DeRisk Hub Terms of Service (TOS)

Last Updated: December 8, 2024

These Terms of Service ("Terms" or "Agreement") govern access to and use of the DeRisk Hub software-as-a-service platform, including all related websites, APIs, documentation, and related services (collectively, the "Services") provided by Shavee Enterprises ("DeRisk Hub", "we", "us", or "our").

By creating an account, accessing, or using the Services, or by executing an order form or similar agreement that references these Terms (an "Order Form"), the entity you represent ("Customer", "you" or "your") agrees to be bound by these Terms. If you do not agree, you must not use the Services.

If you are accepting these Terms on behalf of an organization, you represent that you have the authority to bind that organization.


1. Definitions

In addition to terms defined elsewhere in this Agreement, the following definitions apply:

  • "Account" means the Customer's account in the Services, including all associated Authorized Users, configurations, and organization data.
  • "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than 50% of the voting interests of the entity.
  • "Applicable Data Protection Laws" means all data protection and privacy laws and regulations applicable to the processing of Personal Data under this Agreement (for example, where applicable, the EU/UK GDPR), but without implying that DeRisk Hub or Customer is certified under any particular regime.
  • "Authorized User" means an individual who is authorized by Customer to access and use the Services under Customer's Account, including employees, contractors, and consultants of Customer or its Affiliates.
  • "Customer Data" means all data, content, and information (including Personal Data) that Customer or its Authorized Users submit to, upload to, or otherwise make available in the Services, including data relating to individuals and entities that Customer screens or monitors using the Services.
  • "Monitored Entity" means a single individual or organization that Customer configures within the Services for ongoing monitoring against sanctions lists, watchlists, or other data sources.
  • "Operational Data" means data generated or collected by DeRisk Hub about the operation and use of the Services, such as Account details, configuration metadata, usage logs, performance metrics, and support interactions, in which DeRisk Hub acts as a data controller.
  • "Order Form" means any online or offline ordering document, subscription page, or other commercial agreement that references these Terms and sets out the applicable Subscription Plan, usage limits, and fees.
  • "Personal Data" means any information relating to an identified or identifiable natural person, as defined under Applicable Data Protection Laws.
  • "Regulatory Compliance Laws" means all applicable laws and regulations relating to sanctions, anti-money laundering (AML), counter-terrorist financing (CFT), know-your-customer (KYC), export controls, and similar regulatory frameworks that apply to Customer's business and its use of the Services.
  • "Screening Content" means all sanctions lists, watchlists, related reference data, and other datasets, as well as scoring, rules, algorithms, and derived outputs made available by DeRisk Hub through the Services. Screening Content may include data sourced from public authorities, third-party providers, or DeRisk Hub's proprietary compilations.
  • "Subscription Plan" means the plan type, tier, or bundle of features and usage limits (such as entity or API limits) selected by Customer in an Order Form or sign-up flow, which may be updated by DeRisk Hub from time to time.
  • "Subscription Term" means the period during which Customer is entitled to use the Services under a given Subscription Plan as set forth in the applicable Order Form or billing interface (e.g., monthly or annual).
  • "Usage Limits" means any quantitative or qualitative limits on Customer's use of the Services (e.g., number of Monitored Entities, number of API calls, users, or features) as set out in the Subscription Plan, Order Form, or other documentation provided or made available by DeRisk Hub.

Capitalized terms used but not defined in this section have the meanings given in the DeRisk Hub Privacy Policy and Data Processing Framework (the "Privacy & DPA"), which is incorporated by reference into this Agreement.


2. Scope of Services

2.1 Provision of Services

Subject to timely payment of applicable fees and compliance with these Terms, DeRisk Hub will make the Services available to Customer during the Subscription Term for Customer's internal business purposes in accordance with this Agreement and any applicable Order Form.

2.2 Documentation

Customer's use of the Services must conform to any user guides, API documentation, and other technical documentation provided or made available by DeRisk Hub (collectively, the "Documentation"). DeRisk Hub may update the Documentation from time to time to reflect improvements, changes, or clarifications.

2.3 No Service-Level Commitments

Unless expressly agreed in a separate written service level agreement (SLA) executed between DeRisk Hub and Customer, DeRisk Hub does not guarantee any particular uptime, response time, or performance metrics. The Services may be unavailable from time to time, including for scheduled or unscheduled maintenance, upgrades, or emergency interventions.

2.4 Changes to the Services

DeRisk Hub may modify the Services from time to time, including adding, enhancing, or removing features, provided that such changes do not materially deprive Customer of core sanctions-screening and case-management functionality under Customer's then-current Subscription Plan. For material changes, DeRisk Hub will use reasonable efforts to provide prior notice via email or in-app notification.


3. Account Registration and Access

3.1 Account Creation

Customer must create an Account to access the Services. Customer agrees to provide accurate and complete information during account registration and to keep such information up to date.

3.2 Authorized Users

Customer may permit Authorized Users to access the Services under its Account, subject to the Usage Limits and the roles/permissions assigned (e.g., Analyst, Manager, Admin, Auditor). Customer is responsible for all actions taken under its Account by Authorized Users.

3.3 Credentials and API Keys

Customer must maintain the confidentiality and security of all login credentials and API keys associated with its Account. Credentials are intended for use by individual, named users and may not be shared. Customer is responsible for promptly notifying DeRisk Hub of any suspected or actual unauthorized access to its Account.

3.4 Third-Party Access

If Customer authorizes a third party (e.g., a consultant or service provider) to access the Account, Customer remains fully responsible for that third party's use of the Services and compliance with this Agreement.


4. Licenses and Intellectual Property

4.1 License to Use the Services

Subject to these Terms and payment of applicable fees, DeRisk Hub grants Customer a limited, revocable, non-exclusive, non-transferable (except as expressly permitted), and non-sublicensable license during the Subscription Term to:

  • Access and use the Services solely for Customer's internal business purposes; and
  • Integrate the Services with Customer's internal systems via documented APIs, within the Usage Limits.

4.2 DeRisk Hub IP and Screening Content

As between the parties, DeRisk Hub (and its licensors, where applicable) retains all rights, title, and interest in and to:

  • The Services and Documentation;
  • The Screening Content and any proprietary compilations, enhancements, or transformations thereof;
  • All software, algorithms, models, scoring rules, know-how, and other technology underlying the Services; and
  • All improvements, modifications, and derivative works thereof, whether or not made in response to Customer feedback.

No rights are granted to Customer other than as expressly stated in this Agreement.

4.3 Customer Data Ownership and License

As between the parties, Customer retains all rights, title, and interest in and to Customer Data. Customer grants DeRisk Hub a worldwide, non-exclusive, royalty-free license for the Subscription Term (and any applicable retention period) to:

  • Host, store, process, transmit, and display Customer Data in order to provide, maintain, secure, and improve the Services;
  • Generate anonymized, pseudonymized, or aggregated data derived from Customer Data that does not directly identify Customer or any data subject, which DeRisk Hub may use for its legitimate business purposes including analytics, product improvement, service benchmarking, and the development, training, validation, and improvement of machine learning or AI models used within or to enhance the Services ("Model Training Data"). DeRisk Hub will only use Customer Data for Model Training Data purposes where: (i) such data has been anonymized or pseudonymized in accordance with applicable data protection standards; (ii) DeRisk Hub has a valid lawful basis under Applicable Data Protection Laws; and (iii) such use is disclosed in the Privacy & DPA. Customer may opt out of contributing Customer Data to model training by submitting a request at support@mail.deriskhub.com, without affecting access to the Services.

4.4 Feedback

Customer and its Authorized Users may provide suggestions, comments, or other feedback regarding the Services ("Feedback"). DeRisk Hub may use Feedback without restriction and without obligation of confidentiality, attribution, or compensation. Feedback will not be considered Customer's confidential information.

4.5 Restrictions on Use of Services and Screening Content

Customer must not, and must not permit any third party to:

  • Copy, modify, translate, adapt, or create derivative works of the Services or Screening Content, except as expressly permitted by Documentation;
  • Reverse engineer, decompile, disassemble, or attempt to derive the source code of any part of the Services, except to the limited extent permitted by applicable law;
  • Use the Services or Screening Content to build, train, or improve competing products or services, including machine learning or AI models, or to create datasets that seek to replicate DeRisk Hub's Screening Content;
  • Remove or alter proprietary notices or branding;
  • Publicly disclose or publish benchmarking results or performance tests of the Services without DeRisk Hub's prior written consent.

5. Acceptable Use and Customer Obligations

5.1 Regulatory Responsibility

Customer is solely responsible for:

  • Determining whether and how to use the Services in connection with its obligations under Regulatory Compliance Laws;
  • Establishing and maintaining a lawful basis for screening individuals and entities;
  • Ensuring that any decisions taken (e.g., to onboard, approve, block, or monitor a customer or counterparty) are made by Customer's own personnel using their professional judgment and not solely on the basis of outputs from the Services.

Where DeRisk Hub makes AI-Assisted Features available, Customer acknowledges that such features are tools to augment, not replace, professional judgment. Customer must ensure that qualified personnel review and take responsibility for all compliance decisions, and must not implement workflows that result in automated disposition of match alerts without human review.

DeRisk Hub does not provide legal, compliance, financial, or other professional advice and does not assume responsibility for Customer's compliance with Regulatory Compliance Laws.

5.2 Acceptable Use

Customer must not use the Services:

  • In violation of any applicable law, including Regulatory Compliance Laws, data protection laws, export control, or sanctions laws;
  • To evade or circumvent sanctions or to facilitate unlawful activities;
  • To unlawfully discriminate against individuals or groups;
  • To screen individuals or entities without a lawful basis or in violation of privacy or data protection laws;
  • To transmit malicious code, disrupt the integrity or performance of the Services, or attempt unauthorized access to systems or data;
  • In a manner that exceeds or circumvents Usage Limits, rate limits, or security measures;
  • For any high-risk use (such as credit scoring, employment screening, or decisions with significant legal or similar effects) without implementing appropriate human oversight and controls.

5.3 Account Security

Customer is responsible for:

  • Implementing appropriate internal controls over its Authorized Users;
  • Immediately revoking access for users who leave Customer's organization or no longer require access;
  • Promptly informing DeRisk Hub of any security incidents or suspected compromises involving the Services or Customer Data.

5.4 Data Legality and Rights

Customer represents and warrants that:

  • It has obtained all necessary consents, authorizations, and permissions to submit Customer Data (including Personal Data) to the Services;
  • Customer Data does not infringe any third-party intellectual property, privacy, or other rights;
  • Customer will not submit data in violation of Applicable Data Protection Laws or other applicable laws.

6. Data Protection and Privacy

6.1 Roles of the Parties

With respect to Customer Data that constitutes Personal Data:

  • Customer acts as the data controller (or equivalent) and determines the purposes and means of processing;
  • DeRisk Hub acts as a data processor (or equivalent) and processes such data only on Customer's documented instructions, as described in this Agreement and the Privacy & DPA.

With respect to Operational Data, DeRisk Hub acts as an independent data controller.

6.2 Privacy & DPA

The DeRisk Hub Privacy Policy and Data Processing Framework (the "Privacy & DPA") is incorporated into this Agreement by reference. The Privacy & DPA sets out:

  • Data protection roles and responsibilities;
  • DeRisk Hub's technical and organizational security measures;
  • International transfer mechanisms;
  • Sub-processor use;
  • Data subject rights assistance; and
  • Retention and deletion practices.

In the event of any conflict between these Terms and the Privacy & DPA with respect to data protection, privacy, or security matters, the Privacy & DPA will prevail.

6.3 AI Model Training

Where DeRisk Hub uses Customer Data (in anonymized or pseudonymized form) as Model Training Data pursuant to Section 4.3, DeRisk Hub acts as an independent data controller for Model Training Data processing. DeRisk Hub will identify and document an appropriate lawful basis under Applicable Data Protection Laws for such processing. Where legitimate interests is relied upon, DeRisk Hub will conduct and maintain a Legitimate Interests Assessment. Where required by applicable law, DeRisk Hub will conduct a Data Protection Impact Assessment prior to commencing AI model training. Summary details of the applicable lawful basis are disclosed in the Privacy & DPA; the full LIA and any DPIA are maintained as internal compliance records and made available to Customers or competent authorities upon written request.


7. Fees, Billing, Payment, and Refunds

7.1 Fees and Subscription Plans

Customer will pay the fees for the Subscription Plan and any additional usage as described in the applicable Order Form or billing interface. DeRisk Hub may update Subscription Plans, features, or pricing from time to time; such changes will apply prospectively, typically at renewal or on a Customer-initiated plan change.

7.2 Billing and Payment Processing

Fees will be billed in the currency and at the intervals (e.g., monthly or annual) specified in the Order Form or billing interface. Payments are processed by a third-party payment provider acting as merchant-of-record. Customer authorizes DeRisk Hub and its payment provider to charge the payment method on file for all amounts due.

7.3 Taxes

All fees are exclusive of taxes, duties, levies, and other governmental assessments ("Taxes"). Customer is responsible for all Taxes arising from the Subscription, except taxes based on DeRisk Hub's net income. If Customer is required by law to withhold Taxes, Customer will increase payments so that the net amount DeRisk Hub receives equals the amount invoiced.

7.4 Overages and Usage-Based Charges

If Customer exceeds its Usage Limits (for example, number of Monitored Entities), Services will continue to operate and additional usage may be billed at the then-current per-unit rate for the applicable Subscription Plan or as otherwise set out in the Order Form. Overages are billed at a consistent rate—no punitive penalty fees.

7.5 Late Payments

If Customer fails to pay fees when due, DeRisk Hub may:

(a) charge interest on overdue amounts at the lesser of 1.5% per month or the maximum rate permitted by law; and/or

(b) suspend access to the Services after providing reasonable notice, until all overdue amounts are paid.

Customer remains responsible for fees during any suspension.

7.6 Refunds; Indirect Taxes; Wire Transfers

Consumer Right to Cancel (Cooling-Off Period)

If Customer is an individual consumer buying in a personal capacity (not in the course of business), then, unless an exception below applies, the consumer has the right to cancel the purchase of a Paid Subscription or other product within fourteen (14) days from the day after the transaction completes ("Consumer Cancellation Period"). To exercise this right, the consumer must inform DeRisk Hub of the decision to cancel within the Consumer Cancellation Period by sending a clear, unambiguous statement to support@mail.deriskhub.com. For avoidance of doubt, a cancellation notice is effective if sent before the end of the Consumer Cancellation Period.

The consumer may also use a standard model cancellation form or any other clear statement through available communication channels, provided it clearly expresses the decision to cancel. Acknowledgment of receipt of a cancellation request will be communicated without undue delay.

Effect of Consumer Cancellation

If a valid cancellation is made within the Consumer Cancellation Period:

  • DeRisk Hub will reimburse all payments received from the consumer, including any applicable sales tax, without undue delay and in any event not later than 14 days after the day on which DeRisk Hub is informed of the decision to cancel;
  • Reimbursement will be made using the same means of payment originally used by the consumer, unless the consumer has expressly agreed otherwise and provided that the consumer will not incur any fees as a result of such reimbursement.

Exception to the Right to Cancel

A consumer's right to cancel under this section does not apply to digital services or digital content that has already been supplied and accessed (for example, where the consumer has already begun downloading, streaming, or otherwise using the digital content or services, including upon login and use of the SaaS features).

Refunds

Refunds are provided at the sole discretion of DeRisk Hub and assessed on a case-by-case basis, and may be refused. DeRisk Hub will refuse a refund request where there is evidence of fraud, refund abuse, or other manipulative behaviour that entitles DeRisk Hub to counterclaim the refund.

This does not affect any statutory consumer rights that apply under local law, including rights related to Products that are not as described, faulty, or not fit for purpose.

For business customers, refunds (including subscription payments) are discretionary and will be granted only where DeRisk Hub determines, in its sole discretion, that a refund is appropriate.

All refund requests must be submitted to support@mail.deriskhub.com.

Refund requests received more than 60 days after the transaction date will not be processed.

Indirect sales tax refunds

If Customer has been charged sales tax (including VAT, GST, Consumption Tax, or similar indirect tax) and is registered for sales tax in the country of purchase, Customer may be entitled to a refund of the tax amount if permitted under the laws of that country. To be eligible, Customer must contact DeRisk Hub within 60 days after the purchase and provide a valid sales tax registration code.

Refunds of indirect tax may be subject to the operational rules of the payment processor.

For wire transfers, the Wire Transfer terms below apply.

Payment by wire transfer

Customer is solely responsible for providing accurate payment details (including unique bank transfer references, order information, and any applicable VAT/sales tax registration codes). DeRisk Hub may be unable to reconcile or refund transactions where such details are incorrect or incomplete.

Orders paid via wire transfer are not protected under consumer refund regimes (such as the Consumer Credit Act) and are therefore not eligible for refund, except where:

(a) the total transaction amount (including sales tax) exceeds $ / £ / €100, and

(b) DeRisk Hub, in its sole discretion, determines that a refund (including any eligible tax portion) is appropriate.

Refunds for wire transfers, where permitted, will be processed only after Customer provides accurate bank details and any required documentation. Customer is responsible for bank or intermediary fees and any foreign-exchange losses associated with wire-transfer refunds.

No refunds for unused subscription periods

Except as required by applicable law or expressly stated otherwise in these Terms, there are no refunds for unused portions of a subscription, including when Customer cancels before the end of the billing cycle.

7.7 Paid Subscriptions; Renewals; Cancellation

The Services may allow Customer to purchase access to functionality on a subscription basis ("Paid Subscriptions"). Paid Subscriptions renew automatically until cancelled. If the price of a Paid Subscription increases, DeRisk Hub will notify Customer and, where required, seek consent to continue. Customer will be billed on the day each Paid Subscription period renews.

If Customer wishes to cancel a Paid Subscription, Customer must do so from the billing page in the DeRisk Hub platform at least 48 hours before the end of the current billing period. Cancellation takes effect at the next renewal date.

There are no refunds on unused subscription periods, as described in Section 7.6.


8. Trials, Plan Changes, and Cancellations

8.1 Free Trials

DeRisk Hub may offer free trials or promotional access to certain features or Subscription Plans. The specific terms (duration, usage limits, and included features) will be presented at sign-up and may be modified or discontinued at any time. Access during a free trial is provided on an "as is" basis with no service guarantees or support commitments unless otherwise stated.

Unless expressly stated otherwise, a free trial will automatically end at its stated expiration date. Customer may convert a trial to a Paid Subscription at any time during the trial period. Customer's data, configurations, and cases from the trial will be preserved upon upgrading.

If Customer does not convert before the trial ends, access may be limited, suspended, or restricted until a Paid Subscription is purchased. DeRisk Hub may retain Customer Data after trial expiration for a limited period and may delete or anonymize it thereafter in accordance with the Privacy & DPA.

8.2 Plan Changes and Cancellation

Customer may upgrade or downgrade its Subscription Plan through the billing dashboard or by following instructions provided in the Services. Cancellation of a Paid Subscription must be completed in accordance with the renewal and cancellation requirements set out in Section 7.7, including the required notice period for cancellation to take effect at the next renewal date.

Unless otherwise specified at the time of a plan change, upgrades or downgrades will typically take effect immediately. Feature availability, usage limits, and support levels may be adjusted upon the effective date of the plan change.

8.3 Subscription Lifecycle and Effect of Cancellation

A Paid Subscription will remain active until the end of the then-current billing period, even if Customer submits a cancellation request beforehand, subject to the requirements of Section 7.7. Upon the effective date of cancellation:

  • Access to Paid Subscription features will end;
  • Any included usage allowances or monitoring services will stop; and
  • Customer may continue to have limited access for data export, subject to the Privacy & DPA.

No refunds are provided for unused portions of a subscription, as described in Section 7.6.


9. Service Availability, Maintenance, and Support

9.1 No Guaranteed Uptime

DeRisk Hub does not guarantee continuous availability of the Services or any specific uptime. The Services may experience interruptions, delays, or failures from time to time, including as a result of maintenance, upgrades, network or infrastructure issues, or factors outside DeRisk Hub's reasonable control.

9.2 Maintenance

DeRisk Hub may perform scheduled or unscheduled maintenance on the Services. DeRisk Hub will use reasonable efforts to schedule planned maintenance outside of peak business hours and, where practicable, to provide prior notice to Customer.

9.3 Support

DeRisk Hub will provide support through channels (e.g., email, ticketing, in-app chat) and with response practices that correspond to Customer's Subscription Plan, as described in the applicable plan documentation or Order Form. Unless expressly stated in a separate SLA, DeRisk Hub does not commit to specific response or resolution times.


10. Confidentiality

10.1 Definition

"Confidential Information" means non-public information disclosed by one party ("Disclosing Party") to the other party ("Receiving Party") that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure. Confidential Information includes Customer Data, non-public technical or business information, product roadmaps, security information, and the terms of this Agreement.

Confidential Information does not include information that:

  • Is or becomes publicly available through no fault of the Receiving Party;
  • Was lawfully known to the Receiving Party before receipt from the Disclosing Party;
  • Is received from a third party without breach of any obligation of confidentiality; or
  • Is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information.

10.2 Obligations

The Receiving Party must:

  • Use the Disclosing Party's Confidential Information only as necessary to fulfill its obligations under this Agreement;
  • Not disclose Confidential Information to any third party except as permitted by this Agreement; and
  • Protect Confidential Information using at least reasonable care and in no event less than the standard it uses to protect its own similar information.

10.3 Permitted Disclosures

The Receiving Party may disclose Confidential Information to its employees, contractors, advisors, and service providers who need to know the information for purposes of this Agreement and who are bound by obligations of confidentiality no less protective than those in this Agreement.

10.4 Compelled Disclosure

The Receiving Party may disclose Confidential Information when required by law, regulation, or court order, provided that (to the extent legally permissible) it gives the Disclosing Party prompt notice and cooperates with the Disclosing Party's reasonable efforts to seek protective measures.

10.5 Survival

Confidentiality obligations survive for five (5) years after termination of this Agreement, or in perpetuity for trade secrets, as long as they remain trade secrets under applicable law.


11. Security and Incidents

11.1 Security Measures

DeRisk Hub will implement and maintain technical and organizational security measures designed to protect Customer Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, taking into account the nature of the processing and industry-standard practices.

11.2 Security Incidents

If DeRisk Hub becomes aware of a security incident that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data processed by DeRisk Hub ("Security Incident"), DeRisk Hub will:

  • Notify Customer without undue delay after becoming aware of the incident; and
  • Provide information reasonably available to DeRisk Hub to assist Customer in complying with its obligations under Applicable Data Protection Laws.

DeRisk Hub's obligations do not apply to incidents caused by Customer or its Authorized Users.

11.3 Cooperation

Customer is responsible for determining whether to notify regulators, impacted individuals, or others of a Security Incident and for fulfilling such obligations. DeRisk Hub will provide reasonable cooperation and assistance in connection with such notifications, to the extent required by Applicable Data Protection Laws and as described in the Privacy & DPA.


12. Disclaimers and Warranties

12.1 No Professional Advice

The Services and Screening Content are provided as technical tools to assist Customer in its own sanctions screening, AML, and risk management workflows. DeRisk Hub does not provide legal, compliance, financial, tax, or other professional advice. Customer must obtain its own professional advice and is solely responsible for decisions made using or based on outputs from the Services.

12.2 Accuracy and Completeness of Data

While DeRisk Hub uses reasonable efforts to maintain up-to-date Screening Content and reliable matching algorithms, the Services and Screening Content may contain errors, omissions, or inaccuracies and may not capture every relevant person or entity. Customer acknowledges that:

  • No screening or monitoring system can guarantee complete or error-free results; and
  • The Services are intended as decision-support tools, not as definitive determinations.

12.3 Warranty Disclaimer

To the maximum extent permitted by law, the Services, Screening Content, and Documentation are provided "as is" and "as available", without warranties of any kind, whether express, implied, statutory, or otherwise, including any implied warranties of merchantability, fitness for a particular purpose, non-infringement, or that the Services will be uninterrupted, error-free, or meet Customer's requirements.


13. Indemnification

13.1 Customer Indemnity

Customer will defend, indemnify, and hold harmless DeRisk Hub, its Affiliates, and their respective officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to:

  • Customer's or any Authorized User's misuse of the Services or Screening Content;
  • Customer's violation of this Agreement or of any applicable law, including Regulatory Compliance Laws and Applicable Data Protection Laws; or
  • Any allegation that Customer Data or its use in accordance with this Agreement infringes or misappropriates any third-party rights or violates any law.

13.2 DeRisk Hub IP Indemnity

DeRisk Hub will defend Customer against any third-party claim alleging that Customer's authorized use of the core Services (excluding Screening Content sourced directly from public authorities) infringes any copyright, trademark, or patent of such third party, and will indemnify Customer from any damages and reasonable legal fees finally awarded against Customer as a result of such claim, or agreed in a settlement approved by DeRisk Hub.

This obligation does not apply to claims arising from:

  • Use of the Services in combination with products, services, or data not provided by DeRisk Hub;
  • Modifications to the Services made by anyone other than DeRisk Hub;
  • Use of the Services in violation of this Agreement; or
  • Use of Screening Content originating from third-party or public lists where DeRisk Hub is merely aggregating or facilitating access.

13.3 IP Remedies

If the Services are, or in DeRisk Hub's reasonable opinion are likely to be, the subject of an infringement claim, DeRisk Hub may, at its option:

  • Modify or replace the Services so they are non-infringing;
  • Obtain a license for Customer to continue using the Services; or
  • Terminate the affected portion of the Services and provide a pro-rated refund of any prepaid, unused fees for the terminated portion of the Subscription Term.

13.4 Conditions

The indemnified party must:

  • Promptly notify the indemnifying party of any claim (provided that failure to promptly notify will relieve the indemnifying party only to the extent it is materially prejudiced);
  • Permit the indemnifying party to control the defense and settlement of the claim; and
  • Provide reasonable cooperation at the indemnifying party's expense.

13.5 AI Features and Automated Processing

DeRisk Hub may develop and make available features that use machine learning models to assist Customers in reviewing screening results, including suggestions regarding whether a potential match constitutes a true match or a false positive ("AI-Assisted Features"). Where AI-Assisted Features are made available:

  • (a) All outputs are decision-support tools only. No AI output constitutes a compliance determination, and Customer remains solely responsible for all match decisions and regulatory obligations under applicable Regulatory Compliance Laws;
  • (b) AI-Assisted Features will include human review workflows. Customers must not use AI suggestions as the sole basis for consequential compliance decisions;
  • (c) DeRisk Hub will provide reasonable documentation of the AI model's general logic, training data categories, and performance metrics upon request, to assist Customer in its own model risk governance and regulatory obligations;
  • (d) Where AI-Assisted Features are deployed in jurisdictions subject to the EU AI Act or similar legislation, additional compliance documentation and conformity assessments will be made available;
  • (e) Customers may disable AI-Assisted Features at any time through account settings without loss of core Services functionality.

AI-Assisted Features may not be available as yet; this section describes our intended future practice and is disclosed now for transparency.


14. Limitation of Liability

14.1 Exclusion of Certain Damages

To the maximum extent permitted by law, neither party will be liable to the other party for any:

  • Indirect, incidental, consequential, special, exemplary, or punitive damages; or
  • Loss of profits, revenue, business, goodwill, or anticipated savings,

arising out of or related to this Agreement, even if advised of the possibility of such damages and even if a remedy fails of its essential purpose.

14.2 Aggregate Liability Cap

To the maximum extent permitted by law, each party's total aggregate liability arising out of or relating to this Agreement will not exceed the total amount of fees actually paid by Customer to DeRisk Hub under this Agreement during the twelve (12) months preceding the event giving rise to the claim.

14.3 Exceptions

The limitations in this Section 14 do not apply to:

  • Customer's payment obligations;
  • Breaches of confidentiality obligations;
  • Customer's indemnity obligations;
  • DeRisk Hub's IP indemnity obligations under Section 13.2; or
  • Liability that cannot be limited by applicable law.

15. Export Control, Sanctions, and Anti-Corruption

15.1 Export Control and Sanctions

Customer represents and warrants that:

  • Neither Customer nor any Authorized User is listed on any applicable sanctions or restricted-party list;
  • Customer will not use the Services to benefit any person or entity in a country or region subject to comprehensive embargoes or similar restrictions under applicable sanctions laws; and
  • Customer will not export, re-export, or transfer the Services in violation of applicable export control or sanctions laws.

DeRisk Hub may suspend or terminate access to the Services immediately if it reasonably believes that providing the Services would violate applicable export control or sanctions laws.

15.2 Anti-Corruption

Each party represents that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from the other party or its employees or agents in connection with this Agreement. Either party will promptly notify the other upon becoming aware of any circumstances that are contrary to this requirement.


16. Term, Termination, and Survival

16.1 Term

This Agreement enters into force on the earlier of (i) the date Customer first accepts these Terms or (ii) the Effective Date of the first Order Form, and continues until all Subscription Terms have expired or this Agreement is otherwise terminated in accordance with this Section.

16.2 Termination for Convenience

Unless otherwise stated in the Order Form, either party may terminate this Agreement for convenience at the end of the then-current Subscription Term by providing the other party with any notice required in the applicable ordering or billing interface. Cancellation will be effective at the end of the current billing period, and fees paid are non-refundable except as expressly stated.

16.3 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if:

  • The other party materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice describing the breach; or
  • The other party becomes insolvent, files for bankruptcy, or is subject to similar proceedings.

DeRisk Hub may additionally suspend or terminate access to the Services immediately upon notice if it reasonably determines that:

  • Customer's use of the Services poses a security risk, may harm the Services or any third party, or may expose DeRisk Hub to liability; or
  • Customer is in material breach of the Acceptable Use or export control/sanctions obligations.

16.4 Effect of Termination

Upon termination or expiration of this Agreement:

  • Customer's rights to access and use the Services will cease;
  • Customer will promptly pay any outstanding fees; and
  • DeRisk Hub will retain or delete Customer Data in accordance with the Privacy & DPA.

16.5 Data Export and Deletion

During the Subscription Term and for a commercially reasonable period after termination (as described in the Privacy & DPA), Customer may export certain Customer Data via available product features or by requesting assistance from DeRisk Hub. After this period, DeRisk Hub may delete or anonymize Customer Data, subject to any longer retention required by Regulatory Compliance Laws or other applicable laws.

16.6 Survival

The following provisions survive termination or expiration of this Agreement: Sections 1, 4.2–4.5, 5, 6, 7 (for unpaid amounts), 9.1, 10, 11, 12, 13, 14, 15, 16.4–16.6, 17, and 18, as well as any other provisions which by their nature are intended to survive.


17. Governing Law and Dispute Resolution

17.1 Governing Law

This Agreement and any dispute arising out of or relating to it will be governed by and construed in accordance with the laws of India, without regard to conflict-of-laws principles.

17.2 Arbitration

Except for claims seeking injunctive or other equitable relief, any dispute, controversy, or claim arising out of or relating to this Agreement will be finally resolved by binding arbitration in accordance with the Arbitration and Conciliation Act, 1996 (India), as amended.

  • The seat and venue of arbitration will be Pune, Maharashtra, India.
  • The arbitration will be conducted by a sole arbitrator appointed by mutual agreement of the parties, failing which in accordance with the said Act.
  • The language of arbitration will be English.

17.3 Injunctive Relief and Court Jurisdiction

Nothing in this Agreement prevents either party from seeking urgent injunctive or equitable relief from a court of competent jurisdiction to protect its confidential information, intellectual property, or data security. Subject to the foregoing arbitration provision, the courts located in Pune, Maharashtra, India, will have exclusive jurisdiction.


18. Miscellaneous

18.1 Force Majeure

Neither party will be liable for any delay or failure to perform its obligations (other than payment obligations) due to events beyond its reasonable control, such as natural disasters, acts of government, war, terrorism, riots, labor disputes, or internet or infrastructure failures.

18.2 Assignment

Customer may not assign or transfer this Agreement, in whole or in part, without DeRisk Hub's prior written consent, except to a successor entity in connection with a merger, acquisition, or sale of substantially all of Customer's assets, provided that the successor is not a direct competitor of DeRisk Hub. DeRisk Hub may assign this Agreement without Customer's consent to an Affiliate or in connection with a corporate transaction.

18.3 Relationship of the Parties

The parties are independent contractors. This Agreement does not create any partnership, joint venture, agency, or employment relationship.

18.4 Third-Party Beneficiaries

There are no third-party beneficiaries to this Agreement.

18.5 Severability

If any provision of this Agreement is held to be invalid or unenforceable, that provision will be enforced to the maximum extent permissible and the remaining provisions will remain in full force and effect.

18.6 No Waiver

No waiver of any provision of this Agreement will be effective unless in writing and signed by the waiving party. A party's failure to enforce any provision will not be deemed a waiver of future enforcement.

18.7 Notices

Formal legal notices under this Agreement must be in writing and sent to:

For DeRisk Hub:

Shavee Enterprises

601 Suyog Crystal, 50 Lulla Nagar

Pune 411040, India

Email: info@mail.deriskhub.com

For Customer:

The address and/or email specified in the Order Form or associated with the Account.

Notices will be deemed received when delivered by hand, sent by courier with confirmation, or sent by email with no bounce-back or error message.

18.8 Entire Agreement

This Agreement, together with the Privacy & DPA and any applicable Order Forms, constitutes the entire agreement between the parties regarding the Services and supersedes all prior or contemporaneous agreements and understandings, whether written or oral, relating to its subject matter.

18.9 Amendments

DeRisk Hub may update these Terms from time to time. For material changes, DeRisk Hub will provide notice via email and/or in-app notification. Changes will take effect on the date specified in the notice, and Customer's continued use of the Services after that date constitutes acceptance of the updated Terms.


Questions or Concerns?

If you have any questions about these Terms of Service, please contact us at info@mail.deriskhub.com