📄 Legal

Terms of Service

📅 Last updated: March 30, 2026 📍 AegisComply, Inc. ✉️ legal@aegiscomply.io
Please read these Terms of Service ("Terms") carefully before using AegisComply's platform and services. By accessing or using our services, you agree to be bound by these Terms. If you do not agree, you may not use our services.

Acceptance of Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer", "you", or "your") and AegisComply, Inc. ("AegisComply", "we", "us", or "our"), a company incorporated under the laws of the Republic of India.

By creating an account, clicking "I agree", or otherwise accessing or using the AegisComply platform, APIs, SDKs, or related services (collectively, the "Services"), you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy, which is incorporated herein by reference.

If you are accepting these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms. In that case, "you" and "your" refer to that entity.

We may update these Terms from time to time. We will notify you of material changes via email or a prominent notice within the platform at least 30 days before changes take effect. Continued use of the Services after the effective date constitutes acceptance of the revised Terms.

🛡Description of Service

AegisComply provides a cloud-based compliance automation platform that helps organizations achieve, maintain, and demonstrate compliance with security and privacy frameworks including SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, India's DPDPA, and others.

The Services include, but are not limited to:

  • Continuous evidence collection via integrations with third-party infrastructure, identity, and development tools
  • Gap analysis, risk assessment, and compliance scoring dashboards
  • AI-powered compliance copilot for policy drafting, control interpretation, and remediation guidance
  • Vendor risk management and third-party assessment workflows
  • Trust portal for sharing compliance posture with customers and auditors
  • Incident management and access review workflows
  • APIs and SDKs for programmatic integration with your existing toolchain
  • Audit preparation tools and report generation

We reserve the right to modify, enhance, or discontinue any feature of the Services at any time with reasonable notice. We will not materially reduce the core functionality of a paid subscription during an active billing period without offering a pro-rated refund.

👤Account Registration

To access the Services, you must create an account by providing accurate, current, and complete information. You agree to keep this information up to date.

Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to:

  • Use a strong, unique password and enable multi-factor authentication (MFA), which we strongly recommend and may require for certain plan tiers
  • Immediately notify us at security@aegiscomply.io if you suspect any unauthorized access to your account
  • Not share your login credentials with individuals outside your organization
  • Not create accounts via unauthorized automated means or under false pretenses

Organization Accounts

When you create a workspace on behalf of an organization, you are the "Account Owner". You may invite other users ("Members") to your workspace. You are responsible for ensuring that all Members comply with these Terms. You may assign roles and permissions to Members and are responsible for their actions within the platform.

AegisComply is not liable for any loss or damage arising from your failure to maintain the security of your account. If you believe your account has been compromised, contact us immediately.

💳Subscription Plans and Billing

Plans and Pricing

AegisComply offers various subscription plans as described on our our subscription plans (available upon request). All prices are quoted in Indian Rupees (INR) and are exclusive of applicable taxes, including GST (18%). You are responsible for all applicable taxes associated with your subscription.

Auto-Renewal

Subscriptions are set to auto-renew at the end of each billing period (monthly or annual) at the then-current price. We will send a renewal reminder email at least 7 days before renewal. By providing payment information, you authorize us to charge the applicable fees automatically upon renewal.

Payment

Payment is processed through our third-party payment processors (Razorpay and/or Stripe). We accept credit/debit cards (Visa, Mastercard, Amex), UPI, and bank transfers (NEFT/IMPS). For annual plans above ₹5,00,000/year, we also accept purchase orders with net-30 payment terms.

Cancellation

You may cancel your subscription at any time through your account settings or by emailing billing@aegiscomply.io. Upon cancellation:

  • Monthly plans: Service continues until the end of the current billing period; no further charges are made.
  • Annual plans: Service continues until the end of the prepaid annual period; annual fees are non-refundable unless we materially breach these Terms.
  • Your data is retained in a read-only state for 90 days after cancellation, after which it is permanently deleted.

Refunds and Disputes

We offer a 14-day money-back guarantee for new customers who have not previously held a paid subscription. After 14 days, fees are non-refundable except where required by applicable law. For billing disputes, contact us within 60 days of the charge at billing@aegiscomply.io.

If you fail to pay any fees when due, we may suspend your account after providing 14 days' written notice. Accounts suspended for non-payment for more than 60 days may be terminated and data deleted.

📏Acceptable Use Policy

You agree to use the Services only for lawful purposes and in accordance with these Terms. You agree not to use the Services to:

  • Violate any applicable law or regulation, including data protection laws, export controls, or sanctions
  • Infringe the intellectual property rights of any third party
  • Upload, transmit, or store malicious code, viruses, or any software designed to disrupt, damage, or gain unauthorized access to systems
  • Attempt to gain unauthorized access to any part of the Services, other accounts, or AegisComply's infrastructure
  • Reverse engineer, decompile, or disassemble any part of the Services
  • Use the Services to conduct penetration testing against third-party systems without authorization
  • Scrape, harvest, or systematically extract data from the Services using automated means without prior written consent
  • Resell, sublicense, or white-label the Services without a written reseller agreement
  • Use the Services in a manner that places an unreasonable load on our infrastructure (rate limits apply per plan)
  • Store, process, or transmit content that is illegal, defamatory, obscene, or that constitutes a privacy violation

AegisComply reserves the right to investigate suspected violations of this Acceptable Use Policy and to suspend or terminate accounts found to be in violation, without prior notice in cases of serious or urgent violations.

🔐Data Processing and Security

Data Ownership

You retain full ownership of all data, content, and information you submit to the Services ("Customer Data"). AegisComply claims no ownership rights in Customer Data. We process Customer Data solely to provide and improve the Services on your behalf.

Data Processing Agreement

For customers subject to GDPR, India's DPDPA, or other data protection regulations, a Data Processing Agreement (DPA) is available upon request. Enterprise customers may request a signed DPA at legal@aegiscomply.io. Our standard DPA terms are available at aegiscomply.io/dpa.

Security Obligations

AegisComply implements and maintains appropriate technical and organizational security measures to protect Customer Data against unauthorized access, disclosure, alteration, or destruction. These measures include AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular penetration testing, and SOC 2 Type II compliance.

Security Incidents

In the event of a confirmed security breach that affects your Customer Data, AegisComply will notify you within 72 hours of becoming aware of the incident (as required under GDPR Article 33 and DPDPA). The notification will include the nature of the breach, categories of data affected, likely consequences, and steps we are taking to address it.

Subprocessors

We use third-party subprocessors to deliver the Services. A current list is maintained at aegiscomply.io/subprocessors. We will provide 30 days' notice of material changes to subprocessors.

💡Intellectual Property

AegisComply's Intellectual Property

The Services, including all software, algorithms, user interfaces, documentation, trademarks, logos, and content provided by AegisComply (excluding Customer Data), are and remain the exclusive intellectual property of AegisComply, Inc. and its licensors. All rights not expressly granted in these Terms are reserved.

Subject to your compliance with these Terms and payment of applicable fees, AegisComply grants you a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Services during your subscription period solely for your internal business purposes.

Customer Data and Feedback

You grant AegisComply a limited license to process, store, and use Customer Data solely to provide and improve the Services. If you provide AegisComply with feedback, suggestions, or ideas regarding the Services ("Feedback"), you grant AegisComply a royalty-free, worldwide, irrevocable license to use and incorporate such Feedback into the Services without any obligation to you.

Open Source

Certain components of the AegisComply SDK are released as open source software under the MIT License. Open source licenses are listed in our SDK repository and do not affect the proprietary nature of the main platform.

⚠️Limitation of Liability

IMPORTANT: Please read this section carefully as it limits AegisComply's liability to you.

Disclaimer of Warranties

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. AEGISCOMPLY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

AegisComply does not warrant that use of the Services will guarantee regulatory compliance, passing of any audit, or certification under any framework. Compliance outcomes depend on your organization's implementation and are ultimately your responsibility.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AEGISCOMPLY'S TOTAL CUMULATIVE LIABILITY ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICES, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY YOU TO AEGISCOMPLY IN THE 12 MONTHS IMMEDIATELY PRECEDING THE CLAIM, OR (B) INR 1,00,000.

IN NO EVENT SHALL AEGISCOMPLY BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, OR COST OF PROCURING SUBSTITUTE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Some jurisdictions do not allow the exclusion of implied warranties or limitation of liability for certain types of damages. In such jurisdictions, our liability is limited to the greatest extent permitted by law.

🛡Indemnification

You agree to indemnify, defend, and hold harmless AegisComply, Inc. and its officers, directors, employees, agents, licensors, and service providers from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to:

  • Your violation of these Terms or any applicable law or regulation
  • Your use of the Services in a manner not authorized by these Terms
  • Your Customer Data, including any claim that your Customer Data infringes, misappropriates, or violates any third-party intellectual property right or privacy right
  • Any dispute between you and a third party arising from your use of the Services
  • Your negligence or wilful misconduct

AegisComply reserves the right to assume the exclusive defence and control of any matter subject to indemnification by you, in which case you agree to cooperate fully with our defence of such claim. You may not settle any claim without AegisComply's prior written consent if the settlement imposes any obligation on AegisComply.

🔚Termination

Termination by You

You may terminate your subscription at any time by cancelling through your account settings or by contacting billing@aegiscomply.io. Termination takes effect at the end of your current billing period for monthly plans, or immediately upon request for annual plans (with no refund of prepaid fees).

Termination by AegisComply

AegisComply may suspend or terminate your account and access to the Services:

  • With 30 days' written notice, for any reason or no reason (with a pro-rated refund of prepaid fees)
  • Immediately, without notice, if you materially breach these Terms, including violation of the Acceptable Use Policy, non-payment after notice, or if required by law
  • Immediately, without notice, if we reasonably believe your account poses a security risk to AegisComply or other users

Effect of Termination

Upon termination: (a) your license to use the Services immediately ends; (b) you must cease all use of the Services; (c) AegisComply will provide you 30 days to export your Customer Data; (d) after 30 days, your Customer Data will be permanently deleted. Provisions of these Terms that by their nature should survive termination shall survive, including intellectual property rights, disclaimers, limitations of liability, indemnification, and governing law.

⚖️Governing Law and Dispute Resolution

Governing Law

These Terms and any dispute arising from or related to them shall be governed by and construed in accordance with the laws of the Republic of India, without regard to its conflict of laws provisions.

Jurisdiction

Any legal action or proceeding arising under or relating to these Terms shall be brought exclusively in the competent courts of Mumbai, Maharashtra, India. Both parties consent to personal jurisdiction and venue in those courts.

Dispute Resolution Process

Before initiating formal legal proceedings, both parties agree to attempt to resolve disputes informally. Either party may initiate this process by sending a written notice of dispute to the other. If the dispute is not resolved within 30 days, either party may proceed to formal legal proceedings as described above.

Arbitration (Enterprise Customers)

For Enterprise plan customers, disputes may be resolved through binding arbitration administered by the Mumbai Centre for International Arbitration (MCIA) under its rules, with proceedings conducted in English in Mumbai. This arbitration clause is optional and applies only if agreed upon in an Enterprise Order Form.

Class Action Waiver

You agree that any dispute resolution proceedings will be conducted on an individual basis and not as a class, consolidated, or representative action. You waive the right to participate in a class action or class-wide arbitration.