Terms of Service — ComplianceAgent UK

1. Agreement to Terms

By accessing or using ComplianceAgent UK ("the Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree, you must not use the Service. These Terms constitute a legally binding agreement between you ("User", "you") and ComplianceAgent UK ("we", "us", "our").

2. Description of the Service

ComplianceAgent UK provides an AI-powered compliance scanning service that connects to your Microsoft 365 or Google Workspace account via OAuth to:

Scan emails and documents for PII exposure, phishing threats, and data handling risks.
Generate compliance scores mapped to UK GDPR, NIS2 Directive, and DORA.
Provide remediation recommendations and downloadable compliance reports.

3. Eligibility

You must be at least 18 years old and have the legal authority to bind yourself or your organisation to these Terms. By using the Service, you represent that you meet these requirements and have the authority to grant us access to the workspace accounts you connect.

4. Account Registration

You create an account by signing in with your Microsoft or Google account.
You are responsible for maintaining the security of your account credentials and OAuth authorisations.
You must notify us immediately of any unauthorised access to your account.
We reserve the right to suspend or terminate accounts that violate these Terms.

5. Permitted Use

You agree to use the Service only for its intended purpose: assessing your organisation's compliance posture. You must not:

Use the Service to access or scan accounts you do not own or have authority over.
Attempt to reverse-engineer, decompile, or extract source code from the Service.
Use the Service for any unlawful purpose or in violation of any applicable regulation.
Attempt to bypass rate limits, security controls, or access restrictions.
Resell, sublicence, or redistribute access to the Service without our written consent.
Use automated tools (bots, scrapers) to access the Service beyond the provided API.

6. Data Access & OAuth Permissions

When you connect your workspace, you grant us read-only OAuth access to your emails and files for the purpose of compliance scanning. We:

Access only the data necessary to perform compliance scans.
Do not modify, delete, or send data on your behalf.
Encrypt OAuth tokens at rest and transmit all data over TLS.
Allow you to revoke access at any time via your Microsoft/Google account settings or by deleting your ComplianceAgent UK account.

7. Subscription Plans & Payment

Free Tier: Includes a limited number of scans per month at no cost.
Paid Plans (Pro, Enterprise): Provide additional features, increased scan limits, and priority support.
Payments are processed securely by Stripe. We do not store your payment card details.
Paid subscriptions renew automatically each billing period unless cancelled.
You may cancel at any time; access continues until the end of the current billing period.
Refunds are available within 14 days of initial purchase if you have not performed a scan.

8. Intellectual Property

The Service, including its design, code, AI models, and branding, is owned by ComplianceAgent UK and protected by intellectual property laws. You retain ownership of your data; we claim no ownership over your workspace content or scan results. You are granted a limited, non-exclusive, non-transferable licence to use the Service for its intended purpose.

9. AI-Generated Content Disclaimer

The compliance findings, scores, and remediation recommendations provided by the Service are generated by AI and are intended as informational guidance only. They do not constitute legal, financial, or regulatory advice. You should:

Not rely solely on our outputs for regulatory compliance decisions.
Consult qualified legal or compliance professionals for formal assessments.
Understand that AI analysis may produce false positives or miss certain issues.

10. Limitation of Liability

To the fullest extent permitted by applicable law:

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied.
We do not warrant that the Service will be uninterrupted, error-free, or free from security vulnerabilities.
We shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service.
Our total liability for any claim arising from the Service shall not exceed the amount you paid us in the 12 months preceding the claim, or £100, whichever is greater.
We are not liable for regulatory penalties, fines, or enforcement actions that may result from compliance gaps our Service did or did not identify.

11. Indemnification

You agree to indemnify and hold harmless ComplianceAgent UK from any claims, damages, losses, or expenses (including legal fees) arising from your use of the Service, your violation of these Terms, or your violation of any third party's rights.

12. Service Availability

We strive to maintain high availability but do not guarantee uninterrupted service. We may perform maintenance, updates, or experience downtime. We will endeavour to provide notice of planned maintenance. Free tier users may experience reduced performance during peak usage periods.

13. Account Termination

You may delete your account at any time via the application dashboard. This permanently removes all your data (UK GDPR Article 17).
We may suspend or terminate your account if you violate these Terms, with or without notice.
Upon termination, your right to use the Service ceases immediately.

14. Changes to Terms

We may update these Terms from time to time. Material changes will be communicated via email or a notice within the application at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.

15. Governing Law & Disputes

These Terms are governed by the laws of England and Wales. Any disputes arising from these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of England and Wales.

16. Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

17. Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and ComplianceAgent UK regarding your use of the Service.

18. Contact Us

For questions about these Terms, please contact:
hello@complianceagent.uk