Terms of Service

1. Definitions

In these Terms:

• "Veriaxis", "we", "our", "us" means Veriaxis LLC, trading as VeriGRC.
• "VeriGRC" means the GRC software platform and services accessible at verigrc.com and related subdomains.
• "Customer" or "you" means the organisation or individual who has registered for or is accessing VeriGRC.
• "Authorised Users" means the employees, contractors, or agents of the Customer who are permitted to use VeriGRC under these Terms.
• "Customer Data" means all data submitted to VeriGRC by or on behalf of the Customer, including vendor assessment responses, evidence documents, and configuration data.

2. Acceptance of terms

By registering for, accessing, or using VeriGRC or verigrc.com, you agree to be bound by these Terms of Service and our Privacy Policy. If you are accepting on behalf of an organisation, you represent that you have authority to bind that organisation. If you do not agree to these Terms, do not use the services.

3. Description of services

VeriGRC is a multi-tenant, cloud-based GRC platform providing modules for third-party risk management, security ratings, external attack surface management, AI-assisted compliance, reporting, and related functions. Access is provided on a subscription basis. The specific modules and features available to a Customer depend on the subscription tier agreed with Veriaxis. Veriaxis reserves the right to modify, add, or discontinue features with reasonable notice.

4. Accounts and access

The Customer is responsible for maintaining the confidentiality of account credentials and for all activities that occur under its account. Customers must ensure that Authorised Users comply with these Terms. Account credentials must not be shared between individuals. Veriaxis supports multi-factor authentication for all accounts; enabling MFA for privileged roles is strongly recommended and may be required for certain subscription tiers. The Customer must notify Veriaxis immediately if they suspect unauthorised access to their account.

5. Acceptable use

Customers and Authorised Users must not:

• Use VeriGRC to store, process, or transmit unlawful, harmful, or fraudulent data;
• Attempt to circumvent multi-tenant data isolation, access another tenant's data, or probe the platform for vulnerabilities without Veriaxis's written consent;
• Use VeriGRC to send unsolicited communications or engage in any activity that violates applicable law;
• Reverse-engineer, decompile, or disassemble any component of VeriGRC;
• Resell, sublicense, or make VeriGRC available to third parties other than Authorised Users and vendor portal invitees as intended by the platform.

Veriaxis reserves the right to suspend accounts found to be in breach of this section pending investigation.

6. Subscription and billing

Subscription fees are agreed between the Customer and Veriaxis prior to account activation. Detailed pricing is available on request via the pricing page. Invoices are issued in accordance with the agreed billing cycle. Late payments may result in suspension of access after reasonable notice. For enterprise customers, binding commercial terms are set out in a Master Services Agreement (MSA) which, in the event of conflict, takes precedence over these Terms.

7. Service availability

Veriaxis targets a platform uptime of 99.5% measured monthly, excluding scheduled maintenance windows communicated with at least 48 hours notice. This availability target is indicative for free-tier and evaluation accounts; binding SLA terms and remedies for enterprise subscriptions are defined in the applicable MSA.

8. Customer data ownership

The Customer retains all ownership of and responsibility for Customer Data. Veriaxis processes Customer Data solely to provide and improve the VeriGRC services and as described in our Privacy Policy. Veriaxis does not sell Customer Data or use it for any purpose outside the scope of service delivery. On account termination, Customer Data is available for export for 90 days, after which it is securely deleted.

9. Intellectual property

VeriGRC, its underlying software, AI models, user interface, documentation, and all related intellectual property are and remain the sole property of Veriaxis. These Terms grant the Customer a limited, non-exclusive, non-transferable licence to access and use VeriGRC solely for the Customer's internal business purposes during the subscription term. No other rights are granted. Feedback or suggestions provided by the Customer may be used by Veriaxis to improve the platform without compensation or attribution.

10. Confidentiality

Each party agrees to keep the other's confidential information — including Customer Data, pricing, and technical specifications — strictly confidential and not to disclose it to third parties without prior written consent, except as required by law. This obligation survives termination of these Terms for a period of three years.

11. Warranties and disclaimers

VeriGRC is provided "as is" for evaluation and free-tier accounts, without warranty of any kind. For paid subscriptions, Veriaxis warrants that VeriGRC will perform materially in accordance with its published documentation during the subscription term. Veriaxis does not warrant that the service will be error-free or uninterrupted. AI-generated outputs from the VeriGRC AI Assistant are provided for informational purposes and should be reviewed by qualified personnel before acting on them.

12. Limitation of liability

To the maximum extent permitted by applicable law, Veriaxis's total aggregate liability to the Customer for any claims arising under or related to these Terms shall not exceed the total fees paid by the Customer to Veriaxis in the twelve (12) months preceding the claim. In no event shall Veriaxis be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunity, even if advised of the possibility of such damages.

13. Indemnification

The Customer agrees to indemnify and hold harmless Veriaxis and its officers, directors, and employees from and against any claims, damages, and expenses (including reasonable legal fees) arising from: (a) the Customer's breach of these Terms; (b) Customer Data that infringes any third-party rights; or (c) the Customer's use of VeriGRC in violation of applicable law.

14. Termination

Either party may terminate the subscription by providing written notice in accordance with the agreed notice period (typically 30 days for monthly subscriptions and 90 days for annual subscriptions). Veriaxis may suspend or terminate access immediately if the Customer is in material breach of these Terms, including non-payment or violation of the acceptable use policy. On termination, the Customer's access to VeriGRC will cease; Customer Data will be retained for 90 days for export before secure deletion.

15. Governing law and disputes

These Terms are governed by and construed in accordance with the laws of {{GOVERNING_LAW_JURISDICTION}}. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the courts of {{GOVERNING_LAW_JURISDICTION}}. For enterprise customers, the dispute resolution mechanism specified in the applicable MSA takes precedence.

16. Changes to these terms

Veriaxis reserves the right to update these Terms at any time. Material changes will be communicated to Customers by email at least 30 days before they take effect. Continued use of VeriGRC after the effective date of a change constitutes acceptance of the revised Terms. If you do not agree to the revised Terms, you may terminate your subscription before the effective date.

17. Contact

For questions about these Terms, contact us at legal@verigrc.com or via the contact page.