Terms of Service
Enterprise baseline terms for procurement, security, and counsel review. Rendered in your local time: Mar 15, 2026, 01:07:41 AM
1. Acceptance of Terms
By accessing or using the Certus platform, CLI, APIs, documentation, or related services (collectively, the "Service"), you agree to these Terms of Service. If you are accepting these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity. If you do not agree, do not access or use the Service.
2. Description of Service
Certus is an enterprise compliance and software assurance platform. The Service may include hosted dashboards, APIs, command-line tooling, automation agents, evidence workflows, control mapping, notifications, integrations, and related support or pilot services. Certain capabilities may be identified as beta, pilot, preview, or limited-release features.
3. Orders, Pilots, and Commercial Scope
Production use, pilots, paid subscriptions, and any regulated-workload commitments may be governed by an order form, statement of work, or other executed commercial document. If there is a conflict between these Terms and an executed commercial agreement, the executed agreement controls for that conflict.
4. Accounts, Administrators, and Authentication
You must provide accurate registration and identity information and keep it current. You are responsible for account security, administrator actions, API keys, tokens, SSO configuration, and access decisions made inside your tenant. You must promptly notify Certus of any suspected unauthorized access or credential compromise.
5. Customer Data and Instructions
As between the parties, you retain all right, title, and interest in Customer Data. You instruct Certus to host, process, transmit, index, and display Customer Data solely as necessary to provide, secure, support, and improve the Service in accordance with these Terms, your documented configuration, and any executed data processing agreement.
6. Security Responsibilities
Certus will maintain administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, disclosure, alteration, and destruction. You remain responsible for secure endpoint posture, source-control permissions, CI secrets, integration credentials, and the correctness of any policies or merge gates you configure.
7. Acceptable Use
You may not use the Service to violate applicable law, infringe the rights of others, interfere with the Service, probe or bypass tenant isolation, introduce malware, conduct unauthorized benchmarking intended for publication without consent, or use the Service in connection with unlawful surveillance, offensive security activity, or prohibited data collection.
8. Integrations and Third-Party Services
The Service may interoperate with third-party services such as identity providers, source control systems, messaging platforms, ticketing tools, cloud providers, and GRC platforms. Your use of those services is governed by your agreements with those providers. Certus is not responsible for third-party outages, changes, or security failures outside its control.
9. Beta and Limited Release Features
Pilot, preview, beta, limited-release, or evaluation features may be subject to reduced support, changed functionality, supplemental limits, or separate commercial terms. Unless expressly stated otherwise in a signed agreement, such features are provided "as is" and may be modified or discontinued at any time.
10. Confidentiality
Each party may receive non-public information from the other party that should reasonably be understood to be confidential. The receiving party will use the same degree of care it uses to protect its own confidential information, and at least reasonable care, and may use such information only to perform or receive the Service. These obligations do not apply to information that is public through no fault of the receiving party, already known without restriction, independently developed, or rightfully received from a third party.
11. Intellectual Property
Certus and its licensors retain all right, title, and interest in the Service, software, models, documentation, branding, and derivative works, excluding Customer Data. Subject to these Terms and any applicable order form, Certus grants you a limited, non-exclusive, non-transferable right to use the Service for your internal business purposes.
12. Suspension and Termination
Certus may suspend access if necessary to prevent harm, respond to a security incident, comply with law, or address a material breach. Either party may terminate for material breach not cured within a reasonable notice period, or as otherwise provided in an executed commercial agreement. On termination, your access ends and you should export your data before shutdown of the workspace or service instance.
13. Warranties and Disclaimers
Except as expressly stated in a signed agreement, the Service is provided on an "as is" and "as available" basis. Certus does not warrant that the Service will be uninterrupted, error-free, or suitable for every compliance regime, legal interpretation, or customer control environment. You remain responsible for your own legal, regulatory, and audit decisions.
14. Limitation of Liability
To the maximum extent permitted by law, neither party will be liable for indirect, incidental, consequential, special, exemplary, or punitive damages, or for lost profits, revenues, goodwill, or business interruption. Except for excluded liabilities in an executed agreement, each party's aggregate liability arising out of or related to the Service will not exceed the fees paid or payable by you to Certus during the 12 months preceding the event giving rise to the claim.
15. Governing Law and Venue
These Terms are governed by the laws of the State of Delaware, excluding its conflict-of-laws rules. Unless otherwise agreed in writing, the parties consent to exclusive jurisdiction and venue in the state or federal courts located in Delaware.
16. Changes to Terms
Certus may update these Terms from time to time. Material changes will be communicated through the Service, by email, or through another commercially reasonable method. Continued use of the Service after the effective date of updated Terms constitutes acceptance of the updated Terms.
17. Contact
For legal, security, procurement, or enterprise contracting questions, contact legal@getcertus.cloud or use the enterprise enquiry form. Data processing addenda, security exhibits, and regulated-workload addenda are handled through the commercial review process.