Sentyra Legal

Terms of Service

These Terms of Service govern access to and use of the Sentyra platform and related services. They form an agreement between you (or the organisation you represent) and the provider of Sentyra.

Status: Draft · Effective date: [[effective date]] · Provider: [[Company legal name]]

1. Agreement to terms

These Terms of Service (the “Terms”) are entered into by and between [[Company legal name]](the “Provider”, “we”, “us”, or “Sentyra”) and the customer that accepts these Terms (the “Customer” or “you”). By creating an account, accessing, or using the Service, you agree to be bound by these Terms. If you are entering into these Terms on behalf of an organisation, you represent that you have authority to bind that organisation.

If you do not agree to these Terms, you may not access or use the Service.

2. Definitions

  • “Service” means the Sentyra agentic governance, risk, and compliance platform, including its web application, APIs, agents, and related features made available to you.
  • “Customer Data” means data, documents, evidence, and content that you or your authorised users submit to, or that the Service collects on your instruction from connected systems, in the course of using the Service.
  • “Authorised User” means an individual you permit to use the Service under your account.
  • “Documentation” means the usage guides and technical materials we make available for the Service.

3. The service

Sentyra helps organisations operate compliance programs by automating evidence collection, mapping controls across frameworks (including DPDPA, SOC 2, GDPR, ISO 27001, HIPAA, and PCI DSS), running generator-verifier agent checks, and producing audit-ready reports. Evidence artifacts are hashed (SHA-256) and cryptographically signed (Ed25519) so that their integrity can be independently verified.

The Service is a tool, not a certification or legal advice. Sentyra does not itself audit, certify, or attest to your compliance, and using Sentyra does not guarantee that you will pass any audit or satisfy any regulator. Framework names are referenced only to describe the controls and evidence the Service helps you organise. You remain responsible for your own compliance obligations and for engaging qualified auditors and advisors.

4. Accounts & eligibility

  • You must provide accurate account information and keep it current.
  • You are responsible for safeguarding credentials and for all activity under your account and Authorised Users.
  • You must promptly notify us of any unauthorised use of your account.
  • The Service is intended for organisational and business use; you must be legally capable of entering into a binding contract to use it.

5. Acceptable use

You agree not to, and not to permit any Authorised User to:

  • use the Service in violation of applicable law or third-party rights;
  • upload malicious code, or attempt to gain unauthorised access to the Service or other customers' data;
  • probe, scan, or test the vulnerability of the Service, or circumvent any security or authentication measures, except under a written authorisation from us;
  • reverse engineer, decompile, or attempt to derive source code except to the extent this restriction is prohibited by applicable law;
  • resell, sublicense, or provide the Service to third parties except as expressly permitted;
  • use the Service to fabricate, backdate, or misrepresent compliance evidence, or to present unverified assertions as verified — conduct fundamentally incompatible with the integrity purpose of the Service;
  • interfere with or disrupt the integrity or performance of the Service.

We may suspend access where we reasonably believe continued use poses a security risk, violates these Terms, or exposes us or others to legal liability, and will use reasonable efforts to notify you.

6. Customer data & your responsibilities

As between the parties, you retain all rights in Customer Data. You grant us a limited, non-exclusive licence to host, process, and use Customer Data solely to provide and support the Service, to maintain its security and integrity, and as otherwise instructed by you.

  • You are responsible for the accuracy, quality, and legality of Customer Data and for the means by which you acquired it.
  • Where Customer Data includes personal data, our processing is governed by the Privacy Policy and, where applicable, a Data Processing Agreement between the parties.
  • You must ensure you have the necessary rights, notices, and lawful grounds to connect third-party systems and submit data to the Service.
  • You are responsible for configuring the Service, scoping controls, and reviewing agent output before relying on it.

7. Third-party integrations

The Service can connect to third-party systems (for example source control, cloud, identity, and collaboration providers) that you authorise. Your use of those systems is governed by their own terms. We are not responsible for third-party services, and their availability or changes may affect Service functionality. Credentials you provide for integrations are encrypted at rest and used only to perform the collection tasks you configure.

8. Intellectual property

The Service, including its software, agents, models, user interfaces, and Documentation, and all related intellectual property rights, are and remain owned by us and our licensors. We grant you a limited, non-exclusive, non-transferable, revocable right to access and use the Service during the term, subject to these Terms. No rights are granted except as expressly stated.

If you provide feedback or suggestions, you grant us a perpetual, royalty-free licence to use them to improve the Service, without obligation to you.

9. Fees & payment

Fees, billing frequency, and payment terms are as set out in an applicable order form, plan description, or written agreement between the parties ([[pricing / order form reference]]). Unless stated otherwise, fees are exclusive of taxes, which are your responsibility. Except where required by law or expressly agreed, fees are non-refundable.

10. Confidentiality

Each party may receive confidential information of the other. The receiving party will use the disclosing party’s confidential information only to perform under these Terms, will protect it with at least reasonable care, and will not disclose it except to personnel and contractors bound by confidentiality obligations. This does not apply to information that is public through no fault of the receiving party, independently developed, or required to be disclosed by law (with notice where permitted).

11. Warranties & disclaimers

Each party warrants that it has the authority to enter into these Terms. We will provide the Service with reasonable skill and care.

EXCEPT AS EXPRESSLY STATED, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE”. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. We do not warrant that the Service will be uninterrupted or error-free, that agent-generated output will be complete or accurate, or that use of the Service will result in compliance with, or certification under, any law or framework. Sentyra holds no certifications or attestations except those, if any, expressly published by us in writing.

12. Limitation of liability

To the maximum extent permitted by law, neither party will be liable for indirect, incidental, special, consequential, or punitive damages, or for lost profits, revenue, goodwill, or data, arising out of or related to these Terms, even if advised of the possibility.

Except for liability that cannot be excluded by law, each party’s aggregate liability arising out of or related to these Terms will not exceed the total fees paid or payable by you for the Service in the [[liability cap period — e.g. twelve (12) months]] preceding the event giving rise to the claim.

13. Indemnification

You will defend and indemnify us against third-party claims arising from your Customer Data or your use of the Service in breach of these Terms or applicable law. We will defend and indemnify you against third-party claims that the Service, as provided by us and used in accordance with these Terms, infringes that third party’s intellectual property rights. The indemnifying party’s obligations are conditioned on prompt notice, reasonable cooperation, and sole control of the defence and settlement (which may not impose non-indemnified obligations on the other party without consent).

14. Term & termination

  • These Terms apply from your first use of the Service until terminated.
  • Either party may terminate for the other's material breach not cured within thirty (30) days of written notice.
  • You may stop using and close your account at any time; we may suspend or terminate access as described in these Terms or an applicable order form.
  • On termination, your right to use the Service ceases. We will make Customer Data available for export for a limited period and then delete it in accordance with the Privacy Policy and any Data Processing Agreement, subject to legal retention requirements.
  • Provisions that by their nature should survive (including intellectual property, confidentiality, disclaimers, liability limits, and indemnities) survive termination.

15. Changes to the service & these terms

We may update the Service and these Terms from time to time. For material changes to these Terms, we will provide reasonable notice (for example by posting an updated version with a new effective date or notifying you through the Service). Continued use after changes take effect constitutes acceptance. If you do not agree, you should stop using the Service.

16. Governing law & dispute resolution

These Terms are governed by [[governing law / jurisdiction]], without regard to conflict-of-laws rules. The parties submit to the exclusive jurisdiction of the courts located in [[governing law / jurisdiction]], except that either party may seek injunctive relief in any court of competent jurisdiction to protect its intellectual property or confidential information. The parties will attempt to resolve disputes in good faith before commencing proceedings.

17. Contact

Questions about these Terms may be sent to [[contact email]], or by post to [[Company legal name]], [[registered address]].