Last updated: April 2026
These terms of service ("Terms") govern your use of the SecureGRC website (securegrc.io) and platform (app.securegrc.io), operated by SecureGRC Ltd ("SecureGRC", "we", "us", "our"), a company registered in England and Wales, operating from Eagle Labs Barclays, London.
By accessing our website or using our platform, you agree to these Terms. If you do not agree, please do not use our services.
SecureGRC provides AI compliance automation services, including AI model risk assessment, ML Bill of Materials generation, ISO 42001 compliance evaluation, and cryptographic evidence signing. Our services are available through our web platform (app.securegrc.io) and through managed assessment engagements.
We reserve the right to modify, suspend, or discontinue any part of the service at any time with reasonable notice.
SecureGRC operates on a metadata-only architecture. Our platform assesses AI models using publicly available metadata and information you provide. We never access, download, copy, or process your AI model weights, training datasets, proprietary algorithms, or production infrastructure.
You acknowledge that our assessments are based on metadata analysis and organisational questionnaire responses, and that results reflect the information available to us at the time of assessment.
To use the SecureGRC platform, you must create an account. You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. You must notify us immediately of any unauthorised access.
You must be at least 18 years old and have the authority to bind your organisation to these Terms if you are using the service on behalf of a company.
You agree not to:
All intellectual property in the SecureGRC platform, including the TCCE engine, ML-BOM schema, scoring methodology, control mappings, and user interface, belongs to SecureGRC Ltd. Our methodology is protected by a filed UK patent.
You retain ownership of all data you provide to us, including model metadata, organisational questionnaire responses, and any documentation you upload. We claim no ownership over your data.
Assessment reports, compliance scores, and remediation plans generated by the platform are licensed to you for your internal business use. You may share reports with your auditors, regulators, and customers. You may not resell or commercially redistribute our reports or methodology.
SecureGRC signs compliance artifacts with CRYSTALS-Dilithium digital signatures (NIST FIPS 204) and anchors them in SHA-3 Merkle trees (NIST FIPS 202). These signatures are designed to provide long-term evidence integrity.
You acknowledge that cryptographic signatures verify that artifacts have not been tampered with since signing. They do not constitute a legal guarantee of compliance, certification, or regulatory approval. Compliance with ISO 42001, the EU AI Act, or any other regulation ultimately depends on your organisation's actions and an accredited auditor's assessment.
SecureGRC assessments are intended to help you understand your AI compliance posture and identify gaps. Our assessments are not a substitute for professional legal advice, formal audit, or certification by an accredited body.
We make every effort to ensure our control mappings and threat assessments are accurate and aligned with published standards (ISO 42001, MITRE ATLAS, NIST AI RMF). However, standards evolve, and we cannot guarantee that our assessments will satisfy every auditor or regulatory authority in every jurisdiction.
We handle your data in accordance with our Privacy Policy. In summary: we collect only what we need, we never sell your data, and we protect it with encryption and access controls.
For platform users, assessment data (model metadata, compliance reports, evidence records) is stored in encrypted databases and retained for the duration of your service agreement. You may request data export or deletion at any time by contacting us.
We aim to maintain high availability of the SecureGRC platform but do not guarantee uninterrupted access. Planned maintenance will be communicated in advance where possible. We are not liable for temporary unavailability due to factors beyond our reasonable control.
Fees for SecureGRC services are set out in your service agreement or as displayed on the platform. All fees are quoted in GBP unless otherwise stated. Payment terms are 30 days from invoice unless otherwise agreed.
We reserve the right to change our pricing with 30 days' written notice. Price changes will not affect active service agreements until renewal.
To the maximum extent permitted by law, SecureGRC Ltd's total liability to you for any claims arising from or related to these Terms or your use of the service shall not exceed the total fees paid by you in the 12 months preceding the claim.
We are not liable for any indirect, incidental, consequential, or punitive damages, including loss of profits, data, or business opportunities, arising from your use of the platform or reliance on assessment results.
Nothing in these Terms excludes or limits our liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded by law.
You agree to indemnify and hold harmless SecureGRC Ltd, its officers, directors, and employees from any claims, losses, or damages (including legal fees) arising from your breach of these Terms, your misuse of the platform, or your misrepresentation of assessment results to third parties.
Either party may terminate the service agreement with 30 days' written notice. We may suspend or terminate your access immediately if you breach these Terms.
Upon termination, you may request an export of your assessment data within 30 days. After that period, we will delete your data in accordance with our Privacy Policy.
These Terms are governed by the laws of England and Wales. Any disputes arising from these Terms will be subject to the exclusive jurisdiction of the courts of England and Wales.
We may update these Terms from time to time. We will notify registered platform users of material changes by email. Your continued use of the service after changes are posted constitutes your acceptance of the updated Terms.
If you have questions about these Terms:
SecureGRC Ltd
Eagle Labs Barclays, London
Email: hello@securegrc.io