These Terms of Service (these “Terms”) constitute a legally binding agreement between the business entity identified during registration (“Customer,” “you,” or “your”) and Sentralis Inc., a Texas corporation (“Sentralis,” “we,” “us,” or “our”), governing your access to and use of the ControlOS platform and related services under the MitigoSuite product family (collectively, the “Platform”).
By creating an account, accessing, or using the Platform, you represent that you have the authority to bind the Customer to these Terms and that you agree to be bound by them. If you do not agree, do not access or use the Platform.
The Platform is offered exclusively for business-to-business (“B2B”) use. The Platform is not intended for individual consumer use.
“Customer Data” means all data, content, and information that Customer or its authorized users input, upload, or otherwise transmit to the Platform, including control definitions, framework mappings, risk indicators, audit evidence, remediation plans, workflow configurations, segregation-of-duties matrices, and compliance documentation.
“Authorized Users” means individuals who are employees, contractors, or agents of Customer and who have been granted access to the Platform by Customer through its tenant account.
“Tenant” means the logically isolated environment assigned to Customer within the Platform’s multi-tenant architecture, identified by a unique tenant identifier.
“Platform Baseline” means standard framework definitions, control libraries, and reference configurations maintained by Sentralis and made available to all Customers as part of the service.
To use the Platform, Customer must register for an account and provide accurate, complete business contact information. Customer is responsible for maintaining the confidentiality of account credentials and for all activities that occur under its account.
Customer is responsible for managing Authorized Users within its Tenant, including granting, modifying, and revoking access. Customer shall ensure that all Authorized Users comply with these Terms.
Customer shall immediately notify Sentralis of any unauthorized use of its account or any other breach of security.
Subject to these Terms, Sentralis grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Platform during the subscription term solely for Customer’s internal business purposes related to governance, risk, and compliance operations.
Customer shall not:
Customer retains all right, title, and interest in and to Customer Data. Sentralis acquires no ownership rights in Customer Data. Customer grants Sentralis a limited right to process Customer Data solely as necessary to provide, maintain, and improve the Platform in accordance with these Terms and our Privacy Policy.
Sentralis shall maintain the secrecy and logical and physical security of Customer Data. Access to Customer Data within Sentralis is limited on a disciplined “as needed” basis to employees and agents who require access to deliver Platform services and who are bound by confidentiality obligations.
Customer is solely responsible for the accuracy, quality, legality, and appropriateness of Customer Data and the means by which Customer acquired it.
The Platform operates on a multi-tenant architecture with logical data isolation at the database level. Customer Data is stored within Customer’s assigned Tenant and is segregated from other Customers’ data through row-level security policies. Sentralis shall not access, use, or disclose Customer Data except as necessary to provide the Platform or as required by law.
Each party (the “Recipient”) shall maintain in confidence and protect the secrecy of the other party’s (the “Discloser”) confidential information. Confidential information includes Customer Data, Platform technical specifications, pricing, and any information disclosed by either party that is marked as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure.
Confidential information does not include information that: (a) through no breach of duty to a party becomes known to the Recipient or is a matter of public knowledge; or (b) is independently developed without reference to or use of confidential information.
If a Recipient believes in good faith that confidential information must be disclosed in response to a valid order of a court of competent jurisdiction, the Recipient may so disclose to the extent required to comply, provided the Recipient gives the Discloser reasonable opportunity to contest such disclosure and obtain a protective order.
Sentralis retains all right, title, and interest in and to the Platform, including all software, technology, documentation, Platform Baseline content, and related intellectual property rights. These Terms do not convey to Customer any rights of ownership in the Platform.
Any ideas, suggestions, or recommendations made by Customer regarding the Platform (“Feedback”) may be used and incorporated into Sentralis’s products, technologies, and services without royalties or other obligations, so long as Sentralis does not infringe Customer’s patents, copyrights, or trademark rights.
Access to the Platform requires an active subscription. Subscription plans, pricing, and payment terms are as set forth in the applicable order form or subscription agreement between Customer and Sentralis.
Unless otherwise stated in the applicable order form, subscriptions automatically renew for successive periods equal to the initial term unless either party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.
All fees are non-refundable except as expressly set forth in the applicable order form or as required by law.
These Terms are effective as of the date Customer first accesses the Platform and continue until the subscription is terminated.
Either party may terminate the subscription for cause if the other party materially breaches these Terms and fails to cure such breach within thirty (30) days after receiving written notice thereof.
Upon termination, Customer’s access to the Platform will be suspended. Customer Data will be retained for thirty (30) days following termination to allow for data export, after which it will be permanently deleted from production systems. Backups containing Customer Data are purged within ninety (90) days of termination.
Sections 5 (Customer Data Ownership), 7 (Confidentiality), 8 (Intellectual Property), 12 (Limitation of Liability), 13 (Indemnification), and 14 (Governing Law) shall survive termination of these Terms.
Sentralis warrants that the Platform will perform materially in accordance with its documentation during the subscription term. Sentralis’s sole obligation for any breach of this warranty is to use commercially reasonable efforts to correct the non-conformity.
EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, THE PLATFORM IS PROVIDED “AS IS” AND “AS AVAILABLE.” SENTRALIS DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. SENTRALIS DOES NOT WARRANT THAT THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITY, ARISING OUT OF OR RELATED TO THESE TERMS OR THE USE OF THE PLATFORM, REGARDLESS OF THE THEORY OF LIABILITY.
EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS SHALL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO SENTRALIS DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
Customer shall indemnify, defend, and hold harmless Sentralis from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising from: (a) Customer’s use of the Platform in violation of these Terms; (b) Customer Data or Customer’s collection thereof; or (c) Customer’s violation of applicable law.
Sentralis shall indemnify, defend, and hold harmless Customer from and against any third-party claims that Customer’s authorized use of the Platform infringes a third party’s intellectual property rights, provided that Customer promptly notifies Sentralis of such claim and cooperates in its defense.
These Terms shall be governed in all respects by the laws of the State of Texas, without regard to its conflict of law provisions. The state district courts of Harris County, Texas, shall be the exclusive forum for any litigation or dispute resolution arising from these Terms.
Since a breach or threatened breach of the confidentiality or data protection provisions of these Terms would cause the non-breaching party irreparable harm for which monetary damages would not be an adequate remedy, the non-breaching party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy.
Sentralis reserves the right to modify these Terms at any time. We will provide Customer with at least thirty (30) days’ notice of material changes by posting a notice within the Platform or by email. Continued use of the Platform after the effective date of any modification constitutes acceptance of the modified Terms. If Customer does not agree to the modified Terms, Customer may terminate the subscription by providing written notice within thirty (30) days of receiving notice of the modification.
These Terms, together with the Privacy Policy, any applicable order form, and any data processing agreement, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous agreements, understandings, and communications.
Neither party may assign these Terms without the other party’s prior written consent, except that either party may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets.
The failure of either party to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision. If any provision of these Terms is held to be unenforceable, the remaining provisions shall remain in full force and effect.
For questions about these Terms, please contact us at:
Sentralis Inc.
Email: Engel@mitigosuite.com
© 2026 Sentralis Inc. All rights reserved.
← Privacy Policy