Document Owner: Chief Information Security Officer (CISO) – fulfilled by CTO
Policy Classification: Public
Version: 2.0
Effective Date: 2025-01-01
Last Reviewed: 2025-11-12
Next Review Date: 2026-11-30
Approved By: Chris Patterson, CPO (acting CTO)
This document defines the legal agreement between ActiveXchange; operating as ActiveXchange Ltd (UK reg: 12712896) operating in GBR & FRO, including but not limited to ActiveXchange Pty Ltd (ABN: 627 386 127) operating in AUS & NZL, ActiveXchange Ltd (corporation number 1270188-0) operating in CAN & USA; and users who access or use the ActiveXchange platform (the “Platform”). These terms establish the rules, rights, and responsibilities governing user access to and use of the Platform, including any related applications, APIs, and services provided.
The goal is to ensure the secure, reliable, and fair use of our Platform by all users, to protect our intellectual property, data, and systems, and to promote transparency and trust in business relationships. By using the Platform, the user agrees to comply with these Terms and acknowledge that they are intended to safeguard both the users interests and ours while supporting a consistent, high-quality service experience.
These Terms of Use apply to all users who access or use ActiveXchange’s Platform, including its web applications, APIs, data services, integrations, documentation, and any related tools or resources.
This policy governs all forms of access and use, whether by individuals, organizations, customers, partners, or authorized third parties, regardless of how the Platform is accessed, via web browser, mobile device, or programmatic interface.
The Terms of Use cover all activities related to account creation, data input and processing, system interactions, and content accessed, generated, or managed through the Platform. They also apply to any updates, enhancements, or new features introduced by ActiveXchange, unless explicitly stated otherwise.
3.1. Clearly communicate acceptable and prohibited uses of the Platform, the terms governing use, and mechanisms for resolving concerns and disputes to ensure fair, secure, and lawful access for users.
3.2. Safeguard the rights, data, and intellectual property of both users and ActiveXchange, maintaining the integrity and confidentiality of information processed through the Platform.
3.3. Comply with ISO/IEC 27001:2022 and all applicable legal and regulatory requirements (e.g. GDPR, PIPEDA, Australia Privacy Act, California Privacy Rights Act).
3.4. Maintain continually improving Terms Of Use.
|
Role
|
Responsibility
|
|---|---|
|
Executive Team
|
|
|
ISMS Owner / CISO
|
Oversee policy implementation and continuous improvement
|
|
Security Team
|
Enforce policy compliance, respond to threats, and manage incident response
|
|
System Administrators
|
Manage secure cloud infrastructure and configurations
|
|
Technology Team
|
Apply secure coding, deployment, and infrastructure best practices
|
|
All Staff
|
Comply with the policy, report incidents or risks
|
|
Users
|
Comply with the policy, report incidents or risks
|
* ISO 27001 Reference: A.5.1, A.5.3, A.5.4
5.1 Acceptance of Terms
5.1.1. By accessing or using any ActiveXchange products or services, users agree to comply with and be bound by these Terms of Use, as well as any additional terms, policies, or guidelines that may apply to specific services or products. If you do not agree to these terms, it is the users responsibility to not use or access our products or services.
5.2. Eligibility & User Account Registration
5.2.1. To access certain features of services, users may need to create an account or an account may be created for the user by their organization or ActiveXchange. The user is responsible for maintaining the confidentiality of your account credentials and for any activities that occur under their account. The user agrees to provide accurate and current information when creating or updating your account.
5.3. License, Access Rights, Permitted Use
5.3.1. Users are granted a limited, non-exclusive, non-transferable, and revocable license to use the Platform and services for lawful purposes. Users agree not to:
5.3.1.1. Modify, distribute, or create derivative works based on the Platform or its products
or services without prior consent.
5.3.1.2. Use the Platform for any illegal or unauthorized purpose.
5.3.1.3. Attempt to interfere with the functionality of the Platform, its products or services.
5.4. User Content
5.4.1. The Platform may allow users to upload, post, or share content. By submitting content while using the Platform, you grant ActiveXchange a worldwide, royalty-free, non-exclusive license to use, reproduce, modify, and distribute user content for the purpose of operating and improving the Platform, and its products and services. You are responsible for ensuring that your data and content complies with all applicable laws and regulations. ActiveXchange reserves the right to remove any data or content that we deem inappropriate.
5.5. Privacy & Data Protection
5.5.1. Privacy is important to us. The Platform use of personally identifiable information collected through the Platform, its products and services is governed by our Privacy Policy. By using our services, users and their organization agree to the collection and use of information in
accordance with our Privacy Policy.
5.6. Security & Compliance
5.6.1. ActiveXchange employs industry-standard security measures with robust infrastructure and platform-level protections. We operate on private, dedicated cloud infrastructure with encrypted data and secure connections, including transmission over HTTPS at a minimum of TLS 1.2 protocol, to protect your information. Our security protocols include firewalls, DDoS protection, VPNs, and session timeouts. Additionally, internal systems use multi-factor authentication and role-based access to enhance account security. However, no system is entirely secure, and the absolute protection of information cannot be guaranteed.
5.6.2. Users are responsible for safeguarding your account credentials and must notify ActiveXchange immediately of any unauthorized use of their account. See “Contact Information” for notifying ActiveXchange.
5.7. Intellectual Property
5.7.1. All content, design, and functionality of the Platform, its products and services, including but not limited to software, graphics, and text, are the intellectual property of ActiveXchange and are protected by copyright and trademark laws. Users may not use, copy, or distribute any such materials without our express written consent.
5.8. Service Availability & Performance
5.8.1. ActiveXchange strives to ensure that the Platform is available 24 hours a day, 7 days a week. While we aim for high availability, uninterrupted access is not guaranteed. Users acknowledge that occasional downtime may occur due to technical issues, updates, or other
operational considerations.
5.8.2. ActiveXchange may perform scheduled or emergency maintenance, upgrades, or other changes to the Platform. Users acknowledge that such maintenance may temporarily affect access to the Platform or certain features, and that ActiveXchange may implement urgent updates without prior notice to maintain security or system integrity.
5.8.3. The Platform may rely on third-party services, hosting providers, or other external systems which are governed by Service Level Agreements with these service providers. Any combination of terms or conditions of one or more service providers may result in unavoidable performance degradation or downtime.
5.9. Fees and Payment
5.9.1. Some ActiveXchange products and services may require payment. By selecting a service, the user (and their organization) agree to pay all fees and charges associated with that service. Payment terms will be clearly outlined at the time of purchase, and any failure to comply with payment obligations may result in the suspension or termination of their account(s).
5.10. Third-Party Integrations
5.10.1. The Platform may integrate with third-party services to perform important functions. Users acknowledge that any access to and use of such third-party services are subject to the respective third-party’s terms of use and privacy policies.
5.11. Limitation of Liability
5.11.1. To the fullest extent permitted by law, ActiveXchange will not be liable for any direct, indirect, incidental, special, or consequential damages arising out of or in connection with the use or inability to use the Platform, and its products or services, even if ActiveXchange has been advised of the possibility of such damages.
5.11.2. ActiveXchange is not responsible for outages, interruptions, or degraded performance caused by these third-party dependencies.
5.11.3. ActiveXchange is not liable for service disruptions resulting from events beyond its reasonable control, including, but not limited to, natural disasters, acts of war, terrorism, labor disputes, pandemics, or governmental actions (“Force Majeure Events”).
5.12. Indemnification
5.12.1. The user and their organization agree to indemnify, defend, and hold harmless ActiveXchange, its affiliates, officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, and expenses, including legal fees, arising out of or in any way connected with use of the Platform, its products and services, or violation of these Terms of Use.
5.13. Termination & Suspension
5.13.1. ActiveXchange reserves the right to terminate or suspend user and organization access to the Platform, its products and services at our sole discretion, without prior notice, for conduct that is believed violates these Terms of Use or is harmful to other users or our business.
5.14. Governing Law
5.14.1. These Terms of Use shall be governed by and construed in accordance with the laws of the jurisdiction in relation to where the services are delivered, without regard to its conflict of laws principles;
5.14.1.1. GBR & FRO – England, UK
5.14.1.2. CAN – Alberta, CAN
5.14.1.3. USA – California, USA
5.14.1.4. AUS – New South Wales, AUS
5.14.1.5. NZL – New Zealand
5.15. Contact Information
5.15.1. If you have any questions or concerns about these Terms of Use, please contact ActiveXchange at: [email protected] (GBR, FRO), [email protected] (CAN), [email protected] (USA), [email protected] (AUS, NZL).
5.15.1.1. To assist in timely delegation and attention of notices appropriately, please use an email subject, such as: Terms of Use Attn. Privacy Officer.
6.1. Notice of Dispute
6.1.1. The party claiming dispute agrees to notify ActiveXchange in writing as soon as practicable. Notices must be sent to the designated contact listed herein (or any updated contact provided in writing by ActiveXchange) via email (with confirmation receipt) and must include:
6.1.1.1. A description of the nature of the dispute.
6.1.1.2. Any relevant supporting information or documentation.
6.1.1.3. The specific relief or resolution sought.
6.1.2. Notices are deemed received on the date of delivery confirmation receipt.
6.2. Resolution & Escalation Process
6.2.1. Upon receipt of a dispute notice, ActiveXchange will engage in good faith discussions to resolve the dispute. The escalation process shall proceed as follows:
6.2.1.1. Initial Review – The designated representatives for ActiveXchange will review and respond to the dispute notice within 10 business days of receipt of the notice.
6.2.1.2. Management Escalation – If the dispute is not resolved within 20 business days of the initial review, it shall be escalated to senior management or executive-level representatives of ActiveXchange for resolution.
6.2.1.3. Good Faith Effort – Both parties shall make reasonable efforts to resolve the dispute informally before initiating formal proceedings.
6.2.1.4. Mediation – If the dispute cannot be resolved through informal discussions or escalation after more than 30 business days, the parties agree to attempt to resolve the dispute through mediation conducted by a mutually agreed mediator.
7.1. Entire Agreement
7.1.1. These Terms of Use, together with the Privacy Policy and any other agreements entered into with ActiveXchange regarding the Platform, make up the entire agreement between the user, their organization, and ActiveXchange. They replace any previous agreements or understandings, whether written or oral.
7.2. Severability
7.2.1. If any part of these Terms are found to be invalid or unenforceable by a court, the part is removed or limited as necessary, and shall not alter the force and effect of the remainder of the Terms.
7.3. Waiver
7.3.1. Prior lack of enforcement by ActiveXchange of any part of these Terms, does not constitute any waiver of right to enforce these Terms at any future time.
7.4. Assignment
7.4.1. You may not transfer or assign your rights or obligations under these Terms without our written consent. ActiveXchange may transfer or assign its rights and obligations under these Terms without your consent, including in connection with a merger, acquisition, or sale of assets.
8.1. ActiveXchange reserves the right to modify these Terms of Use at any time. Any changes will be posted on our website and the Platform, and a user’s continued use of ActiveXchange Platform and services after changes are posted constitutes acceptance of the modified terms.
9.1. By accessing or using the ActiveXchange Platform, its products or services, the user acknowledges they have read, understood, and agree to be bound by these Terms of Use. If you do not agree to these Terms, you must not access or use the Platform.
10.1. The Terms of Use are reviewed annually by the security team.
10.2. Updates will reflect organizational, technological, or regulatory changes.
10.3. Audit findings and incidents will feed into continual improvement efforts.
* ISO 27001 Reference: A.18.2
|
Role
|
Responsibility
|
Description
|
Author
|
Approved
|
|---|---|---|---|---|
|
2.0
|
||||
|
1.0
|
2025-01-01
|
|||
1. Microsoft Azure: Backend databases & frontend software platform management. Compliance and regulatory disclosures; https://www.microsoft.com/en-us/trust-center, https://learn.microsoft.com/en-us/azure/security/fundamentals/overview.
2. Google Cloud: Internal file management. Compliance and regulatory disclosures;
https://cloud.google.com/security/compliance/.
