XGRC® Acceptable Use Policy
1. Purpose
This AUP defines the standards of acceptable use that apply to all access to and use of the XGRC® platform (“Service”). By signing the Proposal & Order Form, the Customer accepts this AUP on behalf of itself and all its Authorised Users.
2. Permitted Use
The Service may be used only:
- For lawful internal business purposes within the scope of the Customer’s licensed activities;
- By Authorised Users in accordance with the licence types and quantities set out in the Customer’s Proposal & Order Form; and
- In compliance with all applicable laws, regulations, and the terms of the XGRC® SaaS Agreement.
3. Prohibited Use
The Customer and its Authorised Users must not:
Platform Integrity
- Attempt to gain unauthorised access to the Service, its infrastructure, or any data belonging to another customer;
- Interfere with or disrupt the security, integrity, availability, or performance of the Service;
- Introduce malicious code, viruses, worms, or any harmful content into the Service;
- Probe, scan, or test the vulnerability of the Service or any related infrastructure without prior written authorisation from Strategix;
Intellectual Property
- Reverse engineer, decompile, disassemble, or attempt to derive the source code, architecture, or logic of the Service;
- Copy, reproduce, or distribute any part of the Service outside of the permitted use scope;
- Remove or alter any proprietary notices, trade marks, or branding in or on the Service;
- Use the Service to develop, benchmark, or evaluate a competing product or service;
Access and Credentials
- Share login credentials or allow access by persons who are not Authorised Users;
- Create accounts for automated access or bots without prior written approval;
- Use another user’s credentials or impersonate any person;
Content and Data
- Upload, transmit, or store content that is unlawful, infringing, abusive, threatening, defamatory, or deceptive;
- Use the Service to process data that the Customer does not have lawful authority to process;
- Use the Service for any purpose that would violate applicable data protection law; or
Capacity
- Use the Service in a manner that creates an unreasonable or disproportionate load on the infrastructure or that impairs the experience of other customers.
4. Customer Responsibility
The Customer is responsible for:
- Ensuring that all Authorised Users are aware of and comply with this AUP;
- Maintaining appropriate access controls, including promptly revoking access for users who leave the organisation or no longer require access;
- The conduct of its Authorised Users as if such conduct were the Customer’s own; and
- Promptly notifying Strategix if it becomes aware of any actual or suspected breach of this AUP.
5. Enforcement
Strategix may investigate suspected breaches of this AUP. Where Strategix reasonably believes a breach has occurred or is imminent, Strategix may:
- Suspend or restrict the Customer’s access to the Service immediately, without prior notice, where necessary to protect the Service, other customers, or third parties;
- Remove or quarantine content that violates this AUP;
- Report suspected unlawful activity to relevant authorities; and
- Terminate the SaaS Agreement in accordance with its terms.
Strategix will limit any suspension to what is reasonably necessary and will restore access as soon as the relevant issue is resolved.
6. Reporting
Suspected security vulnerabilities, misuse, or breaches of this AUP should be reported to Strategix through the support channel or security contact details published on the XGRC® website. Strategix will investigate all reports in good faith and treat them as confidential.
7. Updates
Strategix may update this AUP from time to time. Material changes will be communicated to Customers not less than 30 days before the effective date. Continued use of the Service after the effective date constitutes acceptance of the updated AUP.
