Kantis — Terms of Service

Last updated: April 2026

1. Acceptance of Terms

1.1 These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer," "you," or "your") and Kantis ("Kantis," "we," "us," or "our"), governing your access to and use of the Kantis platform, managed services, and all related services (collectively, the "Services").

1.2 By creating an account, accessing the Services, or authorising any individual to access the Services on your behalf, you agree to be bound by these Terms as of the date of such access or use (the "Effective Date"). If you are entering into these Terms on behalf of a company, organisation, or other legal entity, you represent and warrant that you have the authority to bind that entity and its affiliates to these Terms.

1.3 If you do not agree to these Terms, you must not access or use the Services.

1.4 These Terms may be supplemented by an Order Form, Statement of Work, or Data Processing Agreement executed between the parties. In the event of a conflict between these Terms and an Order Form, the Order Form shall prevail to the extent of the conflict.

1.5 Kantis may update these Terms from time to time. We will provide you with not less than thirty (30) days' prior written notice of any material changes. Your continued use of the Services following the effective date of any such amendment constitutes your acceptance of the updated Terms.

2. Description of Services

2.1 Kantis provides an AI-native compliance automation platform designed to help B2B organisations achieve and maintain compliance with frameworks including ISO 27001, UK GDPR, EU GDPR, SOC 2, and the EU AI Act (the "Platform"). The Platform combines automated evidence collection, AI-assisted policy generation, control mapping, and continuous monitoring capabilities.

2.2 In addition to the Platform, Kantis offers managed compliance services, which may include expert guidance, audit preparation support, gap analysis, and advisory services delivered by Kantis personnel or contracted specialists (the "Managed Services"). The scope of any Managed Services engagement will be set out in an applicable Order Form or Statement of Work.

2.3 The Services may integrate with Customer's third-party cloud infrastructure providers, identity providers, and other software tools. Such integrations may require Customer to provide access credentials, API keys, or authorisation tokens to enable automated compliance checks and evidence collection. Kantis will access these third-party systems only to the extent necessary to provide the Services and in accordance with the permissions granted by Customer.

2.4 Kantis may modify or update the features, functionality, or user interface of the Platform from time to time. Kantis will not materially decrease the overall functionality of the Services during an active Subscription Term without providing reasonable prior notice.

3. Account Registration and Responsibilities

3.1 To access the Services, Customer must create an account and provide accurate, current, and complete registration information, including company name, contact details, and any other information reasonably requested by Kantis. Customer must maintain the accuracy of this information throughout the term of use.

3.2 Customer may designate and provide access to the Services to its authorised employees, agents, or contractors ("Authorised Users"). Each Authorised User must use a unique login identity. Sharing of account credentials between individuals is strictly prohibited and constitutes a material breach of these Terms.

3.3 Customer is responsible for: (a) all activities that occur under its account and its Authorised Users' accounts; (b) maintaining the confidentiality of all login credentials; (c) ensuring that Authorised Users comply with these Terms; and (d) promptly notifying Kantis of any unauthorised access to or use of the Services.

3.4 Customer acknowledges that the Services may access, retrieve, and process sensitive configuration data and credentials from Customer's cloud infrastructure and third-party tools. Customer is responsible for ensuring that it has all necessary rights, permissions, and authorisations to grant Kantis access to such systems and data.

4. Acceptable Use Policy

4.1 Customer shall use the Services only for lawful purposes and in accordance with these Terms, all applicable laws, and any applicable Documentation. Customer shall not, and shall ensure that Authorised Users do not:

• (a) use the Services in any manner that violates any applicable law or regulation;
• (b) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Platform, except to the extent expressly permitted by applicable law;
• (c) make the Services available to, or use the Services for the benefit of, any third party other than Customer's own organisation, unless expressly agreed in writing;
• (d) sublicense, sell, resell, lease, rent, distribute, or otherwise transfer the Services or any rights therein;
• (e) use the Services to build a competing product or service, or to conduct competitive analysis or benchmarking;
• (f) use any automated means, including robots, spiders, or data mining tools, to access or extract data from the Services, except as expressly permitted through APIs provided by Kantis;
• (g) circumvent any technical or contractual usage limitations of the Services;
• (h) introduce any virus, trojan, worm, or other malicious code to the Platform, or attempt to interfere with the integrity, security, or availability of the Services;
• (i) upload or transmit any content that is unlawful, defamatory, harassing, discriminatory, or that infringes any third-party intellectual property rights; or
• (j) upload to the Services any data that constitutes special category data under Article 9 of the UK GDPR or EU GDPR (such as health data, biometric data for identification, data concerning racial or ethnic origin, political opinions, religious beliefs, or sexual orientation), unless expressly agreed in writing and subject to appropriate safeguards.

4.2 Kantis reserves the right to suspend access to the Services immediately if it reasonably believes that Customer has breached this Section 4, or if Customer's use poses a threat to the security, integrity, or availability of the Services or other customers' data.

5. Intellectual Property

5.1 Kantis IP. Kantis and its licensors retain all right, title, and interest in and to the Platform, Documentation, methodologies, algorithms, models, templates, software, know-how, and all other intellectual property rights embodied in or related to the Services (collectively, "Kantis IP"). Nothing in these Terms transfers ownership of any Kantis IP to Customer. Customer receives only the limited right to access and use the Services during the Subscription Term, subject to these Terms.

5.2 Customer Data. Customer retains all right, title, and interest in and to all data, content, documents, and other information uploaded to, processed by, or generated through the Services by or on behalf of Customer, including audit evidence, policy documents, configuration data, and employee records ("Customer Data"). For the avoidance of doubt, Customer Data includes outputs and reports generated by the Services from Customer Data, excluding any Kantis IP embedded therein.

5.3 Licence to Customer Data. Customer grants Kantis a non-exclusive, worldwide, royalty-free licence to use, reproduce, modify, and process Customer Data solely to the extent necessary to provide and operate the Services in accordance with these Terms. This licence terminates upon expiration or termination of these Terms, subject to any applicable data retention obligations.

5.4 Aggregated and Anonymised Data. Kantis may collect, aggregate, and analyse data relating to the provision, use, and performance of the Services, including usage patterns, feature adoption, and platform performance metrics. Kantis may use such data, during and after the Term, to develop, improve, and enhance the Services and other Kantis offerings, provided that any such data is aggregated and anonymised such that neither Customer nor any individual can be identified. Customer acknowledges and agrees that Kantis shall own all right, title, and interest in such aggregated and anonymised data.

5.5 Feedback. If Customer provides any suggestions, ideas, enhancement requests, or other feedback regarding the Services ("Feedback"), Customer grants Kantis a fully paid-up, royalty-free, worldwide, perpetual, irrevocable, transferable, and sublicensable licence to use, reproduce, modify, incorporate into the Services, and otherwise exploit such Feedback for any purpose. Kantis shall have no obligation to implement any Feedback or to compensate Customer for any Feedback.

5.6 AI-Generated Content. Certain features of the Services use artificial intelligence and machine learning to generate policy drafts, recommendations, and other outputs ("AI Outputs"). Kantis makes no representations or warranties regarding the accuracy, completeness, or legal sufficiency of any AI Outputs. Customer is solely responsible for reviewing, validating, and approving all AI Outputs before use. Kantis will not use Customer Data to train general-purpose artificial intelligence or machine learning models; provided that Kantis may use Feedback and aggregated, anonymised Usage Data to improve its AI features.

6. Customer Data and Confidentiality

6.1 Confidential Information. "Confidential Information" means all non-public information disclosed by one party (the "Disclosing Party") to the other party (the "Receiving Party") in connection with these Terms, whether disclosed orally, in writing, or by any other means, including business plans, product roadmaps, pricing, customer lists, technical information, and any information that a reasonable person would understand to be confidential. The Services and Kantis IP constitute Kantis's Confidential Information. Customer Data constitutes Customer's Confidential Information.

6.2 Obligations. The Receiving Party shall: (a) hold Confidential Information in strict confidence using the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care; (b) not disclose Confidential Information to any third party except to employees, contractors, or advisers who have a legitimate need to know and are bound by obligations of confidentiality no less protective than those contained herein; and (c) use Confidential Information only for the purpose of exercising its rights or performing its obligations under these Terms.

6.3 Exceptions. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was rightfully in the Receiving Party's possession prior to disclosure; (c) is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information; or (d) is rightfully obtained from a third party without restriction on disclosure.

6.4 Required Disclosures. If the Receiving Party is required by law, regulation, or court order to disclose Confidential Information, the Receiving Party shall, to the extent legally permitted, provide the Disclosing Party with prompt prior written notice and shall cooperate with the Disclosing Party's reasonable efforts to obtain a protective order or other appropriate remedy.

6.5 Security. Kantis will maintain appropriate technical and organisational measures to protect the security, confidentiality, and integrity of Customer Data, including encryption in transit and at rest, access controls, monitoring, and regular security assessments. In the event of a Security Incident involving Customer Data, Kantis will notify Customer without undue delay and in any event within seventy-two (72) hours, and will provide reasonable cooperation in investigating and mitigating the incident.

6.6 Data Processing Agreement. Where Kantis processes personal data on behalf of Customer, the Kantis Data Processing Agreement ("DPA") applies and is incorporated into these Terms by reference. The DPA is deemed accepted by Customer upon first use of the Services. The DPA complies with the requirements of Article 28 of the UK GDPR and EU GDPR. To the extent of any conflict between these Terms and the DPA regarding the processing of personal data, the DPA shall prevail.

7. Payment Terms

7.1 Fees. Customer shall pay all fees specified in the applicable Order Form or as otherwise agreed in writing ("Fees"). All Fees are quoted in the currency specified in the applicable Order Form and are exclusive of VAT and any other applicable taxes, which shall be payable by Customer in addition to the Fees.

7.2 Invoicing and Payment. Kantis will invoice Customer in accordance with the payment schedule set out in the applicable Order Form. Unless otherwise specified, payment is due within fourteen (14) days of the date of an undisputed invoice. All payment obligations are non-cancellable, and Fees paid are non-refundable except as expressly provided in these Terms.

7.3 Late Payment. If Customer fails to pay any undisputed amount when due, Kantis may: (a) charge interest on the overdue amount at the rate of 4% per annum above the Bank of England base rate (or the maximum rate permitted by law, if lower), accruing daily from the due date until payment is made; and (b) suspend access to the Services upon fifteen (15) days' written notice if the outstanding amount remains unpaid.

7.4 Taxes. Customer is responsible for all taxes, duties, and levies arising from Customer's purchase or use of the Services, excluding taxes based on Kantis's net income. If Kantis is required to collect or pay any taxes on Customer's behalf, Customer shall reimburse Kantis for such amounts.

7.5 Price Changes. Kantis may change its pricing from time to time. Any price changes will take effect at the start of the next Subscription Term and Kantis will provide not less than thirty (30) days' advance written notice of any increase.

8. Warranties and Disclaimers

8.1 Kantis Warranties. Kantis warrants that: (a) it will perform the Services with reasonable skill and care in accordance with generally accepted industry standards; (b) the Services will perform materially in accordance with the applicable Documentation during the Subscription Term; and (c) the Managed Services will be performed by appropriately qualified personnel.

8.2 Customer Warranties. Customer warrants that: (a) it has the legal right and authority to enter into these Terms; (b) it has all necessary rights, permissions, and authorisations to provide Customer Data to Kantis and to grant Kantis access to Customer's cloud infrastructure and third-party tools as contemplated by the Services; (c) Customer Data does not and will not infringe any third-party intellectual property rights; and (d) Customer's use of the Services will comply with all applicable laws and regulations.

8.3 COMPLIANCE DISCLAIMER. CUSTOMER UNDERSTANDS AND AGREES THAT THE SERVICES ARE TOOLS DESIGNED TO ASSIST CUSTOMER IN ITS COMPLIANCE EFFORTS. THE SERVICES, INCLUDING ANY AI OUTPUTS, POLICY DRAFTS, RECOMMENDATIONS, REPORTS, AND ANY ORAL OR WRITTEN COMMUNICATIONS (INCLUDING THOSE PROVIDED THROUGH MANAGED SERVICES), DO NOT CONSTITUTE LEGAL ADVICE AND ARE NOT A SUBSTITUTE FOR INDEPENDENT LEGAL COUNSEL. KANTIS PROVIDES NO WARRANTY OR GUARANTEE THAT USE OF THE SERVICES WILL RESULT IN CUSTOMER ACHIEVING OR MAINTAINING COMPLIANCE WITH ANY APPLICABLE LAW, REGULATION, OR STANDARD, INCLUDING WITHOUT LIMITATION ISO 27001, GDPR, SOC 2, OR THE EU AI ACT. CUSTOMER ACKNOWLEDGES AND AGREES THAT CUSTOMER IS SOLELY RESPONSIBLE FOR ENSURING ITS OWN COMPLIANCE, AND THAT ALL CERTIFICATION AND AUDIT DECISIONS REMAIN WITH CUSTOMER AND ITS CHOSEN AUDITOR OR CERTIFICATION BODY. KANTIS SHALL HAVE NO LIABILITY WHATSOEVER FOR ANY FAILURE BY CUSTOMER TO ACHIEVE COMPLIANCE OR CERTIFICATION.

8.4 GENERAL DISCLAIMER. EXCEPT AS EXPRESSLY SET OUT IN SECTION 8.1, THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, KANTIS DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. KANTIS DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS.

9. Limitation of Liability

9.1 Exclusion of Indirect Damages. TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF BUSINESS, LOSS OF DATA (OTHER THAN AS A DIRECT RESULT OF A PARTY'S BREACH OF ITS OBLIGATIONS UNDER THESE TERMS), LOSS OF GOODWILL, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9.2 Liability Cap. SUBJECT TO SECTION 9.3, EACH PARTY'S TOTAL AGGREGATE LIABILITY TO THE OTHER PARTY UNDER OR IN CONNECTION WITH THESE TERMS, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO KANTIS IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM (THE "GENERAL CAP").

9.3 Exceptions. The limitations in Sections 9.1 and 9.2 shall not apply to: (a) either party's liability for fraud or fraudulent misrepresentation; (b) either party's liability for death or personal injury caused by its negligence; (c) either party's liability for any matter for which liability cannot be excluded or limited by applicable law; (d) Customer's payment obligations under Section 7; (e) Customer's breach of Section 4 (Acceptable Use) or Section 5.1 (Kantis IP); (f) either party's indemnification obligations under Section 10; or (g) either party's breach of Section 6 (Confidentiality), for which the aggregate liability cap shall be twice the General Cap.

9.4 Risk Allocation. Customer acknowledges that the Fees reflect the allocation of risk set out in this Section 9 and that Kantis would not enter into these Terms without these limitations.

10. Indemnification

10.1 Indemnification by Kantis. Kantis shall defend, indemnify, and hold harmless Customer and its officers, directors, employees, and agents from and against any third-party claim alleging that the Services (as provided by Kantis) infringe any intellectual property right of a third party enforceable in the United Kingdom (an "IP Claim"), and Kantis shall pay all damages finally awarded or settlement amounts agreed. If an IP Claim arises or is likely to arise, Kantis may, at its sole option and expense: (a) procure the right for Customer to continue using the Services; (b) modify or replace the Services to make them non-infringing; or (c) if neither (a) nor (b) is commercially reasonable, terminate the affected Services and refund any prepaid Fees for the remaining Subscription Term. This Section 10.1 states Kantis's sole and exclusive liability for IP Claims.

10.2 Exclusions. Kantis shall have no liability for any IP Claim arising from: (a) modification of the Services by anyone other than Kantis; (b) combination of the Services with products, services, or data not provided by Kantis; (c) Customer Data; or (d) Customer's continued use of the Services after notice of an IP Claim and availability of a non-infringing modification.

10.3 Indemnification by Customer. Customer shall defend, indemnify, and hold harmless Kantis and its officers, directors, employees, and agents from and against any third-party claim arising from: (a) Customer Data, including any claim that Customer Data infringes any third-party intellectual property right or violates any applicable law; (b) Customer's breach of Section 4 (Acceptable Use); or (c) Customer's use of the Services in violation of applicable laws or regulations.

10.4 Procedure. The indemnified party shall: (a) provide prompt written notice of any claim; (b) grant the indemnifying party sole control of the defence and settlement of the claim; and (c) provide reasonable cooperation at the indemnifying party's expense. The indemnified party may participate in the defence at its own expense with counsel of its choosing.

11. Term and Termination

11.1 Subscription Term. The initial subscription term shall be as specified in the applicable Order Form (the "Initial Term"). If no term is specified, the Initial Term shall be one (1) year from the Effective Date. The Subscription Term shall automatically renew for successive periods of the same duration (each a "Renewal Term") unless either party provides written notice of non-renewal at least thirty (30) days before the end of the then-current term. The Initial Term and any Renewal Terms are collectively the "Subscription Term."

11.2 Termination for Cause. Either party may terminate these Terms upon written notice if: (a) the other party commits a material breach and fails to remedy such breach within thirty (30) days after receiving written notice specifying the breach; or (b) the other party becomes insolvent, enters into liquidation, has a receiver or administrator appointed over its assets, or enters into any arrangement with creditors.

11.3 Immediate Termination. Kantis may terminate or suspend the Services immediately without notice if: (a) Customer breaches Section 4 (Acceptable Use); or (b) Kantis reasonably believes that Customer's use of the Services poses an imminent threat to the security, integrity, or availability of the Services or other customers' data.

11.4 Effect of Termination. Upon expiration or termination of these Terms: (a) all rights and licences granted to Customer under these Terms shall immediately cease; (b) Customer shall immediately cease all use of the Services; (c) any outstanding Fees shall become immediately due and payable; (d) if Customer terminates for Kantis's uncured material breach, Kantis shall refund any prepaid Fees attributable to the period after the effective date of termination on a pro-rata basis; and (e) if Kantis terminates for Customer's breach, Customer shall pay all Fees for the remainder of the then-current Subscription Term.

11.5 Data Export and Deletion. Following expiration or termination, Customer shall have thirty (30) days to export Customer Data from the Platform. After this period, Kantis shall delete Customer Data in accordance with its data retention policy, except to the extent retention is required by applicable law.

11.6 Survival. Sections 5 (Intellectual Property), 6 (Confidentiality), 8 (Warranties and Disclaimers), 9 (Limitation of Liability), 10 (Indemnification), 11.4 (Effect of Termination), 11.5 (Data Export and Deletion), 12 (Governing Law), and 13 (Dispute Resolution) shall survive expiration or termination of these Terms.

12. Governing Law

12.1 These Terms, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with them or their subject matter or formation, shall be governed by and construed in accordance with the laws of England and Wales.

13. Dispute Resolution

13.1 The parties shall attempt in good faith to resolve any dispute arising out of or in connection with these Terms through negotiation between senior representatives of the parties. If the dispute is not resolved within thirty (30) days of written notification of the dispute, either party may commence court proceedings.

13.2 The courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or their subject matter or formation (including non-contractual disputes or claims).

13.3 Nothing in this Section 13 shall prevent either party from applying to the courts for injunctive or other equitable relief to protect its Confidential Information or intellectual property rights.

14. General Provisions

14.1 Entire Agreement. These Terms, together with any Order Forms, Statements of Work, and the DPA (if applicable), constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior and contemporaneous agreements, proposals, and representations, whether written or oral.

14.2 Severability. If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect, and the invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.

14.3 Waiver. No failure or delay by either party in exercising any right under these Terms shall constitute a waiver of that right. A waiver of any right is effective only if given in writing and signed by the waiving party.

14.4 Assignment. Customer may not assign or transfer these Terms, or any rights or obligations hereunder, without the prior written consent of Kantis, except in connection with a merger, acquisition, or sale of all or substantially all of Customer's assets. Kantis may assign these Terms without restriction upon incorporation or change of legal entity. Any purported assignment in violation of this section shall be void.

14.5 Force Majeure. Neither party shall be liable for any failure or delay in performing its obligations under these Terms (other than payment obligations) to the extent caused by circumstances beyond its reasonable control, including natural disasters, war, terrorism, pandemics, strikes, government actions, or failure of third-party telecommunications or power supply.

14.6 Notices. All notices under these Terms shall be in writing and sent to the other party by email (for Kantis: support@getkantis.com; for Customer: the email address associated with Customer's account) or by registered post. Notices shall be deemed received: (a) if sent by email, on the next business day; or (b) if sent by registered post, on the second business day after posting within the United Kingdom, or on the fifth business day after posting from outside the United Kingdom.

14.7 Third-Party Rights. These Terms do not confer any rights on any person or party other than the parties to these Terms and, where applicable, their successors and permitted assigns, pursuant to the Contracts (Rights of Third Parties) Act 1999.

14.8 Anti-Bribery. Each party shall comply with all applicable anti-bribery and anti-corruption laws, including the UK Bribery Act 2010.

14.9 Export Controls. Customer shall comply with all applicable export control and sanctions laws and regulations in connection with its use of the Services.

Contact:
We Make Tech Ltd trading as Kantis
Office 38, Area 1/1 60 Tottenham Court Road, Fitzrovia, London, United Kingdom, W1T 2EW
Company number: 16031474
Email: support@getkantis.com
Web: https://getkantis.com