Terms of Service

1. Agreement Overview

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer", "you", or "your") and IdentityFirst Ltd ("Company", "we", "our", or "us") for the use of our enterprise identity security platform and related services.

By accessing or using our services, you agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use our services.

2. Definitions

• "Platform" means our IdentityHealthCheck enterprise identity security platform
• "Services" means all services, features, and functionality provided by the Platform
• "Customer Data" means all data, information, and materials provided by Customer
• "Confidential Information" means non-public information disclosed by either party
• "Intellectual Property" means patents, copyrights, trademarks, and trade secrets
• "Security Incident" means unauthorized access, disclosure, or alteration of Customer Data

3. Service Description

3.1 Platform Services

IdentityFirst Ltd provides:

• Identity Assessment: Comprehensive security evaluation of identity infrastructure
• Compliance Automation: Automated checking against SOC 2, GDPR, ISO 27001, and other frameworks
• AI-Powered Analysis: Machine learning-driven threat detection and recommendations
• Continuous Monitoring: Real-time security monitoring and alerting
• Incident Response: 24/7 security incident handling and support
• Professional Services: Implementation, training, and consulting

3.2 Service Levels

We provide the following service level commitments:

• Platform Availability: 99.9% uptime excluding scheduled maintenance
• Security Response: Critical security issues addressed within 4 hours
• Support Response: Technical support responses within 24 hours
• Data Backup: Daily encrypted backups with 30-day retention

4. Customer Obligations

4.1 Account Security

Customer agrees to:

• Maintain the confidentiality of account credentials and access tokens
• Implement multi-factor authentication for all privileged accounts
• Notify us immediately of any suspected security incidents
• Regularly update and patch systems accessing our platform
• Use the platform only for lawful purposes and in compliance with applicable laws

4.2 Data Accuracy

Customer represents and warrants that:

• All Customer Data provided is accurate, complete, and up-to-date
• Customer has all necessary rights and permissions to provide the data
• The data does not violate any third-party rights or applicable laws
• Customer will promptly update any changes to the data

4.3 Compliance

Customer agrees to comply with all applicable laws, regulations, and industry standards, including:

• UK GDPR and Data Protection Act 2018
• Industry-specific regulations (HIPAA, PCI DSS, SOX, etc.)
• Export control and sanctions regulations
• Acceptable use policies and security standards

5. Intellectual Property

5.1 Our Intellectual Property

The Platform, Services, and all related software, documentation, and materials are owned by IdentityFirst Ltd and are protected by intellectual property laws. Customer receives only a limited, non-exclusive, non-transferable license to use the Services for their internal business purposes.

5.2 Customer Data

Customer retains all rights to Customer Data. By using our Services, Customer grants us a limited license to process, store, and analyze Customer Data solely for providing the Services and improving our platform.

5.3 Feedback

Any feedback, suggestions, or improvements provided by Customer may be used by us to improve our Services without any obligation or compensation to Customer.

6. Data Protection and Security

6.1 Data Processing

We process Customer Data in accordance with our Privacy Policy and applicable data protection laws. We act as a data processor for Customer Data and maintain appropriate technical and organizational measures to protect it.

6.2 Security Measures

Our security measures include:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 in transit
• Access Controls: Role-based access control with multi-factor authentication
• Monitoring: 24/7 security monitoring and automated threat detection
• Compliance: SOC 2 Type II certified and ICO registered
• Incident Response: Comprehensive incident response procedures

6.3 Data Breach Notification

In the event of a Security Incident involving Customer Data, we will notify Customer within 72 hours as required by applicable law. We will also provide regular updates on the incident response and cooperate fully with Customer's investigation.

7. Confidentiality

7.1 Confidential Information

"Confidential Information" includes all non-public information disclosed by either party, including but not limited to: Customer Data, business plans, technical specifications, security assessments, and proprietary processes.

7.2 Protection Obligations

Each party agrees to:

• Use Confidential Information solely for performing obligations under these Terms
• Implement reasonable security measures to protect Confidential Information
• Not disclose Confidential Information to third parties without prior written consent
• Limit access to Confidential Information to authorized personnel only
• Return or destroy Confidential Information upon termination of these Terms

7.3 Exceptions

Confidential Information does not include information that:

• Is or becomes publicly available through no fault of the receiving party
• Was already known to the receiving party before disclosure
• Is independently developed by the receiving party
• Is required to be disclosed by law or court order

8. Warranties and Disclaimers

8.1 Our Warranties

We warrant that:

• The Services will be provided with reasonable skill and care
• The Services will materially conform to the specifications in our documentation
• We have the right to provide the Services and grant the licenses herein
• The Services do not infringe any third-party intellectual property rights

8.2 Disclaimers

EXCEPT AS EXPRESSLY PROVIDED ABOVE, THE SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. WE DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE FROM UNAUTHORIZED ACCESS. CUSTOMER ASSUMES ALL RISK ASSOCIATED WITH THE USE OF THE SERVICES.

9. Limitation of Liability

9.1 General Limitation

IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES.

9.2 Maximum Liability

OUR TOTAL LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE AMOUNT PAID BY CUSTOMER FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

9.3 Exceptions

This limitation does not apply to:

• Liability arising from willful misconduct or gross negligence
• Liability for breach of confidentiality obligations
• Liability for infringement of intellectual property rights
• Liability under data protection laws

10. Indemnification

10.1 Our Indemnification

We will indemnify and defend Customer against claims that the Services infringe third-party intellectual property rights, provided Customer promptly notifies us of the claim and cooperates with our defense.

10.2 Customer Indemnification

Customer will indemnify and defend us against claims arising from:

• Customer's use of the Services in violation of these Terms
• Customer's breach of applicable laws or regulations
• Customer Data infringing third-party rights
• Customer's negligent or willful misconduct

11. Termination

11.1 Termination Rights

Either party may terminate these Terms:

• Immediately for material breach, with 30 days' notice to cure
• Immediately if the other party becomes insolvent or bankrupt
• With 90 days' written notice for non-material breaches
• Immediately for violation of data protection or security requirements

11.2 Effect of Termination

Upon termination:

• All licenses granted hereunder shall terminate
• Customer must cease all use of the Services
• We will return or destroy Customer Data within 30 days
• Outstanding payment obligations remain due
• Confidentiality obligations survive indefinitely

12. Governing Law and Dispute Resolution

12.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law principles.

12.2 Dispute Resolution

Any disputes arising from these Terms shall first be resolved through good faith negotiations. If unresolved, disputes shall be submitted to the exclusive jurisdiction of the courts of England and Wales.

12.3 Data Protection Disputes

For disputes involving data protection or privacy, Customer may also lodge a complaint with the Information Commissioner's Office (ICO) or seek resolution through the UK courts.

13. General Provisions

13.1 Entire Agreement

These Terms, together with our Privacy Policy and any signed agreements, constitute the entire agreement between the parties and supersede all prior agreements.

13.2 Amendments

We may amend these Terms by providing 30 days' notice. Continued use of the Services after the effective date constitutes acceptance of the amended Terms.

13.3 Severability

If any provision of these Terms is held invalid or unenforceable, the remaining provisions shall remain in full force and effect.

13.4 Assignment

Customer may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

13.5 Force Majeure

Neither party shall be liable for failure to perform due to causes beyond reasonable control, including natural disasters, war, terrorism, or government actions.

13.6 Notices

All notices shall be in writing and delivered to the addresses specified in our contact information. Notices are effective upon receipt.

14. Contact Information

For questions about these Terms or to exercise your rights, please contact us: