Legal

Terms of Service

Last updated: April 24, 2026

Please read these terms carefully before using the COMPLYRA platform.

1. Acceptance of Terms

By accessing or using the COMPLYRA platform, you agree to be bound by these Terms of Service. If you are using the platform on behalf of an organization, you represent that you have authority to bind that organization to these terms.

2. Description of Service

COMPLYRA provides a regulatory compliance management platform enabling organizations to manage compliance questionnaires, track compliance status, and manage audit findings across multiple frameworks including ISO 27001, GDPR, Saudi PDPL, SAMA CSF, NCA ECC, UAE PDPL, Bahrain PDPL, and others.

3. User Accounts

  • You are responsible for maintaining the confidentiality of your login credentials and must not share them with third parties.
  • You are fully responsible for all activities that occur under your account.
  • You must notify us immediately of any unauthorized use of your account.
  • We reserve the right to suspend or terminate accounts that violate these terms.

4. Acceptable Use

You may not use the platform to:

  • Engage in any unlawful or unauthorized activities.
  • Attempt to access data belonging to other organizations or users.
  • Upload harmful, misleading, or intellectual-property-infringing content.
  • Attempt to breach the platform's security or gain unauthorized access to its systems.
  • Resell or redistribute the platform without prior written consent.

5. Subscription and Payment

  • Fees are based on your chosen subscription plan and are payable in advance.
  • All payments are non-refundable except where explicitly stated.
  • We reserve the right to modify pricing with 30 days' prior notice.
  • Late payment may result in service suspension until outstanding amounts are settled.

6. Intellectual Property

All intellectual property rights in the platform, its software, documentation, and content are owned by COMPLYRA. Users are granted a limited, non-exclusive license to use the platform in accordance with these terms.

7. Disclaimer of Warranties

The platform is provided "as is" without warranties of any kind, express or implied. COMPLYRA does not guarantee that use of the platform will result in full regulatory compliance; achieving and maintaining compliance remains the responsibility of the subscribing organization.

8. Service Levels & Availability

  • COMPLYRA targets a platform availability of 99.5% uptime measured monthly, excluding scheduled maintenance windows.
  • Scheduled maintenance will be communicated via in-platform notification at least 48 hours in advance and will where possible be scheduled outside business hours.
  • In the event of unplanned downtime exceeding 4 hours in a calendar month, affected clients may request a service credit applied to the following billing period.
  • Support requests are acknowledged within 1 business day; critical security incidents within 4 hours.

9. Audit Rights

Subscribing organizations have the right to:

  • Request platform audit logs and activity records relating to their organization's data at any time.
  • Request a copy of COMPLYRA's most recent third-party security assessment or penetration test executive summary (subject to appropriate confidentiality obligations).
  • Commission independent security audits of the platform with 30 days' prior written notice, subject to agreement on scope, cost, and timing.

Audit rights are exercisable once per calendar year unless a material security incident warrants an additional review.

10. Limitation of Liability

COMPLYRA shall not be liable for any indirect, incidental, consequential, or punitive damages arising out of or related to your use of, or inability to use, the platform.

In the event of a personal data breach directly caused by COMPLYRA's failure to maintain appropriate technical and organisational measures, liability shall be limited to direct damages and shall not exceed the total fees paid by the client in the twelve months preceding the incident. Nothing in these terms limits liability for gross negligence or wilful misconduct.

11. Force Majeure

Neither party shall be in breach of these terms nor liable for delays or failures in performance resulting from events beyond their reasonable control, including but not limited to natural disasters, pandemic, acts of government, civil unrest, cyber attacks on critical national infrastructure, or prolonged internet service failures. The affected party shall notify the other as soon as reasonably practicable and use reasonable endeavours to resume performance.

12. Sub-processor Changes

COMPLYRA may engage new sub-processors to deliver the platform services. We will provide subscribing organizations with at least 30 days' prior written notice of any material change to our sub-processor list. Organizations that reasonably object to a new sub-processor on data protection grounds may terminate the affected services with a pro-rata refund of pre-paid fees.

13. Termination

Either party may terminate this agreement with 30 days' written notice. In the event of a material breach of these terms, COMPLYRA reserves the right to terminate immediately without notice. Upon termination, all client data will be deleted or returned within 30 days in accordance with the Data Processing Agreement.

14. Governing Law & Dispute Resolution

These terms are governed by the laws of the Kingdom of Saudi Arabia. In the event of a dispute, the parties agree to first attempt resolution through good-faith negotiation within 30 days of written notice of the dispute.

If negotiation fails, disputes shall be referred to binding arbitration under the rules of the Saudi Center for Commercial Arbitration (SCCA), with proceedings conducted in Riyadh, Saudi Arabia, in the Arabic language.

15. Contact Us

For questions about these Terms, please visit our Contact page.