Terms of Service

By creating an account, accessing, or using the ClearlyT platform, you confirm that you are at least 18 years of age and have the legal authority to enter into these Terms on behalf of yourself or the organization you represent. If you are accepting these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms.

If you do not agree to these Terms, you must not access or use the Service. Your continued use of the Service following any modifications to these Terms constitutes acceptance of those changes. We recommend reviewing these Terms periodically for updates.

ClearlyT is a business-to-business (B2B) software-as-a-service (SaaS) compliance platform designed to streamline and automate organizational compliance operations. The Service provides, but is not limited to, the following capabilities:

• Compliance Management: Centralized tracking, assessment, and management of regulatory compliance across multiple frameworks including ISO 27001, SOC 2 Type II, GDPR, HIPAA, PCI DSS, DPDPA, and the EU AI Act.
• Evidence Collection & Management: Automated and manual evidence collection workflows, secure evidence storage, version control, and audit-ready evidence packaging with export capabilities.
• Policy Management: Template-based policy generation, policy lifecycle management, version tracking, approval workflows, and employee attestation tracking.
• Cloud Security Scanning: Continuous security posture monitoring of cloud infrastructure (AWS, GCP, Azure), misconfiguration detection, remediation guidance, and CIS benchmark assessments.
• Risk Assessment: Risk register management, risk scoring, risk treatment plans, control mapping, and board-level compliance posture reporting.

The Service is provided on a subscription basis. ClearlyT reserves the right to modify, enhance, or discontinue features of the Service at any time, with reasonable notice to active subscribers where such changes materially affect their use.

To access the Service, you must create an account by providing accurate, current, and complete registration information. You agree to maintain and promptly update your account information to keep it accurate and complete at all times.

You are solely responsible for safeguarding the credentials associated with your account, including passwords, API keys, and any multi-factor authentication methods. You agree to immediately notify ClearlyT of any unauthorized use of your account or any other breach of security.

ClearlyT shall not be liable for any loss or damage arising from your failure to maintain the confidentiality of your account credentials. You are responsible for all activities that occur under your account, whether or not authorized by you.

For accounts utilizing single sign-on (SSO) or SAML authentication, the Customer is responsible for the security configuration and administration of their identity provider.ClearlyT supports enterprise-grade authentication integrations but does not assume responsibility for misconfigured identity provider settings.

ClearlyT offers tiered subscription plans to accommodate organizations at different stages of their compliance journey:

• Starter: Designed for startups and small teams beginning their compliance journey, including core compliance assessment, cloud security scanning, policy generation, and support for up to two frameworks.
• Growth: Designed for growing organizations with multi-framework needs, including all Starter features plus expanded framework support, vendor risk management, DPDPA and AI Governance modules, and advanced reporting.
• Enterprise: Designed for large organizations with complex compliance requirements, including all Growth features plus unlimited frameworks, custom control frameworks, API access, SSO/SAML, multi-entity management, dedicated customer success management, and SLA-backed support.

Subscription fees are billed in advance on a monthly or annual basis, depending on the billing cycle selected at the time of purchase. Annual subscriptions are offered at a discounted rate. All fees are quoted in United States Dollars (USD) unless otherwise specified.

You authorize ClearlyT to charge the payment method on file for all applicable fees. If payment fails, we will attempt to process the charge again and may suspend access to the Service after reasonable notice if the payment issue is not resolved. All fees are non-refundable except where expressly stated otherwise or required by applicable law.

ClearlyTreserves the right to modify pricing with at least thirty (30) days' advance written notice. Price changes will take effect at the start of your next billing cycle following the notice period.

As a user of the Service, you agree to:

• Use the Service solely for lawful purposes and in compliance with all applicable local, national, and international laws and regulations.
• Provide accurate information when configuring compliance assessments, connecting cloud infrastructure, and generating reports. The accuracy of ClearlyT's outputs depends on the accuracy of the data you provide.
• Not attempt to gain unauthorized access to any portion of the Service, other accounts, systems, or networks connected to the Service through hacking, password mining, or any other means.
• Not reproduce, duplicate, copy, sell, resell, or exploit any portion of the Service without express written permission from ClearlyT.
• Not use the Service to transmit any malicious code, viruses, or other harmful content.
• Not interfere with or disrupt the integrity or performance of the Service or the data contained therein.
• Manage user access within your organization, including promptly revoking access for departed employees or contractors.

ClearlyT provides compliance management tools and assessments, but does not provide legal advice. The outputs generated by the platform (including compliance scores, risk assessments, and policy templates) are intended as guidance and do not constitute legal, regulatory, or professional certification. You are responsible for engaging qualified professionals to validate your compliance posture.

Customer Data.You retain all rights, title, and interest in and to all data, information, content, and materials that you submit, upload, or otherwise make available through the Service ("Customer Data"). This includes, without limitation, compliance evidence, policy documents, risk assessments, cloud configuration data, and any other information provided by you or collected from your integrated systems. ClearlyT does not claim ownership of Customer Data.

License to Customer Data. You grant ClearlyT a limited, non-exclusive, worldwide license to access, use, process, and display Customer Data solely for the purpose of providing, maintaining, and improving the Service. This license terminates when your subscription ends and Customer Data is deleted in accordance with our data retention policies.

Platform IP.The Service, including all software, algorithms, user interfaces, designs, templates, frameworks, documentation, and all other proprietary technology ("Platform IP"), is and remains the exclusive property of ClearlyT. These Terms do not grant you any right, title, or interest in the Platform IP, except the limited right to use the Service as expressly permitted under your subscription.

Data Portability. Upon termination of your subscription, you may request an export of your Customer Data in a standard, machine-readable format. ClearlyT will make such data available for download for a period of thirty (30) days following termination, after which Customer Data may be permanently deleted.

Each party (the "Receiving Party") agrees to hold in confidence all non-public information disclosed by the other party (the "Disclosing Party") that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure ("Confidential Information").

Confidential Information includes, but is not limited to: Customer Data, security configurations, compliance assessments, audit findings, business processes, technical architecture, pricing terms, and any information relating to either party's business operations.

The Receiving Party shall: (a) use Confidential Information only for the purposes of performing its obligations or exercising its rights under these Terms; (b) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care; and (c) not disclose Confidential Information to any third party except as expressly permitted herein or with the Disclosing Party's prior written consent.

Confidentiality obligations do not apply to information that: (i) is or becomes publicly available through no fault of the Receiving Party; (ii) was known to the Receiving Party prior to disclosure; (iii) is independently developed by the Receiving Party without reference to Confidential Information; or (iv) is required to be disclosed by law or court order, provided the Receiving Party gives prompt notice to the Disclosing Party where legally permitted.

ClearlyT uses commercially reasonable efforts to maintain Service availability of 99.9% uptime, measured on a monthly basis, excluding scheduled maintenance windows. Scheduled maintenance will be communicated at least 48 hours in advance via email or in-platform notification.

Enterprise plan subscribers may be eligible for a Service Level Agreement (SLA) with defined uptime commitments and service credits. SLA terms are documented separately and form part of the Enterprise subscription agreement.

ClearlyTshall not be liable for any unavailability caused by: (a) factors beyond our reasonable control, including force majeure events, internet service provider failures, or third-party service outages; (b) actions or inactions of the Customer or its users; (c) Customer's equipment, software, or network connections; or (d) scheduled or emergency maintenance required for security or stability purposes.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ClearlyT, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH YOUR ACCESS TO OR USE OF (OR INABILITY TO ACCESS OR USE) THE SERVICE.

ClearlyT'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY YOU TO ClearlyT DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED UNITED STATES DOLLARS (USD $100).

The Service is designed to assist with compliance management and does not guarantee regulatory compliance, certification, or the absence of security vulnerabilities. ClearlyT shall not be held liable for any regulatory penalties, audit failures, or security incidents arising from your reliance on the Service without independent professional verification.

You agree to indemnify, defend, and hold harmless ClearlyT, its affiliates, officers, directors, employees, and agents from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of and access to the Service; (b) your violation of these Terms; (c) your violation of any third-party right, including without limitation any intellectual property, privacy, or proprietary right; or (d) any claim that your Customer Data caused damage to a third party.

ClearlyT agrees to indemnify and defend the Customer against any third-party claim alleging that the Service, as provided by ClearlyT, infringes upon the intellectual property rights of a third party, provided that the Customer promptly notifies ClearlyT of such claim and cooperates fully in its defense.

Either party may terminate these Terms at any time by providing written notice to the other party. For monthly subscriptions, termination takes effect at the end of the current billing cycle. For annual subscriptions, termination takes effect at the end of the current annual term unless otherwise agreed in writing.

ClearlyT may suspend or terminate your access to the Service immediately, without prior notice or liability, if: (a) you breach any material provision of these Terms; (b) you fail to pay subscription fees after reasonable notice; (c) your use of the Service poses a security risk to the Service or any third party; or (d) such action is required by law or regulatory authority.

Upon termination: (i) your right to access and use the Service ceases immediately; (ii) you remain responsible for all fees incurred prior to termination; and (iii) ClearlyT will make your Customer Data available for export for a period of thirty (30) days, after which it may be permanently deleted. Sections that by their nature should survive termination (including, without limitation, confidentiality, limitation of liability, indemnification, and governing law) shall survive.

ClearlyT reserves the right to update or modify these Terms at any time. When we make material changes, we will notify you by email (sent to the email address associated with your account) and by posting a prominent notice within the Service at least thirty (30) days before the changes take effect.

Non-material changes, such as typographical corrections or clarifications that do not alter the substance of the Terms, may be made at any time without prior notice. The "Last updated" date at the top of this page reflects the date of the most recent revision.

Your continued use of the Service after the effective date of any modification constitutes your acceptance of the revised Terms. If you do not agree to the modified Terms, you must discontinue use of the Service and terminate your subscription in accordance with Section 11.

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, without regard to its conflict of law principles.

Any dispute arising out of or in connection with these Terms that cannot be resolved through good-faith negotiation within thirty (30) days shall be submitted to binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall take place in Wilmington, Delaware, and the language of the arbitration shall be English.

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information. The prevailing party in any arbitration or litigation shall be entitled to recover its reasonable attorneys' fees and costs.