These Terms and Conditions ("Terms") constitute a legally binding agreement between your organisation ("Customer", "you", "your") and GRCfy Technologies Private Ltd ("Company", "we", "us", "our"), the operator of MaestroGRC ("the Service" or "the Platform").
By accessing or using the Platform — including creating an account, accepting an invitation, or authorising users within your organisation to access the Platform — you confirm that you have read, understood, and agree to be bound by these Terms and our Privacy Policy, which is incorporated herein by reference.
If you are accepting these Terms on behalf of an organisation, you represent that you have the authority to bind that organisation. If you do not agree to these Terms, you must not use the Platform.
MaestroGRC is an enterprise compliance orchestration platform that enables audit firms and client organisations to manage audits, controls, findings, evidence, and compliance reporting in a structured, role-based environment.
Core capabilities include, but are not limited to:
The Platform is provided as a software-as-a-service (SaaS). We reserve the right to modify, enhance, or discontinue features with reasonable notice.
Accounts are provisioned by platform administrators on behalf of organisations. Each user must have a unique account. Sharing credentials between users is prohibited.
You are responsible for:
You agree to provide accurate, complete, and current information when registering and to keep this information updated. We may suspend accounts where we have reason to believe information is false or misleading.
Platform administrators may configure mandatory password complexity and expiry policies applicable to all users within their organisation. Users must comply with applicable password requirements.
Access to the Platform is subject to an active subscription. Subscriptions are assigned to audit firms ("auditor subscriptions") or client entities ("client subscriptions") by platform administrators. Plans are defined by audit credit allowances, storage quotas, and billing cycles (monthly or annual).
We may offer time-limited trial access at the discretion of platform administrators. Trial subscriptions are subject to a maximum audit credit limit and duration as configured by the administrator. Trials automatically expire at the end of the trial period.
Each audit created or restored from the recycle bin consumes one credit from the applicable subscription. Credits are reset on subscription renewal. Unused credits do not carry forward beyond the renewal cycle unless otherwise specified in your plan.
Each subscription plan includes a defined storage quota for evidence uploads. Additional storage may be granted by platform administrators. Exceeding your quota will prevent new uploads until additional storage is allocated.
Subscriptions are renewed manually by platform administrators. Renewal reminders are sent in advance of the renewal date. If a subscription is not renewed, a grace period applies (default: 30 days) after which user accounts are locked. Data is retained for a further period (default: 90 days) before becoming eligible for permanent deletion.
You agree to use the Platform only for lawful purposes and in accordance with these Terms. You must not:
We reserve the right to suspend or terminate accounts that violate this section without prior notice where we determine there is an immediate security or legal risk.
All audit data, compliance content, findings, evidence, and other data you upload or create within the Platform ("Customer Data") remains your property. You grant us a limited, non-exclusive licence to host, process, and transmit Customer Data solely as necessary to provide the Service.
We act as a data processor with respect to any personal data contained in Customer Data. You are the data controller. Our data processing obligations are set out in our Privacy Policy and any applicable Data Processing Agreement.
Where you configure the Platform to use your own database server (firm-hosted or client-hosted mode), Customer Data stored on your infrastructure is under your exclusive control. The Company is not responsible for the security, availability, or backup of data stored on customer-managed servers.
Following termination of your account, Customer Data will be retained for the data retention period and then permanently deleted in accordance with our Privacy Policy. You may request an export of your data before termination by contacting support@maestrogrc.in.
The Platform, including its software, design, user interface, documentation, and all underlying technology, is owned by GRCfy Technologies Private Ltd and is protected by intellectual property laws. These Terms do not transfer any intellectual property rights to you.
You are granted a limited, non-exclusive, non-transferable, revocable licence to use the Platform solely for your organisation's internal compliance management purposes during the term of your subscription. This licence does not include the right to sublicense, resell, or distribute the Platform.
Feedback, suggestions, or ideas you provide about the Platform may be used by us without restriction or compensation to you.
Each party agrees to keep confidential all non-public information received from the other party that is designated as confidential or that reasonably should be understood to be confidential ("Confidential Information").
We will not disclose Customer Data to third parties except as necessary to provide the Service, as required by law, or as expressly permitted in these Terms or our Privacy Policy.
You agree not to disclose any non-public information about the Platform's technical architecture, pricing, or roadmap without our prior written consent.
We aim to maintain high platform availability but do not guarantee uninterrupted access. The Platform may be temporarily unavailable due to scheduled maintenance (notified in advance where possible), unplanned outages, or circumstances beyond our reasonable control.
We reserve the right to perform maintenance, upgrades, and patches at any time. We will endeavour to schedule disruptive maintenance outside business hours and provide advance notice.
Technical support is available to authorised administrators via the support email support@maestrogrc.in. Response times are not contractually guaranteed unless specified in a separate Service Level Agreement.
To the maximum extent permitted by applicable law, the Company's total aggregate liability to you arising out of or related to these Terms or the use of the Platform shall not exceed the total fees paid by you to us in the twelve (12) months immediately preceding the event giving rise to the claim.
In no event shall the Company be liable for any:
The Platform is provided "as is" and "as available". We make no warranty, express or implied, regarding fitness for a particular purpose, merchantability, or non-infringement. The Platform is a tool to assist compliance management; it does not guarantee regulatory compliance and should not be relied upon as legal or professional advice.
You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:
You may terminate your subscription at any time by submitting a cancellation request through the Platform or contacting support@maestrogrc.in. Termination takes effect at the end of the current billing cycle unless otherwise agreed.
We may suspend or terminate your access to the Platform immediately and without prior notice if:
Upon termination, your access to the Platform will cease. Customer Data will be retained for the data retention period (default: 90 days after user lockout) and then permanently deleted. Provisions of these Terms that by their nature should survive termination (including Sections 6, 7, 8, 10, 11, and 13) will continue to apply.
These Terms are governed by and construed in accordance with the laws of India, without regard to its conflict of law provisions.
Any dispute, controversy, or claim arising out of or relating to these Terms or the breach, termination, or validity thereof shall first be subject to good-faith negotiation between the parties. If the dispute is not resolved within 30 days of written notice, it shall be referred to arbitration under the Arbitration and Conciliation Act, 1996, with the seat of arbitration in Bangalore, India.
Nothing in this clause prevents either party from seeking urgent injunctive or other equitable relief from a court of competent jurisdiction.
We may update these Terms from time to time. When we make material changes, we will:
Your continued use of the Platform after the effective date of revised Terms constitutes your acceptance of the changes. If you do not agree to the revised Terms, you must stop using the Platform and request account closure.
For questions about these Terms or to exercise any rights: