Terms of Service

By accessing or using any Vigil LLC ("Vigil", "we", "us") products, services, and platform (collectively, the "Services"), you ("Customer", "you") agree to be bound by these Terms of Service ("Terms"). These Terms form a binding legal agreement between you and Vigil LLC, a limited liability company registered in the State of Georgia, USA. If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity. If you do not have such authority, or if you do not agree to these Terms, you may not access or use the Services. These Terms are effective as of the date you first access or use the Services.

Vigil offers a suite of cloud-based GRC (Governance, Risk & Compliance) software products, which may include PostureIQ, RiskCommand, Clio, ComplianceGuard, Vigil VRM, and Compass (collectively, the "Platform"). The specific features, modules, and products available to you depend on your subscription plan. Vigil reserves the right to modify, update, or discontinue any feature or product at any time with reasonable notice. We will provide at least 30 days' advance notice of any material change that materially diminishes functionality.

Subscription Plans — Access to the Services requires an active paid subscription, except during any free trial period expressly offered by Vigil. Billing — Subscriptions are billed monthly or annually in advance, as selected at the time of purchase. All fees are stated in U.S. dollars unless otherwise agreed in writing. Renewals — Subscriptions auto-renew at the then-current rate unless cancelled in writing at least 30 days prior to the renewal date. Non-Refundable — All fees paid are non-refundable except where required by applicable law, or where mutually agreed by the parties in a written order form. Taxes — You are responsible for paying all applicable taxes, levies, or duties imposed by taxing authorities. We will add applicable taxes to your invoice where required. Late Payment — Invoices unpaid 30 days after the due date may incur a 1.5% monthly late fee, and we may suspend access to the Services until payment is received.

Subject to your compliance with these Terms and timely payment of all fees, Vigil grants you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services solely for your internal business purposes during the subscription term. You may not: (a) copy, modify, or create derivative works of the Services; (b) reverse-engineer, decompile, or disassemble the Services; (c) sell, resell, sublicense, or otherwise commercialize the Services; (d) use the Services to build a competing product; or (e) use the Services to process data on behalf of third parties in a manner that constitutes a managed-service offering without a separate written agreement with Vigil.

You agree to use the Services only for lawful purposes. You must not: • Upload or transmit any content that is unlawful, harmful, offensive, or violates any third-party rights • Attempt to gain unauthorized access to any portion of the Services or related systems • Introduce any virus, malware, worm, or other malicious code • Use the Services in a manner that causes excessive load on our infrastructure • Circumvent any security controls or access restrictions • Use the Services to store, process, or transmit sensitive personal health information (PHI) defined under HIPAA unless you have entered into a Business Associate Agreement with Vigil Vigil reserves the right to investigate any suspected violation of this policy and to suspend or terminate access to the Services upon confirmation of a violation, without liability to you.

Ownership — You retain all right, title, and interest in and to the data you or your users submit to the Services ("Customer Data"). Vigil claims no ownership of Customer Data. Processing — Vigil processes Customer Data solely to provide and improve the Services on your behalf. Our Data Processing Agreement (DPA), which is incorporated by reference into these Terms, governs how we process personal data. The DPA is available at vigilgrc.com/legal/dpa or upon request. Security — Vigil implements appropriate technical and organizational measures to protect Customer Data. See our Security page and Trust Center for details. Deletion — Upon termination of your subscription, Vigil will make Customer Data available for export for 90 days, after which it will be permanently deleted, except as required by law.

Each party may have access to confidential information of the other party ("Confidential Information"), including business plans, technical specifications, pricing, and Customer Data. Each party agrees to: (a) hold such Confidential Information in strict confidence; (b) use it only to fulfill obligations under these Terms; and (c) not disclose it to any third party without the other party's prior written consent, except as required by law. This obligation survives termination of these Terms for a period of three (3) years.

Vigil IP — Vigil and its licensors own all right, title, and interest in the Services, including all software, algorithms, models, documentation, trademarks, and other intellectual property. These Terms do not convey any ownership rights to you. Feedback — If you provide suggestions, ideas, or feedback about the Services ("Feedback"), you grant Vigil a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate such Feedback without restriction or obligation to you.

Vigil warrants that: (a) the Services will operate materially as described in our documentation; and (b) Vigil will use industry-standard measures to protect Customer Data. EXCEPT AS EXPRESSLY SET FORTH ABOVE, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND. VIGIL DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. VIGIL DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW: (a) NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, GOODWILL, DATA, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (b) VIGIL'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY YOU TO VIGIL IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM. These limitations apply regardless of the form of action and whether based on contract, tort, negligence, strict liability, or otherwise. Some jurisdictions do not allow the exclusion of certain warranties or limitations on liability, so the above limitations may not apply to you.

You agree to defend, indemnify, and hold harmless Vigil, its officers, directors, employees, and agents from and against any claims, damages, losses, and expenses (including reasonable attorneys' fees) arising out of: (a) your use of the Services in violation of these Terms; (b) your Customer Data; or (c) your violation of applicable law or the rights of any third party.

Term — These Terms are effective until your subscription expires or is terminated. Termination for Cause — Either party may terminate these Terms upon written notice if the other party materially breaches these Terms and fails to cure such breach within 30 days of receiving written notice. Termination for Convenience — You may terminate your subscription at any time by providing 30 days' written notice; however, Vigil will not issue refunds for prepaid fees. Effect of Termination — Upon termination, your right to access the Services ceases. Sections 6 (Customer Data — Deletion), 7 (Confidentiality), 8 (Intellectual Property), 10 (Limitation of Liability), 11 (Indemnification), and 14 (Governing Law) survive termination.

These Terms are governed by and construed under the laws of the State of Georgia, USA, without regard to its conflict of law provisions. Any dispute arising under these Terms will be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, with proceedings conducted in Atlanta, Georgia. Notwithstanding the foregoing, either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property or confidentiality obligations.

Entire Agreement — These Terms, together with any applicable Order Form, DPA, and incorporated policies, constitute the entire agreement between you and Vigil and supersede all prior negotiations and understandings. Amendments — Vigil may update these Terms at any time. We will provide at least 30 days' notice of material changes via email or in-platform notification. Continued use of the Services after the effective date constitutes acceptance. Severability — If any provision of these Terms is found to be unenforceable, the remaining provisions will remain in full force. Waiver — Failure to enforce any provision does not constitute a waiver of that provision. Assignment — You may not assign these Terms without Vigil's prior written consent. Vigil may assign these Terms in connection with a merger, acquisition, or sale of assets. Force Majeure — Neither party is liable for delays or failures in performance caused by events beyond its reasonable control.

For legal inquiries regarding these Terms: Vigil LLC — Legal Department Atlanta, Georgia info@vigilgrc.com