Terms of Service

Agreement Overview

These Terms of Service ("Terms") govern your use of the Praxis Navigator website and security training platform ("Service") operated by Praxis Navigator ("Company", "we", "us", or "our"). By accessing or using our Service, you ("Customer", "you", or "your") agree to be bound by these Terms. If you do not agree to these Terms, do not use our Service.

Service Description

Praxis Navigator provides enterprise security culture measurement and behavioral monitoring services through:

•Continuous behavioral security monitoring and analytics
•Executive dashboards and compliance reporting
•Security training effectiveness measurement
•Microsoft Graph API integration for organizational insights
•Personalized security culture improvement recommendations
•Enterprise-grade data security and GDPR compliance

Account Management and User Access

Enterprise accounts are managed through designated administrators with the following provisions:

•Account administrators must be authorized representatives of the subscribing organization
•User access permissions are controlled by enterprise administrators
•Individual user accounts require valid organizational email addresses
•Multi-factor authentication is required for all administrative functions
•Account security and access control are shared responsibilities
•Organizations are responsible for managing user lifecycle and permissions

Data Security and Protection Obligations

Our Obligations

•Maintain SOC2 Type II compliance and enterprise security standards
•Implement end-to-end encryption for all data transmission and storage
•Provide 99.9% service availability with appropriate backup systems
•Conduct regular security audits and vulnerability assessments
•Maintain GDPR compliance and data processing agreements
•Provide incident response and breach notification within 72 hours
•Ensure secure data centers with physical and logical access controls

Your Obligations

•Maintain confidentiality of account credentials and access keys
•Ensure authorized user access and appropriate permission management
•Comply with data protection laws applicable to your jurisdiction
•Promptly report suspected security incidents or unauthorized access
•Maintain current contact information for security notifications
•Use the Service only for legitimate business and security purposes
•Ensure organizational consent for behavioral monitoring where required

Intellectual Property Rights

Intellectual property rights are clearly defined as follows:

Praxis Navigator IP

All software, algorithms, dashboards, reports, and analytical frameworks remain our exclusive intellectual property

Customer Data

You retain all rights to your organizational data, behavioral metrics, and training information

Derived Insights

Aggregated and anonymized insights may be used for service improvement and research purposes

Confidential Information

Both parties agree to protect confidential information disclosed during the service relationship

Service Level Agreement and Availability

Availability

99.9% monthly uptime excluding scheduled maintenance

Maintenance

Planned maintenance windows communicated 48 hours in advance

Support

24/7 technical support for enterprise customers

Response

Critical issue response within 2 hours during business hours

Limitation of Liability and Indemnification

Liability limitations are structured to provide appropriate protection for enterprise relationships:

•Total liability limited to 12 months of fees paid for the affected service
•No liability for indirect, consequential, or punitive damages
•Customer indemnifies Company for unauthorized use or data breaches caused by Customer
•Company indemnifies Customer for third-party IP claims related to the Service
•Force majeure events exclude both parties from performance obligations
•Insurance requirements: Company maintains appropriate professional liability coverage

Termination and Data Export Procedures

Termination Rights

•Either party may terminate with 30 days written notice
•Immediate termination for material breach after 15-day cure period
•Automatic renewal unless either party provides termination notice
•Enterprise customers have termination rights for service level failures

Data Export and Deletion

•Full data export available in standard formats (JSON, CSV) within 30 days
•Customer data deleted from production systems within 90 days of termination
•Backup retention for 12 months for recovery purposes only
•Certification of data deletion provided upon request
•Emergency data recovery available during transition period

Dispute Resolution and Governing Law

Dispute resolution procedures are designed for efficient business resolution:

Initial disputes addressed through direct negotiation between designated representatives
Mediation through mutually agreed mediator if negotiation fails
Binding arbitration under applicable commercial arbitration rules
Governing law: Laws of Norway for EU customers, applicable local law for other jurisdictions
Jurisdiction: Courts of Oslo, Norway for legal proceedings
Emergency injunctive relief available through appropriate courts

Compliance and Regulatory Framework

GDPR (EU General Data Protection Regulation)

Full compliance including data subject rights, processing transparency, and cross-border transfer protections

SOC2 Type II

Annual security audit compliance for service organization controls related to security and availability

ISO 27001

Information security management system certification and continuous compliance monitoring

NIS2 Directive (EU)

Network and information security compliance for essential and important entities

Modifications to Terms

These Terms may be updated to reflect changes in our service, legal requirements, or business practices. We will provide notice of material changes through email notification to account administrators and prominent website posting at least 30 days before changes take effect. Continued use of the Service after changes constitute acceptance of updated Terms.

Table of Contents