Last updated: August 17, 2025

​

1. GENERAL TERMS

​​

1.1. These General Terms and Conditions (“Terms”) govern your use of the Brind Cybersecurity Management Platform and Marketplace (the “Platform”), a Software-as-a-Service (SaaS) solution operated by Brind OÜ, a private limited company registered under the laws of Estonia, registry code 16849393, having its registered office at Sepapaja 6, 15551, Tallinn, Harju County, Estonia (“Brind”, “we”, or “us”).

​​

1.2. The Platform is made available solely as a Software-as-a-Service (SaaS) solution. Users are granted access rights to the Platform environment, but no ownership, copy, or local installation of the software is provided, except where explicitly agreed in writing for a hybrid or on-premise deployment.

​

1.3. Brind offers a cloud-based, NIS2-aligned cybersecurity management solution designed for professionals and organisations to oversee and streamline their information security controls, implement and maintain an information security management system (ISMS), and prepare for or manage regulatory and sector-specific audits. A key objective of the Platform is the integration of Member State-specific NIS2 implementations into a harmonised compliance environment.

​

1.4. Additionally, Brind provides an integrated Marketplace, enabling users to identify and engage third-party service providers, vendors, and freelancers to fill internal compliance gaps, enhance cybersecurity maturity, and address evolving regulatory needs across the European Union.

​

1.5. Please carefully review these Terms. If you do not agree to be bound by these Terms, you may not use our Services. By accessing the Platform or otherwise using the Services, you acknowledge and agree to be bound by these Terms and also confirm you have read and understood our Privacy Policy.

​

1.6. Brind reserves the right to revise, update, and modify these Terms periodically by posting a revised version. If, in Brind’s sole discretion, the modifications to these Terms are significant, we will provide you with notice prior to the changes taking effect, either through email notification or by alerting you on the Platform. Any new features that improve or expand the current Services, including the introduction of new features and resources, will also be subject to these Terms.

​

1.7. Unless otherwise stated elsewhere in these Terms or in our notice, the updated Terms will take effect upon publishing and will apply on a going-forward basis. Your continued use of the Services and the Platform following any updates to these Terms signifies your acceptance of such changes. If you do not agree to the amended Terms, your sole remedy is to discontinue using the Platform and terminate your subscription in accordance with these Terms.

​

2. APPLICABILITY

​

2.1. These Terms and Conditions (“Terms”) constitute a legally binding agreement between you, the user ("User" or "You"), and Brind, governing your use of the Platform, including, but not limited to, all content such as text, information, images, applications, website, software, and other materials (collectively referred to as the "Services").

​

2.2. Access to the Platform is provided on a role-specific basis. Depending on your relationship with Brind and your use of the Platform, you may fall into one or more of the following categories:

1. “Users” shall mean legal entities or individuals who subscribe to any of Brind’s subscription plans and are granted access to the Platform, together with any of their designated  Authorised Users.

2. “Consultants” shall mean individuals or entities who provide advisory, operational, or implementation services relating to NIS2 or other cybersecurity frameworks. Consultants may engage with Users through the Marketplace or directly on the Platform, subject to applicable terms.

3. “Suppliers”shall mean organisations or entities that provide documentation, input, or data relevant to Users’ regulatory compliance obligations. Suppliers may include service providers, vendors, IT partners, and subject-matter experts whose content facilitates or enables compliance on behalf of Users.

4. “Educational Institutions” shall mean accredited universities, higher education institutions, or vocational schools which utilise the Platform for cybersecurity research, academic purposes, or as part of a broader effort to align with NIS2 or other regulatory frameworks. For clarity, Brind does not process or store locally-hosted institutional data originating from educational institutions. The Platform operates exclusively in the cloud, and only the information voluntarily uploaded or processed by the educational institution within the Platform environment is subject to Brind’s information handling practices.

5. “Auditors” shall mean independent individuals or organizations who, based on a separate written agreement with Brind, are granted access to the Platform exclusively for the purpose of conducting cybersecurity compliance audits of Users using their own dedicated Brind Audit Module. Auditors may only be persons or entities officially designated for this purpose by the relevant national legislation implementing the NIS2 Directive.

6. “Auditor’s Clients” shall mean NIS2-affected entities (organizations) that participate in an audit performed by an Auditor through the Platform and are not otherwise paying Brind Users. For the duration of their access to the Platform, Auditor’s Clients shall be deemed Users, and all rights, obligations, and restrictions applicable to Users under these Terms shall apply to them in full, unless expressly provided otherwise herein. Access by Auditor’s Clients is limited to the scope and duration of the relevant audit, or the Free Audit Period where applicable.

​

2.3. These Terms apply to all categories of Users, Consultants, Suppliers and Educational Institutions whether acting as individuals, corporate entities, or on behalf of third parties, and cover both free trial access and paid subscriptions.

​

3. USE OF THE PLATFORM AND ACCOUNT REGISTRATION

​​

3.1. The Platform as a comprehensive platform and a marketspace that helps companies in adhering to different cyber security frameworks, including but not limited to the Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022, I on measures for a high common level of cybersecurity across the Union, ISO 27001, NIST 800-53 and others (the “Business”). Any descriptions of the Platform’s capabilities are for informational purposes only and do not constitute a guarantee, warranty, or assurance of compliance with any specific standard or regulation. It allows companies to manage the security controls related to their systems through country-specific audits, where a GAP analysis is used to identify weaknesses, perform relevant analyses and determine the level of risk, thus facilitating financial planning and the allocation of responsibilities among users. The platform can be used to easily generate an action plan to help improve protection in a systematic way and support regulatory compliance. To fill gaps, Brind allows relevant organizations and service providers to find each other through the platform.

​

​3.2. Every User has the option to register an account on the Platform and, at their discretion, authorize members of their personnel to use the Platform (“Authorized Users”) and add third-parties such as consultants, auditors (“Consultants”) and their service providers (“Suppliers”). Each account admin may add up to 50 Authorized Users, 30 Suppliersand 10 Consultants to the Platform depending on the subscription. For those using the „Corp” subscription, unlimited users can be added in each category.

​

3.3. The account administrator shall have full rights to manage the account, including inviting, suspending, or removing Authorized Users, Consultants, or Suppliers. Users agree to ensure that all Authorized Users, Consultants, and Suppliers comply with these Terms. Any Authorized User acting on the Platform shall be deemed duly authorised by the User, and their actions shall be attributed to the User. The User is obligated to revoke access without undue delay in the event any Authorized User’s relationship with the User is terminated.

​

3.4. Authorized Users, Consultants and Suppliers may only use the Platform for the internal business purposes of the User and in accordance with these Terms. Password sharing is strictly prohibited and constitutes a material breach of these Terms.

​

3.5. As a SaaS solution, the Platform is centrally hosted and maintained by Brind. All updates, patches, and new features are deployed automatically by Brind, without the need for User-side installation or intervention, unless otherwise agreed for hybrid or on-premise deployments.

​

3.6. The User is solely responsible for maintaining the confidentiality of your password and account and for any and all statements made and acts or omissions that occur through the use of your password and account. You agree to implement reasonable security measures to protect account access, including unique passwords and multi-factor authentication where available. In case of any unauthorized access to a User account, Brind must be notified immediately. Until receipt of such notification, Brind has the right to deem any actions undertaken through the User’s account as the actions of such User.

​

3.7. The User shall not, directly or indirectly: (i) resell, sublicense, distribute, lease, frame, or otherwise make the Platform available to third parties, (ii) attempt to reverse engineer, decompile or disassemble the Platform, (iii) upload or transmit viruses, malicious code, or other harmful material, (iv) use scrapers, spiders, bots or other automated tools to extract data, (v) provide unlawful, infringing or defamatory content, or (vi) grant access to Brind competitors for benchmarking or replication purposes. Brind reserves the right to suspend or terminate access in case of suspected misuse.

​

3.8. While all User Data currently resides in Brind’s cloud under the standard subscription, Users also have the option to use either (i) a hybrid model, or (ii) a full on-premise deployment. The hybrid model combines Software as a Service with on-premise data storage: sensitive data is stored within the User’s own infrastructure and can only be accessed when logged in on the User’s network or, for example, through a VPN connection. This ensures that sensitive data remains inaccessible to any external party while still benefiting from Brind’s cloud-based features and updates. In the full on-premise model, both the data and the entire platform environment operate solely within the User’s own infrastructure, providing maximum data sovereignty and control. ​

In such instances:

• The Platform may be accessed only via secure internal networks or VPN;

• Brind shall retain responsibility solely for the Platform’s SaaS operations and associated functionalities;

• The User assumes full responsibility and liability for the security, confidentiality, and legal compliance of any data hosted within their own infrastructure;

• Brind shall bear no responsibility for any data breaches, outages, misconfigurations, or other incidents affecting the User’s own infrastructure;

• Additional subscription fees may apply for such Hybrid or On-Premise Deployments, subject to agreement between the parties.

​

3.9. Unless expressly agreed otherwise in writing, the standard mode of delivery of the Platform is cloud-based hosting within the European Union, managed by Brind or its vetted subcontractors. Please note that in this case, the protection of the data is the responsibility and liability of the user’s organization. In the case of an on-premise solution, Brind cannot be held responsible for any incidents affecting the customer's infrastructure. You acknowledge that on-premise storage reduces Brind’s ability to provide security safeguards, backup, or recovery of such data.

​

3.10. Please also note that additional fees may apply for this service. In such cases, continuous oversight will be required due to updates and maintenance needs. These terms, including the specific technical and operational requirements for the on-premise configuration, will be defined in a separate, individually negotiated agreement between Brind and the User, following initial contact. The provisions of that separate agreement shall supplement and prevail over this T&C with respect to on-premise specifications.

​

3.11. In the case of an on-premise deployment, the installation of the Platform shall be carried out on the infrastructure provided by the User against a one-time installation fee, payable in advance. This installation fee does not include any hardware, networking, or system integration resources required on the User’s side, which shall remain the sole responsibility of the User. During the term of the annual license, Brind shall provide updates to the Platform; such updates will be delivered under the applicable support and maintenance fee, within a mutually agreed maintenance window, and under the operational control of the User.

​​

3.12. The Platform is intended to facilitate compliance activities but does not guarantee regulatory compliance. Users remain solely responsible for ensuring that their organisation’s security measures and internal policies satisfy applicable legal, regulatory, and industry standards, including the NIS2 Directive and all other relevant Frameworks.

​

3.13. The User remains responsible for ensuring compliance with applicable cybersecurity frameworks, including NIS2, as detailed in the Compliance Disclaimer. Furthermore, all Users hereby affirm their commitment to adhere to EU laws, as well as country-specific laws, regulations, and industry best practices relevant to their business operations. Nothing in these Terms should be construed as legal advice. By using the Platform, each User represents and warrants that:

• It shall comply with applicable laws of the European Union and the jurisdiction(s) in which it operates;

• It shall maintain internal accountability for the use of the Platform and data entered therein;

• It shall not rely solely on the Platform for achieving or maintaining legal or regulatory compliance.

​

3.14. For clarity, this uptime commitment does not apply to Trial Services and Beta Offerings, which are expressly excluded from all service level objectives.

​

3.15. Each party acknowledges that in connection with the use of the Platform, it may obtain confidential or proprietary information of the other party (“Confidential Information”). Confidential Information includes, without limitation, technical information, security measures, business processes, product roadmaps, pricing, customer data, and any other information which is marked or reasonably should be understood as confidential given the nature of the information and the circumstances of disclosure.

​

3.16. Each party agrees to keep such Confidential Information strictly confidential, to use it solely for the purposes of exercising its rights and fulfilling its obligations under these Terms, and not to disclose it to any third party without the prior written consent of the disclosing party, except as required by applicable law or valid court order. Each party shall take appropriate technical and organizational measures to protect the confidentiality and integrity of the other party’s Confidential Information.

​

3.17. Confidential Information shall not include information that (i) was publicly known at the time of disclosure or becomes publicly known without breach of these Terms, (ii) was lawfully in the possession of the receiving party without restriction prior to disclosure, (iii) was independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information, or (iv) is rightfully received from a third party without restriction.

​

3.18. The confidentiality obligations set forth herein shall survive the termination of these Terms for a period of three (3) years. With respect to trade secrets and security-sensitive information, such obligations shall continue for as long as such information remains a trade secret or security-sensitive.

​

3.19. The User is granted a limited, non-exclusive, non-transferable, and revocable license to access and use the Platform solely for internal business purposes and in compliance with these Terms. Access may only be granted to Authorized Users, Consultants, and Suppliers acting for the benefit of the User. Sharing of accounts or passwords is strictly prohibited and constitutes a material breach of these Terms.

​

3.20. The User shall not, directly or indirectly, and shall not permit any third party to: resell, sublicense, distribute, lease, frame, or otherwise make the Platform available to unauthorized parties; use the Platform in violation of applicable laws or regulations; interfere with or disrupt the security, integrity, or performance of the Platform; attempt to copy, reverse engineer, decompile, disassemble, or discover the source code of the Platform; upload, transmit, or provide unlawful, defamatory, infringing, or harmful content or software (including viruses or malicious code); use automated tools such as scrapers, spiders, or bots to extract data; grant access to competitors of Brind for benchmarking or replication purposes; remove or alter any proprietary notices, trademarks, or labels; or use the Platform in any manner not expressly permitted by these Terms. Brind reserves the right to suspend or terminate access if it reasonably suspects misuse or violation of these restrictions.

​

3.21. For optimal use of the Platform, Users are expected to access it through up-to-date, modern web browsers, and to ensure that their devices support at least a Full HD (1920x1080) screen resolution. Brind does not assume liability for any reduced functionality or limited user experience resulting from outdated browsers or insufficient display resolution on the User’s side.

​

4. THIRD-PARTIES (PARTNERS)

​

4.1. Brind distinguishes between two types of cooperation. The "Marketplace Partner" category includes software and hardware vendors, resellers, distributors and service providers who only wish to participate in the operation of the Platform as a solution to the "Users'" GAPs.

​

4.2. A “Consultant Partner” is a legal entity, typically a consultancy firm or a sole trader, who, in addition to participating in the Platform, helps to populate the Platform after obtaining "Consultancy" rights, possibly as an outsourced professional (e.g. Information Security Officer) to operate the Information Security Management System. Consultant Partners will undergo a training course to ensure that the Users can use the Platform effectively and appropriately.

​

4.3. Through the use of the Services, you may have the opportunity to engage in commercial transactions or communications with various Partners (e.g. Consultants, software and hardware providers, distributors) at the Platform functionality. The Services may facilitate matchmaking with appropriate third-parties (Marketplace Partners and Consultant Partners) specializing in NIS2 compliance consultation, including but not limited to Consultants, auditors, supply chain data managers, hardware and software providers and other related specialists.

​

4.4. You acknowledge that all transactions related to any services offered by any third-party, including but not limited to payment terms, warranties and guarantees are agreed solely between you and such third-parties.

​

4.5. While Brind endeavors to do a thorough background check of the Marketplace Partner and Consultant Partner before facilitating any matchmaking, it is crucial to recognize that engaging in such transactions carries inherent risks. Users should exercise diligence and caution when entering into any commercial agreements, sharing NIS2 compliance documents, or communications facilitated through the Services. Brind does not provide any guarantees or warranties regarding the suitability, reliability, or performance of third-party service providers, and Users acknowledge and accept full responsibility for any risks associated with such engagements.

​

4.6. To the maximum extent permitted by law, Brind disclaims all liability for any acts, omissions, errors, negligence, fraud, misrepresentation, breach of contract, or other conduct by third-party service providers, even if introduced through the Platform. Brind is not a party to any agreement between a User and a Partner and shall not be responsible for enforcing, mediating, or resolving disputes between such parties.

​

4.7. Brind reserves the right to charge Marketplace Partners and Consultant Partners separate fees for the matchmaking Services as a yearly subscription fee in the future. It will notify the partners concerned at least 1 month before the start of the fee.

​

5. SUBSCRIPTION PLANS AND PAYMENT

​

5.1. Brind provides a fee-based features.

​

5.2. Brind Users are entitled to use the Platform after payment of a monthly or annual fee. Subscriptions can only be made by an authorized person of the organization through the interface on the website, according to the subscription packages and prices advertised there. If the subscription is for annual period, a discounted price will be granted. In this case the relevant bank account will be debited on a monthly basis as well. Brind is entitled to offer individual discounts to all concerned directly or through its Partners.

 

5.3. All subscription fees (monthly or annual) are payable in advance. For annual subscriptions, the full twelve (12) months must be paid upfront, against an electronically issued, duly compliant invoice, denominated in EUR, and by bank transfer to the account specified on the invoice. The invoiced amount must be paid within thirty (30) calendar days from the date of receipt of the invoice. Should the invoice fail to meet the formal requirements set forth in this section, the User shall be entitled to return it, and Brind will be obliged to reissue a corrected invoice. Access to the Platform is activated upon registration. However, Brind reserves the right to suspend or terminate access if payment is not received within the due date.

​

5.4. The subscription is valid for one legal entity. The functionalities include, in the case of a group of companies, the possibility to access the data of the other entities with the appropriate permissions for the parent company in respect of a parent-subsidiary company. This is possible if all the legal entities to be linked are subscribed to the service.

​

5.5. Subscriptions will automatically renew for successive terms equal to the original subscription (monthly or annual), unless the User provides written notice of non-renewal to billing@brind.io at least thirty (30) days prior to the end of the then-current term.

​

5.6. In case a Consultant Partner wishes to perform a GAP analysis and cybersecurity assurance project (“Assurance Project”) of its client through the Brind platform, in accordance with NIS2 (or other frameworks), the Partner can provide the Consultant a free discount code for a maximum of 1 months, after a valid deal registration. At the end of the assurance work or at the end of the 1 months, the User will be required to purchase one of the subscription packages advertised on the website or to cancel the service.

​

5.7. We offer a 14-day trial period for all subscriptions. This is not applicable in case the Users has already used the platform with the Partner in the framework of the "Assurance Project".

​

5.8. Notwithstanding anything to the contrary in these Terms, including the sections on Warranties, Disclaimers and Limitation of Liability and Indemnification, all trial access, pilot programs, beta features, or other pre-release services (collectively, “Trial Services and Beta Offerings”) are provided strictly “AS-IS” and without warranty or support of any kind. Brind makes no representations or commitments that Trial Services and Beta Offerings will be generally available, error-free, or maintained for any minimum period of time. Users acknowledge and agree that Trial Services and Beta Offerings may contain bugs, errors or incomplete functionality, may be discontinued, suspended or modified at Brind’s sole discretion, are excluded from any uptime or availability commitments described in the Service Level Agreement, and do not give rise to any indemnification, damages or liability of any type by Brind. Use of Trial Services and Beta Offerings is at the User’s sole risk.

​

5.9. Should User’s opt for fee-based features, they undertake to remit the corresponding fees to Brind in accordance with the price list. All prices will be exclusive of taxes (VAT or otherwise), which may be added based on applicable law and the User’s legal residence.

​

5.10. Brind retains the unilateral right to amend the price list, with prior notification to Users before implementing any changes. Users will have the option to accept the amended price list or terminate their use of the Services.

​

5.11. In the event of a failed payment, Brind reserves the right to suspend or restrict access to the Platform until payment is successfully processed. Brind may also charge late payment interest in accordance with applicable law, as well as reasonable administrative or reconnection fees.

​

5.12. If a subscription is upgraded during a billing cycle, fees will be prorated based on the remaining days in that cycle, unless otherwise stated in a separate written agreement.

​

5.12. Data Exports. Upon written request before termination or cancellation, the User may request an export of its data. Exports will be provided in a commercially reasonable format, but Brind does not warrant compatibility with any third-party system or software. Re-import of exported data may be offered, at Brind’s sole discretion, against an additional fee determined by the volume of data. An invoice will be issued for such services and must be paid within thirty (30) days.

​

5.13. Brind does not act as a payment intermediary for Marketplace transactions. Any financial transactions between a User and a Marketplace Partner are concluded directly between those parties, and Brind bears no responsibility for payment processing, collection, or related disputes.

​​

6. TRIAL SERVICES AND BETA FEATURES

​

6.1. Brind may from time to time offer access to the Platform on a trial basis or make available pre-release features or functionality (together, “Trial and Beta Services”). Trial Services begin when Brind grants the User access and will continue until the earlier of (i) the end of the communicated trial period, (ii) the effective date of any paid subscription Order Form entered into by the User, or (iii) termination by Brind in its sole discretion. Unless the User converts to a paid subscription or exports its data before the end of the trial, all data provided or generated during the Trial Services will be permanently deleted at the end of the trial period.

​

6.2. Beta Features are offered for evaluation purposes only and are not intended for production use. Beta Features may be designated as alpha, beta, preview, or early access and may be modified or discontinued at any time without notice. Beta Features are not considered part of the Services under this Agreement, may never become generally available, and may be subject to additional restrictions.

​

6.3. Trial and Beta Services are provided on an “AS IS” and “AS AVAILABLE” basis. Brind makes no warranties of any kind with respect to Trial and Beta Services and expressly disclaims all service levels, availability commitments, support obligations, and indemnification in connection with them. Brind’s total aggregate liability arising out of or related to Trial and Beta Services shall not exceed one thousand U.S. dollars (USD $1,000). The User remains fully responsible and liable for any misuse of the Platform or breach of these Terms during Trial and Beta Services.

 

7. GUIDELINES FOR PLATFORM USE AND USER DATA MANAGEMENT

​

7.1. When utilizing our Services for managing your NIS2 and/or other cybersecurity compliance frameworks, in support of this functionality, Brind may offer certain tools including, but not limited to, pre-configured templates, recommended controls, partially pre-filled forms, checklists, and country-specific audit frameworks (collectively, the “Templates”). These Templates are for informational purposes only and are intended to assist the User in the creation of their own internal cybersecurity compliance framework. These Templates are provided “as-is” for guidance only and are not guaranteed to be complete, up-to-date, or compliant with all applicable laws or standards.

​

7.2. The User remains solely responsible for reviewing, validating, and tailoring any such Templates to ensure that they conform to applicable legal obligations and the specific operational context of the User’s organisation. Brind does not provide legal, regulatory, or professional advice. Use of the Templates does not in itself ensure compliance with NIS2 or any other cybersecurity standard. For further clarification on compliance responsibilities, please refer to the Compliance Disclaimer section.

​

7.3. Brind solely provides a platform and user interface for managing a paperless NIS2 compliance framework. The User is responsible for all content, data, and materials entered into or used within the Platform (“User Data”). Brind does not own, validate, or guarantee the accuracy, legality, or completeness of any User Data. The User shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use any and all User Data. Brind shall not be responsible or liable for the deletion, correction, destruction, damage, loss, or failure to store any User Data. In the event that User Data infringes upon third-party rights, the User agrees to indemnify and hold Brind harmless from all claims, damages, losses, and expenses (including legal fees) arising from such infringement and/or illegality.

​

7.4. Brind does not own any data, information such as supply chain data, company data, suggestions, trade secrets, NIS2 compliance documents or any other material that the Users submit to the Platform while using the Services ("User Data"). The User shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use any and all User Data. Brind shall not be responsible or liable for the deletion, correction, destruction, damage, loss, or failure to store any User Data. In the event that User Data infringes upon third-party rights, the User agrees to indemnify Brind for all claims and losses related to such infringement and/or illegality.

​

7.5. We respect your ownership rights over the User Data created or stored by you. You retain full ownership of such content. Unless specifically permitted by you, your use of the Platform does not grant Brind the license to reproduce, adapt, or modify the content created by you or stored in your account for commercial, marketing, or any similar purposes. However, by using the Platform, you grant Brind permission to use, access, copy, distribute, store, transmit, reformat, publicly display, and publicly perform the User Data solely for the purpose of providing the Platform to you and in accordance with these Terms and our Privacy Policy. You also grant Brind the right to use aggregated, anonymized data derived from your use of the Platform for purposes of improving and developing its services, provided that such data cannot be used to identify you or your organization.

​

7.6. You may transmit or publish User Data created by you using our Platform. However, you shall bear sole responsibility for such User Data and the consequences of its transmission or publication. Any User Data made public will be accessible through the internet and may be crawled and indexed by search engines. It is your responsibility to ensure that you do not inadvertently make any private content publicly available.

​

7.7. During your utilization of any of the Services, should you come across any content featuring copyright notices or copy protection features, you are obligated not to tamper with or disable these notices or features. By uploading any copyrighted or copyrightable content onto the Platform, you assert that you have acquired the requisite consent, authorization, or permission from all individuals who may assert rights to such content, thereby allowing its distribution in the manner in which it is made available.

​

7.8. The Platform is hosted either directly by Brind or by a subcontractor duly vetted by Brind for compliance with industry standards. Brind undertakes regular and systematic backups of all User Data to safeguard against potential data loss. In the unlikely event of a service interruption or data loss affecting a paid User account, Brind shall use commercially reasonable efforts to restore the data from the most recent viable backup. Brind does not guarantee that all lost data will be fully recoverable, and Users are strongly encouraged to maintain their own independent backups of all critical information.

​​

7.9. The User administrators of each account shall have full control over all User Data submitted to the Platform, and such User Data shall be deemed the property of the respective legal entity is deemed as a User. Brind, upon request by the respective User administrator, may remove, modify, edit, or otherwise alter any applicable User Data. However, the suggestions regarding security controls made by Users shall be duly assigned and owned by Brind.

​

8. COMPLIANCE DISCLAMER

 

8.1. The Platform is designed to provide Users with a structured and systematic environment to upload, organize, and maintain information, documentation, and evidence relevant to legal and regulatory requirements. The objective is to support Users in monitoring and documenting their cybersecurity measures in alignment with the NIS2 Directive and other applicable frameworks.

​

8.2. However, the purchase or use of the Platform in itself does not guarantee compliance with any legal, regulatory, or audit requirements. Compliance remains the sole responsibility of the User, including the accuracy, completeness, and sufficiency of all information and evidence uploaded into the Platform.

​

8.3. Brind assumes no liability for any incidents, breaches, damages, penalties, or audit failures affecting the User, whether arising from operational issues, misconfigurations, inadequate security controls, or deficiencies in the User’s compliance program.

​

8.4. The Platform is a technical tool designed to facilitate compliance management processes. It does not constitute, replace, or substitute any official certification, audit, or third-party assessment.

​

8.5. Brind shall not be held responsible for incomplete, outdated, or incorrect information uploaded by Users, nor for the consequences of relying on such information during audits or regulatory reviews. The User remains solely responsible for ensuring that all content uploaded to the Platform is accurate, current, and legally compliant.

Compliance outcomes may also depend on the actions, input, or cooperation of third parties (such as suppliers, partners, or regulators). Brind disclaims responsibility for failures or deficiencies arising from third-party actions or omissions.

​

8.6. Regulatory and audit requirements may be interpreted or applied differently by authorities or auditors. Brind does not warrant that use of the Platform will satisfy any specific auditor’s or authority’s expectations.

Users acknowledge that national implementations of NIS2 and other frameworks may differ. Brind does not assume responsibility for variations in interpretation, translation, or applicability across jurisdictions.

​

8.7. For clarity, Brind does not provide legal, regulatory, or audit advice. The Platform is a technical tool. Users are strongly advised to seek independent legal or professional advice to ensure their compliance obligations are met.

​

8.8. By utilizing the features of the Platform, the User or its authorized representatives assume sole responsibility for ensuring compliance with the NIS2 directive. Brind does not warrant or guarantee automatic compliance with NIS2 or any other implemented cybersecurity framework through mere usage of the Platform.

 

9. AUDIT PROCESS​

 

9.1. Auditors may access the Platform solely through a dedicated Auditor Module designed for this purpose, and only with the explicit authorization of the relevant User. The process operates as follows: during each audit, the Auditor generates a unique code, which is then provided to the relevant User. The User must enter this code into its own system, enabling the Auditor to view only those data elements expressly made available for audit purposes, such as statuses, records, and evidences. Brind does not transfer data to any external location, nor does the Auditor Module store such data separately; all processing remains entirely within the controlled Platform environment. In the case of audits involving groups of companies, each entity must receive its own unique code and authorization, thereby ensuring strict separation of access and full compliance with confidentiality requirements.

​

9.2. The Auditor is solely responsible for preparing, reviewing, and issuing the audit report. Brind merely provides the technical environment to support the audit process and assumes no responsibility for the accuracy, completeness, or adequacy of the audit results. Use of the Platform does not in itself imply or guarantee compliance with NIS2 or any other legal or regulatory framework. Full responsibility for compliance rests with the Auditor’s Client, including the provision of all necessary information and supporting evidence.

​

9.3. Where an Auditor initiates access to the Platform for an Auditor's Client who is not yet a Brind subscriber, the  Auditor's Client may use the Platform free of charge for the duration of the audit (the “Free Audit Period”). Upon expiry of the Free Audit Period, the Client must either subscribe to a paid plan to continue using the Platform or discontinue use. In the latter case, the Auditor's Client may export its data prior to termination, after which all Auditor's Client data shall be permanently deleted from Brind’s systems within 30 days, unless an earlier written deletion request is received.

​

9.4. Brind shall at all times maintain the confidentiality, integrity, and security of Client Data in accordance with applicable laws, industry standards, and its Privacy Policy. As a prerequisite to registration and access, Auditor’s Clients are required to accept Brind’s Terms and Conditions, including all provisions applicable to Users.

​

9.5. Brind shall not be liable for any indirect, consequential, or special losses or damages arising from the use of the Platform by Auditors or Auditor’s Clients, including, but not limited to, audit errors. The Auditor remains fully responsible for all statements or representations made to its Clients and agrees to indemnify and hold Brind harmless against any claims, losses, or liabilities arising therefrom. Brind shall not be responsible for damages, losses, or penalties resulting from misuse of the Platform or failure by Auditors or Clients to comply with applicable laws. Brind further reserves the right to suspend or terminate any Auditor’s or Client’s access to the Platform in the event of misuse, non-compliance, or breach of applicable obligations.

​

9.6. The Auditor Module forms an integral part of the Platform and is therefore subject to all terms and conditions applicable to the Platform.

​

9.7. From time to time, changes in applicable legislation, audit frameworks, or evolving industry practices (including the ongoing interpretation of the NIS2 Directive) may require adjustments to the structure or methodology of how data is managed within the Platform. Such adjustments may necessitate data migration or reformatting to align with newly introduced requirements.

9.8. Brind will use commercially reasonable efforts to minimize disruption and to transfer all User and Auditor’s Client data into the new required format. However, Users acknowledge that such migrations may involve additional validation tasks on their part, and Brind cannot guarantee that 100% of data will remain unaffected. While Brind strives to ensure no data loss occurs, material restructuring may unavoidably impact certain records despite best efforts.

9.9. In the event of such a migration, Brind will provide timely notice to affected Users and Auditor’s Clients, either through in-platform alerts or direct communication, and will cooperate with the relevant Auditor to facilitate the transition as smoothly as possible.

​

10. EDU SYSTEM​

​

10.1. Brind is committed to the cybersecurity profession and to training the professionals of the future. To this end, it operates a dedicated Edu System. The Edu System is a separate environment from the production SaaS Platform and is provided strictly for educational and non-commercial purposes. It is not covered by the same service levels, security commitments, or confidentiality safeguards as the production Platform.

 

10.2. Given the nature of the Edu System, users must be aware that confidentiality cannot be guaranteed within this platform. Information entered into the Edu System may be visible to other users, including other students, educational staff, and potentially employees of partner organizations. Therefore, Brind strongly advises against entering any explicit or sensitive data related to your organization, internal systems, or any confidential or proprietary information.

​

 

10.3. Any data provided in the Edu System should be limited to educational or hypothetical content only. Brind assumes no liability for any inadvertent disclosure, misuse, or unauthorized access to information entered by users into the Edu System.

​

10.4. Brind does not provide any guarantees regarding the confidentiality, security, or integrity of any data entered into the Edu System. By using the Edu System, the user acknowledges and accepts that any information shared on the platform may be exposed to other participants and does not benefit from the same level of protection as data entered into Brind's production systems.

​

10.5. As a result, users are solely responsible for ensuring that no sensitive, confidential, or business-critical data is entered into the Edu System. Brind shall not be held liable for any loss, damage, or breach of confidentiality resulting from the use of the Edu System.

​

11. ACCEPTABLE USE POLICY

​

11.1. You agree and acknowledge that you must not and will not permit any third-party to:

1. resell, assign, transfer, distribute or provide others with access to the private features of the Platform;

2. copy, modify, adapt, reverse-engineer, decompile or otherwise discover the source code of the Platform or extract or use any material on the Platform for any other purpose than prescribed herein;

3. send or store material containing viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs;

4. to violate any applicable law, any third party’s intellectual property rights, or anyone’s right of privacy or publicity; or

5. to process personal data of third-parties without prior consent or personal data of minors under the age of 16 without parental consent.

​

11.2. In the event that Brind reasonably suspects a breach or imminent breach of this Acceptable Use Policy, we reserve the right to suspend or terminate access to the Platform, without assuming any liability. Furthermore, Brind reserves the right to notify you of the foregoing breach of Acceptable Use Policy.

​

11.3. Users are also prohibited from: (i) using automated systems (including bots, crawlers, scrapers) to access the Platform without written permission; (ii) attempting to gain unauthorized access to any part of the Platform or its systems; (iii) using the Platform in any manner that could damage, disable, overburden, or impair its operation; and (iv) uploading any content that is unlawful, defamatory, harassing, obscene, or otherwise objectionable.

​

11.4. Brind reserves the right to investigate suspected violations of this Acceptable Use Policy and may cooperate with law enforcement authorities in such investigations.

​

12. SECURITY AND DATA PROTECTION

​

12.1. The Platform is operated on secure servers located entirely within the European Union, hosted by infrastructure providers that comply with recognized industry security standards. Backup storage is likewise performed within the EU, using independent infrastructure to ensure geographical redundancy and operational resilience. All infrastructure partners act as GDPR-compliant subprocessors, and a full list of subprocessors is available upon request. Further details on data handling practices are outlined in the Privacy Policy.

​

12.2. All User Data processed by Brind remains within the European Union. Brind does not transfer User Data outside the EU unless specifically agreed in writing and subject to applicable data protection safeguards. Individual customer environments are logically separated, ensuring that no User can access or interfere with the data of another User.

​

12.3. Brind performs regular automated backups of the Platform and User Data. Backups are encrypted in transit and at rest, and are retained for a minimum of 30 days for disaster recovery purposes. Upon termination of the subscription, User Data is retained for a grace period of 30 days to allow for export requests. After this period, all User Data is securely and permanently deleted from Brind’s systems and backups in accordance with industry practice.

​

12.4. Brind endeavors to maintain a minimum 99% uptime on a rolling monthly basis, excluding scheduled maintenance windows. System monitoring, redundancy, and failover mechanisms are implemented to minimize downtime risk. Planned maintenance will be communicated to Users in advance whenever reasonably possible. 

​

12.5. Paid subscription Users are further entitled to support via email at support@brind.io, or by submitting a ticket directly within the Platform using the dedicated support function available after login. Brind will use commercially reasonable efforts to respond to support requests.

12.6. This service level framework does not extend to free trial accounts, beta features, or the educational system environment, nor to issues caused by the User’s own infrastructure, systems, or connectivity, nor to misuse or use of the Platform outside the scope of these Terms.

 

12.7. To protect the confidentiality, integrity, and availability of User Data, the Platform applies industry-standard technical and organizational measures. All data is encrypted during storage and transmission, supported by secure key management practices. Access is controlled through strict role-based permissions, with automatic session timeouts and forced logout after periods of inactivity. Security events such as access attempts, configuration changes, and failed login activities are logged and monitored continuously to allow for detection and timely response to potential incidents. The Platform undergoes regular vulnerability scanning, as well as periodic internal and external penetration testing, to identify and remediate potential weaknesses.

​

12.8. Brind Crew receive regular security awareness training, and secure software development practices are applied throughout the development lifecycle to mitigate risks early and align with modern cybersecurity principles.

​

12.9. While Brind is not classified as a NIS2-regulated entity, the company endeavors to follow the directive’s requirements wherever possible, and implements controls aligned with ISO/IEC 27001, Common Criteria and NIS2 standards.

​

12.10. Although Brind takes commercially reasonable efforts to secure the Platform, Users remain responsible for the security of their own devices, browsers, credentials, and local network configurations when accessing the Platform.

​

13. INTELLECTUAL PROPERTY RIGHTS

​

13.1. Brind retains sole and exclusive ownership of all intellectual property rights, titles, and interests in and to the software and Platform, including but not limited to its source code, software components, and any associated documentation, as well as the Services provided via the Platform. These intellectual property rights also extend to the website located at www.brind.hu and www.brind.io, including the domain names, the underlying technology, and any associated content.

​

13.2. All trademarks, service marks, trade names, logos, designs, and other distinctive branding elements associated with Brind and its affiliated companies, as well as third-party intellectual property rights licensed to Brind, remain the exclusive property of Brind or its licensors. Nothing in these Terms grants the User any ownership rights in or to any of these intellectual property assets.

​

13.3. Subject to your compliance with these Terms and all applicable legal requirements, Brind hereby grants you a limited, non-exclusive, non-sublicensable, non-transferable, and revocable license to access and use the Platform and Platform solely for your internal business operations. This license is granted strictly for the purpose of utilizing the Services as described in these Terms. You are expressly prohibited from using the Services or Platform for any commercial purposes outside the scope of this license or in any manner that would infringe upon the intellectual property rights of Brind or any third parties.

​

13.4. You may not copy, modify, distribute, display, or otherwise exploit the Platform or Services, or any part thereof, for any purpose not expressly permitted under these Terms. Any rights not expressly granted to you are reserved by Brind.

​

13.5. These Terms do not confer upon you any rights to the Brind name, logo, trademarks, or any other intellectual property owned by Brind or its affiliates, except for the limited right to use the trademarks in accordance with these Terms for the purposes of referring to Brind’s Services, and only in a manner that has been pre-approved by Brind in writing. You may not use Brind’s trademarks or any other intellectual property for commercial purposes or in any manner that could harm Brind’s reputation, brand, or legal rights.

​

13.6. Nothing in these Terms conveys any rights of ownership, title, or interest in the Services, Platform, or any intellectual property rights associated with the Platform. All intellectual property rights in and to the Services and Platform remain exclusively with Brind, and the User agrees not to contest or impair such rights. Any unauthorized use of Brind's intellectual property may result in immediate termination of access to the Services and potential legal action.

​

13.7. If you believe that any content on the Platform infringes your intellectual property rights, you may submit a written notice to Brind containing: (i) a description of the work you claim has been infringed; (ii) a description of the content you claim is infringing and its location on the Platform; (iii) your contact details; and (iv) a statement under penalty of perjury that you are the owner or authorized to act on behalf of the owner of the work. Brind will investigate such notices and may remove or disable access to the allegedly infringing content in accordance with applicable law.

​

13.8. Any new or modified functionalities, features, or code developments arising during the cooperation with the User, whether implemented at the User’s request, suggestion, or based on consultation, shall constitute the exclusive intellectual property of Brind and form part of the Platform.

​

13.9. The User hereby expressly waives all ownership, usage, or other rights to such functionalities, developments, or source code, and undertakes not to make any claims or demands against Brind or its Partners in connection with their use. If the Parties wish to agree on a development that is unique and exclusively reserved for the User, this shall be recorded in a separate written contract.

​

13.10. The User may from time to time provide suggestions, comments, or other feedback with respect to the Platform (“Feedback”). The User agrees that all Feedback is and shall be given voluntarily. Feedback, even if designated as confidential by the User, shall not, absent a separate written agreement, create any confidentiality obligation for Brind. Brind shall be free to use, disclose, reproduce, license, distribute, or otherwise exploit such Feedback without restriction, obligation, or remuneration of any kind. The User hereby grants Brind a fully paid-up, royalty-free, worldwide, transferable, sub-licensable (through multiple layers), assignable, irrevocable and perpetual license to implement, use, modify, commercially exploit, incorporate into the Services, or otherwise use any Feedback provided under these Terms. Brind shall not, in exercising such rights, breach its confidentiality obligations under Section PERSONAL DATA PROTECTION.

13.11. Any features, functionality, or components developed, improved, or derived from such Feedback shall be the sole and exclusive property of Brind. Brind reserves the right to seek intellectual property protection (including but not limited to patents, copyrights, and design rights) for any such developments, and the User waives any claim to ownership or compensation with respect thereto.

​

14. PERSONAL DATA PROTECTION

​

14.1. In respect to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) the User is considered the data controller and Brind is to be considered as a data processor with respect to the personal data uploaded by the User to the Platform.

​

14.2. Brind otherwise processes personal data in accordance with the requirements and principles of the GDPR and its Privacy Policy.

​

15. SUSPENSION OR TERMINATION OF USE

​

15.1. Brind reserves the right to temporarily suspend or permanently terminate a User's access to the Platform, and/or decline the forwarding of any orders, with immediate effect and without any obligation to compensate for any loss of profits, under the following circumstances:

• Brind has a reasonable belief that fraudulent activity has occurred in connection with the User's use of the Platform;

• The User is in default of payment for any applicable fees owed to Brind and fails to remedy such default within a period of at least 15 calendar days after receiving written notice from Brind;

• The User otherwise fails to comply with any of their obligations under these Terms.

 

15.2. The User may terminate their use of the Platform at any time, without cause, by providing Brind with written notice in a reproducible format (e.g., email or other form of written communication). If the User has paid any fees to Brind in exchange for the right to use the Platform (or its specific functionalities), the following terms shall apply upon termination:

• If the termination occurs without cause, Brind shall not be obligated to return any fees paid by the User, including any fees paid in advance for the period after the termination date;

• If the termination occurs due to Brind's amendment of the price list, Brind will retain any fees paid for the period prior to the effective date of the price amendment but will refund any fees paid in advance for the period after the amended price list takes effect.

​

15.3. Brind may also suspend or terminate access without prior notice if required by law, regulatory order, or to prevent harm to the Platform, other Users, or third parties. In such cases, Brind will provide post-suspension notice to the User explaining the reason where legally permitted.

​

15.4. Upon termination for any reason, the User’s rights to access the Platform will immediately cease, and Brind will have no obligation to maintain or forward any User Data, except as required by law or as expressly agreed in writing.

​

16. INDEMNIFICATION

​​

16.1. The User agrees to indemnify, defend, and hold Brind, its affiliates, licensors and its respective officers, management board members, employees, shareholders, contractors, or representatives harmless from and against any claim and all claim or demand, including without limitation, legal fees, made in connection with or arising out of your use of the Services, your connection to the Services, your violation of the Terms, your violation of an applicable law, your submission, posting, or transmission of User Data to the Service, and/or your violation of any rights of another individual or entity. We reserve the right to assume the exclusive defense and control of such disputes, and in any event you will cooperate with us in asserting any available defenses.

​

16.2. This indemnity applies to, but is not limited to: (i) claims of intellectual property infringement; (ii) data protection and privacy breaches caused by the User’s actions or omissions; (iii) contractual disputes between the User and third-party Partners; and (iv) security incidents caused by the User’s failure to implement reasonable safeguards.

​​​