Terms of Service

1. Agreement to Terms

By accessing or using SAR Portal ("Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

Service Provider:
SAR Portal (powered by Sekhon IT Consultants Ltd., Ireland)
Email: info@sarportal.com

2. Service Description

SAR Portal is a SaaS platform for managing Data Subject Access Requests (DSARs) under GDPR. The Service provides:

• Branded intake forms with identity verification
• Automated deadline tracking and SLA management
• Document storage and secure access links
• Email templates for GDPR compliance
• Audit trail and compliance reporting
• AI-powered risk assessment and text assistance
• Multi-user collaboration with role-based access

3. Eligibility

You must be:

• At least 18 years of age
• Authorized to bind your organization to these Terms
• Not prohibited from using the Service under applicable law

4. Account Registration

4.1 Account Creation

• You must provide accurate, complete, and current information
• You are responsible for maintaining the confidentiality of your credentials
• You are responsible for all activity under your account
• You must notify us immediately of any unauthorized access

4.2 Account Security

• Use strong passwords and enable multi-factor authentication (MFA)
• Do not share credentials with unauthorized persons
• We are not liable for losses due to credential misuse

5. Subscription Plans and Billing

5.1 Plans

We offer three subscription tiers:

• Starter: €89/month (3 users, 100 cases/year, 10GB storage)
• Professional: €229/month (15 users, unlimited cases, 100GB storage)
• Enterprise: €549/month (unlimited users/cases, 500GB storage)

5.2 Free Trial

• 14-day free trial for new customers
• No credit card required for trial
• Full access to selected plan features during trial
• Trial automatically ends after 14 days unless subscription is activated

5.3 Billing

• Subscriptions billed monthly or annually in advance
• All prices in EUR, exclusive of VAT (added for EU customers)
• Payments processed via Stripe
• Invoices sent via email within 24 hours of payment
• Failed payments result in service suspension after 7 days

5.4 Price Changes

• We may change prices with 30 days' notice
• Existing subscriptions maintain current pricing until next renewal
• Continued use after price change constitutes acceptance

6. Cancellation and Refunds

6.1 Cancellation

• Cancel anytime from the Billing page
• Cancellation takes effect at end of current billing period
• Access continues until subscription expires
• Data available for export for 90 days after cancellation. After 90 days, all tenant data is permanently deleted. You will receive a reminder email 10 days before deletion.

6.2 Refunds

• 14-Day Cooling-Off Period: Full refund for EU customers within 14 days of first payment
• No Pro-Rata Refunds: Mid-cycle cancellations are not refunded
• Service Outages: Credits provided for outages exceeding our SLA (99.9% uptime)

7. Acceptable Use Policy

You agree NOT to:

• Violate any laws or regulations
• Upload malware, viruses, or malicious code
• Attempt to breach or test our security measures
• Use the Service to store or process illegal content
• Reverse engineer, decompile, or disassemble the Service
• Resell or sublicense the Service without written permission
• Send spam or unsolicited communications via our platform
• Exceed rate limits or abuse API access
• Impersonate others or provide false information

7.1 Export Control and Sanctions Compliance

You represent and warrant that:

• You are not located in, or a national or resident of, any country subject to EU, UK, or US embargo or sanctions (including but not limited to Cuba, Iran, North Korea, Syria, Russia, Belarus, and regions of Ukraine)
• You are not listed on any EU, UK, or US government list of prohibited or restricted parties (including the EU Consolidated List, UK Sanctions List, or US Treasury OFAC Specially Designated Nationals List)
• You will not use the Service in violation of any export control, sanctions, or anti-terrorism laws or regulations
• You will not permit any third party subject to sanctions to access or use the Service through your account
• You will immediately notify us if you become subject to any sanctions or export restrictions

We reserve the right to:

• Immediately suspend or terminate your account if we reasonably believe you are in violation of sanctions or export control laws
• Report suspected violations to relevant authorities
• Refuse service to any person or entity from sanctioned jurisdictions

8. Intellectual Property

8.1 Our Rights

• We own all rights to the SAR Portal software, trademarks, and documentation
• These Terms grant you a limited, non-exclusive, non-transferable license to use the Service
• You may not use our trademarks without written permission

8.2 Your Rights

• You retain all rights to data you upload to the Service
• You grant us a license to process your data solely to provide the Service
• We do not claim ownership of your case data or documents

9. Data Protection and Privacy

Our processing of personal data is governed by our Privacy Policy and Data Processing Agreement.

9.1 GDPR Compliance

• All data stored in EU data centers (Ireland)
• We act as a Data Processor for customer data
• You remain the Data Controller
• Standard Contractual Clauses (SCCs) apply for any sub-processors

9.2 Data Security

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• ISO 27001 aligned security practices
• Incident response procedures (notification within 72 hours)

10. AI Features Disclaimer

IMPORTANT: SAR Portal uses AI for risk assessment, text assistance, and workflow guidance. You acknowledge that:

• AI outputs are advisory only and do not constitute legal advice
• Human review is required for all final decisions
• We are not liable for decisions made based on AI suggestions
• AI processing is confidential and not used for model training
• You remain responsible for GDPR compliance, regardless of AI recommendations

11. Service Level Agreement (SLA)

• Uptime Commitment: 99.9% monthly uptime target (subject to Azure infrastructure availability, excluding planned maintenance)
• Planned Maintenance: Notified 7 days in advance, scheduled outside business hours
• Support Response Times:
  • Email: 24 hours (business days)
  • Priority Support (Professional/Enterprise): 4 hours
• SLA Credits: 5% of monthly fee per 0.1% below 99.9% uptime

12. Limitation of Liability

12.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

IN NO EVENT SHALL SAR PORTAL, ITS AFFILIATES, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

• LOSS OF PROFITS, REVENUE, OR BUSINESS OPPORTUNITIES
• LOSS OF DATA OR BUSINESS INTERRUPTION
• REPUTATIONAL HARM OR GOODWILL
• COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
• LOSS OF USE, DATA, OR OTHER INTANGIBLE LOSSES

THIS EXCLUSION APPLIES REGARDLESS OF THE LEGAL THEORY ON WHICH THE CLAIM IS BASED (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE) AND WHETHER OR NOT WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

12.2 Cap on Direct Damages

SAR PORTAL'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE LESSER OF:

• (a) The total fees paid by you to SAR Portal in the 12 months immediately preceding the event giving rise to the claim, OR
• (b) €10,000 (ten thousand euros)

12.3 Mandatory Exceptions

The limitations in Sections 12.1 and 12.2 do NOT apply to:

• Death or personal injury caused by our negligence or willful misconduct
• Fraud or fraudulent misrepresentation
• Gross negligence or willful misconduct by SAR Portal
• Any liability that cannot be excluded or limited by applicable law

12.4 GDPR and Data Protection Liability

For claims arising from violations of GDPR or other data protection laws:

• Our liability as a data processor is governed by the Data Processing Agreement (DPA) available at sarportal.com/dpa.html
• Data controller responsibilities and liability allocation are defined in the DPA
• Liability caps in GDPR Article 82 apply where applicable

12.5 WARRANTY DISCLAIMER

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

• IMPLIED WARRANTIES OF MERCHANTABILITY
• IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE
• IMPLIED WARRANTIES OF NON-INFRINGEMENT
• IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE

WE DO NOT WARRANT THAT:

• THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE
• THE RESULTS OBTAINED FROM THE SERVICE WILL BE ACCURATE OR RELIABLE
• ANY ERRORS IN THE SERVICE WILL BE CORRECTED
• THE SERVICE WILL MEET YOUR SPECIFIC REQUIREMENTS

YOU ASSUME ALL RISK FOR USE OF THE SERVICE.

12.6 Third-Party Services

We are not liable for:

• Failures, interruptions, or errors caused by third-party services (Microsoft Azure, Stripe, SendGrid, etc.)
• Data loss resulting from your failure to maintain independent backups
• Issues arising from your violation of third-party terms of service

13. Indemnification

You agree to indemnify and hold harmless SAR Portal from claims arising from:

• Your violation of these Terms
• Your violation of applicable laws or third-party rights
• Your use of the Service in a negligent or unlawful manner
• Content you upload to the Service

14. Termination

14.1 By You

Cancel anytime via the Billing page. Access continues until end of billing period.

14.2 By Us

We may suspend or terminate your account if:

• You breach these Terms
• Payment fails after 30 days
• You engage in fraudulent or illegal activity
• Required by law or court order

We will provide 7 days' notice unless immediate termination is required for legal/security reasons.

14.3 Effect of Termination

• Your license to use the Service ends immediately
• Data available for export for 90 days after termination
• All tenant data (cases, documents, users, settings) is permanently deleted 90 days after termination
• Audit logs retained for 7 years (legal requirement)
• No refunds for unused subscription time (except cooling-off period)

15. Governing Law and Jurisdiction

• Governing Law: Laws of Ireland
• Jurisdiction: Courts of Ireland have exclusive jurisdiction
• EU Consumers: This does not affect your statutory rights under EU consumer protection law

16. Dispute Resolution

Before litigation, you agree to attempt good-faith negotiation for 30 days. Contact: legal@sarportal.com

17. Changes to Terms

• We may update these Terms from time to time
• Material changes notified via email 30 days in advance
• Continued use after changes constitutes acceptance
• If you disagree, cancel your subscription before changes take effect

18. General Provisions

18.1 Entire Agreement

These Terms, together with our Privacy Policy and DPA, constitute the entire agreement between you and SAR Portal

18.2 Severability

If any provision is found invalid, the remaining provisions remain in effect.

18.3 No Waiver

Our failure to enforce any right does not constitute a waiver of that right.

18.4 Assignment

You may not assign these Terms. We may assign our rights with notice.

18.5 Force Majeure

We are not liable for delays or failures due to events beyond our reasonable control.

19. Contact Information

For questions about these Terms:

• Email: info@sarportal.com
• Support: support@sarportal.com
• Legal: legal@sarportal.com