These Terms are the agreement between you and Compliance One for use of our website and platform. We've written them to be readable rather than intimidating — but they are still the binding rules, so it's worth a look. By using the service, you agree to them.
To keep things clear: the service means the Compliance One website and platform. You (or the customer) means the organisation or person using it. Customer content means the data you upload — your evidence, documents, and records. An order means the plan or agreement under which you subscribe.
Compliance One is a multi-framework governance, risk, and compliance platform. It helps you manage ISO 27001, SOC 2, ISO 42001, HIPAA, PCI DSS, and NIS2 from a single control set. We're always improving it, so features may change over time — but we won't materially reduce the core functionality of a paid plan during its term without letting you know.
You're responsible for your account and everything that happens under it, so keep credentials secure and enable the protections we offer (like multi-factor authentication). Give us accurate details and keep them current. If you spot unauthorised use of your account, tell us promptly so we can help.
Use the service for its intended purpose and don't do things that would obviously spoil it for everyone. Specifically, don't:
You own your customer content. We don't claim it, sell it, or use it to train AI models. You simply grant us the limited permission we need to host, process, and secure it in order to provide the service. We handle it as described in our Privacy Policy and, for personal data, our Data Processing Addendum.
We own the platform itself — the software, design, and content we create (except your customer content and any open-source components under their own licences). These Terms don't transfer that ownership to you; they give you the right to use the service while your subscription is active.
Paid plans are billed as set out in your order. Our pricing is based on the frameworks you run, not per-seat, so your bill doesn't balloon as your team grows. Fees are non-refundable except where the law requires otherwise or your order says so, and we'll give you notice before any renewal price change so there are no surprises.
We take our own security seriously. Our programme is built to comply with all six frameworks we support, we host on AWS with a choice of three data regions (EU, US, and Asia-Pacific), and we isolate each organisation's data. The specifics live in our Privacy Policy and DPA, and enterprise customers can request our current security documentation.
The service connects to other tools you choose — for example your cloud provider or identity system — to collect evidence. Those integrations are governed by the third party's own terms, and we're not responsible for their services. We only access what you authorise, and only to do the job you asked us to.
We work hard to keep the service reliable, accurate, and available. But the service supports your compliance programme — it doesn't itself guarantee that you'll pass an audit or satisfy a regulator; that depends on the work you do with it. To the extent the law allows, the service is provided as is, and our liability is limited as set out in your agreement with us. Nothing here limits liability that can't legally be limited.
You can stop using the service at any time. We may suspend or end access if these Terms are seriously breached — but we'll act reasonably and, where appropriate, give you a chance to fix the problem first. When your subscription ends, you'll have a reasonable window to export your data before we delete it, as described in the DPA.
If we update these Terms, we'll change the date above and, for material changes, give reasonable notice rather than editing quietly. Continuing to use the service after a change means you accept the updated Terms.
For enterprise customers, the governing law and dispute-resolution venue are set out in your order form or master agreement, which take precedence over this section. Otherwise, these Terms are governed by the applicable law of the jurisdiction in which Compliance One operates, applied in good faith.
If anything here is unclear, we'd genuinely rather you ask than guess. Email hello@complianceonecloud.com.