TERMS OF SERVICE

1. Agreement

These Terms of Service (“Terms”) constitute a legally binding agreement between you (“Customer,” “you”) and Atlant Security EOOD (“Venvera,” “we,” “us”), a company registered in Sofia, Bulgaria, governing your use of the Venvera platform at app.venvera.com and audit.venvera.com (the “Service”).

By creating an account or using the Service, you agree to these Terms. If you are entering into these Terms on behalf of an organisation, you represent that you have the authority to bind that organisation.

2. Service Description

Venvera is a multi-framework governance, risk, and compliance (GRC) platform. The Service includes:

• Compliance management across up to 10 regulatory frameworks
• Gap assessments, policy management, and compliance roadmaps
• Third-party risk management and vendor questionnaires
• AI-assisted compliance guidance (Virtual CISO)
• Board-level dashboards and reporting
• Audit management (audit.venvera.com)

The specific features available to you depend on your subscription plan.

3. Account Registration

Access to the Service requires authentication via Microsoft Entra ID (Azure AD) or Google Workspace single sign-on. You are responsible for:

• Maintaining the security of your SSO credentials
• All activity that occurs under your account
• Ensuring that only authorised personnel within your organisation access the Service
• Promptly notifying us of any unauthorised use

4. Subscription and Billing

4.1 Plans

The Service is offered in three tiers: Basic, Professional, and Enterprise. Plan details and pricing are published at venvera.com/pricing and may be updated from time to time with 30 days’ notice.

4.2 Billing cycle

Subscriptions are billed monthly or annually in advance. All fees are in Euros (€) and exclusive of applicable VAT.

4.3 Free trial

New accounts receive a 14-day free trial with full access to the selected plan’s features. No credit card is required. At the end of the trial, you must select a paid plan to continue using the Service. Your data is preserved for 30 days after trial expiry.

4.4 Upgrades and downgrades

You may change your plan at any time. Upgrades take effect immediately with prorated billing. Downgrades take effect at the end of the current billing period.

4.5 Cancellation

You may cancel your subscription at any time from Settings. Upon cancellation, your access continues until the end of the paid period. We will refund the unused portion of annual subscriptions on a prorated basis.

5. Your Data

5.1 Ownership

You retain all rights to the data you upload to or create within the Service (“Customer Data”). We do not claim ownership of your data.

5.2 Licence to us

You grant us a limited licence to host, process, and display your data solely for the purpose of providing the Service to you.

5.3 Data processing

We process Customer Data as a data processor under GDPR. A Data Processing Agreement (DPA) is available upon request and forms part of these Terms for customers subject to GDPR.

5.4 Data portability

You may export your data at any time in CSV, JSON, PDF, or DOCX format. Upon termination, we provide a 30-day window for data export before deletion.

5.5 Data location

All Customer Data is stored in the European Union (Sofia, Bulgaria). We do not transfer data outside the EEA.

6. Acceptable Use

You agree not to:

• Use the Service for any unlawful purpose
• Attempt to gain unauthorised access to the Service or its infrastructure
• Reverse-engineer, decompile, or disassemble any part of the Service
• Use automated tools to scrape, crawl, or extract data from the Service
• Share your account credentials or allow unauthorised users to access the Service
• Upload malicious code, viruses, or harmful content
• Use the Service in a way that could impair its performance or availability for others

7. AI Features

The Service includes AI-powered features (Virtual CISO, AI Policy Drafting) that use third-party language models (Anthropic Claude or OpenAI GPT, as configured by you). These features:

• Use your own API key, configured in your account settings
• Share only the compliance data you explicitly enable in your AI data-sharing preferences
• Provide guidance only — they do not constitute legal, regulatory, or professional advice
• Should be validated by qualified compliance professionals before acting on recommendations

8. Service Availability

We target 99.9% uptime for Professional and Enterprise plans, and 99.5% for Basic plans, measured monthly (excluding scheduled maintenance). Scheduled maintenance windows are communicated at least 48 hours in advance.

Enterprise customers receive SLA-backed uptime commitments with service credits for downtime exceeding the target. Details are specified in the Enterprise agreement.

9. Security

We implement industry-standard security measures including:

• AES-256-GCM encryption at rest with per-tenant keys
• TLS 1.3 encryption in transit
• PostgreSQL Row-Level Security for tenant isolation
• Automated encrypted backups every 6 hours
• Append-only audit logging of all data mutations
• Annual penetration testing

Security incidents are reported to affected customers within 72 hours of discovery, in compliance with GDPR Article 33.

10. Intellectual Property

The Service, including its software, design, documentation, and content (excluding Customer Data), is the intellectual property of Atlant Security EOOD and is protected by copyright, trademark, and other laws. Your subscription grants you a non-exclusive, non-transferable licence to use the Service for your internal business purposes.

11. Limitation of Liability

To the maximum extent permitted by law:

• The Service is provided “as is” without warranties of any kind, express or implied
• We are not liable for indirect, incidental, consequential, or punitive damages
• Our total liability is limited to the fees you paid in the 12 months preceding the claim
• We do not guarantee that the Service will ensure regulatory compliance — ultimate compliance responsibility rests with the Customer

12. Indemnification

You agree to indemnify and hold harmless Atlant Security EOOD, its officers, directors, and employees from any claims, damages, or expenses arising from your use of the Service in violation of these Terms or applicable law.

13. Termination

Either party may terminate the agreement by cancelling the subscription. We may suspend or terminate your access immediately if you:

• Violate these Terms
• Fail to pay fees within 14 days of the due date
• Use the Service in a way that poses a security risk

Upon termination, your data remains available for export for 30 days, after which it is permanently deleted.

14. Governing Law

These Terms are governed by the laws of Bulgaria. Any disputes arising from these Terms shall be submitted to the exclusive jurisdiction of the courts of Sofia, Bulgaria.

15. Changes to These Terms

We may modify these Terms with at least 30 days’ notice. Continued use of the Service after the effective date constitutes acceptance. Material changes will be communicated via email to the account administrator.

16. Contact