Terms of Service

Effective Date: April 2025

1. About the Platform

Welcome to ciphrix.com and ciphrix.app ("Platform"). The Platform is a Software as a Service compliance automation product operated by Ciphrix Pty Ltd (ABN 27 674 772 493) and/or Ciphrix Inc., as applicable ("Ciphrix", "we", "us", "our").

These Terms and Conditions ("Terms") govern your access to and use of the Platform and our website. By accessing or using either, you agree to be bound by these Terms. If you do not agree, you must cease use immediately.

Ciphrix is a SaaS platform provider. These Terms do not constitute a professional services, consulting, or advisory engagement. Ciphrix does not deliver work products or guarantee compliance outcomes on your behalf.

2. Acceptance

By accessing the Platform or website, you agree to these Terms and our Privacy Policy. Continued use after account creation constitutes binding acceptance. If you are accessing on behalf of an organisation, you warrant that you have authority to bind that organisation.

3. Eligibility

You must be at least 18 years old to use the Platform. Users under 18 may only access under supervision of a parent or guardian.

4. The Platform

Ciphrix provides a compliance automation platform enhanced by AI and automation. The Platform enables customers to:

Map and manage compliance frameworks, controls, and policies
Track evidence, testing, and audit readiness
Manage employee training, acknowledgements, and access reviews
Monitor risk across vendors, people, and assets
Automate documentation and workflows using AI agents
Publish and maintain a public-facing trust center

5. Subscription and Access

Access to the Platform requires a paid subscription. Subscription terms, including user limits, included frameworks, and pricing, are set out in the applicable order form or Master Subscription Agreement.

The first registered user is the account administrator. Administrators manage access levels and may assign administrative privileges to others. You are responsible for all activity under your account. Notify us immediately at support@ciphrix.com of any unauthorised use.

Ciphrix may adjust subscription fees at renewal with prior written notice.

6. Payments

Subscription fees are billed in advance at the frequency agreed at the time of subscription (monthly, quarterly, or annual). All fees are exclusive of taxes. You are responsible for any applicable taxes in your jurisdiction.

Payments are processed via third-party payment providers. Ciphrix does not store credit card or payment credentials. If payment fails, you remain liable for the outstanding amount and any associated fees.

7. Refund Policy

Ciphrix operates as a B2B SaaS platform. All subscriptions are subject to these Terms.

Once platform access has been provisioned and the subscription period has commenced, fees are non-refundable, except where required by applicable law that cannot be excluded by contract.

Customers who wish to raise a concern regarding subscription fees may contact support@ciphrix.com within 14 days of their subscription start date. Any refund determination will be made at Ciphrix's sole discretion, taking into account platform usage, onboarding services delivered, and fees paid for the relevant period. Refund requests submitted after 14 days from the subscription start date will not be considered.

Nothing in this clause limits any rights you may have under the Australian Consumer Law that cannot be excluded, restricted, or modified.

8. Acceptable Use

The Platform is licensed for use by the subscribing customer and its authorised users for internal business purposes only. Resale, sublicensing, or providing access to third parties (including as a managed service) is not permitted unless expressly authorised in a separate Master Subscription Agreement.

You must not:

Hack, reverse-engineer, or attempt to gain unauthorised access to the Platform or its infrastructure
Tamper with, overload, or compromise Platform availability or integrity
Use the Platform for any unlawful purpose or in violation of applicable laws
Misrepresent your identity or impersonate any person or organisation
Share account credentials or access the account of another user without permission
Upload or transmit malicious code, harmful content, or content that infringes third-party rights

Ciphrix reserves the right to suspend or terminate access for any breach of this section.

9. AI Disclaimer

The Platform uses AI to automate and assist with compliance tasks including policy generation, risk assessment, and vendor review. AI-generated outputs are provided to assist your decision-making. You are responsible for reviewing and verifying all AI-generated content before relying on it. Ciphrix does not warrant the accuracy, completeness, or fitness of AI outputs for any particular purpose. Do not rely solely on AI-generated content for critical business or legal decisions.

Anonymous, aggregated usage data may be used to improve the Platform.

10. Security and Privacy

Your use of the Platform is subject to our Privacy Policy at ciphrix.com/privacy-policy and, where applicable, our Data Processing Agreement at ciphrix.com/dpa. Platform availability commitments are set out in our Service Level Agreement at ciphrix.com/sla.

In the event of a confirmed data breach affecting your data, we will notify you in accordance with our obligations under the Privacy Act 1988 (Cth) and the Notifiable Data Breaches scheme.

11. Confidentiality

"Confidential Information" means non-public information disclosed by either party that is reasonably expected to be confidential given its nature or the circumstances of disclosure.

Each party agrees to keep the other's Confidential Information confidential, use it only to fulfil obligations under these Terms, and take reasonable precautions to prevent unauthorised disclosure.

Confidentiality obligations do not apply to information that is publicly available, was already known to the receiving party, or is required to be disclosed by law.

Upon request or termination, each party will destroy or return the other's Confidential Information and confirm in writing.

12. Intellectual Property

All rights, title, and interest in the Platform, its underlying technology, and all associated content remain exclusively with Ciphrix. Nothing in these Terms transfers any intellectual property rights to you.

You are granted a non-exclusive, non-transferable licence to access and use the Platform during your subscription for your internal business purposes only.

Customer data remains the property of the customer. Ciphrix is granted a limited licence to use customer data solely to provide the Platform.

13. Brand Usage

Unless you opt out in writing, Ciphrix may reference your name and logo in customer lists and marketing materials. To opt out, contact support@ciphrix.com.

14. Indemnity

You agree to indemnify Ciphrix against any claims, losses, or damages arising from: (a) your breach of these Terms; (b) your content infringing third-party rights; or (c) your misuse of the Platform.

15. Disclaimer and Limitation of Liability

To the extent permitted by law, all non-mandatory warranties are excluded and the Platform is provided "as is."

Ciphrix's total aggregate liability arising out of or in connection with these Terms shall not exceed the total subscription fees paid by you in the 12 months immediately preceding the event giving rise to the claim.

Neither party is liable for indirect, special, incidental, or consequential loss or damage, including loss of profit, revenue, goodwill, or data.

Nothing in these Terms limits liability for fraud, wilful misconduct, or any liability that cannot be excluded by law.

16. Termination

Either party may terminate by providing written notice. You may also terminate by not renewing your subscription or by closing your account.

Ciphrix may terminate or suspend access immediately for non-payment, breach of these Terms, misuse of the Platform, or where required by law.

On termination, your access to the Platform will cease. Fees paid are non-refundable except where Ciphrix terminates without cause.

Obligations relating to confidentiality, IP, indemnity, and liability survive termination.

17. Force Majeure

Neither party is liable for delays or failures caused by events beyond their reasonable control, including natural disasters, war, pandemics, or internet-wide disruptions. If such an event continues for more than 3 months, either party may terminate with 30 days' written notice.

18. Dispute Resolution

Disputes must be raised in writing. The parties will attempt to resolve disputes in good faith within 28 days. If unresolved, the dispute will be referred to mediation in Melbourne under the Australian Mediation Association rules. Costs of mediation are shared equally. Nothing in this clause restricts either party from seeking urgent injunctive relief.

19. General

These Terms are governed by the laws of Victoria, Australia. Any disputes shall be subject to the exclusive jurisdiction of the courts of Victoria.

Amendments to these Terms must be in writing. A waiver of any provision must be written and specific. If any provision is found invalid or unenforceable, the remaining provisions continue in full force. Neither party may assign these Terms without the other's prior written consent, except that Ciphrix may assign to an affiliate or in connection with a merger or acquisition.