Last Updated: March 2026
By accessing or using the DefinedGRC platform and associated services (the "Service"), you agree to abide by these Terms and Conditions. DefinedGRC is a Software-as-a-Service (SaaS) application built natively on the Salesforce platform. If you do not agree to these terms, you must not access or use the Service.
DefinedGRC is deployed as a managed or unmanaged package within your Salesforce organizational environment. While DefinedGRC provides the proprietary architecture, frameworks, and logic for enterprise risk management, your underlying data storage, uptime, and platform security remain subject to your core Master Subscription Agreement (MSA) with Salesforce.
DefinedGRC does not extract, host, or process your proprietary risk data on external servers. All data remains within your native Salesforce instance. You remain solely responsible for the configuration of your Salesforce security settings, user permissions, and compliance with data protection laws (such as GDPR, CCPA) applicable to the data you collect and store in the application.
Our promotional "Free for Life" offer is exactly that. For our initial enterprise launch partners, DefinedGRC is currently delivered as an unmanaged package. As a result, we permanently waive all proprietary, ongoing software subscription fees related to the core platform. You retain the package with no recurring license restrictions from DefinedGRC. (Please note: Because the solution is installed natively into your environment, standard third-party Salesforce licensing costs may still apply directly with Salesforce based on your own usage and user allocation).
All intellectual property rights in the DefinedGRC application, including but not limited to code, logic, design, UI components, and risk taxonomy frameworks provided out-of-the-box, are owned exclusively by DefinedGRC. You are granted a limited, non-exclusive license to use the software within your organization.
In no event shall DefinedGRC or its consultants be liable for any indirect, incidental, special, or consequential damages, including but not limited to loss of data, loss of business, or regulatory fines resulting from the use or inability to use the Service. Enterprise Risk Management relies on accurate data entry and human interpretation; DefinedGRC is a tool for management, not a substitute for legal or compliance counsel.