SIMPLERISK TERMS OF SERVICE

Effective Date: September 23, 2025
Version: 1.0

These Terms of Service ("Terms") govern the purchase and use of SimpleRisk products and services. By purchasing, accessing, or using any SimpleRisk products or services, Customer agrees to be bound by these Terms.

1. DEFINITIONS

"SimpleRisk Service" means SimpleRisk's governance, risk management and compliance software platform, including all associated software, extras, modules, and related services.
"Customer" means the individual or entity purchasing or using SimpleRisk products or services.
"On-Premise Deployment" means installation and use of the SimpleRisk Service software on Customer's own infrastructure.
"Hosted Deployment" means SimpleRisk's provision of the SimpleRisk Service via cloud infrastructure managed by SimpleRisk.
"Extras" means additional functionality modules available for the SimpleRisk Service, including Standard Extras, Premium Extras, and Deployment-Specific Options.
"Order" means any quote, invoice, purchase order, or other ordering document that references these Terms and specifies SimpleRisk products or services being purchased.

2. LICENSE GRANT AND SERVICE PROVISION

2.1 License Grant (All Deployments)

Subject to these Terms and payment of applicable fees, SimpleRisk grants Customer a non-exclusive, non-transferable license during the applicable term to:

  • Access and use the SimpleRisk Service in accordance with these Terms
  • Use the Extras specified in the applicable Order
  • Allow unlimited users and risks (unless otherwise specified)

2.2 On-Premise Deployment Additional Rights

For On-Premise Deployments, the license additionally includes the right to:

  • Install and operate the SimpleRisk Service software on Customer's infrastructure
  • Create backups of the software and associated data
  • Install on a development server as specified in the Order (if applicable)

2.3 Hosted Deployment Service Provision

For Hosted Deployments, SimpleRisk will:

  • Provision and maintain all service infrastructure (including servers and databases)
  • Configure domain name and CA-signed SSL certificates
  • Provide ongoing system upgrades and maintenance
  • Implement security controls and backup procedures
  • Provide basic availability monitoring

3. SUPPORT AND MAINTENANCE

3.1 Included Support

All SimpleRisk Service licenses include SimpleRisk Silver Support:

  • Email support
  • Web-based support portal access
  • Scheduled phone support
  • Monday through Friday, 8 AM to 5 PM Central Time US (excluding holidays)
  • One (1) business day standard response time
  • Four (4) business hour response time for Severity 1/System Down issues

3.2 System Updates

  • On-Premise: SimpleRisk provides software updates and the Customer is responsible for installation
  • Hosted: SimpleRisk is responsible for all software and system updates

3.3 Quarterly Expert Sessions

All licenses include quarterly one-on-one Q&A sessions with a SimpleRisk GRC Subject Matter Expert to discuss GRC program strategy and implementation.

4. SERVICE AVAILABILITY AND DISASTER RECOVERY

4.1 Applicability

Section 4 applies only to Hosted (SaaS) deployments of the SimpleRisk Service and does not apply to On-Premise installations.

4.2 Uptime Commitment

We aim to provide 99.9% uptime for your Customer instance, as measured by SimpleRisk’s AWS health checks. However, we cannot guarantee uninterrupted service and are not responsible for downtime due to factors outside our control.

4.3 Recovery Point Objective (RPO)

In the unlikely event of a data loss, the maximum amount of data that could be lost is twenty-three hours and fifty-nine minutes. This assumes the system goes down at 11:59 PM and the previous backup occurred at midnight the day before.

4.4 Recovery Time Objective (RTO)

Each Customer instance operates with built-in redundancy. In the event of user-related database errors, a simple database rollback can typically be completed within one hour during regular business hours. Disaster recovery procedures do not cover issues outside this scope.

4.5 Maintenance and Interruptions

Scheduled maintenance and unforeseen service interruptions may occur. We will make reasonable efforts to notify Customers of planned downtime and minimize disruption.

5. CUSTOMER RESPONSIBILITIES

5.1 General Responsibilities

Customer is solely responsible for:

  • Performing all activities, decisions and actions associated with using the SimpleRisk Service, including the implementation, management and maintenance of any governance, risk and compliance processes, controls or assessments
  • Ensuring proper use of the SimpleRisk Service in accordance with these Terms
  • Maintaining confidentiality of login credentials and access controls

5.2 Data and Content Restrictions

Customer shall not place Protected Health Information (PHI), Personally Identifiable Information (PII), or other regulated data into SimpleRisk Hosted instances without prior written agreement from SimpleRisk.

6. RESTRICTIONS

Customer shall not:

  • Copy, reproduce, modify, or create derivative works of the SimpleRisk Service or associated software
  • Sell, rent, loan, license, sublicense, distribute, assign, or transfer the SimpleRisk Service
  • Reverse engineer, decompile, or disassemble the SimpleRisk Service or attempt to access source code
  • Allow any third party to perform any of the foregoing activities
  • Use the SimpleRisk Service in any manner that violates applicable laws or regulations

7. INTELLECTUAL PROPERTY

7.1 SimpleRisk Ownership

SimpleRisk owns and retains all right, title, and interest (including all intellectual property rights) in and to the SimpleRisk Service, associated software, documentation, and any modifications or improvements thereof.

7.2 Customer Data Ownership

Customer owns and retains all right, title, and interest in and to the data stored within their SimpleRisk Service instance.

7.3 Reservation of Rights

Each party reserves all rights not expressly granted in these Terms. No licenses are granted by implication, estoppel, or otherwise.

8. CONFIDENTIALITY

8.1 Definition of Confidential Information

Each party acknowledges that it will obtain access to confidential and proprietary information of the other party, including information related to business, products, services, software, and technology. Confidential Information includes information that is:

  • Clearly marked as confidential
  • Disclosed orally with notice of confidential status
  • Reasonably understood to be confidential and proprietary

Exceptions include information that: (a) is publicly available through no breach by receiving party; (b) was known by receiving party prior to disclosure; (c) is rightfully received from a third party without restriction; or (d) is independently developed without use of disclosing party's Confidential Information.

8.2 Use and Protection

Neither party shall disclose the other party's Confidential Information or use it for any purpose other than performing obligations under these Terms. Each party shall protect the other's Confidential Information using the same measures used for its own confidential information of like importance, but no less than reasonable care.

8.3 Aggregate Data

SimpleRisk reserves the right to use and disclose reports and data in aggregate format where individual customer data cannot be identified or derived.

9. FINANCIAL TERMS

9.1 Fees and Payment

  • Fees as specified in applicable Orders are due within thirty (30) days of invoice date
  • All payments in U.S. dollars
  • Late payment fee of 1.0% per month (or maximum allowed by law) on undisputed overdue amounts
  • For Hosted Deployments: SimpleRisk may suspend service upon 15+ days delinquency after written notice

9.2 Taxes

Customer is responsible for all taxes imposed on payments to SimpleRisk, except taxes on SimpleRisk's net income.

9.3 Renewals

  • Subscription terms and renewal options as specified in applicable Orders
  • Renewal pricing subject to SimpleRisk's then-current rates unless otherwise agreed
  • SimpleRisk will provide renewal notice prior to term expiration

10. TERM AND TERMINATION

10.1 Term

These Terms begin when Customer first purchases SimpleRisk products or services and continue for the term specified in the applicable Order.

10.2 Termination for Cause

Either party may terminate upon written notice if the other party fails to cure a material breach within fifteen (15) days of written notice. 

10.3 Termination for Convenience

The Customer may terminate at any time upon written notice, however, termination does not entitle Customer to a refund of any fees already paid or payable. 

10.4 Effect of Termination

Upon termination:

  • All licenses and access rights immediately cease
  • Customer must cease use and return or destroy Confidential Information
  • SimpleRisk will destroy Customer confidential data, however, we may retain a copy of Customer data as part of our backup systems for a limited period, in accordance with our data retention policies and legal obligations
  • Sections 6, 7, 8, 11, 12, 13, and 14 survive termination

11. WARRANTIES AND DISCLAIMERS

11.1 Disclaimer

SIMPLERISK PROVIDES THE SIMPLERISK SERVICE "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. SIMPLERISK SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, RELIABILITY, AND USEFULNESS.

11.2 Indemnification

SimpleRisk shall defend and indemnify Customer against third-party claims that the SimpleRisk Service infringes upon patents, copyrights, or trademarks when used in accordance with these Terms, subject to:

  • Prompt notice of claims
  • Customer cooperation in defense
  • SimpleRisk control over defense and settlement
  • Settlement fully releases Customer and is monetary only

Exclusions include claims arising from: Customer modifications, combinations with third-party products, continued use after modification to avoid infringement, use outside Terms scope, or Customer misconduct.

SimpleRisk may elect to: (a) secure continued use rights; (b) replace with non-infringing equivalent; (c) modify to avoid infringement; or (d) terminate and refund prepaid fees pro rata.

12. LIMITATION OF LIABILITY

EXCEPT FOR WILLFUL MISCONDUCT OR BREACH OF CONFIDENTIALITY OBLIGATIONS, NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, LOST PROFITS, OR COSTS OF SUBSTITUTE SERVICES, REGARDLESS OF CAUSE OF ACTION OR THEORY OF LIABILITY.

SIMPLERISK'S TOTAL LIABILITY FOR ANY CAUSE SHALL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO SIMPLERISK DURING THE THIRTY-SIX (36) MONTH PERIOD PRECEDING THE CAUSE OF ACTION.

13. EXPORT CONTROL

SimpleRisk's obligations are subject to all applicable U.S. and foreign export/import laws and regulations. Customer shall not export or re-export the SimpleRisk Service except in full compliance with all applicable laws.

14. GENERAL PROVISIONS

14.1 Governing Law

These Terms shall be governed by Texas law, without reference to conflict of laws principles.

14.2 Assignment

Customer may not assign these Terms without SimpleRisk's prior written consent (not unreasonably withheld), except to affiliates. SimpleRisk may assign to successors in connection with merger, acquisition, or asset sale.

14.3 Force Majeure

Neither party shall be liable for delays or failures in performance due to causes beyond reasonable control, provided prompt written notice is given and the delay does not exceed thirty (30) days.

14.4 Independent Contractors

The parties are independent contractors. No joint venture, partnership, or agency relationship is created.

14.5 Entire Agreement

These Terms, together with applicable Orders, constitute the entire agreement and supersede all prior understandings. SimpleRisk may update these Terms by providing thirty (30) days written notice to Customer.

14.6 Severability

If any provision is deemed invalid or unenforceable, the remaining provisions shall remain in full force and effect.

14.7 Contact Information

For questions about these Terms, contact SimpleRisk at:

Email: legal@simplerisk.com