Legal

Terms of Service

Last updated: April 21, 2026

Section 01 Agreement to Terms

These Terms of Service (the "Agreement" or "Terms") constitute a legally binding contract between NxgSecure Technologies Private Limited, a company incorporated under the laws of India having its registered office at Gurugram, Haryana ("NxgSecure," "we," "us," or "our"), and the organisation or individual accessing or using our managed cybersecurity and compliance platform, services, and software (collectively, the "Services"). The entity or individual accepting these Terms is referred to herein as the "Client" or "you."

By executing an Order Form, clicking "I Agree," or otherwise accessing the Services, you represent that you have read, understood, and agree to be bound by these Terms, our Privacy Policy, and any applicable Order Form or Statement of Work ("SOW"). If you are accepting these Terms on behalf of a legal entity, you represent and warrant that you have the authority to bind that entity to these Terms, and references to "Client" or "you" shall refer to that entity.

If you do not agree to these Terms, you must not access or use the Services. Your continued use of the Services following any modification to these Terms constitutes acceptance of those modifications. These Terms supersede all prior or contemporaneous agreements, representations, or understandings between the parties relating to the Services unless expressly agreed otherwise in a signed written instrument.

Section 02 Description of Services

NxgSecure provides a managed, human-led cybersecurity and compliance platform designed for enterprises operating in India and internationally. The Services include, but are not limited to:

  • Managed Security Operations (SOC-as-a-Service): 24×7 monitoring, detection, triage, and incident response delivered by named security analysts backed by industry-standard SIEM, EDR, and threat intelligence tooling.
  • Compliance Management: Automated evidence collection, gap assessments, audit readiness, and continuous monitoring for frameworks including SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, GDPR, and India's Digital Personal Data Protection Act, 2023 ("DPDP Act").
  • Risk Management: Ongoing risk registers, third-party vendor risk assessments, and executive-level reporting dashboards.
  • Policy Management: Policy creation, version control, employee attestation workflows, and governance documentation.
  • Penetration Testing and Vulnerability Management: Scheduled and on-demand assessments, continuous scanning, and remediation tracking.
  • CERT-In Incident Reporting: Facilitation of mandatory incident reporting obligations under applicable CERT-In directives and the Information Technology Act, 2000.

The specific scope of Services to be provided to each Client shall be defined in the applicable Order Form or SOW, which is incorporated by reference into these Terms. NxgSecure reserves the right to modify, enhance, or discontinue any feature of the Services upon reasonable prior notice to Clients, provided that no such change shall materially degrade the core security monitoring and compliance capabilities described in an active Order Form without Client's written consent.

Section 03 Eligibility and Account Registration

The Services are intended solely for business entities and professionals and are not offered to individuals for personal, family, or household purposes. By registering for an account, you represent that you are at least 18 years of age and are acting in a business or professional capacity on behalf of a lawfully operating organisation.

To access the Services, you must create an account by providing accurate, complete, and current information including your legal entity name, registered address, GSTIN (if applicable), authorised contact details, and a valid business email address. You agree to maintain and promptly update your account information to ensure it remains accurate. NxgSecure may, at its sole discretion, refuse to open an account or terminate an existing account if information provided is found to be false, misleading, or incomplete.

You are responsible for maintaining the confidentiality of your account credentials. You agree to notify NxgSecure immediately at security@nxgsecure.in upon becoming aware of any unauthorised use of your account or any other security breach. NxgSecure shall not be liable for any loss or damage arising from your failure to comply with this obligation. Each set of login credentials may be used only by the individual to whom they are issued; sharing credentials across multiple individuals is strictly prohibited unless multi-user access has been expressly provisioned under your subscription plan.

Section 04 Fees, Payment and Billing

Fees for the Services are set forth in the applicable Order Form. Unless otherwise specified, all fees are denominated in Indian Rupees (INR) exclusive of applicable taxes. NxgSecure shall raise invoices in accordance with the billing cycle specified in the Order Form, which shall typically be monthly in advance or annually in advance, as selected by the Client at the time of subscription.

Payment is due within fifteen (15) days of the invoice date unless a different payment period is specified in the Order Form. NxgSecure reserves the right to charge interest on overdue amounts at the rate of 1.5% per month (or the maximum permitted by applicable law, whichever is lower) from the date the payment was due until the date of actual receipt. NxgSecure may, after providing seven (7) days' written notice, suspend access to the Services without liability if any undisputed invoice remains unpaid beyond the cure period.

All fees are non-refundable except as expressly stated in these Terms or as required by applicable law. If the Client disputes any invoice in good faith, the Client must notify NxgSecure in writing within fifteen (15) days of the invoice date, specifying the nature and basis of the dispute in reasonable detail. Undisputed amounts remain due and payable. NxgSecure shall not be obliged to provide a refund for any portion of annual subscription fees in the event of early termination by the Client except as permitted under Section 11 of these Terms.

Pricing may be adjusted at the start of each renewal term upon not less than sixty (60) days' prior written notice. By continuing to use the Services after a price adjustment becomes effective, you accept the revised fees. Clients who do not accept revised pricing may elect to terminate their subscription at the end of the then-current term by providing written notice as specified in Section 11.

Section 05 Confidentiality and Data Security

Confidential Information means any non-public information disclosed by one party ("Disclosing Party") to the other ("Receiving Party") in connection with the Services, whether disclosed orally, in writing, or in any other form, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. For the avoidance of doubt, Client's security logs, network architecture, vulnerability data, and employee information constitute Confidential Information of the Client; NxgSecure's proprietary methodologies, platform source code, and pricing structures constitute Confidential Information of NxgSecure.

Each party agrees to: (i) hold the other party's Confidential Information in strict confidence using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care; (ii) not disclose Confidential Information to any third party without the Disclosing Party's prior written consent; and (iii) use Confidential Information solely for the purposes of performing obligations or exercising rights under these Terms.

With respect to personal data processed by NxgSecure on behalf of the Client in connection with the Services, NxgSecure shall act as a Data Processor and the Client shall act as the Data Fiduciary, as those terms are defined under the Digital Personal Data Protection Act, 2023 (the "DPDP Act") and its implementing rules. NxgSecure shall process such personal data only on documented instructions from the Client, shall implement appropriate technical and organisational measures to protect such data, and shall assist the Client in fulfilling its obligations under the DPDP Act, including responding to data principal requests and notifying the Client of any personal data breach without undue delay. A detailed Data Processing Agreement ("DPA"), forming an integral part of these Terms, shall be executed alongside the applicable Order Form.

NxgSecure maintains an information security programme that includes: ISO 27001-aligned controls, SOC 2 Type II-audited security practices, encryption of data in transit using TLS 1.2 or higher, encryption of data at rest using AES-256, role-based access controls, and regular penetration testing. NxgSecure shall notify the Client of any confirmed security incident affecting Client data within the timeframe mandated by applicable law and in any event within seventy-two (72) hours of confirmation of such incident.

Section 06 Intellectual Property

As between the parties, NxgSecure retains all right, title, and interest in and to the Services, the platform, all underlying software, algorithms, machine learning models, threat intelligence databases, documentation, and all improvements, modifications, and derivative works thereof (collectively, "NxgSecure IP"). Nothing in these Terms shall be construed to transfer ownership of any NxgSecure IP to the Client. Subject to Client's timely payment of all fees and compliance with these Terms, NxgSecure grants Client a limited, non-exclusive, non-transferable, non-sublicensable licence during the subscription term to access and use the Services solely for Client's internal business purposes.

As between the parties, Client retains all right, title, and interest in and to Client's data, including all security logs, configuration files, network telemetry, and other information Client submits to the Services ("Client Data"). Client grants NxgSecure a limited, non-exclusive licence to access, process, and use Client Data solely to the extent necessary to provide the Services, fulfil its obligations under these Terms, and improve the aggregate, anonymised threat intelligence models (provided that no Client Data shall be identifiable in any such model or shared with any third party in identifiable form without Client's consent).

Any reports, recommendations, assessments, or deliverables generated by NxgSecure specifically for and delivered to Client under an applicable SOW ("Client Deliverables") shall, upon full payment of applicable fees, vest in Client as a work made for hire or, to the extent such vesting is not possible by operation of law, NxgSecure hereby assigns to Client all right, title, and interest in such Client Deliverables, excluding any NxgSecure IP embedded therein. Client is granted a perpetual, royalty-free licence to use any embedded NxgSecure IP solely as part of Client Deliverables for Client's internal business purposes.

Section 07 Client Obligations

The Client is responsible for ensuring that its use of the Services complies with all applicable laws, regulations, and industry standards, including without limitation the Information Technology Act, 2000, the DPDP Act, applicable CERT-In directives, and any sector-specific regulations to which Client is subject (including, without limitation, RBI cybersecurity frameworks for financial services entities, SEBI cyber resilience requirements for market intermediaries, and IRDAI guidelines for insurance companies).

The Client agrees to:

  • Provide NxgSecure with accurate, complete, and timely information necessary for NxgSecure to perform the Services, including access to relevant systems, network infrastructure, and security tooling as specified in the applicable Order Form or SOW.
  • Designate and maintain at least one (1) authorised technical contact and one (1) authorised business contact for escalation and approval purposes throughout the subscription term.
  • Promptly implement or acknowledge security recommendations made by NxgSecure within the timeframes specified in the applicable SLA addendum or, if not specified, within a reasonable period. The Client acknowledges that failure to act on critical security recommendations may limit NxgSecure's ability to deliver the contracted security outcomes.
  • Not use the Services to engage in any activity that is unlawful, fraudulent, or harmful, including conducting offensive cyber operations against third parties, or using the Services to collect or process data in a manner that violates applicable privacy laws.
  • Ensure that any agents, contractors, or employees who access the Services on behalf of the Client are bound by confidentiality obligations no less protective than those set out in Section 5 of these Terms.
  • Provide timely approvals for change management activities, penetration test scopes, and audit evidence submissions required under the Client's applicable compliance programme.

The Client acknowledges that NxgSecure's ability to meet any SLA commitments is contingent upon the Client fulfilling its obligations under this Section. NxgSecure shall not be in breach of any SLA to the extent that non-compliance is attributable to the Client's failure to meet its obligations hereunder.

Section 08 Service Level Agreements

NxgSecure is committed to delivering Services at the availability and response levels specified in the SLA addendum attached to the applicable Order Form ("SLA"). In the absence of a separately negotiated SLA addendum, the following default commitments apply to NxgSecure's managed SOC and compliance platform services:

  • Platform Availability: NxgSecure targets 99.5% monthly uptime for its core compliance platform and reporting dashboards, measured on a rolling calendar month basis, excluding scheduled maintenance windows of which at least 48 hours' notice has been provided.
  • Critical Alert Response: NxgSecure's SOC analysts will acknowledge confirmed P1 (critical) security alerts within fifteen (15) minutes and initiate triage within thirty (30) minutes of alert confirmation during active monitoring hours.
  • Incident Notification: Clients will receive initial notification of confirmed security incidents affecting their environment within one (1) hour of confirmation.
  • Compliance Dashboard Refresh: Automated evidence collection and compliance posture data shall be refreshed no less frequently than every twenty-four (24) hours.

In the event NxgSecure fails to meet any applicable SLA metric in a given calendar month, Client shall be entitled to a service credit equal to five percent (5%) of the monthly pro-rated subscription fee for each full percentage point of availability below the committed threshold, up to a maximum aggregate credit of twenty-five percent (25%) of the monthly fee for that calendar month. Service credits are the Client's sole and exclusive remedy for any SLA failure, and shall not be construed as acknowledgement of any breach or liability beyond the credit amount. Credits must be claimed in writing within thirty (30) days of the calendar month in which the SLA failure occurred and shall be applied against the Client's next invoice.

SLA commitments do not apply to: (i) outages or degradation caused by factors outside NxgSecure's reasonable control, including Internet or telecommunications failures, force majeure events, or DDoS attacks against Client's own infrastructure; (ii) scheduled maintenance; (iii) issues arising from Client's failure to meet its obligations under Section 7; or (iv) Beta or preview features explicitly designated as such.

Section 09 Limitation of Liability

DISCLAIMER OF WARRANTIES. The Services are provided "as is" and "as available." To the fullest extent permitted by applicable law, NxgSecure expressly disclaims all warranties, whether express, implied, statutory, or otherwise, including without limitation any implied warranties of merchantability, fitness for a particular purpose, title, non-infringement, and any warranties arising from course of dealing or usage of trade. NxgSecure does not warrant that the Services will be uninterrupted, error-free, or completely secure, or that all security threats will be detected or prevented. Cybersecurity is inherently probabilistic, and no managed security service can guarantee immunity from all cyber incidents.

LIMITATION ON INDIRECT DAMAGES. To the fullest extent permitted by applicable law, in no event shall either party be liable to the other for any indirect, incidental, special, exemplary, consequential, or punitive damages, including without limitation loss of profits, loss of revenue, loss of data, loss of goodwill, business interruption, or cost of substitute services, arising out of or related to these Terms or the use of or inability to use the Services, however caused and under whatever theory of liability (tort, contract, statute, or otherwise), even if such party has been advised of the possibility of such damages.

CAP ON LIABILITY. To the fullest extent permitted by applicable law, each party's total aggregate liability to the other party arising out of or related to these Terms, whether based in contract, tort, statute, strict liability, or any other legal or equitable theory, shall not exceed the total fees paid or payable by Client to NxgSecure in the twelve (12) calendar months immediately preceding the event or circumstances giving rise to the claim.

The foregoing limitations shall not apply to: (i) either party's indemnification obligations under Section 10; (ii) either party's obligations with respect to confidentiality under Section 5; (iii) damages arising from either party's wilful misconduct or gross negligence; or (iv) liability that cannot be limited under applicable law, including liability under the Consumer Protection Act, 2019 or mandatory provisions of the DPDP Act.

Section 10 Indemnification

Client Indemnity. Client agrees to indemnify, defend, and hold harmless NxgSecure and its officers, directors, employees, agents, contractors, and successors ("NxgSecure Indemnitees") from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to: (i) Client's use of the Services in violation of these Terms or applicable law; (ii) Client Data, including any allegation that Client Data infringes any third-party intellectual property right or violates any applicable data protection law; (iii) Client's failure to implement security recommendations made by NxgSecure within the timeframes agreed; or (iv) Client's wilful misconduct or gross negligence.

NxgSecure Indemnity. NxgSecure agrees to indemnify, defend, and hold harmless Client and its officers, directors, and employees ("Client Indemnitees") from and against any and all third-party claims alleging that the Services, when used by Client in accordance with these Terms, infringe any Indian patent, copyright, trademark, or trade secret right of a third party ("IP Claim"). If the Services become or, in NxgSecure's reasonable judgement, are likely to become the subject of an IP Claim, NxgSecure may, at its option and expense: (i) procure for Client the right to continue using the affected portion of the Services; (ii) replace or modify the Services to be non-infringing; or (iii) if neither of the foregoing is commercially practicable, terminate the affected Services and refund to Client a pro-rata portion of any prepaid but unused fees.

The indemnified party shall: (i) promptly notify the indemnifying party in writing of any claim for which indemnification is sought; (ii) provide the indemnifying party with reasonable cooperation in the defence of such claim; and (iii) permit the indemnifying party to control the defence and settlement of such claim, provided that the indemnifying party shall not settle any claim that imposes any obligation, restriction, or liability on the indemnified party without the indemnified party's prior written consent, not to be unreasonably withheld.

Section 11 Term and Termination

Term. These Terms shall commence on the date Client first accepts them and shall remain in effect until the expiry or termination of all Order Forms executed hereunder. Each Order Form shall specify its initial subscription term (typically twelve (12) months). Unless either party provides written notice of non-renewal at least sixty (60) days prior to the expiry of the then-current term, the Order Form and these Terms shall automatically renew for successive periods of equal length on the same terms, subject to any pricing adjustments notified in accordance with Section 4.

Termination for Cause. Either party may terminate these Terms or any Order Form immediately upon written notice if: (i) the other party materially breaches these Terms and fails to cure such breach within thirty (30) days after receipt of written notice specifying the breach in reasonable detail; or (ii) the other party becomes insolvent, makes a general assignment for the benefit of creditors, or is the subject of a voluntary or involuntary insolvency proceeding that is not dismissed within sixty (60) days.

Effect of Termination. Upon expiration or termination of these Terms for any reason: (i) all licences granted hereunder shall immediately terminate; (ii) Client shall promptly pay all outstanding fees due and owing; (iii) each party shall, upon written request of the other party, return or destroy (and certify such destruction in writing) the other party's Confidential Information, except to the extent retention is required by applicable law; and (iv) NxgSecure shall make Client Data available for export in a standard machine-readable format for a period of thirty (30) days following termination, after which NxgSecure shall have no obligation to retain Client Data and may delete it in accordance with NxgSecure's data retention policies. Sections 1, 5, 6, 9, 10, 12, and this Section 11 shall survive the expiration or termination of these Terms for any reason.

Section 12 Governing Law and Dispute Resolution

Governing Law. These Terms and any disputes arising out of or in connection with them shall be governed by and construed in accordance with the laws of the Republic of India, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to these Terms.

Informal Resolution. Before commencing formal proceedings, the parties agree to attempt in good faith to resolve any dispute arising out of or relating to these Terms through escalation to senior management of each party. A party wishing to initiate this process shall deliver a written notice to the other party describing the dispute in reasonable detail. The senior management representatives of each party shall meet (in person, by telephone, or by video conference) within twenty-one (21) days of such notice to attempt to resolve the dispute. This informal resolution period shall last no more than forty-five (45) days from the date of the initial notice unless the parties agree in writing to extend it.

Arbitration. If the parties are unable to resolve a dispute through the informal process described above, either party may refer the dispute to binding arbitration under the Arbitration and Conciliation Act, 1996 (as amended by the Arbitration and Conciliation (Amendment) Act, 2015 and 2019). The arbitration shall be conducted by a sole arbitrator mutually appointed by the parties. If the parties are unable to agree on a sole arbitrator within fifteen (15) days of a written request for arbitration, the arbitrator shall be appointed by the Delhi International Arbitration Centre ("DIAC") in accordance with its rules. The seat and venue of arbitration shall be New Delhi, India. The language of arbitration shall be English. The arbitral award shall be final and binding on both parties.

Jurisdiction for Interim Relief. Notwithstanding the foregoing arbitration agreement, either party may seek emergency or interim injunctive or other equitable relief from courts of competent jurisdiction located in New Delhi, India, without waiving its right to arbitration. The parties irrevocably submit to the exclusive jurisdiction of such courts for such interim relief purposes.

Section 13 Changes to These Terms

NxgSecure reserves the right to modify or update these Terms at any time to reflect changes in our Services, applicable law, industry standards, or business practices. When we make material changes to these Terms, we will notify you by: (i) posting a prominently visible notice on our website; (ii) sending an email to the authorised contact address associated with your account; and (iii) displaying a notice within the Services platform upon your next login. The "Last updated" date at the top of this page will reflect the date any revision becomes effective.

For material changes, we will provide at least thirty (30) days' advance notice before the changes take effect. Your continued use of the Services after the effective date of any modification constitutes your acceptance of the updated Terms. If you do not agree to the modified Terms, your sole remedy is to cease using the Services and terminate your subscription in accordance with Section 11.

Notwithstanding the foregoing, changes required by applicable law or regulatory mandate may take effect immediately upon the date specified in the relevant notice. NxgSecure will provide as much prior notice as is reasonably practicable in such circumstances. We encourage you to periodically review these Terms to stay informed about your rights and obligations. Archived versions of prior Terms are available upon written request to our legal team.

Section 14 Contact Information

If you have any questions, concerns, or notices relating to these Terms, please contact us through the following channels:

Registered Office:
NxgSecure Technologies Private Limited
Sector 44, Gurugram — 122003
Haryana, India

For support and account management enquiries, please use the in-platform support portal or contact your named Customer Success Manager. For formal legal notices including notices of breach, arbitration demands, or DPDP Act data principal requests, please send written correspondence by registered post or courier to the Registered Office address above with a copy by email to legal@nxgsecure.in.

We aim to acknowledge all written correspondence within three (3) business days. Our business hours are Monday through Friday, 09:00–18:00 IST, excluding Indian national public holidays. Our 24×7 Security Operations Centre is available for security incidents at all times via the in-platform incident portal or the emergency contact number provided in your onboarding documentation.