Terms of Service.

These Terms of Service ("Terms") govern access to and use of the MaturityOne platform, websites, and associated services (the "Service") provided by Effective Risk Management Pty Ltd ("we", "us", "our"). By accessing or using the Service, the customer organisation and authorised users agree to be bound by these Terms.

For enterprise customers, these Terms are typically supplemented or superseded by a Master Services Agreement (MSA) or Order Form negotiated between the parties. Where an executed MSA or Order Form conflicts with these Terms, the MSA or Order Form prevails with respect to the parties to that agreement.

For the purpose of these Terms:

• "Customer" means the organisation that has subscribed to the Service.
• "Authorised User" means an individual employee, contractor, or agent of the Customer who has been provisioned access to the Service by the Customer.
• "Customer Data" means all information, data, content, and materials submitted by the Customer or its Authorised Users to the Service, including assessment responses, evidence, comments, and configuration.
• "Output" means the assessment scores, cross-domain cascade calculations, reports, dashboards, and other materials generated by the Service from Customer Data.
• "Subscription Term" means the term of a Customer's subscription as set out in the relevant Order Form.
• "Documentation" means the user-facing product documentation made available to the Customer.

Customer access to the Service is provided on a per-tenant basis. Within each Customer tenant, Authorised Users are provisioned by the Customer and assigned roles (Admin, Assessor, Reviewer, Executive) using the Service's role-based access control framework.

The Customer is responsible for: maintaining the confidentiality of all credentials and access tokens; promptly deactivating Authorised Users who no longer require access; using Single Sign-On (SAML 2.0 or OIDC) where supported by the Customer's identity provider; and enforcing multi-factor authentication where appropriate.

We will provide reasonable assistance to the Customer in respect of access management, but the Customer is the controller of its own tenant's access framework.

The Customer is responsible for:

The Customer and its Authorised Users must not, and must not permit any third party to:

• Use the Service for any unlawful purpose.
• Attempt to reverse-engineer, decompile, or otherwise derive the source code of the Service.
• Probe, scan, or test the vulnerability of the Service except under our published Responsible Disclosure program.
• Interfere with or disrupt the Service or other customers' use of the Service.
• Upload Customer Data containing malicious code.

Customer Data belongs to the Customer. The Customer retains all right, title and interest in and to Customer Data. We claim no ownership over Customer Data.

The Customer grants us a limited, non-exclusive, royalty-free licence to access, use, copy, store, transmit, and process Customer Data solely for the purpose of providing and improving the Service for the Customer.

We will use commercially reasonable efforts to make the Service available with high uptime.

Fees for the Service are set out in the relevant Order Form. All fees are quoted in Australian Dollars (AUD) unless otherwise specified.

Subscriptions are billed annually in advance. Payment terms are 30 days from invoice date.

The Subscription Term is set out in the relevant Order Form. Subscriptions automatically renew for successive periods of the same length unless either party provides notice of non-renewal at least 30 days prior to the renewal date.

Each party will: use the other's Confidential Information only for the purpose of the engagement; protect it with at least the same care it uses to protect its own confidential information; and not disclose it to third parties except as permitted under these Terms.

We warrant that the Service will substantially conform to the published Documentation and will be provided with reasonable skill and care. To the maximum extent permitted by applicable law, the Service is provided "as is" and "as available".

We retain all right, title, and interest in and to the Service, including the platform software, the maturity model content, and the documentation.

The Customer is granted a limited, non-exclusive, non-transferable right to access and use the Service for its internal business purposes during the Subscription Term.

These Terms are governed by the laws of Victoria, Australia.

These Terms, together with the Privacy Policy and any executed Order Form, constitute the entire agreement between the parties in respect of the Service.

For questions about these Terms: