Terms of Service

Last updated: June 2026

1. Service description

soc2.sh is a SOC 2 compliance platform operated by Yaw Labs, Inc. ("we", "us", "our", "the Service"). The platform provides automated evidence collection, control monitoring, and auditor collaboration tools to help organizations achieve and maintain SOC 2 compliance.

2. Account terms

[LEGAL REVIEW NEEDED] -- confirm minimum age, entity requirements

• You must provide accurate and complete registration information.
• You are responsible for maintaining the security of your account credentials.
• You are responsible for all activity that occurs under your account.
• You must be at least 18 years old and able to form a binding contract.

3. Acceptable use

[LEGAL REVIEW NEEDED] -- review AUP scope with counsel

You agree not to:

• Use the Service for any unlawful purpose or in violation of any applicable law.
• Attempt to gain unauthorized access to the Service or its related systems.
• Interfere with or disrupt the integrity or performance of the Service.
• Reverse engineer, decompile, or disassemble any part of the Service.
• Use the Service to store or transmit malicious code.
• Resell or sublicense access to the Service without written permission.
• Use automated tools to scrape or extract data from the Service beyond authorized API use.

4. Data ownership

[LEGAL REVIEW NEEDED] -- confirm IP ownership language and license scope

Your data is yours. You retain all ownership rights to data you provide to or generate through the Service, including integration data, evidence artifacts, and policy documents.

You grant us a limited license to use your data solely to operate, maintain, and improve the Service. We will not use your data for purposes unrelated to providing the Service without your explicit consent.

We own all rights to the Service itself, including its software, design, documentation, and proprietary methodologies.

5. Payment and billing

[LEGAL REVIEW NEEDED] -- confirm billing terms, refund policy, price change notice period

• Fees are charged in advance on a monthly or annual basis as selected at signup.
• All fees are non-refundable except as required by law or as stated in a separate agreement.
• We may change pricing with 30 days' notice. Existing subscriptions are honored through their current term.
• Failure to pay may result in suspension or termination of your account.

6. Service level and availability

We make commercially reasonable efforts to maintain high availability but do not guarantee uninterrupted access. Scheduled maintenance windows will be communicated in advance.

7. Limitation of liability

[LEGAL REVIEW NEEDED] -- confirm liability caps and exclusions with counsel

To the maximum extent permitted by law, Yaw Labs shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses resulting from your use of the Service.

Our total aggregate liability for any claims arising from or related to the Service shall not exceed the amounts you paid to us in the twelve (12) months preceding the claim.

8. Indemnification

[LEGAL REVIEW NEEDED] -- confirm indemnification scope

You agree to indemnify and hold harmless Yaw Labs from any claims, damages, or expenses arising from your use of the Service, your violation of these Terms, or your violation of any third-party rights.

9. Termination

[LEGAL REVIEW NEEDED] -- confirm data export period and termination-for-cause triggers

• You may cancel your account at any time through the platform or by contacting support.
• We may suspend or terminate your account for violation of these Terms or non-payment.
• Upon termination, you may request an export of your data within 30 days. After 30 days, we may delete your data in accordance with our retention policy.
• Sections that by their nature should survive termination (liability, indemnification, governing law) will survive.

10. Governing law

[LEGAL REVIEW NEEDED] -- confirm jurisdiction and dispute resolution mechanism

These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles. Any disputes shall be resolved in the state or federal courts located in Delaware.

11. Changes to these terms

We may update these Terms from time to time. We will notify you of material changes by email or by posting a notice on the platform at least 30 days before the changes take effect. Continued use after the effective date constitutes acceptance of the updated Terms.

12. Contact

[LEGAL REVIEW NEEDED] -- confirm legal entity name and registered address

For questions about these Terms, contact us at legal@soc2.sh.

Yaw Labs, Inc.
[LEGAL REVIEW NEEDED] -- add registered business address