Privacy Policy & Terms of Use

This document sets forth the Terms of Use and Privacy Policy for the CSFaaS platform. By accessing or using the Service, you agree to be bound by these policies.

Effective Date: Effective Date: [Insert Date]

Last Updated: Last Updated: [Insert Date]

Part I – Terms of Use

This document sets forth the Terms of Use (the “Terms”) and Privacy Policy (the “Privacy Policy”) for use of the CSFaaS platform (the “Service”). By registering for an account or otherwise accessing or using the CSFaaS platform (whether by a natural person or an entity), you (the “User”) agree to be bound by these Terms and the Privacy Policy. If you do not agree with any of these terms, you must immediately discontinue use of the Service.

### 1. Acceptance of Terms By creating an account, accessing, or using the CSFaaS Service, you acknowledge that you have read, understood, and agree to be bound by these Terms and all policies referenced herein. Your continued use of the Service confirms your consent to be legally bound by these Terms. If you do not agree, please do not register or use the Service.

### 2. Definitions

  • **"CSFaaS" or "we" or "us"** refers to the provider of the cybersecurity risk and management platform.
  • **"User" or "you"** refers to any individual or organization that registers for or uses the Service.
  • **"Data"** includes all personal, sensitive, and corporate information that you upload or generate while using the Service.
  • **"Service"** means the CSFaaS platform and any related support, tools, and functionalities provided by CSFaaS.

### 3. Scope of Services CSFaaS is a cloud-based cybersecurity risk and management platform that assists organizations in identifying, assessing, and managing cybersecurity risks, as well as monitoring compliance and security posture. The Service may evolve over time, and we reserve the right to modify, suspend, or discontinue features provided that such modifications do not materially diminish the overall quality of the Service.

### 4. Registration and Account Security

  • **Account Registration:** To access the Service, you must create an account and provide accurate and complete information. You are responsible for maintaining the confidentiality of your account credentials.
  • **Security Obligations:** You agree to immediately notify CSFaaS of any unauthorized use of your account or any other breach of security. You are responsible for all activities that occur under your account.

### 5. Service Availability and Uptime Commitment CSFaaS is committed to maintaining high availability. We strive to provide at least a **99% uptime** on a monthly basis, excluding scheduled maintenance and events beyond our control (e.g., internet outages, force majeure). While we endeavor to minimize downtime, we do not guarantee 100% availability.

### 6. Data Handling and Security Measures All customer data is processed in accordance with our Privacy Policy (see Part II below). Key points include:

  • **European Data Hosting:** Customer data is hosted exclusively within Europe using secure data centers.
  • **Encryption:** Data is protected by **encryption in transit** (e.g., HTTPS/TLS) and encryption at rest.
  • **Backups:** We perform regular data backups, which are retained for one (1) year. These backups ensure that your data can be restored in the event of accidental loss or system failure.
  • **No Third-Party Sharing:** CSFaaS does not share any customer data with third parties except as necessary to provide the Service or as required by law.

### 7. Disclaimers of Warranties The Service is provided on an **“as is” and “as available”** basis. CSFaaS disclaims all warranties, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Service will detect or prevent all cybersecurity threats or that use of the Service will result in any specific outcome. You acknowledge that cybersecurity risk management is a shared responsibility.

### 8. Limitation of Liability To the maximum extent permitted by law:

  • **Exclusion of Damages:** CSFaaS and its affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages (including loss of profits, revenue, business opportunity, data, or business interruption), even if advised of the possibility of such damages.
  • **Cap on Liability:** CSFaaS’s cumulative liability for any claims related to your use of the Service is limited to the fees paid by you in the twelve (12) months immediately preceding the claim.
  • **Force Majeure:** CSFaaS is not liable for delays or failures to perform due to causes beyond our reasonable control.

### 9. Indemnification You agree to indemnify, defend, and hold harmless CSFaaS, its affiliates, officers, and employees from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys’ fees) arising out of or in any way connected with your use of the Service, your violation of these Terms, or any applicable laws.

### 10. Termination

  • **Termination by User:** You may terminate your account at any time. Upon termination, you will lose access to the Service, and CSFaaS may delete your data as described in the Privacy Policy.
  • **Termination by CSFaaS:** We reserve the right to suspend or terminate your access to the Service, with or without notice, for conduct that we believe violates these Terms or for any other reason.
  • **Surviving Provisions:** Sections concerning liability, indemnification, intellectual property, and any other provision that by its nature should survive termination will remain in effect.

### 11. Modifications to the Terms CSFaaS may update these Terms from time to time. When material changes are made, we will notify you via email or through the platform. Your continued use of the Service after such changes constitutes your acceptance of the revised Terms. If you disagree with the modifications, you must stop using the Service.

### 12. Intellectual Property Rights All content, trademarks, service marks, and proprietary rights on the CSFaaS platform are owned by or licensed to CSFaaS. You are granted a limited, non-exclusive, non-transferable license to access and use the Service solely for your internal business purposes, subject to these Terms.

### 13. Governing Law and Jurisdiction These Terms shall be governed by and construed in accordance with the laws of **Malta**. Any disputes arising from or related to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of Malta.

Part II – Privacy Policy

### 1. Introduction CSFaaS is committed to safeguarding the privacy and security of all data processed through our Service. This Privacy Policy describes how we collect, use, store, protect, and share (or, in this case, do not share) your data. By using the Service, you consent to the practices described in this Policy.

### 2. Data Collection We may collect various types of data, including:

  • **Account Information:** Such as name, email address, business contact details, and login credentials provided during registration.
  • **Usage Data:** Information generated through your interaction with the platform (e.g., configuration settings, audit logs, risk assessment data).
  • **Sensitive Data:** Personal, sensitive, and corporate data you provide when using the Service for cybersecurity risk management.
  • **Technical Data:** Data automatically collected from your device or browser (e.g., IP address, browser type, operating system).

### 3. Purpose of Data Processing We process data for legitimate business purposes, including:

  • Delivering and improving the Service.
  • Facilitating cybersecurity risk management and compliance reporting.
  • Communicating with you regarding your account and the Service.
  • Enhancing the platform’s performance and security.
  • Complying with legal and regulatory obligations.

### 4. Data Hosting and Geographic Restrictions All customer data is **hosted exclusively within Europe**. We utilize secure European data centers and ensure that data is processed in accordance with the high privacy standards of the European Union. Data will not be transferred outside of these approved regions except as required by law and with appropriate safeguards.

### 5. Security Measures We implement multiple layers of security to protect your data, including:

  • **Encryption in Transit:** All data exchanged between your device and our Service is secured using encryption protocols (e.g., HTTPS/TLS).
  • **Encryption at Rest:** Data stored on our servers is encrypted to prevent unauthorized access.
  • **Access Controls:** Strict role-based access and multi-factor authentication are employed to ensure that only authorized personnel can access sensitive data.
  • **Regular Backups:** We perform regular, encrypted backups of all data. **Backups are retained for one (1) year** to facilitate disaster recovery and business continuity.
  • **Monitoring and Auditing:** Continuous security monitoring, periodic assessments, and audits are conducted to ensure compliance with our security standards.

### 6. Data Retention and Deletion

  • **Retention Period:** Personal and corporate data is retained for as long as necessary to provide the Service and meet our legal obligations. Backup archives are kept for one year.
  • **Deletion Requests:** Users may request the deletion of specific data. Upon receiving such a request, CSFaaS will delete the specified data from active systems and ensure that it is not used further. Note that data present in backup archives will be automatically purged at the end of the one-year retention period unless otherwise requested.
  • **Account Termination:** Upon termination of your account, data will be deleted or anonymized in accordance with applicable legal requirements.

### 7. User Rights and Data Access You have certain rights regarding your data, including:

  • **Right of Access:** You may request details about the personal data we hold and obtain a copy of it.
  • **Right of Rectification:** You may request corrections to any inaccurate or incomplete data.
  • **Right to Erasure:** You may request the deletion of your personal data, subject to applicable legal obligations.
  • **Right to Restrict Processing:** You may request that we limit the processing of your data under certain circumstances.
  • **Right to Data Portability:** Where applicable, you may request that your data be provided in a structured, commonly used format.
  • **Right to Object:** You may object to our processing of your data on legitimate grounds.

### 8. Data Sharing and Disclosure CSFaaS does not sell, rent, or otherwise share your data with any third parties for marketing or unrelated purposes. We will only disclose your data:

  • **To Service Providers:** We may share data with trusted third-party vendors solely for the purpose of providing and supporting the Service. All such vendors are contractually obligated to protect your data and use it only as directed by CSFaaS.
  • **As Required by Law:** We may disclose data to comply with legal obligations, such as court orders or government requests.
  • **In Connection with Business Transfers:** If CSFaaS undergoes a merger, acquisition, or sale of assets, your data may be transferred to the new owner, subject to confidentiality agreements.
  • **To Protect Our Rights:** In rare cases, we may disclose data if necessary to protect the rights, property, or safety of CSFaaS or its users.

### 9. Incident Response and Breach Notification CSFaaS maintains a robust incident response plan. In the event of a security breach:

  • **Immediate Action:** We will promptly contain and investigate the breach.
  • **Customer Notification:** Affected users will be notified without undue delay, including details of the incident, data affected, and the steps taken to mitigate the breach.
  • **Regulatory Reporting:** We will comply with any legal requirements for notifying supervisory authorities.
  • **Post-Incident Support:** We will provide assistance to affected users and take corrective measures to prevent future incidents.

### 10. Ongoing Security and Compliance Efforts CSFaaS is committed to continuous improvement in our security posture. We are actively working to achieve **ISO/IEC 27001 compliance**, a globally recognized standard for information security management. Our ongoing efforts include regular risk assessments, internal audits, and enhancements to our policies and technical controls. While we do not disclose specific technical details of our security architecture, please be assured that we adhere to best practices and continuously update our systems to protect your data.

### 11. Liability and Disclaimers

  • **No Third-Party Liability:** CSFaaS is not responsible for any unauthorized access to data that occurs as a result of factors outside of our control.
  • **Limited Liability:** In no event shall CSFaaS be liable for any indirect, incidental, or consequential damages related to your use of the Service.
  • **Risk Acknowledgment:** You acknowledge that, despite our robust security measures, no system is completely impervious to security breaches. You agree that CSFaaS’s liability, if any, shall be limited as described in the Terms of Use.

### 12. Updates to the Privacy Policy We reserve the right to modify this Privacy Policy at any time. If material changes are made, we will notify you by posting the updated version on our website and, if appropriate, via email. Your continued use of the Service constitutes your acceptance of the revised Privacy Policy.

### 13. Contact Information For any questions, concerns, or requests related to this Privacy Policy or the processing of your data, please contact our Data Protection Team: **CSFaaS Data Protection Team** Email: **privacy@csfaas.example** Address: [Insert Company Address], Malta

Please review these policies carefully. Your continued use of the CSFaaS platform indicates your agreement with these terms and policies.

Table of Contents

Transform Your Business. Take Action Now!

Curious about how our solution fits your needs? Request a personalized demo, and our experts will guide you through the features and benefits.