Terms of Service

• "Agreement" means these Terms together with any Order Form, Data Processing Agreement, and schedules.
• "Customer" means the entity or individual who subscribes to the Services and accepts these Terms.
• "Documentation" means any user guides, help content, or technical specifications made available by Trusted Path in connection with the Services.
• "Fees" means the subscription and any other charges payable by the Customer as specified in the Order Form.
• "Intellectual Property Rights" means patents, rights to inventions, copyright and related rights, trade marks, business names, domain names, rights in get-up, goodwill, rights in designs, database rights, rights to use confidential information, and all other intellectual property rights, whether registered or unregistered.
• "Order Form" means the subscription order, pilot agreement, or other written agreement between Trusted Path and the Customer specifying the tier, number of licences, fees, and contract term.
• "Platform" means the Trusted Path unified DevSecOps and SDLC maturity software application, including all features, modules, and updates.
• "Services" means access to and use of the Platform, together with any support services, as set out in the Order Form.
• "Trusted Path" means Trusted Path Ltd (company number 16189138), whose registered office is at 86-90 Paul Street, London, EC2A 4NE.
• "Users" means the Customer's employees, contractors, or agents authorised by the Customer to access the Services under the Customer's account.
• "Customer Data" means all data, content, and information submitted by the Customer or its Users to the Platform.

Grant of Licence

Subject to the Customer's compliance with these Terms and timely payment of all Fees, Trusted Path grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable licence to access and use the Platform during the subscription term solely for the Customer's internal business purposes and in accordance with the Documentation.

User Accounts

The Customer is responsible for creating and managing User accounts. Each User must have a unique set of credentials. The Customer must not share credentials between Users and must promptly deactivate access for any User who leaves the organisation or no longer requires access. The Customer is responsible for all activity under its account.

Licence Limits

The number of Users, projects, and any other usage parameters are as specified in the Order Form. The Customer must notify Trusted Path before exceeding these limits, and Trusted Path reserves the right to invoice additional Fees for excess usage in accordance with the pricing set out in the Order Form.

Availability and Service Level

Trusted Path shall use commercially reasonable efforts to make the Platform available with a monthly uptime target of 99.0%, measured across each calendar month ("Monthly Uptime Target"), excluding Permitted Downtime as defined below.

"Permitted Downtime" means: (a) scheduled maintenance communicated to the Customer at least 48 hours in advance; (b) emergency maintenance required to protect the security or integrity of the Platform; (c) downtime caused by events beyond Trusted Path's reasonable control, including failures of third-party infrastructure providers (including AWS); and (d) downtime attributable to the Customer's own acts or omissions.

Monthly Uptime Percentage is calculated as: ((Total minutes in the month − Unplanned Downtime minutes) / Total minutes in the month) × 100, where Unplanned Downtime excludes Permitted Downtime.

Service credits are the Customer's sole and exclusive remedy for unavailability of the Platform. Credits must be claimed within 30 days of the end of the affected month by written notice to Trusted Path and will be applied to the Customer's next invoice. Credits are not redeemable for cash. The total credits in any calendar month shall not exceed 30% of the monthly Fee for that month.

Permitted Use

The Customer may use the Services for its internal business purposes related to software development lifecycle maturity, security, privacy, and operational resilience activities, as described in the Documentation.

Restrictions

The Customer must not, and must ensure its Users do not:

1. Copy, modify, create derivative works of, or reverse-engineer any part of the Platform;
2. Sublicense, sell, resell, transfer, assign, or otherwise commercialise the Platform or Services;
3. Access the Platform for the purposes of building a competing product or service;
4. Use the Platform to process personal data in violation of applicable data protection law;
5. Upload any content that is unlawful, harmful, defamatory, or that infringes any third-party Intellectual Property Rights;
6. Introduce any malware, virus, or harmful code into the Platform;
7. Attempt to gain unauthorised access to any systems or data beyond the Customer's authorised scope; or
8. Remove or obscure any proprietary notices or branding within the Platform.

Trusted Path reserves the right to suspend access immediately and without notice if it reasonably believes a material restriction has been breached, pending investigation.

Fees

The Customer shall pay the Fees as specified in the Order Form. All Fees are quoted in pounds sterling (GBP) and are exclusive of VAT, which shall be payable in addition at the applicable rate.

Payment Terms

Invoices are payable within 30 days of the invoice date unless otherwise specified in the Order Form. Payment shall be made by bank transfer or via Stripe in accordance with Trusted Path's invoicing instructions. Trusted Path reserves the right to charge statutory interest on overdue amounts pursuant to the Late Payment of Commercial Debts (Interest) Act 1998 at 8% above the Bank of England base rate.

Subscription Renewal

Unless the Order Form specifies otherwise, subscriptions renew automatically at the end of each subscription term at the then-current list price. Trusted Path will provide at least 30 days' notice of any fee change before renewal. The Customer may elect not to renew by providing written notice at least 30 days before the renewal date.

Refunds

Fees paid are non-refundable except as expressly set out in these Terms or required by applicable law. Where Trusted Path terminates for convenience under Clause 11.3, a pro-rata refund of prepaid Fees for the unused portion of the subscription term shall be provided.

Pilot Agreements

Where the Order Form designates the engagement as a pilot or proof of concept, specific pricing, duration, and terms shall be as set out in that Order Form. Pilot engagements convert to a paid subscription on the terms stated in the Order Form unless either party provides written notice of non-renewal before the pilot end date.

Trusted Path IP

All Intellectual Property Rights in the Platform, Documentation, and Services (including any updates, enhancements, or modifications) are and shall remain the exclusive property of Trusted Path. These Terms do not grant the Customer any rights in or to the Platform beyond the limited licence set out in Clause 2.1. The Customer acknowledges that Trusted Path has filed provisional patent applications in respect of certain platform features and that all such rights vest solely in Trusted Path.

Customer Data

The Customer retains all rights in and to Customer Data. The Customer grants Trusted Path a limited, non-exclusive licence to store, process, and use Customer Data solely to the extent necessary to provide the Services. Trusted Path will not use Customer Data for any other purpose without the Customer's prior written consent.

Feedback

If the Customer or its Users provide feedback, suggestions, or ideas regarding the Platform ("Feedback"), the Customer grants Trusted Path a perpetual, irrevocable, worldwide, royalty-free licence to use and incorporate such Feedback into the Platform and Services without obligation or restriction. Trusted Path is not obligated to act on any Feedback.

Usage Data

Trusted Path may collect and analyse aggregated, anonymised data about how the Platform is used ("Usage Data"). Trusted Path may use Usage Data to improve the Platform and for internal business purposes, provided that Usage Data does not identify the Customer or any individual User.

Each party ("Receiving Party") may receive information from the other party ("Disclosing Party") that is identified as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure ("Confidential Information"). Customer Data constitutes the Customer's Confidential Information. The Platform, pricing, and Trusted Path's commercial terms constitute Trusted Path's Confidential Information.

Each Receiving Party agrees to:

1. Hold all Confidential Information of the Disclosing Party in strict confidence;
2. Not disclose Confidential Information to any third party without the Disclosing Party's prior written consent, except to its employees, contractors, and advisors who have a need to know and are subject to equivalent obligations of confidentiality; and
3. Use Confidential Information only for the purposes of performing its obligations or exercising its rights under this Agreement.

These obligations do not apply to information that: (a) is or becomes publicly available other than through breach of this Agreement; (b) was independently known to the Receiving Party without restriction before disclosure; or (c) is required to be disclosed by law, regulation, or court order, provided that the Receiving Party gives prompt prior written notice to the Disclosing Party where legally permissible.

Confidentiality obligations under this Clause shall survive termination of this Agreement for a period of three years.

Each party shall comply with its respective obligations under applicable data protection law, including the UK GDPR and the Data Protection Act 2018.

SaaS Deployments

To the extent that the Customer inputs personal data into the Platform in a SaaS deployment and Trusted Path processes that personal data on the Customer's behalf as data processor, such processing shall be governed by the Data Processing Agreement (DPA) between the parties, which forms part of this Agreement and must be executed before the Customer first accesses the Platform. The Customer represents and warrants that it has a valid lawful basis under UK GDPR Article 6 for any personal data it submits to the Platform.

The Customer is responsible as data controller for providing all required privacy notices under UK GDPR Articles 13 and 14 to its employees, contractors, and other individuals whose personal data the Customer enters into the Platform. Trusted Path bears no obligation to provide such notices on the Customer's behalf.

On-Premises Deployments

Where the Customer has elected an on-premises deployment under the Order Form and the Platform is operated entirely on infrastructure owned and controlled by the Customer, Trusted Path does not host, access, or process any Customer Data held within that on-premises instance. The Customer acts as both data controller and data processor for all such data and assumes sole responsibility for compliance with all applicable data protection law in respect of that data.

Trusted Path's collection and processing of personal data relating to the Customer's account and contact persons is governed by the Trusted Path Privacy Policy, regardless of deployment type.

Sub-Processor Changes

Trusted Path maintains a list of approved sub-processors used in the delivery of the Services. Trusted Path will notify the Customer of any intended addition or replacement of a sub-processor by email at least 30 days before the change takes effect. The Customer may object to a new sub-processor on reasonable grounds within 14 days of notification. If the parties cannot resolve the objection within a further 14 days, the Customer may terminate the affected Services on written notice without penalty, subject to payment of Fees accrued up to the termination date. The current sub-processor list is available upon written request to dpo@trustedpath.biz.

Audit Rights

The Customer may, upon at least 30 days' prior written notice and no more than once per calendar year, audit (or commission a suitably qualified independent third-party auditor to audit) Trusted Path's data processing activities and technical and organisational security measures, solely to verify compliance with Trusted Path's obligations under this Clause 7 and the Data Processing Agreement. Any such audit shall be conducted during normal business hours, in a manner that minimises disruption to Trusted Path's operations, and subject to the auditor entering into a confidentiality agreement on terms acceptable to Trusted Path. The Customer shall bear the costs of any such audit. Trusted Path may, in lieu of an on-site audit, provide the Customer with a summary of a relevant third-party audit report (such as an ISO 27001 certification or SOC 2 report) covering the same period, provided that such report reasonably addresses the Customer's audit objectives.

Trusted Path Warranties

Trusted Path warrants that:

1. The Platform will materially conform to the Documentation during the subscription term;
2. It will provide the Services with reasonable care and skill; and
3. It has the right to grant the licences in these Terms.

Customer Warranties

The Customer warrants that:

1. It has the authority to enter into this Agreement and to bind the organisation it represents;
2. It will comply with all applicable laws in connection with its use of the Services; and
3. It will not use the Services for any unlawful purpose.

Disclaimer

Except as expressly stated in these Terms, the Platform and Services are provided "as is" and Trusted Path makes no further representations or warranties, express or implied, including any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. Trusted Path does not warrant that the Platform will be error-free or that defects will be corrected within any particular timeframe.

Exclusion of Consequential Loss

To the maximum extent permitted by applicable law, neither party shall be liable to the other for any indirect, incidental, special, or consequential loss or damage, including loss of revenue, loss of profits, loss of anticipated savings, loss of business, loss of goodwill, or loss of data, arising out of or in connection with this Agreement, even if advised of the possibility of such losses.

Cap on Liability

Each party's total aggregate liability to the other under or in connection with this Agreement, whether arising in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total Fees paid or payable by the Customer under this Agreement in the 12 months preceding the event giving rise to the claim.

Exceptions

Nothing in these Terms limits or excludes either party's liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot be excluded or limited by applicable law; or (d) the Customer's obligation to pay Fees.

The Customer shall indemnify, defend, and hold harmless Trusted Path and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in connection with: (a) the Customer's breach of these Terms; (b) the Customer's use of the Services in violation of applicable law; or (c) any claim that Customer Data infringes a third party's Intellectual Property Rights or violates applicable data protection law.

Trusted Path shall promptly notify the Customer of any claim covered by this indemnity, provide reasonable cooperation at the Customer's expense, and allow the Customer to control the defence and settlement of the claim, provided that Trusted Path may participate in the defence at its own cost and that no settlement may impose any obligation or liability on Trusted Path without its prior written consent.

Term

This Agreement commences on the date the Customer first accesses the Services or executes an Order Form (whichever is earlier) and continues for the subscription term specified in the Order Form, unless terminated earlier in accordance with this Clause 11.

Termination for Cause

Either party may terminate this Agreement with immediate effect by written notice if the other party:

1. Materially breaches this Agreement and, where the breach is capable of remedy, fails to remedy it within 30 days of receiving written notice specifying the breach; or
2. Becomes insolvent, enters administration, receivership, or liquidation, or makes an arrangement with its creditors.

Termination for Convenience

Trusted Path may terminate this Agreement for convenience by providing 90 days' written notice to the Customer. In such case, Trusted Path shall provide a pro-rata refund of any prepaid Fees for the unused portion of the subscription term.

Effect of Termination

Upon termination for any reason:

1. All licences granted to the Customer under this Agreement shall immediately terminate;
2. The Customer must cease all use of the Platform and destroy or return any Confidential Information of Trusted Path in its possession;
3. Trusted Path shall, within 30 days of the termination date, securely delete or permanently anonymise all Customer Data held within the Platform, unless the Customer has submitted a written request for return of Customer Data within that 30-day period, in which case Trusted Path shall provide an export of Customer Data in a standard machine-readable format before deletion, or unless Trusted Path is required to retain specific data by applicable law; and
4. All accrued payment obligations shall survive termination.

Clauses 5, 6, 7, 9, 10, and 12 shall survive termination of this Agreement.

Dispute Resolution

Before either party commences formal legal proceedings (other than for urgent injunctive or other equitable relief), the parties shall attempt to resolve any dispute arising out of or in connection with this Agreement through good faith negotiation. Senior representatives of each party with authority to settle the dispute shall meet within 15 business days of a written notice identifying the dispute. If the dispute is not resolved within 30 business days of the initial notice, either party may proceed to formal legal proceedings.

Governing Law and Jurisdiction

This Agreement and any dispute or claim arising out of or in connection with it (including non-contractual disputes) shall be governed by and construed in accordance with the law of England and Wales. The parties submit to the exclusive jurisdiction of the courts of England and Wales.

Entire Agreement

This Agreement, together with the Order Form, Data Processing Agreement, and Privacy Policy, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements, representations, and understandings.

Amendments

Trusted Path may update these Terms from time to time. Material changes will be notified to the Customer by email at least 30 days before they take effect. Continued use of the Services after the effective date of the updated Terms constitutes acceptance.

Assignment

The Customer may not assign or transfer any rights or obligations under this Agreement without Trusted Path's prior written consent. Trusted Path may assign this Agreement to an acquirer of its business or substantially all its assets, provided the acquirer assumes all obligations herein.

Force Majeure

Neither party shall be in breach of this Agreement to the extent that performance of its obligations is prevented by circumstances beyond its reasonable control, including natural disasters, acts of government, war, civil unrest, or failure of third-party infrastructure outside its reasonable control.

Waiver and Severability

Failure by either party to exercise any right under this Agreement shall not constitute a waiver of that right. If any provision is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

Notices

Notices under this Agreement shall be in writing and sent by email. Notices to Trusted Path shall be sent to info@trustedpath.biz with a copy to cto@trustedpath.biz. Notices to the Customer shall be sent to the email address provided in the Order Form or account registration.

Third Parties

This Agreement does not confer any rights on any third party under the Contracts (Rights of Third Parties) Act 1999.