top of page

Legal Terms of Use

Our Terms and Conditions outline the rules and guidelines for using our platform. We encourage you to read them carefully.

Virtual GRC Inc. Terms and Conditions

Last Updated: November 6th, 2025


Welcome to VirtualGRC.com (the “Site”), our services including GO NOW and vGRCNOW,  Governance, Risk, and Compliance (GRC) platforms, operated by Virtual GRC Inc., a Delaware based company.


These Terms of Service ("Terms") govern your access to and use of the GRC platforms, website, and related services (collectively, the "Services") provided by Virtual GRC Inc., a Delaware corporation ("Company," "we," "us," or "our")


These Terms, along with our Privacy Policy, any Order Form (as defined below), and any Data Processing Addendum (if applicable), constitute a binding legal agreement (the "Agreement") between Company and the entity or individual subscribing to the Services ("Customer," "you," or "your"). If you are entering into this Agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity and its affiliates.


BY CLICKING "I AGREE", CREATING AN ACCOUNT, SIGNING AN ORDER FORM, OR USING THE SERVICES, YOU: (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENT THAT YOU ARE OF LEGAL AGE TO ENTER INTO A BINDING AGREEMENT; AND (C) ACCEPT THIS AGREEMENT AND AGREE THAT YOU ARE LEGALLY BOUND BY ITS TERMS.


IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SERVICES.


1. Definitions

  • "Authorized      User" means an individual (e.g., employee, contractor, or agent)      who is authorized by Customer to access and use the Services under      Customer's account.

  • "Customer      Data" means all information, data, and content, in any form or      medium, that is submitted, posted, or otherwise transmitted by or on      behalf of Customer or an Authorized User through the Services. Customer      Data does not include Usage Data.

  • "Documentation"     means any user manuals, guides, or other materials provided by Company      related to the Services.

  • "Order      Form" means the ordering document or online order page specifying      the Services to be provided, which may include the subscription plan, services,      bundles, term, fees, and number of Authorized Users.

  • "Platform"     means the Company's proprietary web-based GRC software solution known as      [Your Product Name].

  • "Usage      Data" means anonymized and aggregated data and information      related to Customer's use of the Services, which is used by Company to      improve, develop, and support its Services.

2. The Services

2.1. License Grant. Subject to and conditioned on Customer's and its Authorized Users' compliance with this Agreement, Company grants Customer a limited, non-exclusive, non-transferable (except as permitted herein), non-sublicensable, worldwide right during the Subscription Term to access and use the Services, solely for Customer's internal GRC business operations.


2.2. Authorized Users. Customer is responsible and liable for all acts and omissions of its Authorized Users in connection with their use of the Services. Customer will ensure that all Authorized Users comply with the terms of this Agreement and will immediately revoke access for any Authorized User who violates these Terms.


3. Use Restrictions & Fair Usage

3.1. Prohibited Uses. Customer shall not, and shall not permit any Authorized User or third party to:

* Reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code or underlying ideas or algorithms of the Platform.

* Modify, translate, or create derivative works based on the Services.

* Rent, lease, distribute, sell, resell, or use the Services for service bureau or time-sharing purposes.

* Bypass or breach any security device or protection used by the Services.

* Introduce any virus, Trojan horse, worm, or other malicious or harmful code into the Services.

* Access the Services to build a competitive product or service.

* Use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights.

* Use the Services in any manner that violates any applicable local, state, national, or international law, including U.S. export control laws.


3.2. Fair Usage Policy. Customer's use of the Services must be fair, reasonable, and not excessive. Company reserves the right to monitor usage (e.g., data storage, API calls, bandwidth). If Company, in its sole discretion, determines that Customer's usage is abusive, detrimental to the performance of the Services for other customers, or otherwise exceeds reasonable use, Company may: (a) notify Customer and (b) impose usage limits, require Customer to upgrade its subscription, or (if usage remains excessive) suspend or terminate Customer's access to the Services.


4. Subscriptions and Payment

4.1. Fees. Customer shall pay all fees specified in the applicable Order Form ("Fees"). All Fees are non-cancelable and non-refundable, except as expressly stated in this Agreement.


4.2. Payment Terms. Fees are due and payable in U.S. Dollars upon the schedule set forth in the Order Form (e.g., monthly or annually in advance). Unless otherwise stated, Fees are exclusive of all taxes. Customer is responsible for paying all taxes, levies, duties, or similar governmental assessments (excluding taxes based on Company's net income).


4.3. Subscription Term & Renewal. The initial subscription term will be as specified in the Order Form ("Initial Term"). Unless otherwise specified, subscriptions will automatically renew for additional periods equal to the expiring term (each, a "Renewal Term"), unless either party gives the other written notice of non-renewal at least thirty (60) days before the end of the current term.


4.4. Late Payments. Overdue payments may be subject to a late fee of 1.5% per month or the highest rate permitted by law, whichever is lower. Company may suspend access to the Services if any payment is more than thirty (30) days overdue.


4.5. Service Level Agreement (SLA). Company may offer Service Level Agreements (SLAs) for enterprise customers. Any applicable SLA will be referenced in the Order Form or provided as a separate document. SLAs may include uptime commitments, support response times, and remediation procedures.


5. Intellectual Property

5.1. Company IP. Company (and its licensors, where applicable) owns all right, title, and interest in and to the Services, Platform, Documentation, Usage Data, and all underlying software, technology, and intellectual property. No rights are granted to Customer hereunder other than as expressly set forth herein.


5.2. Customer Data. As between the parties, Customer owns all right, title, and interest in and to all Customer Data. Customer grants Company a limited, non-exclusive, royalty-free, worldwide license to use, host, copy, transmit, and display Customer Data solely as necessary to provide, maintain, and improve the Services in accordance with this Agreement.


5.3. Feedback. If Customer or any Authorized User provides any suggestions, ideas, or feedback to Company regarding the Services ("Feedback"), Customer hereby grants Company a perpetual, irrevocable, worldwide, royalty-free, fully paid-up license to use, implement, and otherwise exploit such Feedback in any manner without restriction or compensation.


6. Confidentiality

6.1. Definition. "Confidential Information" means all non-public information disclosed by one party ("Discloser") to the other ("Recipient"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential. Customer Data is the Confidential Information of Customer. The Services and their pricing are the Confidential Information of Company.


6.2. Obligations. The Recipient will: (a) use the same degree of care to protect Confidential Information as it uses for its own like information (but no less than reasonable care); (b) not use any Confidential Information for any purpose outside the scope of this Agreement; and (c) not disclose Confidential Information to any third party, except to its employees, contractors, and agents who need to know and who are bound by similar confidentiality obligations.


6.3. Exclusions. Confidential Information does not include information that: (a) is or becomes publicly known without breach of this Agreement; (b) was known to the Recipient prior to disclosure; (c) is received from a third party without breach of any obligation of confidentiality; or (d) was independently developed by the Recipient.


6.4. Compelled Disclosure. A Recipient may disclose Confidential Information if required by law, provided it gives the Discloser prompt prior notice (if legally permitted) to allow the Discloser to seek a protective order.


7. Privacy and Data Security

7.1. Privacy Policy. Company's collection and use of personal information are described in our Privacy Policy, which is incorporated by reference into these Terms.


7.2. Data Processing. To the extent Company processes any Personal Data (as defined in the DPA) on behalf of Customer, the terms of the Data Processing Addendum ("DPA"), which shall be made available to Customer, will apply. The DPA is incorporated by reference into these Terms and is essential for compliance with global privacy laws (e.g., GDPR, CCPA).


7.3. Customer Responsibility. Customer is solely responsible for the accuracy, quality, and legality of Customer Data, including ensuring it has all necessary rights and consents to provide the Customer Data to Company for processing.


7.4. Cybersecurity. Company will maintain industry-standard administrative, physical, and technical safeguards to protect the security, integrity, and confidentiality of Customer Data. However, Customer is responsible for maintaining the security of its account, including protecting its login credentials and those of its Authorized Users.


7.5. International Data Transfers. To the extent Customer Data includes Personal Data subject to international data protection laws, Company will implement appropriate safeguards for cross-border data transfers, including the use of Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms under applicable law (e.g., GDPR, UK GDPR).


7.6. Audit Rights. Company reserves the right to audit Customer's use of the Services to ensure compliance with this Agreement, including verification of user counts, data handling practices, and adherence to use restrictions. Any such audit requiring customer interaction will be conducted with reasonable notice and during normal business hours.


8. Warranties and Disclaimers

8.1. Mutual Warranties. Each party represents that it has the legal power and authority to enter into this Agreement.


8.2. GRC-Specific Disclaimer. CUSTOMER ACKNOWLEDGES THAT THE SERVICES ARE A TOOL TO ASSIST WITH GRC ACTIVITIES. COMPANY DOES NOT PROVIDE LEGAL, FINANCIAL, OR COMPLIANCE ADVICE. USE OF THE SERVICES DOES NOT GUARANTEE OR ENSURE CUSTOMER'S COMPLIANCE WITH ANY LAWS, REGULATIONS, OR INDUSTRY STANDARDS. CUSTOMER IS SOLELY RESPONSIBLE FOR ITS OWN GRC PROGRAM, DECISIONS, AND COMPLIANCE OBLIGATIONS.


8.3. GENERAL DISCLAIMER. EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES OF ANY KIND. COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT1. COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.


9. Limitation of Liability

9.1. EXCLUSION OF DAMAGES. TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL COMPANY OR ITS AFFILIATES, OFFICERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES (INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, OR BUSINESS INTERRUPTION) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.


9.2. LIABILITY CAP. TO THE FULLEST EXTENT PERMITTED BY LAW, COMPANY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.


9.3. Basis of the Bargain. The limitations of liability and disclaimers in this Agreement form an essential basis of the bargain between the parties.


10. Indemnification

10.1. By Customer. Customer shall defend, indemnify, and hold harmless Company and its officers, directors, and employees against any and all claims, costs, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising out of or in connection with: (a) Customer Data, including any claim that Customer Data infringes or violates the rights of a third party; (b) Customer's or any Authorized User's breach of this Agreement; or (c) Customer's use of the Services in violation of applicable law.


10.2. By Company. Company shall defend Customer against any third-party claim alleging that the Platform, when used as authorized under this Agreement, infringes a valid U.S. patent or copyright. This obligation does not apply to claims arising from (a) Customer Data, (b) use of the Platform in combination with other products not supplied by Company, or (c) Customer's breach of this Agreement.


11. Term and Termination

11.1. Term. This Agreement commences on the Effective Date (as defined in the Order Form or upon first use) and continues until all Subscription Terms have expired or been terminated.


11.2. Termination for Cause. Either party may terminate this Agreement for cause if the other party: (a) fails to cure a material breach within thirty (30) days of written notice; or (b) becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency.


11.3. Effect of Termination. Upon termination: (a) all of Customer's rights herein to platform or services shall terminate; (b) Customer shall pay any outstanding Fees owed; (c) each party shall return or destroy the other's Confidential Information.


11.4. Data Export and Deletion. For a period of thirty (30) days following the effective date of termination (the "Export Period"), Company will, upon Customer's written request, make Customer Data available to Customer for export in a standard format.

Following the expiration of the Export Period, Company will have no obligation to maintain or provide Customer Data and may thereafter permanently delete all Customer Data in its possession or control.

Notwithstanding the foregoing, Customer may provide a written request for the earlier, permanent deletion of its Customer Data. Company may, at its sole discretion, choose to comply with such a request. If Company does so, Customer acknowledges that its Customer Data will be irrecoverably deleted and its right to the Export Period under this section is immediately waived.


12. Dispute Resolution & Arbitration

12.1. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles.


12.2. Binding Arbitration. Any dispute, claim, or controversy arising from or relating to this Agreement shall be resolved exclusively by final and binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall take place in Wilmington, Delaware. The arbitrator's decision shall be final and binding, and judgment may be entered in any court of competent jurisdiction.


12.3. Wavier of Class Action. THE PARTIES AGREE THAT ALL DISPUTES MUST BE BROUGHT IN THE PARTIES' INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, OR OTHER REPRESENTATIVE PROCEEDING.


13. General Provisions

13.1. U.S. Export Controls. The Services are subject to U.S. export control laws. Customer agrees to comply with all applicable export and re-export control laws and regulations, including the Export Administration Regulations ("EAR").


13.2. Modifications. Company reserves the right to modify these Terms at any time. We will provide notice of material changes by posting the new Terms on our website or through the Services. Continued use of the Services after such changes constitutes acceptance of the new Terms.


13.3. Assignment. Customer may not assign this Agreement without the prior written consent of Company. Company may assign this Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets.


13.4. Severability. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions will remain in full force and effect.


13.5. Entire Agreement. This Agreement, including the Privacy Policy, any DPA, and all Order Forms, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter.


13.6. Contact Information.


Virtual GRC Inc.

www.virtualgrc.com/legals/legal-terms-of-use

Email: contact@virtualgrc.com

bottom of page