Terms of Use

Effective Date: May 4, 2026 Last Updated: May 4, 2026

These Terms of Use ("Terms") govern your access to and use of the ConcertoGRC platform ("Platform"), this documentation site, and related services (collectively, "Services") provided by Concerto Compliance, LLC ("Concerto," "we," "us," or "our"). By accessing or using the Services, you agree to be bound by these Terms.

1. Acceptance of Terms

By creating an account, accessing the Platform, or using any part of the Services, you confirm that you have read, understood, and agree to these Terms. If you are using the Services on behalf of an organization ("Customer"), you represent that you have the authority to bind that organization to these Terms.

If you do not agree to these Terms, do not access or use the Services.

2. Description of Services

ConcertoGRC is a governance, risk, and compliance (GRC) platform that helps organizations manage compliance programs across multiple frameworks. The Services include the Platform application, this documentation site, the Employee Portal, the Trust Center, and related tools and integrations.

The Services are tools to support your compliance program. They do not constitute legal, regulatory, or compliance advice. Using ConcertoGRC does not guarantee compliance with any framework, regulation, or standard. Your organization remains solely responsible for determining applicable requirements, implementing controls, and achieving and maintaining compliance.

3. Accounts and Access

Account Creation

Access to the Platform is provisioned by your organization's administrator. You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account.

Account Security

You agree to:

Use a strong, unique password for your account
Enable multi-factor authentication when available
Notify your administrator immediately if you suspect unauthorized access to your account
Not share your credentials with anyone

Access Termination

Your organization's administrator may revoke your access at any time. We may also suspend or terminate access if we reasonably believe a violation of these Terms has occurred, with notice to the Customer's administrator except where immediate action is necessary to protect the security of the Platform.

4. Acceptable Use

You agree to use the Services only for lawful purposes and in accordance with these Terms. See our Acceptable Use Policy for specific guidelines on permitted and prohibited uses.

5. Fees and Payment

Access to the Services requires a paid subscription unless otherwise agreed in writing. Payment terms, billing frequency, and pricing are set forth in your organization's order form or subscription agreement with Concerto.

If payment is not received within 30 days of the invoice date, we may suspend access to the Services upon 10 days' written notice. Suspension does not relieve the Customer of its payment obligations. All fees are non-refundable except as expressly stated in your subscription agreement.

6. Data Ownership and Processing

Your Data

You and your organization retain all ownership rights to data you enter, upload, or generate within the Platform ("Customer Data"). We do not claim any ownership interest in Customer Data.

Data Processing Relationship

With respect to Customer Data that contains personal data, the Customer is the data controller and Concerto is the data processor. We process personal data only on behalf of and in accordance with the Customer's instructions as described in these Terms, our Privacy Policy, and any applicable data processing agreement.

License to Operate

By using the Services, you grant us a limited license to process, store, and transmit Customer Data solely to provide and improve the Services. This license terminates when your organization's tenancy ends and data is deleted per our Privacy Policy.

Data Portability

You may export your data at any time using the Platform's built-in export features. Upon termination, we provide a 90-day data export window as described in our Privacy Policy.

7. AI-Generated Content

The Platform uses AI to generate content including meeting slides, questionnaire responses, risk remediation guidance, scenario injects, and reports. AI-generated content is provided as a starting point for human review.

You are responsible for reviewing, editing, and approving all AI-generated content before relying on it or sharing it with third parties. Concerto does not guarantee the accuracy, completeness, or suitability of AI-generated content for any particular purpose. AI-generated content does not constitute professional advice of any kind.

AI processing is performed via Amazon Bedrock. Your data is not used to train AI models and is not retained by the model provider beyond the request lifecycle. See our Platform Security page for details.

8. Confidentiality

Confidential Information

"Confidential Information" means any non-public information disclosed by one party to the other in connection with the Services, including Customer Data, business plans, technical information, pricing, and security configurations. Confidential Information does not include information that is publicly available, independently developed, or rightfully received from a third party without restriction.

Obligations

Each party agrees to:

Use the other party's Confidential Information only for purposes related to the Services
Protect Confidential Information with at least the same care it uses for its own confidential information, and no less than reasonable care
Not disclose Confidential Information to third parties except as necessary to provide or use the Services, and only under obligations of confidentiality

Compelled Disclosure

If either party is compelled by law to disclose Confidential Information, it will provide reasonable prior notice to the other party (where legally permitted) so the other party may seek a protective order.

Duration

Confidentiality obligations survive termination of these Terms for a period of three years, except that obligations regarding Customer Data survive until the data is deleted in accordance with our Privacy Policy.

9. Intellectual Property

Our Property

The Services, including the Platform software, documentation, user interface designs, algorithms, and branding, are owned by Concerto and protected by intellectual property laws. These Terms do not grant you any rights to our intellectual property except the limited, non-exclusive, non-transferable right to use the Services during the term of your subscription.

Customer Property

As between the parties, the Customer retains all rights in Customer Data and any pre-existing intellectual property. Nothing in these Terms transfers ownership of Customer intellectual property to Concerto.

Feedback

If you provide suggestions, ideas, or feedback about the Services, we may use that feedback without restriction or obligation to you. This does not apply to Customer Data.

10. Third-Party Integrations

The Platform supports connections to third-party services (identity providers, cloud platforms, MDM providers, and others). Your use of third-party services is governed by your separate agreements with those providers. We are not responsible for the availability, accuracy, or practices of third-party services. Integration of a third-party service does not imply endorsement by Concerto.

11. Service Availability

We strive to maintain high availability of the Services. See our Service Level Commitments for availability targets and maintenance practices. We do not guarantee uninterrupted access and are not liable for downtime or service disruptions except as expressly stated in an applicable service level agreement.

12. Warranty Disclaimer

TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

MERCHANTABILITY -- No warranty that the Services are fit for commercial use
FITNESS FOR A PARTICULAR PURPOSE -- No warranty that the Services will meet your specific compliance, regulatory, or business requirements
NON-INFRINGEMENT -- No warranty that the Services do not infringe third-party rights
ACCURACY -- No warranty that AI-generated content, compliance calculations, status determinations, or reports are accurate or complete
UNINTERRUPTED SERVICE -- No warranty of continuous, error-free operation

We do not warrant that use of the Platform will result in compliance with any law, regulation, or framework.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

Concerto shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Services, including but not limited to loss of revenue, data, business opportunities, or goodwill.
Our total aggregate liability for any claims arising from these Terms or your use of the Services shall not exceed the fees paid by the Customer to Concerto in the 12 months preceding the claim.
These limitations apply regardless of the theory of liability (contract, tort, strict liability, or otherwise) and even if Concerto has been advised of the possibility of such damages.

These limitations do not apply to liability arising from Concerto's gross negligence or willful misconduct, breach of confidentiality obligations regarding Customer Data, or obligations that cannot be limited by law.

14. Indemnification

By Customer

The Customer agrees to indemnify and hold Concerto harmless from any third-party claims, damages, or expenses (including reasonable attorneys' fees) arising from: the Customer's violation of these Terms, the Customer's misuse of the Services, Customer Data that infringes third-party rights, or the Customer's violation of any applicable law.

By Concerto

Concerto will indemnify and hold the Customer harmless from any third-party claims that the Services, as provided by Concerto, infringe a valid patent, copyright, or trademark. This obligation does not apply to claims arising from Customer Data, third-party integrations, modifications made by the Customer, or use of the Services in violation of these Terms.

15. Term and Termination

Term

These Terms are effective when you first access or use the Services and continue until terminated.

Termination by Customer

The Customer may terminate by ceasing use of the Services and requesting account deletion per our Privacy Policy.

Termination by Concerto

We may terminate or suspend access immediately upon written notice if the Customer materially breaches these Terms and fails to cure within 30 days of notice, or immediately for violations that pose a security risk or involve illegal activity.

Effect of Termination

Upon termination: the Customer's right to use the Services ceases, we provide a 90-day data export window, and we delete Customer Data in accordance with our Privacy Policy. Accrued payment obligations survive termination.

16. Force Majeure

Neither party will be liable for failure to perform obligations (other than payment obligations) due to events beyond its reasonable control, including natural disasters, war, terrorism, pandemics, government actions, widespread internet or infrastructure failures, or failures of third-party cloud providers. The affected party will provide prompt notice and use reasonable efforts to mitigate the impact.

17. Dispute Resolution

Escalation

Before initiating formal proceedings, the parties agree to attempt resolution through good-faith negotiation between designated representatives for at least 30 days.

Mediation

If negotiation does not resolve the dispute, the parties agree to attempt mediation administered by a mutually agreed mediator before initiating litigation.

Governing Law and Jurisdiction

These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles. If mediation is unsuccessful, disputes shall be resolved in the state or federal courts located in Delaware.

18. General Provisions

Assignment

Neither party may assign these Terms without the other party's prior written consent, except that either party may assign in connection with a merger, acquisition, or sale of substantially all of its assets. Any permitted assignee must agree to be bound by these Terms.

Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.

Waiver

Failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

Entire Agreement

These Terms, together with the Privacy Policy, Acceptable Use Policy, any applicable order form or subscription agreement, and any data processing agreement constitute the entire agreement between the parties regarding the Services. They supersede all prior agreements and understandings, whether written or oral.

Survival

The following sections survive termination of these Terms: Data Ownership and Processing (Section 6), Confidentiality (Section 8), Intellectual Property (Section 9), Warranty Disclaimer (Section 12), Limitation of Liability (Section 13), Indemnification (Section 14), and General Provisions (Section 18).

Notices

Notices under these Terms must be sent by email to the addresses specified in the applicable subscription agreement. Notices to Concerto may also be sent to legal@concertocompliance.com. Notices are effective upon confirmed delivery.

19. Modifications

We may update these Terms from time to time. We will notify account administrators of material changes at least 30 days in advance. Your continued use of the Services after changes take effect constitutes acceptance of the updated Terms. If you disagree with any changes, you may terminate your use of the Services per Section 15.

20. Contact

For questions about these Terms, contact us at legal@concertocompliance.com.

1. Acceptance of Terms​

2. Description of Services​

3. Accounts and Access​

Account Creation​

Account Security​

Access Termination​

4. Acceptable Use​

5. Fees and Payment​

6. Data Ownership and Processing​

Your Data​

Data Processing Relationship​

License to Operate​

Data Portability​

7. AI-Generated Content​

8. Confidentiality​

Confidential Information​

Obligations​

Compelled Disclosure​

Duration​

9. Intellectual Property​

Our Property​

Customer Property​

Feedback​

10. Third-Party Integrations​

11. Service Availability​

12. Warranty Disclaimer​

13. Limitation of Liability​

14. Indemnification​

By Customer​

By Concerto​

15. Term and Termination​

Term​

Termination by Customer​

Termination by Concerto​

Effect of Termination​

16. Force Majeure​

17. Dispute Resolution​

Escalation​

Mediation​

Governing Law and Jurisdiction​

18. General Provisions​

Assignment​

Severability​

Waiver​

Entire Agreement​

Survival​

Notices​

19. Modifications​

20. Contact​