SCF Controls Platform
Legal

Terms of Service

SCF Controls Platform

Effective Date: 24 January 2026 | Last Updated: 24 January 2026

1. Agreement to Terms

By accessing or using the SCF Controls Platform ("Platform", "Service"), operated by Ginga Ninja Holdings Ltd, trading as ComplianceGenie.io ("Company", "we", "us", "our"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you must not access or use the Platform.

These Terms constitute a legally binding agreement between you ("User", "you", "your") and the Company governing your use of the Platform, including all features, services, and content offered through it.

2. Description of Service

The SCF Controls Platform is a multi-tenant Software-as-a-Service (SaaS) application for managing cybersecurity compliance programmes using the Secure Controls Framework (SCF). The Platform provides:

  • Control Library Management — Access to SCF control definitions and metadata
  • Control Scoping — Organisation-specific control selection and implementation tracking
  • Evidence Management — Collection workflow tracking and team assignments
  • Risk Assessment — Inherent and residual risk evaluation tools
  • Framework Mapping — Cross-framework compliance visualisation
  • Multi-Tenancy — Isolated organisational workspaces

3. Account Registration and Security

3.1 Account Creation

To use the Platform, you must create an account. You agree to:

  • Provide accurate, current, and complete registration information
  • Maintain and promptly update your account information
  • Keep your login credentials confidential and secure
  • Accept responsibility for all activities under your account
  • Notify us immediately of any unauthorised access or security breach

3.2 Account Restrictions

You may not:

  • Create multiple accounts for the same individual
  • Share account credentials with unauthorised parties
  • Use automated systems to create accounts
  • Transfer your account to another party without our consent

3.3 Account Termination

You may terminate your account at any time by contacting us or using the Platform's account management features. We reserve the right to suspend or terminate accounts that:

  • Violate these Terms
  • Engage in fraudulent or illegal activity
  • Remain inactive for extended periods
  • Pose a security risk to the Platform or other users

Upon termination, we will provide reasonable opportunity for you to export your data in accordance with applicable law.

4. Subscription and Payment Terms

4.1 Subscription Plans

The Platform operates on a subscription basis. Details of available plans, features, and pricing are published on our website and may be updated from time to time.

4.2 Payment Processing

  • All payments are processed through secure third-party payment processors
  • Prices are exclusive of applicable taxes, which are your responsibility
  • You authorise recurring charges according to your selected billing cycle
  • Failed payments may result in service suspension until resolved

4.3 Subscription Renewal

Subscriptions renew automatically at the end of each billing period unless cancelled. To cancel:

  • Provide written notice at least 30 days before the renewal date
  • Use the Platform's subscription management features, or
  • Contact our support team at [email protected]

4.4 Refunds

Subscription fees are generally non-refundable except where required by applicable law. We may, at our discretion, provide pro-rata credits for unused portions of cancelled subscriptions.

5. Acceptable Use Policy

5.1 Permitted Use

You may use the Platform solely for:

  • Managing your organisation's compliance programmes
  • Legitimate business purposes consistent with these Terms
  • Activities that comply with all applicable laws and regulations

5.2 Prohibited Conduct

You agree not to:

  • Violate any applicable law, regulation, or third-party rights
  • Upload content that infringes intellectual property rights
  • Transmit malware, viruses, or harmful code
  • Attempt to gain unauthorised access to the Platform or other accounts
  • Reverse engineer, decompile, or disassemble any Platform components
  • Circumvent security measures or access controls
  • Use the Platform for competitive intelligence gathering
  • Resell, sublicense, or commercially exploit the Platform
  • Interfere with the Platform's operation or other users' access
  • Scrape, data mine, or harvest data without authorisation

5.3 Enforcement

We may investigate suspected violations and take appropriate action, including:

  • Warning or suspending accounts
  • Removing content that violates these Terms
  • Reporting illegal activity to appropriate authorities
  • Terminating access for serious or repeated violations

6. Intellectual Property Rights

6.1 Platform Ownership

The Platform, including its software, design, features, and documentation, is owned by the Company and protected by copyright, trademark, and other intellectual property laws. These Terms grant you no ownership rights in the Platform.

6.2 Limited Licence

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Platform for your internal business purposes during your subscription period.

6.3 SCF Content

The Platform incorporates the Secure Controls Framework (SCF), licensed under Creative Commons Attribution-NoDerivatives 4.0 International (CC BY-ND 4.0). You must:

  • Maintain all SCF attribution notices
  • Not distribute modified SCF content publicly
  • Comply with the SCF Terms and Conditions

6.4 Your Content

You retain ownership of data and content you upload to the Platform ("Your Content"). By uploading content, you grant us a non-exclusive, royalty-free licence to:

  • Store, process, and display Your Content as necessary to provide the Service
  • Create backups for disaster recovery purposes
  • Aggregate anonymised data for analytics and service improvement

6.5 Feedback

If you provide suggestions, ideas, or feedback about the Platform, you grant us the right to use such feedback without restriction or compensation.

7. Data Protection and Privacy

7.1 Data Processing

We process personal data in accordance with our Privacy Policy and applicable data protection laws, including the UK GDPR and EU GDPR where applicable.

7.2 Data Processing Agreement

For enterprise customers processing personal data through the Platform, we provide a Data Processing Agreement (DPA) upon request. Contact [email protected] for details.

7.3 Your Responsibilities

As the data controller for Your Content, you are responsible for:

  • Ensuring lawful basis for processing personal data
  • Obtaining necessary consents from data subjects
  • Complying with data protection laws applicable to your organisation
  • Not uploading sensitive personal data unless appropriate safeguards are in place

8. Service Availability and Support

8.1 Availability

We aim to maintain Platform availability but do not guarantee uninterrupted access. The Platform may be temporarily unavailable for:

  • Scheduled maintenance (with reasonable advance notice)
  • Emergency security updates
  • Circumstances beyond our reasonable control

8.2 Service Level Agreement

Enterprise subscription tiers may include Service Level Agreements with specific uptime commitments and remedies. SLA terms are provided separately upon request.

8.3 Support

Support is provided according to your subscription tier. Standard support channels and response times are detailed in our support documentation.

9. Disclaimers and Limitations

9.1 No Professional Advice

The Platform provides tools for compliance management but does not constitute legal, regulatory, or professional compliance advice. You should consult qualified professionals for specific compliance requirements.

9.2 Disclaimer of Warranties

To the maximum extent permitted by law, the Platform is provided "as is" and "as available" without warranties of any kind, whether express, implied, or statutory, including but not limited to:

  • Warranties of merchantability
  • Fitness for a particular purpose
  • Non-infringement
  • Accuracy or completeness of content
  • Uninterrupted or error-free operation

9.3 Limitation of Liability

To the maximum extent permitted by law:

  • Our total liability for all claims arising from or related to these Terms or the Platform shall not exceed the fees you paid in the 12 months preceding the claim
  • We shall not be liable for indirect, incidental, special, consequential, or punitive damages, including lost profits, lost data, or business interruption

9.4 Exclusions

Some jurisdictions do not allow certain liability limitations. In such cases, our liability shall be limited to the maximum extent permitted by applicable law.

10. Indemnification

You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from any claims, damages, losses, or expenses (including reasonable legal fees) arising from:

  • Your use of the Platform
  • Your violation of these Terms
  • Your violation of any third-party rights
  • Your Content or data you upload to the Platform

11. Third-Party Services

11.1 Integrations

The Platform may integrate with third-party services. Your use of such services is subject to their respective terms and policies. We are not responsible for third-party services or content.

11.2 Links

The Platform may contain links to external websites. We do not endorse or assume responsibility for third-party content or practices.

12. Modifications to Terms

12.1 Updates

We may modify these Terms at any time. Material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on the Platform
  • Updated "Last Updated" date

12.2 Continued Use

Your continued use of the Platform after changes take effect constitutes acceptance of the modified Terms. If you disagree with changes, you must stop using the Platform and cancel your subscription.

13. General Provisions

13.1 Governing Law

These Terms are governed by the laws of Scotland. The exclusive jurisdiction for disputes shall be the courts of Scotland, except where mandatory consumer protection laws provide otherwise.

13.2 Dispute Resolution

Before initiating legal proceedings, you agree to attempt resolution through our complaint process. Contact [email protected] with a detailed description of your concern. We will respond within 21 days.

13.3 Entire Agreement

These Terms, together with our Privacy Policy and any applicable DPA, constitute the entire agreement between you and the Company regarding the Platform.

13.4 Severability

If any provision of these Terms is found unenforceable, the remaining provisions shall continue in full force and effect.

13.5 No Waiver

Our failure to enforce any provision shall not constitute a waiver of that right.

13.6 Assignment

You may not assign these Terms without our written consent. We may assign our rights and obligations to an affiliate or successor entity.

13.7 Force Majeure

We shall not be liable for failure to perform due to circumstances beyond our reasonable control, including natural disasters, war, terrorism, labour disputes, or government actions.

14. Contact Information

For questions about these Terms, contact us at:

Ginga Ninja Holdings Ltd, trading as ComplianceGenie.io

Office 10, Technology House, 9 Newton Place, Glasgow, Scotland, G3 7PR

Phone: 0141 258 1202

Email: [email protected]

Support: [email protected]

By using the SCF Controls Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.