1. Acceptance of Terms
These Terms of Service ("Terms") govern your access to and use of CertAstra, operated by CertAstra ("we", "us", or "our"). By creating an account, accessing the platform, or using any of our services, you confirm that you have read, understood, and agree to be bound by these Terms.
If you are using CertAstra on behalf of an organization, you represent that you have the authority to bind that organization to these Terms, in which case "you" refers to both you and that organization.
2. Description of Service
CertAstra is a cloud-based compliance management platform that helps organizations prepare for certifications such as ISO 27001, SOC 2, GDPR, NIS2, and others. The platform provides tools for:
- Framework management and control tracking
- Evidence collection and review workflows
- Audit management and questionnaire distribution
- AI-assisted compliance gap analysis and recommendations
- Statement of Applicability generation
- Team collaboration and role-based access control
3. Account Security
You are responsible for maintaining the confidentiality of your account credentials. You agree to:
- Provide accurate and complete registration information
- Keep your password secure and not share it with others
- Notify us immediately of any unauthorized use of your account at hello@certastra.com
- Be responsible for all activity that occurs under your account
We reserve the right to disable any account if we believe it has been compromised or is being used in violation of these Terms.
4. Subscription and Payment
CertAstra offers subscription plans as described on our pricing page. By subscribing to a paid plan, you agree to pay the applicable fees. All fees are:
- Billed in advance on a monthly or annual basis
- Non-refundable except where required by applicable law
- Subject to change with 30 days' prior notice
- Charged via the payment method you provide at signup
Failure to pay may result in suspension or termination of your account. You may cancel your subscription at any time; cancellation takes effect at the end of the current billing period.
5. Acceptable Use
You agree not to use CertAstra to:
- Violate any applicable law or regulation
- Upload or transmit malicious code, viruses, or harmful content
- Attempt to gain unauthorized access to our systems or other users' accounts
- Reverse engineer, decompile, or disassemble any part of the platform
- Use the service to store or process data that infringes third-party rights
- Resell or sublicense access to the platform without our written consent
- Use automated means to scrape or extract data from the platform
We reserve the right to suspend or terminate accounts that violate these policies without prior notice.
6. Data and Privacy
Your use of CertAstra is also governed by our Privacy Policy, which is incorporated into these Terms by reference. You retain ownership of all data you upload to the platform ("Customer Data"). By using CertAstra, you grant us a limited license to process your Customer Data solely to provide the service.
We implement industry-standard security measures to protect your data. However, you are responsible for ensuring that your use of the platform complies with applicable data protection laws, including GDPR where applicable.
7. Intellectual Property
CertAstra and its content, features, and functionality are owned by us and protected by applicable intellectual property laws. You may not copy, modify, distribute, or create derivative works based on our platform without express written permission.
You retain all intellectual property rights to your Customer Data. We do not claim ownership of content you upload or create within the platform.
8. AI-Generated Content
CertAstra includes AI-powered features that generate compliance recommendations, risk assessments, and suggested control text. You acknowledge that:
- AI-generated content is provided for informational purposes only
- Such content does not constitute legal, compliance, or professional advice
- You are solely responsible for reviewing and validating AI-generated recommendations before acting on them
- We do not guarantee the accuracy, completeness, or suitability of AI outputs for any specific purpose
9. Service Availability
We strive to provide a reliable service but do not guarantee uninterrupted availability. We may perform scheduled or emergency maintenance that temporarily affects access. We reserve the right to modify, suspend, or discontinue any part of the service at any time with reasonable notice.
10. Limitation of Liability
To the maximum extent permitted by applicable law, CertAstra and its affiliates, officers, employees, and partners shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of or inability to use the service.
Our total aggregate liability to you for any claims arising under these Terms shall not exceed the amount you paid us in the twelve months preceding the claim.
11. Termination
Either party may terminate these Terms at any time. You may terminate by cancelling your subscription and ceasing use of the platform. We may terminate or suspend your access immediately if you violate these Terms or if required by law.
Upon termination, you may request an export of your Customer Data within 30 days, after which we may delete it in accordance with our data retention policy.
12. Governing Law
These Terms are governed by the laws of Finland, without regard to conflict of law principles. Any disputes shall be subject to the exclusive jurisdiction of the District Court of Helsinki (Helsingin käräjäoikeus).
If you are a consumer in the European Union, you may also be entitled to the protections of the mandatory consumer protection laws of your country of residence.
13. Changes to Terms
We may update these Terms from time to time. We will notify you by email or via an in-app notice at least 14 days before significant changes take effect. Continued use of the platform after changes become effective constitutes acceptance of the revised Terms.
14. Contact
If you have any questions about these Terms, please contact us at hello@certastra.com or visit certastra.com.