Terms of Service

SecurityPassport

Last updated: May 18, 2026

1. Introduction

These Terms of Service (“Terms”) govern access to and use of the SecurityPassport platform, related applications, exports, APIs, workflows, and associated services (collectively, the “Service”).

The Service is operated by SecurityPassport (“SecurityPassport”, “we”, “our”, or “us”).

By accessing or using the Service, you agree to these Terms.

If you use the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

SecurityPassport is a software platform designed to help organizations:

• manage security and compliance evidence
• operate governance and review workflows
• maintain audit-ready operational records
• generate trust and compliance exports
• track approvals, ownership, and accountability
• organize security review and procurement workflows
• maintain evidence lifecycle visibility

The Service is provided on a software-as-a-service (SaaS) basis.

2. Eligibility and Organizational Use

You may use the Service only if:

• you are legally permitted to use the Service
• your use complies with applicable law
• you have authority to act on behalf of your organization where applicable

Organizations are responsible for ensuring that users accessing their workspace are authorized appropriately.

Workspace administrators are responsible for managing:

• user invitations
• access permissions
• role assignments
• workspace governance controls

3. Accounts and Access

Users may access SecurityPassport through:

• direct registration
• administrator invitation
• organization-managed onboarding

You agree to:

• provide accurate information
• maintain the confidentiality of login credentials
• restrict unauthorized access to your account
• promptly notify SecurityPassport of suspected misuse or unauthorized access

SecurityPassport may suspend or restrict access where:

• security risks are detected
• abuse or misuse occurs
• operational integrity may be impacted
• legal obligations require restriction

4. Customer Data and Workspace Content

Customers may upload and manage content including:

• evidence files
• policies
• reports
• screenshots
• exports
• framework mappings
• governance records
• workflow metadata
• attachments

Customers retain ownership of their uploaded content and workspace data.

SecurityPassport does not claim ownership of customer-controlled content.

Customers are responsible for:

• ensuring they have rights to upload content
• ensuring uploaded content complies with applicable law
• validating exported materials before external distribution
• managing internal workspace permissions appropriately

SecurityPassport acts primarily as a service provider or processor for customer-controlled workspace data.

5. Operational Workflows and Generated Outputs

SecurityPassport supports operational governance and trust workflows including:

• evidence lifecycle management
• policy review and approval flows
• audit preparation workflows
• export generation
• governance tracking
• accountability and review history
• remediation coordination

The platform may generate outputs such as:

• ZIP exports
• DOCX reports
• governance summaries
• evidence packages
• trust review documentation
• share links
• audit-oriented reporting

Customers remain responsible for:

• reviewing generated outputs
• verifying export completeness
• determining regulatory suitability
• validating uploaded evidence and documentation

SecurityPassport does not certify compliance outcomes, legal sufficiency, or audit success.

6. Acceptable Use

You may not use the Service to:

• violate applicable laws or regulations
• upload malicious software
• interfere with platform operation
• attempt unauthorized system access
• distribute unlawful or infringing content
• abuse platform infrastructure
• conduct unauthorized security testing

SecurityPassport may investigate suspected misuse and may suspend accounts or workspaces where necessary to protect platform integrity or comply with legal obligations.

7. Security and Platform Integrity

SecurityPassport implements technical and organizational safeguards intended to support platform security and operational integrity.

Safeguards may include:

• encrypted network communication
• role-based access control
• authentication protections
• audit logging
• infrastructure monitoring
• controlled production access
• software updates and patching
• operational review procedures

No system can guarantee absolute security.

Customers remain responsible for their own internal security practices, endpoint protection, and user access management.

8. Service Availability

SecurityPassport is provided on a commercially reasonable efforts basis.

We aim to maintain reliable platform availability but do not guarantee uninterrupted operation.

Temporary interruptions may occur due to:

• maintenance
• upgrades
• infrastructure failures
• security incidents
• third-party outages
• internet or hosting provider issues

SecurityPassport may modify or improve portions of the Service over time for operational, security, or business reasons.

9. Subscription Plans, Fees, and Billing

Certain features or environments may require payment under a subscription agreement or commercial plan.

Pricing structures may include:

• monthly or annual subscriptions
• workspace-based pricing
• enterprise agreements
• feature-based tiers
• storage or usage limits

Payments may be processed through third-party payment providers.

Failure to pay applicable fees may result in suspension or restriction of access where appropriate.

Enterprise customers may be subject to separately negotiated commercial agreements.

10. Intellectual Property

SecurityPassport and its related software, systems, workflows, interfaces, branding, and platform materials are owned by SecurityPassport and protected by intellectual property laws.

Subject to these Terms, customers receive a limited, non-exclusive, non-transferable right to use the Service for internal business purposes.

Customers retain ownership of their uploaded content and customer-controlled data.

11. Subprocessors and Infrastructure Providers

SecurityPassport may use third-party providers to support operation of the Service, including providers of:

• cloud infrastructure
• object storage
• monitoring and logging
• authentication
• email delivery
• analytics
• payment processing

These providers may process data solely as necessary to support operation of the Service.

SecurityPassport uses contractual and operational safeguards designed to support appropriate data protection obligations.

12. Privacy and Data Protection

Personal data processing is governed by:

• the Privacy Policy
• applicable data processing agreements
• applicable law
• enterprise agreements where relevant

Customers are responsible for determining whether their use of SecurityPassport complies with their own legal, regulatory, contractual, or organizational obligations.

13. Confidentiality

SecurityPassport will use reasonable measures designed to protect non-public customer information from unauthorized disclosure.

Customers are responsible for protecting confidential information shared through:

• exports
• downloads
• screenshots
• generated reports
• share links

Confidentiality obligations do not apply to information that:

• becomes publicly available without breach
• was already lawfully known
• is independently developed
• must be disclosed by law

14. Suspension and Termination

SecurityPassport may suspend or terminate access where:

• fees remain unpaid
• misuse occurs
• security risks arise
• operational integrity is threatened
• legal obligations require restriction

Customers may stop using the Service at any time subject to applicable agreements.

Upon termination, customers may have a limited opportunity to export customer-controlled data depending on contractual and operational limitations.

Certain provisions of these Terms survive termination, including confidentiality, intellectual property, liability limitations, and legal obligations.

15. Limitation of Liability

To the maximum extent permitted by applicable law, SecurityPassport shall not be liable for:

• indirect damages
• consequential damages
• lost profits
• business interruption
• reputational harm
• loss of business opportunities
• customer misuse of exports or generated outputs

The total aggregate liability of SecurityPassport arising from or relating to the Service shall not exceed the fees paid by the customer during the 12 months preceding the claim.

Nothing in these Terms excludes liability where exclusion is prohibited by applicable law.

16. Indemnification

Customers agree to indemnify and hold harmless SecurityPassport from claims arising from:

• unlawful use of the Service
• violation of these Terms
• infringement caused by uploaded content
• misuse of generated outputs or shared materials

17. Changes to the Service and Terms

SecurityPassport may update or modify the Service over time to:

• improve functionality
• strengthen security
• maintain operational integrity
• comply with legal requirements
• evolve workflows and platform capabilities

We may also update these Terms periodically.

Updated Terms will be published with an updated “Last updated” date.

Continued use of the Service after updated Terms become effective constitutes acceptance of the updated Terms.

18. Governing Law

These Terms shall be governed by the laws of the jurisdiction in which SecurityPassport is incorporated, without regard to conflict of law principles.

Disputes relating to these Terms or the Service shall be subject to the jurisdiction of the competent courts of that jurisdiction unless otherwise required by applicable law.

19. Contact

Questions regarding these Terms may be directed to:

SecurityPassport
Email: legal@securitypassports.com

General inquiries: hello@securitypassports.com