nomius.io

particlesTerms of Service

Last updated: 28 April 2026

These Terms of Service ("the Terms") govern access to and use of the Nomius website at www.nomius.io ("the Website") and the Nomius Regulatory Intelligence Platform, together with all associated software, modules, content and services (collectively, "the Service"). The Service is provided by Nomius OÜ, a limited company registered in Estonia under company number 17218128, with our registered office at Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Sõle tn 18-99, 10320 ("Nomius", "we", "us" or "our").

By creating an account, using the website, subscribing to the Service, or otherwise indicating acceptance, you agree to be bound by these Terms. If you do not agree, you must not access or use the Service. If you are entering into these Terms on behalf of an organisation, you represent that you have the authority to bind that organisation, in which case "Customer" or "you" refers to that organisation.

These Terms incorporate by reference the Nomius Privacy Policy, the Data Processing Agreement (where applicable), the Acceptable Use Policy, the Cookie Policy, and any order form, quotation or written commercial agreement signed between you and Nomius (each an "Order Form"). In the event of any conflict, a signed Order Form prevails over these Terms, which prevail over other referenced policies, except where applicable law requires otherwise.

Table of Contents

1. Definitions

In these Terms, capitalised terms have the meanings set out below or as otherwise defined in context.

  • "Account" means the account created by Customer to access the Service.
  • "Authorised User" means an individual employee, contractor or agent of the Customer who is authorised by the Customer to use the Service and for whom a user seat has been provisioned.
  • "Customer Data" means any data, content, documents, records or information uploaded, submitted or generated by or on behalf of the Customer or its Authorised Users through the Service.
  • "Compliance Module" means each of the optional functional modules of the Service, including (without limitation) Data Privacy and Protection, Cybersecurity Governance, AI Compliance, Quality and Product Lifecycle Compliance, Digital Health Technology Standards, and any further module made available by Nomius from time to time.
  • "Compliance Assessment" means the assessment functionality made available by Nomius free of charge as described in clause 5.
  • "Documentation" means the user guides, help materials, technical documentation and policies made available by Nomius in respect of the Service.
  • "Fees" means the subscription, module, professional services and other fees payable by the Customer as set out in the applicable Order Form or pricing page.
  • "Intellectual Property Rights" means patents, utility models, rights to inventions, copyright and related rights, trade marks, business names, domain names, rights in get-up, goodwill, rights to sue for passing off, rights in designs, database rights, rights to use and protect confidential information (including know-how), and all other intellectual property rights, in each case whether registered or unregistered, and including all applications and rights to apply for and be granted such rights.
  • "Order Form" means an order, quotation, proposal or commercial agreement issued by Nomius and accepted by the Customer that sets out the Subscription Plan, Compliance Modules, number of Authorised Users, Subscription Term, Fees and any specific terms applicable to the engagement.
  • "Subscription Plan" means the tier of the Service selected by the Customer.
  • "Subscription Term" means the period during which the Customer is entitled to access the Service under the applicable Order Form, including any renewal periods.
  • "Personal Data" means has the meaning given in the UK General Data Protection Regulation, the EU General Data Protection Regulation (Regulation (EU) 2016/679) and any equivalent applicable data protection legislation, as the context requires.
  • "Applicable Law" means all laws, statutes, regulations, regulatory guidance and binding codes of practice from time to time in force that apply to the use of the Service or to the parties' performance under these Terms.
  • "EU AI Act" means Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence and amending certain Union legislative acts, as amended, supplemented or replaced from time to time, together with any delegated or implementing acts, harmonised standards and competent authority guidance adopted thereunder.
  • "AI Feature" means any feature of the Service that constitutes, incorporates or relies on an "AI system" or a "general-purpose AI model" within the meaning of Article 3 of the EU AI Act, including (without limitation) generative, recommender, classification, scoring, summarisation and analytical functionality made available through the Compliance Modules or the Compliance Assessment.

2. The Service

Nomius provides a software-as-a-service compliance management platform designed to assist regulated and quality-driven organisations in operationalising compliance across multiple frameworks. The Service comprises a set of core features included in every Subscription Plan and a suite of Compliance Modules that may be enabled in line with the Customer's Order Form.

Nomius will use commercially reasonable efforts to make the Service available, subject to scheduled maintenance, emergency maintenance and events outside its reasonable control. Nomius may, from time to time, modify, enhance or discontinue features of the Service, provided that such changes do not materially diminish the core functionality for which the Customer has subscribed during the then-current Subscription Term.

The Service is offered for use by businesses and professionals in the course of their trade, business, craft or profession. It is not intended for, and shall not be made available to, consumers acting outside such purposes.

3. Eligibility, Account Registration and Authorised Users

To register for the Service, the Customer must be a legal person capable of forming binding contracts, be at least eighteen (18) years of age (where an individual professional), and must not be barred from receiving the Service under the laws of any applicable jurisdiction, including any sanctions or export control regimes.

The Customer is responsible for ensuring that the registration information provided is accurate, complete and kept up to date. The Customer must safeguard all credentials used to access the Service and must not share Authorised User credentials with any individual. The Customer is responsible for all activity that occurs under its Account, save to the extent caused by Nomius's breach of these Terms.

The Customer must notify Nomius without undue delay of any actual or suspected unauthorised access to or use of the Account or the Service.

4. Subscription Plans and Compliance Modules

The Service is offered on a subscription basis. The Customer's Subscription Plan, the Compliance Modules enabled, the number of Authorised User seats, the Subscription Term and the applicable Fees are set out in the relevant Order Form, online sign-up flow or written acceptance.

All core platform features are included in every Subscription Plan. Compliance Modules are enabled separately and are charged in accordance with the applicable pricing in effect on the date of order. The Customer may add Compliance Modules or Authorised User seats during the Subscription Term, with such additions charged on a pro rata basis to the end of the then-current Subscription Term unless agreed otherwise in writing.

A reduction in the number of Authorised User seats or the removal of Compliance Modules during a Subscription Term will only take effect at the start of the next renewal period, unless otherwise agreed in writing.

5. Free Compliance Assessment

Nomius makes a Compliance Assessment available free of charge. The Compliance Assessment is provided on an "as-is" basis solely as an initial diagnostic tool to help organisations identify potential areas of regulatory and quality compliance focus.

The output of the Compliance Assessment is generated automatically based on the information provided by the Customer and the rule sets configured by Nomius at the relevant time. It does not constitute, and must not be relied upon as, legal, regulatory, audit or professional advice. Nomius gives no warranty, representation or undertaking, express or implied, in relation to the Compliance Assessment, including as to its responsibility, accuracy, completeness, currency, or suitability for any particular purpose, and to the maximum extent permitted by Applicable Law, all such warranties are excluded.

6. Fees, Invoicing, Renewal and Taxes

The Customer shall pay all Fees set out in the applicable Order Form or as displayed during online sign-up. Unless otherwise stated, all Fees are exclusive of value-added tax (VAT), goods and services tax (GST), sales tax and any other applicable taxes, levies or duties, which the Customer shall pay in addition at the prevailing rate.

Subscription Fees are payable on the order date. Payments shall be made in the currency specified by Nomius and without set-off, counterclaim, deduction or withholding (other than any deduction or withholding required by law).

Unless either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current Subscription Term, the subscription will automatically renew for a further period equal to the previous Subscription Term at the then-current list price. Nomius may revise its pricing from time to time and will give the Customer at least sixty (60) days' prior written notice of any change taking effect at renewal.

7. Licence to Use the Service

Subject to the Customer's compliance with these Terms and payment of all applicable Fees, Nomius grants the Customer a non-exclusive, non-transferable, non-sublicensable, revocable right during the Subscription Term to access and use the Service and the Documentation solely for the Customer's internal business purposes and only for the Compliance Modules and number of Authorised Users for which the Customer has subscribed.

8. Acceptable Use Restrictions

The Customer must not, and must procure that its Authorised Users do not, directly or indirectly:

  • Access, store, distribute or transmit any material that is unlawful, harmful, defamatory, obscene, infringing or otherwise objectionable through the Service;
  • Use the Service in a manner that breaches Applicable Law, including data protection, export control, sanctions, anti-bribery and anti-corruption laws;
  • Reverse engineer, decompile, disassemble or otherwise attempt to derive the source code, underlying ideas, algorithms, structure or organisational form of the Service, except to the extent expressly permitted by Applicable Law;
  • Copy, modify, create derivative works of, or otherwise exploit the Service or the Documentation other than as expressly permitted by these Terms;
  • Use the Service to build a competing product or service, or for the purpose of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purpose, without Nomius's prior written consent;
  • Introduce or upload any virus, worm, trojan, ransomware, time bomb, logic bomb, keystroke logger or other malicious code, or any code intended to gain unauthorised access to or interfere with the operation of the Service;
  • Attempt to probe, scan, penetrate or test the vulnerability of the Service or any related system or network, or breach any security or authentication measures, except under a written authorised testing arrangement with Nomius;
  • Use the Service to send unsolicited communications, conduct fraudulent activity, harvest data or impersonate any person or entity;
  • Upload any data which the Customer is not lawfully entitled to upload, or which exceeds the categories of data described in the Documentation; or
  • Exceed any usage limits, quotas or fair-use thresholds notified to the Customer.

Nomius may suspend access to the Service immediately and without prior notice if the Customer or any Authorised User is reasonably believed to be in material breach of this clause 8.

9. Customer Data

As between the parties, the Customer retains all right, title and interest in and to Customer Data. The Customer grants Nomius a worldwide, non-exclusive, royalty-free licence to host, copy, transmit, process and display Customer Data solely to the extent necessary to provide, secure, maintain and improve the Service in accordance with these Terms and Applicable Law.

The Customer is solely responsible for the accuracy, quality, integrity, legality, and reliability of Customer Data, and for the rights to use Customer Data. The Customer must ensure that it has all necessary rights, permissions, consents and lawful bases to upload Customer Data to the Service and to authorise Nomius to process it as contemplated by these Terms.

Nomius may generate aggregated, anonymised, or de-identified data derived from Customer Data and from the operation of the Service ("Aggregated Data") for purposes including improving the Service, benchmarking, analytics, threat intelligence, and reporting. Aggregated Data does not identify the Customer or any individual and is owned by Nomius.

10. Data Protection and Cross-Border Transfers

To the extent that Nomius processes Personal Data on behalf of the Customer in providing the Service, the parties acknowledge that the Customer is the controller and Nomius is the processor (or, where applicable, the parties are independent controllers in respect of certain processing activities, as further described in the Privacy Notice). Such processing is governed by the Nomius Data Processing Agreement ("DPA"), which is incorporated into these Terms by reference and which sets out the parties' respective obligations under the UK GDPR, the EU GDPR, the UK Data Protection Act 2018, the Swiss Federal Act on Data Protection, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) and other Applicable Law.

Where Personal Data is transferred from the United Kingdom, the European Economic Area or Switzerland to a jurisdiction not benefiting from an adequacy decision, the parties shall rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) or the Swiss equivalent, as appropriate, together with any supplementary measures identified through a transfer impact assessment.

Each party shall comply with its respective obligations under Applicable Law in relation to the processing of Personal Data. The Customer remains responsible for determining the lawful basis for processing Customer Data containing Personal Data and for responding to requests from data subjects, save where Nomius is contractually obliged to assist under the DPA.

11. Information Security

Nomius operates an information security management system aligned to recognised standards and implements appropriate technical and organisational measures designed to protect the confidentiality, integrity, availability and resilience of the Service and Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Data. A summary of the security measures in place from time to time is available in the Documentation or upon request.

The Customer is responsible for configuring the Service in accordance with its own security and compliance requirements, for managing access by its Authorised Users, and for securing the devices and networks used to access the Service. Nomius is not responsible for any compromise resulting from the Customer's failure to do so.

12. EU Artificial Intelligence Act Compliance

12.1 Application

The Service incorporates AI Features. Where Nomius makes AI Features available as part of the Service, Nomius acts as a "provider", and the Customer acts as a "deployer" within the meaning of the EU AI Act. This clause 12 sets out Nomius's warranty and compliance commitments under the EU AI Act and the parties' respective responsibilities in respect of AI Features. This clause is without prejudice to clauses 10 (Data Protection) and 11 (Information Security), which continue to apply in addition to the requirements of this clause.

12.2 Warranty of compliance

Nomius warrants that, in respect of the AI Features:

  • It has assessed, and shall continue to monitor, the classification of each AI Feature under the EU AI Act, including whether any AI Feature constitutes a high-risk AI system within the meaning of Article 6 and Annex III, an AI system subject to the transparency obligations under Article 50, or a general-purpose AI model;
  • It complies, and shall continue to comply, with the obligations imposed on providers of AI systems by the EU AI Act that are applicable to the AI Features, including, where relevant, the obligations set out in Articles 9 to 21 (risk management, data and data governance, technical documentation, record-keeping, transparency and provision of information to deployers, human oversight, accuracy, robustness and cybersecurity), Article 50 (transparency obligations), Article 72 (post-market monitoring) and, where applicable to general-purpose AI models, Articles 53 to 55; and
  • It does not place on the market, put into service, or use any AI Feature for any practice prohibited by Article 5 of the EU AI Act.

12.3 Transparency and explainability

In compliance with Article 50 and related provisions of the EU AI Act, Nomius shall:

  • Clearly indicate within the user interface where the Customer or its Authorised Users are interacting with an AI Feature, including any generative, classification, scoring or recommendation output;
  • Ensure that synthetic text content generated or materially manipulated by an AI Feature is detectable and marked in a machine-readable format where required by the EU AI Act;
  • Make available, through the Documentation, sufficient information regarding the intended purpose, capabilities, principal limitations, known accuracy, robustness and cybersecurity ranges and required human oversight measures for each AI Feature, in order to enable the Customer to use the AI Feature appropriately and to discharge its obligations as a deployer; and
  • Where reasonably feasible, make available to the Customer an explanation of the principal logic, key inputs and main parameters that informed an AI-generated output, sufficient to enable meaningful human oversight by the Customer.

12.4 Data governance and security

In alignment with Articles 10 and 15 of the EU AI Act and consistent with clauses 10 (Data Protection) and 11 (Information Security):

  • Training, validation and testing datasets used in the development of AI Features are subject to documented data governance practices, including provenance assessment, quality criteria, examination for biases reasonably likely to give rise to discrimination prohibited by Union law, and appropriate measures to detect, prevent and mitigate such biases;
  • Customer Data shall not be used to train, retrain, fine-tune or otherwise materially improve any AI Feature for the benefit of any other customer or third party except where the Customer has provided separate, express and revocable written consent;
  • Nomius implements appropriate technical and organisational measures to safeguard the accuracy, robustness, resilience and cybersecurity of the AI Features against reasonably foreseeable risks, including unauthorised modification of training data ("data poisoning"), adversarial inputs designed to mislead the model ("model evasion"), confidentiality attacks against training or operational data, prompt injection in respect of generative AI Features, and unintended bias drift; and
  • Nomius maintains the technical documentation, automatic event logs and conformity records required by Articles 11, 12 and 18 of the EU AI Act in respect of any high-risk AI Feature, for the periods required by the EU AI Act.

12.5 Prohibited uses and risk mitigation

The Customer warrants that it shall not, and shall procure that its Authorised Users shall not, use the Service or any AI Feature, alone or in combination with other systems, for any purpose:

  • That constitutes a prohibited practice under Article 5 of the EU AI Act, including the deployment of subliminal, manipulative or deceptive techniques causing significant harm; the exploitation of vulnerabilities of specific persons or groups; social scoring leading to detrimental or unjustified treatment; risk assessment of natural persons based solely on profiling for the purpose of predicting criminal offences; the untargeted scraping of facial images for facial recognition databases; inference of emotions in workplaces or educational institutions (other than for medical or safety reasons expressly permitted by law); biometric categorisation inferring race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation; or real-time remote biometric identification in publicly accessible spaces other than as expressly permitted by Applicable Law;
  • That breaches any deployer obligation under Article 26 of the EU AI Act (where the AI Feature is or includes a high-risk AI system), including any failure to operate the AI Feature in accordance with the instructions for use, to assign suitably qualified human oversight, to monitor operation, or to inform affected persons where required; or
  • That falls outside the intended purpose of the AI Feature as set out in the Documentation.

The Customer remains solely responsible, as deployer, for performing any fundamental rights impact assessment required by Article 27 of the EU AI Act, for any data protection impact assessment required under Articles 35 and 36 of the EU GDPR, and for implementing the operational human oversight measures required in its specific deployment context. Nomius shall provide reasonable assistance and information to enable the Customer to discharge those obligations. Nomius may suspend access to any AI Feature in accordance with clause 18 (Term, Suspension and Termination) where it reasonably believes the Service is being used in breach of this clause 12.5.

12.6 Change management

Nomius operates a documented change management process for AI Features. In particular:

  • Nomius shall record material modifications to AI Features in version histories and shall maintain technical documentation reflecting each material change for the periods required by the EU AI Act;
  • Where a modification to an AI Feature constitutes a "substantial modification" within the meaning of Article 3(23) of the EU AI Act, Nomius shall complete the conformity reassessment required by the EU AI Act before such modification is made available to the Customer;
  • Nomius shall give the Customer reasonable prior notice (and, save where a shorter period is required by Applicable Law, regulatory direction, security imperatives or for the correction of a defect, no less than thirty (30) days) of any modification to an AI Feature that materially changes its intended purpose, performance characteristics, scope of inputs or outputs, or required human oversight measures, together with information sufficient to enable the Customer to update its own deployer-side risk assessments, instructions for use and oversight measures; and
  • Nomius shall operate a post-market monitoring system in accordance with Article 72 of the EU AI Act in respect of any high-risk AI Feature and shall report serious incidents to the relevant market surveillance authorities in accordance with Article 73 of the EU AI Act and shall, where lawful and as soon as reasonably practicable, notify the Customer where any such incident affects, or is reasonably likely to affect, the Customer.

12.7 Indemnity

Subject to clauses 17.1 and 17.3, Nomius shall indemnify the Customer against administrative fines and penalties imposed on the Customer by a competent supervisory authority under Articles 99 to 101 of the EU AI Act to the extent such fines or penalties arise directly and exclusively from a breach by Nomius of its warranty in clause 12.2, and not from any act or omission of the Customer (including, without limitation, the Customer's breach of clause 12.5 or its obligations as a deployer). The Customer shall give Nomius prompt written notice of any such claim, sole conduct of the defence and settlement, and reasonable cooperation. The aggregate cap in clause 17.3 applies to this indemnity, and the exclusion in clause 17.2(d) shall not apply to amounts indemnified under this clause 12.7.

12.8 Cooperation with authorities

Each party shall provide the other with reasonable assistance and information necessary to demonstrate compliance with the EU AI Act in respect of the AI Features, including in the event of any inquiry, investigation, audit or request by a competent authority. Nothing in this clause requires either party to disclose information protected by legal privilege or to take any step that would breach Applicable Law.

13. Confidentiality

"Confidential Information" means any information disclosed by one party (the "Discloser") to the other (the "Recipient") which is identified as confidential or which by its nature ought reasonably to be treated as confidential, including the terms of any Order Form, the non-public elements of the Service, Customer Data and the Discloser's business, technical and financial information.

The Recipient shall:

  1. hold Confidential Information in strict confidence,
  2. use it solely to perform its obligations or exercise its rights under these Terms, and
  3. not disclose it to any third party except to its employees, professional advisers and subcontractors who have a need to know and who are bound by confidentiality obligations no less protective than those set out in this clause.

These obligations do not apply to information that is or becomes publicly available other than through breach of these Terms, was lawfully in the Recipient's possession before disclosure, is independently developed without reference to the Confidential Information, or is required to be disclosed by law or regulatory authority (provided that the Recipient gives prior notice where lawful).

14. Intellectual Property

All Intellectual Property Rights in and to the Service, the Documentation, the Compliance Assessment, the Compliance Modules, all underlying software, databases, methodologies, frameworks, content libraries, templates, user interfaces, branding and improvements thereto are and shall remain the sole and exclusive property of Nomius or its licensors. Nothing in these Terms transfers any Intellectual Property Rights to the Customer other than the limited licence granted in clause 7.

If the Customer provides feedback, suggestions or ideas relating to the Service ("Feedback"), the Customer grants Nomius a perpetual, irrevocable, royalty-free, worldwide licence to use and incorporate that Feedback into the Service without restriction or obligation.

15. Third-Party Services and Integrations

The Service may interoperate with or contain links to third-party services, content, or websites ("Third-Party Services"). Use of any Third-Party Service is subject to the terms of the relevant third-party provider. Nomius is not responsible for, and gives no warranty in relation to, any Third-Party Service. The Customer's decision to enable, disable or use a Third-Party Service is solely the Customer's responsibility.

16. Disclaimers

IMPORTANT: The Service is a compliance management platform designed to support the operational management of compliance programmes. The Service, including the Compliance Modules and the Compliance Assessment, does not constitute, and is not a substitute for, legal advice, regulatory advice, audit, certification, attestation or other professional advice. Nothing produced by, displayed in, or generated through the Service should be relied upon as such. The Customer remains solely responsible for the assessment, design, implementation and operation of its own compliance programme, for the engagement of qualified legal, regulatory and audit professionals, and for compliance with all laws, regulations and standards applicable to it.

The content libraries, regulatory references, templates, control catalogues and assessment criteria made available through the Service are provided for informational and operational purposes only and may not reflect the latest developments in any particular jurisdiction. The Customer should verify the currency and applicability of such content for its own context.

To the maximum extent permitted by Applicable Law, and save for the express warranties given by Nomius in clause 12.2, the Service and the Documentation are provided on an "as is" and "as available" basis. Nomius disclaims all warranties, conditions and other terms, whether express or implied, including any implied warranties or conditions of satisfactory quality, merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness or that the Service will be uninterrupted, error-free, secure or free from harmful components. Nothing in these Terms excludes or limits any warranty or term that cannot be lawfully excluded or limited.

17. Limitation of Liability

17.1 Liabilities not excluded or limited

Nothing in these Terms shall exclude or limit either party's liability for:

  1. death or personal injury caused by its negligence;
  2. fraud or fraudulent misrepresentation;
  3. any liability that cannot be excluded or limited under Applicable Law; or
  4. the Customer's obligation to pay Fees properly due.

17.2 Excluded losses

Subject to clause 17.1, in no event shall either party be liable to the other, whether in contract, tort (including negligence), breach of statutory duty or otherwise, for any:

  1. loss of profits, revenue, business, contracts, opportunity or anticipated savings;
  2. loss of goodwill or reputation;
  3. loss, corruption or alteration of data (save in respect of Nomius's breach of its security or data processing obligations);
  4. regulatory fines or penalties imposed on the Customer (save to the extent expressly indemnified by Nomius under clause 12.7); or
  5. any indirect, consequential, special or punitive losses, in each case whether or not foreseeable.

17.3 Aggregate cap

Subject to clauses 17.1 and 17.2, each party's total aggregate liability arising under or in connection with these Terms in any twelve (12) month period shall not exceed an amount equal to the total Fees paid or payable by the Customer to Nomius under the applicable Order Form during the twelve (12) months immediately preceding the event giving rise to the claim, or, where no Fees have yet been paid, the equivalent of one hundred pounds sterling (£100).

17.4 Free use

Where the Customer accesses the Service free of charge (including the Compliance Assessment or any free trial), Nomius's aggregate liability in respect of such free use is, to the maximum extent permitted by Applicable Law, limited to one hundred pounds sterling (£100).

18. Term, Suspension and Termination

These Terms commence on the date the Customer first accepts them (or first accesses the Service, whichever is earlier) and continue until all Subscription Terms have expired, or these Terms are terminated in accordance with this clause.

Either party may terminate these Terms with immediate effect by written notice if the other party:

  1. commits a material breach of these Terms which is incapable of remedy or, if capable of remedy, is not remedied within thirty (30) days after receipt of written notice;
  2. is unable to pay its debts as they fall due, becomes insolvent, enters administration, has a receiver or liquidator appointed, or undergoes any equivalent insolvency event in any jurisdiction; or
  3. ceases or threatens to cease to carry on business.

Nomius may suspend access to all or part of the Service immediately upon written notice (which may be by electronic means) if:

  1. the Customer fails to pay any Fees that remain overdue more than thirty (30) days after the due date;
  2. Nomius reasonably believes that the Customer or an Authorised User is in material breach of clauses 8, 9, 12, 13 or 14; or
  3. suspension is necessary to protect the security, integrity or availability of the Service.

On termination or expiry of these Terms:

  1. all rights granted to the Customer under these Terms cease immediately;
  2. the Customer must cease all use of the Service;
  3. the Customer may, during a period of thirty (30) days following termination, request export of Customer Data in a standard format made available by Nomius, after which Nomius may delete Customer Data in accordance with its data retention policy and the DPA; and
  4. any provision which expressly or by implication is intended to survive termination shall remain in full force, including clauses 9, 12, 13, 14, 16, 17, 20, 21 and 23.

19. Modifications to these Terms and to the Service

Nomius may amend these Terms from time to time. Where a change materially and adversely affects the Customer, Nomius will provide at least thirty (30) days' prior notice (by email to the registered Account contact or via in-product notification). Continued use of the Service after the effective date of the change constitutes acceptance of the revised Terms. If the Customer does not accept a material adverse change, the Customer may terminate the affected subscription with effect from the date the change takes effect by giving written notice before that date, in which case Nomius will refund any prepaid Fees relating to the period after termination.

20. Indemnification

20.1 By Nomius

Nomius shall defend the Customer against any third-party claim that the Customer's use of the Service in accordance with these Terms infringes that third party's Intellectual Property Rights, and shall indemnify the Customer against damages and costs finally awarded by a court of competent jurisdiction in respect of such claim, provided that the Customer:

  1. promptly notifies Nomius in writing of the claim,
  2. gives Nomius sole control of the defence and settlement, and
  3. provides reasonable cooperation.

This indemnity does not apply to claims arising from:

  1. modification of the Service other than by Nomius,
  2. combination of the Service with materials not provided by Nomius,
  3. use of the Service other than in accordance with these Terms, or
  4. Customer Data.

20.2 By the Customer

The Customer shall defend, indemnify and hold harmless Nomius against any claim brought by a third party arising out of or relating to:

  1. Customer Data or the Customer's use of the Service in breach of these Terms or Applicable Law, or
  2. the Customer's breach of clause 8.

21. Force Majeure

Neither party shall be in breach of these Terms or otherwise liable for any failure or delay in performance (other than a payment obligation) caused by an event beyond its reasonable control, including acts of God, war, terrorism, civil unrest, epidemic or pandemic, governmental action, failure of utilities or telecommunications networks, third-party hosting failures, denial-of-service attacks or industrial action affecting a third party. The affected party shall promptly notify the other party and use reasonable endeavours to mitigate the impact. If the event continues for more than sixty (60) consecutive days, either party may terminate the affected subscription on written notice.

22. Governing Law and Dispute Resolution

These Terms and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with them or their subject matter or formation are governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law principles. The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any such dispute or claim, save that Nomius may bring proceedings to enforce its Intellectual Property Rights or to recover unpaid Fees in any court of competent jurisdiction.

Before initiating formal proceedings (other than for urgent injunctive or equitable relief), the parties shall attempt, in good faith, to resolve any dispute by escalating to senior representatives for at least thirty (30) days.

23. Notices

Notices to Nomius must be sent in writing to compliance@nomius.io and to the registered office set out at the beginning of these Terms. Notices to the Customer may be sent by email to the address associated with the Account or by in-product notification. A notice is deemed received on the day of transmission if sent during normal business hours, or on the next business day otherwise.

24. General

24.1 Entire agreement

These Terms, together with the documents incorporated by reference, constitute the entire agreement between the parties in relation to the Service and supersede all prior agreements, understandings and representations.

24.2 No reliance

Each party acknowledges that it has not relied on any statement, representation or warranty other than those expressly set out in these Terms. Nothing in this clause shall limit liability for fraud or fraudulent misrepresentation.

24.3 Assignment

The Customer may not assign, transfer, or otherwise dispose of any rights or obligations under these Terms without Nomius's prior written consent. Nomius may assign these Terms to an affiliate or in connection with a merger, acquisition or sale of assets.

24.4 Subcontracting

Nomius may engage subcontractors to perform any of its obligations under these Terms, provided that Nomius remains responsible for their performance. Sub-processors of Personal Data are governed by the DPA.

24.5 Severability

If any provision is held to be invalid, illegal or unenforceable, the remaining provisions shall continue in full force, and the parties shall negotiate in good faith a valid substitute provision that most closely reflects the original intent.

24.6 No waiver

A failure or delay in exercising a right or remedy under these Terms shall not constitute a waiver of that or any other right or remedy.

24.7 No partnership

Nothing in these Terms creates any partnership, joint venture, agency or employment relationship between the parties.

24.8 Third-party rights

A person who is not a party to these Terms has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of these Terms.

24.9 Counterparts

These Terms may be accepted electronically and, where signed, may be executed in counterparts, each of which, when executed, shall constitute an original.

25. Contact

Questions about these Terms should be directed to: