of any kind. For paid subscriptions, Crown Signet warrants that VeriGRC will perform materially in accordance with its published documentation during the subscription term. Crown Signet does not warrant that the service will be error-free or uninterrupted.
VeriGRC provides software tools to support governance, risk, compliance, vendor assessment, reporting, and related workflows. VeriGRC does not provide legal, regulatory, audit, security, or professional advice. Use of VeriGRC does not guarantee compliance with any law, regulation, framework, certification, audit outcome, or security result, or the reduction or elimination of risk. Customers are responsible for reviewing outputs and making their own decisions with qualified personnel.
AI-generated outputs are provided for informational and workflow-assistance purposes only. They may be incomplete or inaccurate and must be reviewed by qualified personnel before use or reliance.
12. Limitation of liability
To the maximum extent permitted by applicable law, Crown Signet's total aggregate liability to the Customer for any claims arising under or related to these Terms shall not exceed the total fees paid by the Customer to Crown Signet in the twelve (12) months preceding the claim. In no event shall Crown Signet be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunity, even if advised of the possibility of such damages.
13. Indemnification
The Customer agrees to indemnify and hold harmless Crown Signet and its officers, directors, and employees from and against any claims, damages, and expenses (including reasonable legal fees) arising from: (a) the Customer's breach of these Terms; (b) Customer Data that infringes any third-party rights; or (c) the Customer's use of VeriGRC in violation of applicable law.
14. Termination
Either party may terminate the subscription by providing written notice in accordance with the agreed notice period (typically 30 days for monthly subscriptions and 90 days for annual subscriptions). Crown Signet may suspend or terminate access immediately if the Customer is in material breach of these Terms, including non-payment or violation of the acceptable use policy. On termination, the Customer's access to VeriGRC will cease; Customer Data will be retained for 90 days for export before secure deletion.
15. Governing law and disputes
If a separate written agreement, order form, MSA, or SLA applies, the governing law, venue, and dispute-resolution terms in that agreement control. If no separate written agreement applies, these Terms and any dispute arising out of or relating to VeriGRC will be governed by applicable law, without regard to conflict-of-law rules. Crown Signet and the Customer will first attempt to resolve disputes in good faith through written notice and reasonable business-level escalation before either party begins formal legal proceedings, except where urgent injunctive or equitable relief is needed to protect confidential information, intellectual property, security, or platform integrity.
16. Changes to these terms
Crown Signet reserves the right to update these Terms at any time. Material changes will be communicated to Customers by email at least 30 days before they take effect. Continued use of VeriGRC after the effective date of a change constitutes acceptance of the revised Terms. If you do not agree to the revised Terms, you may terminate your subscription before the effective date.
17. Contact
For questions about these Terms, contact us at support@verigrc.com or through our Contact page.