Terms of Service
1. Acceptance of Terms
Welcome to Rapid Risk Review ("RRR," "we," "us," or "our"). These Terms of Service ("Terms") govern your access to and use of our vendor risk assessment platform and related services (the "Service"). By accessing or using our Service, you agree to be bound by these Terms. If you do not agree to these Terms, do not use our Service.
2. Description of Service
Rapid Risk Review provides an AI-powered platform for assessing vendor risks across multiple dimensions including security, privacy, compliance, and pricing. Our Service includes:
- Automated vendor risk analysis based on publicly available information
- Risk scoring and detailed assessment reports
- Team collaboration and assessment management tools
- Custom policy rules and compliance templates (Business and Enterprise plans)
- Assessment history and analytics
Important Disclaimer: Assessments are automatically generated using AI models and publicly available data and are provided for informational purposes only. You should conduct your own due diligence before making any business decisions based on our assessments.
The Service is provided "as is" and we reserve the right to modify, suspend, or discontinue any part of the Service at any time with or without notice.
3. User Accounts
3.1 Registration
To access certain features, you must create an account. You agree to provide accurate, current, and complete information during registration and to update such information to keep it accurate, current, and complete.
3.2 Account Security
You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to immediately notify us of any unauthorized use of your account.
3.3 Organization Accounts
For team and enterprise plans, the organization administrator is responsible for managing user access, permissions, and compliance with these Terms by all organization members.
4. Acceptable Use
You agree not to:
- Use the Service for any unlawful purpose or in violation of any applicable laws
- Interfere with or disrupt the Service or servers or networks connected to the Service
- Attempt to gain unauthorized access to any portion of the Service or any other systems or networks
- Use the Service to transmit any viruses, malware, or other harmful code
- Scrape, crawl, or otherwise extract data from the Service using automated means
- Reverse engineer, decompile, or disassemble any aspect of the Service
- Remove or modify any proprietary notices or labels on the Service
- Use the Service to harass, abuse, or harm another person or organization
- Impersonate any person or entity or falsely state or misrepresent your affiliation
- Exceed the usage limits of your subscription plan
Customer Compliance: You represent that your use of the Service and any data you submit comply with all applicable laws, including data-protection and intellectual-property laws.
5. Intellectual Property Rights
5.1 Our Rights
The Service and its entire contents, features, and functionality are owned by RRR, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property laws.
5.2 Your Rights
You retain ownership of any data you upload to the Service. By using the Service, you grant us a worldwide, non-exclusive, royalty-free license to use, store, and process your data solely for the purpose of providing and improving the Service.
Aggregate Data: We may use aggregated and anonymized data derived from Customer Data for statistical analysis, product improvement, and benchmarking, provided it cannot identify you or your organization.
5.3 Feedback
If you provide us with any feedback, suggestions, or ideas about the Service, you grant us an unrestricted, perpetual, irrevocable, royalty-free license to use such feedback for any purpose without compensation to you.
6. Subscriptions and Payments
6.1 Subscription Plans
We offer various subscription plans with different features and usage limits. By subscribing, you agree to pay the applicable fees for your selected plan.
6.2 Billing
Subscription fees are billed in advance on a monthly or annual basis, depending on your selected plan. All fees are non-refundable except as required by law or as explicitly stated in these Terms.
6.3 Payment Processing
Payments are processed by our third-party payment processor, Stripe. You agree to provide accurate payment information and authorize us to charge your payment method for all fees incurred. All payments are subject to Stripe's terms. We are not responsible for payment processing errors or fees imposed by Stripe or your financial institution.
6.4 Price Changes
We reserve the right to change our pricing at any time. We will provide at least 30 days' notice of any price changes for existing subscriptions.
6.5 Free Trial
We may offer a free trial period for certain subscription plans. If you do not cancel before the end of the trial period, you will be automatically charged for the subscription.
7. Cancellation and Termination
7.1 Cancellation by You
You may cancel your subscription at any time through your account settings. Cancellations take effect at the end of the current billing period. No refunds will be provided for partial billing periods.
7.2 Termination by Us
We may suspend or terminate your access to the Service at any time, with or without cause or notice, including for violation of these Terms. Upon termination, your right to use the Service will immediately cease.
7.3 Effect of Termination
Upon termination, you will lose access to your account and all data associated with it. We may delete your data in accordance with our data retention policies. Provisions of these Terms that by their nature should survive termination shall survive.
Data Retention: We may retain certain data for audit, legal, or security purposes even after account deletion.
7.4 Data Export
Upon request and subject to verification, we will provide you with a copy of your data in a commonly used, machine-readable format within 30 days of termination. Enterprise customers receive priority data export assistance.
8. Disclaimers and Limitations
8.1 Accuracy of Risk Assessments
While we strive to provide accurate risk assessments, our Service is based on publicly available information and automated analysis. We do not guarantee the accuracy, completeness, or reliability of any risk assessment. You should conduct your own due diligence before making any business decisions based on our assessments.
AI Output Disclaimer: You acknowledge that the Service outputs are probabilistic and may contain errors. RRR disclaims any liability for actions taken or decisions made based on such outputs.
For detailed information about our use of artificial intelligence and machine learning technologies, please review our AI Disclosure Addendum, which is incorporated by reference into these Terms of Service.
8.2 No Professional Advice
The Service does not constitute legal, financial, or professional advice. You should consult with appropriate professionals for specific advice tailored to your situation.
8.3 Third-Party Services
The Service may include links to or integrations with third-party websites or services. We are not responsible for the content, accuracy, or practices of any third-party services.
9. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL RRR, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM:
- Your access to or use of or inability to access or use the Service
- Any conduct or content of any third party on the Service
- Any content obtained from the Service
- Unauthorized access, use, or alteration of your transmissions or content
IN NO EVENT SHALL OUR TOTAL LIABILITY TO YOU FOR ALL CLAIMS RELATING TO THE SERVICE EXCEED THE AMOUNT YOU PAID US IN THE 12 MONTHS PRIOR TO THE CLAIM, OR $100, WHICHEVER IS GREATER.
Notwithstanding the foregoing, nothing limits liability for gross negligence, willful misconduct, or data-protection breaches to the extent required by law.
9.1 Enterprise Liability Terms
Enterprise customers may negotiate enhanced liability caps and carve-outs for security incidents, data breaches, and IP infringement as part of their enterprise agreement. Contact enterprise@rrr.dev for custom terms.
9.2 Enhanced Enterprise Liability Provisions
Enterprise customers may negotiate enhanced liability provisions including:
- Increased liability caps (e.g., up to 24 months of fees)
- Carve-outs for data breaches, confidentiality violations, and gross negligence
- Super caps for IP infringement and willful misconduct
- Cyber liability insurance requirements
9.3 Audit and Assessment Rights (Enterprise)
Enterprise customers receive enhanced audit and assessment rights including:
- Annual Security Questionnaire: Completed SIG Lite or custom questionnaire upon request
- SOC 2 Report Access: Current Supabase infrastructure SOC 2 Type II report
- Penetration Test Summary: Executive summary of annual third-party penetration test
- Audit Assistance: Support for customer-initiated security assessments (reasonable scope)
- Compliance Documentation: Evidence collection support for customer audits
10. Indemnification
10.1 Customer Indemnity
You agree to indemnify, defend, and hold harmless RRR, its affiliates, officers, directors, employees, agents, and licensors from and against any claims, liabilities, damages, losses, and expenses, including reasonable attorneys' fees, arising out of or in any way connected with your access to or use of the Service, your violation of these Terms, or your violation of any rights of another person or entity.
10.2 RRR Indemnity
RRR will defend you from third-party IP infringement claims arising directly from the Service's code or materials, subject to the limitations set forth in these Terms and provided you promptly notify us of the claim and cooperate with our defense.
10.3 Data Breach Indemnity (Enterprise)
For Enterprise customers, RRR provides mutual data breach indemnification:
- RRR indemnifies customer for breaches caused by RRR's negligence
- Coverage includes reasonable notification costs and regulatory fines attributable to RRR's breach
- Subject to the liability caps negotiated in the enterprise agreement
11. Data Breach Notification
In the event of a confirmed security incident affecting customer data, RRR commits to:
- 72-Hour Written Notification: Notify affected customers within 72 hours of confirmation
- Incident Details: Nature of breach, data categories affected, and remediation steps
- Regulatory Alignment: Notifications meet GDPR, CCPA, and other applicable requirements
- Root Cause Analysis: Post-incident report shared within 30 days
This commitment is codified in our Data Processing Agreement, available upon request for Business and Enterprise customers.
12. Governing Law and Dispute Resolution
11.1 Governing Law
These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions.
11.2 Dispute Resolution
Any dispute arising out of or relating to these Terms or the Service shall be resolved through binding arbitration in accordance with the Commercial Arbitration Rules of the American Arbitration Association. The arbitration shall be conducted in Wilmington, Delaware under AAA rules. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction.
11.3 Class Action Waiver
You agree that any arbitration or proceeding shall be limited to the dispute between you and RRR individually. You waive any right to participate in a class action lawsuit or class-wide arbitration.
12. Changes to Terms
We reserve the right to modify these Terms at any time. We will provide notice of material changes by posting the updated Terms on our website and updating the "Last Updated" date. Material changes will take effect 30 days after notice unless you terminate before that date. Your continued use of the Service after such changes constitutes your acceptance of the new Terms.
13. General Provisions
13.1 Entire Agreement
These Terms constitute the entire agreement between you and RRR regarding the Service and supersede all prior agreements and understandings.
13.2 Severability
If any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that these Terms will otherwise remain in full force and effect.
13.3 Waiver
No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term.
13.4 Assignment
You may not assign or transfer these Terms or your rights hereunder without our prior written consent. We may assign or transfer these Terms without restriction.
14. Contact Us
If you have questions about these Terms, please contact us:
Rapid Risk Review
Email: legal@rrr.dev
General Inquiries: contact@rrr.dev