Continuum GRC Software as a Service (SaaS) Subscription Agreement
Updated August 10, 2025
This Software as a Service (SaaS) Subscription Agreement (the “Agreement”) is entered into between Continuum GRC, Inc., a Arizona corporation with offices at 27743 N. 70th Street, Suite 100, Scottsdale, AZ 85266 (“Continuum GRC”), and the entity subscribing to the Service as identified in the Order Form (“Customer”). This Agreement is effective as of the date of Customer’s acceptance of the Order Form (“Effective Date”). Continuum GRC and Customer may be referred to individually as a “Party” or collectively as the “Parties.” Capitalized terms used herein are defined in Section 1 or as otherwise designated.
1. Definitions
1.1. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where “control” means ownership or control of more than 50% of the voting interests of the entity.
1.2. “Customer Data” means any files, documents, content, data, personal information, or similar data that Continuum GRC maintains on Customer’s behalf or that Customer or its Users upload or submit to the Service.
1.3. “Documentation” means the instructions, user guides, and other descriptive materials provided by Continuum GRC pertaining to the use of the Service.
1.4. “Order Form” means the document executed by the Parties identifying the Service, subscription term, fees, and other relevant transaction details, incorporated into this Agreement by reference.
1.5. “Service” means the Continuum GRC SaaS solution, a cloud-based governance, risk, and compliance (GRC) platform, as described in the Order Form and Documentation.
1.6. “Subscription Term” means the period during which Customer is entitled to use the Service, as specified in the Order Form, including any renewal terms.
1.7. “Users” means Customer’s employees, contractors, or agents authorized to use the Service on Customer’s behalf, as defined in the Order Form.
2. Provision of Service
2.1. Access to Service. Subject to the terms of this Agreement and timely payment of Fees, Continuum GRC grants Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Service during the Subscription Term for Customer’s internal business purposes, in accordance with the Order Form and Documentation.
2.2. Updates. Continuum GRC may provide updates, enhancements, or modifications to the Service at no additional charge, as determined by Continuum GRC. Updates are included in the Fees unless otherwise specified in the Order Form.
2.3. Service Level Agreement (SLA). Continuum GRC will provide the Service with a minimum of 99.9% uptime, excluding scheduled maintenance. If uptime falls below this threshold, Customer may be eligible for service credits as outlined in the SLA available in Customer subscription agreements separately defined.
2.4. Support. Continuum GRC will provide customer support as outlined in the Order Form, including response times and resolution procedures, in accordance with the Documentation.
3. Customer Responsibilities
3.1. Use of Service. Customer is responsible for: (a) ensuring Users comply with this Agreement and the Order Form; (b) maintaining the confidentiality of usernames, passwords, and account information; (c) ensuring the accuracy and legality of Customer Data; and (d) using the Service in compliance with applicable laws and regulations.
3.2. Restrictions. Customer shall not: (a) resell, sublicense, or lease the Service; (b) reverse engineer, decompile, or disassemble the Service; (c) introduce malicious code into the Service; (d) use the Service to store or transmit infringing or unlawful material; or (e) use the Service to develop a competing product.
3.3. Customer Equipment. Customer is responsible for obtaining and maintaining any hardware, software, or network infrastructure necessary to access the Service.
4. Fees and Payment
4.1. Fees. Customer shall pay the fees specified in the Order Form. Fees are based on the subscription tier, number of Users, or other metrics as outlined in the Order Form.
4.2. Payment Terms. Fees are due within 30 days of the invoice date unless otherwise specified in the Order Form. Late payments may incur interest at 6% per month or the maximum rate permitted by law.
4.3. Taxes. Fees exclude taxes, levies, or duties, which are the Customer’s responsibility, except for taxes based on Continuum GRC’s net income.
4.4. Price Changes. Continuum GRC may adjust fees upon renewal of the Subscription Term with at least 60 days’ written notice to Customer.
5. Data Ownership and Security
5.1. Customer Data Ownership. Customer retains all rights, title, and interest in Customer Data. Continuum GRC may use Customer Data solely to provide the Service and as permitted by this Agreement.
5.2. Data Security. Continuum GRC maintains administrative, technical, and physical safeguards to protect Customer Data, as described in the Data Processing Addendum (DPA) available at [Continuum GRC DPA Link]. Continuum GRC complies with applicable privacy regulations, including GDPR and HIPAA, as specified in the DPA.
5.3. Data Retention and Deletion. Upon termination of the Subscription Term, Continuum GRC will retain Customer Data for 30 days to allow export by Customer. After this period, Continuum GRC may delete Customer Data unless otherwise required by law.
6. Intellectual Property
6.1. Ownership. Continuum GRC retains all rights, title, and interest in the Service, including all intellectual property rights. Customer is granted no ownership rights in the Service.
6.2. Feedback. Any suggestions or feedback provided by Customer regarding the Service may be used by Continuum GRC without obligation or compensation to Customer.
7. Confidentiality
7.1. Definition. “Confidential Information” means non-public information disclosed by one Party to the other that is designated as confidential or would reasonably be considered confidential.
7.2. Obligations. Each Party agrees to protect the other’s Confidential Information with at least the same degree of care used to protect its own, but no less than a reasonable standard of care. Confidential Information may not be disclosed except as required by law or with the disclosing Party’s consent.
8. Representations and Warranties
8.1. Mutual. Each Party represents that it has the authority to enter into this Agreement and perform its obligations.
8.2. Continuum GRC. Continuum GRC warrants that the Service will materially conform to the Documentation. Customer’s sole remedy for breach of this warranty is service credits as outlined in the SLA.
8.3. Disclaimer. Except as provided in this Agreement, the Service is provided “AS IS” without warranties of any kind, express or implied.
9. Indemnification
9.1. By Continuum GRC. Continuum GRC will indemnify Customer against third-party claims that the Service infringes intellectual property rights, provided Customer promptly notifies Continuum GRC and allows Continuum GRC to control the defense.
9.2. By Customer. Customer will indemnify Continuum GRC against claims arising from Customer Data or Customer’s use of the Service in violation of this Agreement.
10. Limitation of Liability
10.1. Exclusion. Neither Party will be liable for indirect, incidental, or consequential damages, including loss of profits or data, arising from this Agreement.
10.2. Cap. Each Party’s total liability for direct damages will not exceed the fees paid or payable by Customer in the 12 months preceding the claim.
11. Term and Termination
11.1. Subscription Term. This Agreement begins on the Effective Date and continues for the Subscription Term specified in the Order Form.
11.2. Termination for Cause. Either Party may terminate this Agreement for material breach with 30 days’ written notice if the breach remains uncured.
11.3. Effect of Termination. Upon termination, Customer’s access to the Service will cease, and Customer must stop using the Service. Sections 5, 6, 7, 9, 10, and 12 survive termination.
12. General Provisions
12.1. Force Majeure. Neither Party will be liable for delays or failures due to causes beyond its reasonable control, such as natural disasters or government actions.
12.2. Governing Law. This Agreement is governed by the laws of the State of Delaware, excluding its conflict of laws principles. Disputes will be resolved in the courts of Phoenix, Arizona.
12.3. Entire Agreement. This Agreement, including the Order Form and any referenced documents, constitutes the entire agreement between the Parties and supersedes all prior agreements.
12.4. Assignment. Customer may not assign this Agreement without Continuum GRC’s prior written consent, except in connection with a merger or sale of all assets.
12.5. Notices. Notices must be in writing and delivered to the addresses specified in the Order Form.
By executing the Order Form, Customer agrees to be bound by the terms of this Agreement.
Do you have a question?