Skip to main content
Mindlapse - The visibility CISOs need. The confidence boards expect.
Last updated: November 27, 2025

Terms Of Service

1. Object and Scope

These Terms of Service (“Terms”) govern your access to and use of the Mindlapse platform (“Platform”), a Cyber-GRC (Governance, Risk, and Compliance) solution provided by Mindlapse SAS (“Mindlapse,” “we,” “us,” or “our”). If you have executed a separate Master Agreement, Enterprise Agreement, or other written contract with Mindlapse, that agreement shall prevail over these Terms to the extent of any conflict. By accessing the Platform, you agree to be bound by these Terms (or your Master Agreement, if applicable), our Privacy Policy, and our Cookie Policy.

2. Description of the Platform

The Platform provides Cyber-GRC capabilities including, but not limited to: third-party risk management, compliance assessments, risk management, and security governance dashboards. The Platform may include AI-powered features that use state-of-the-art sovereign AI language models (currently Mistral family models) for risk analysis and questionnaire generation (see Section 5 for AI-specific terms). The Platform also integrates support and help center functionality through Featurebase. Specific features and functionalities are detailed in your subscription agreement.

Mindlapse may modify, update, or add Platform features with 30 days’ notice for non-material changes. Core features (as defined in your subscription agreement) will not be discontinued without 180 days’ notice and provision of equivalent functionality or migration assistance. Security patches and critical updates may be deployed immediately

3. Access and Security

3.1 Eligibility

You must be at least 18 years old and legally authorized to enter into agreements on behalf of your organization. The Platform is intended for business use only.

3.2 Account Credentials

You are responsible for maintaining the confidentiality of your login credentials and for all activities conducted under your account, except for unauthorized access resulting from a Platform security vulnerability or Mindlapse negligence.

Any unauthorized access must be reported to Mindlapse immediately at dpo@mindlapse.ai.

3.3 Technical Requirements

Access to the Platform requires an internet connection and a compatible web browser. You are responsible for obtaining and maintaining all necessary equipment and connectivity.

4. User Obligations

You agree to:

  • Use the Platform only for lawful purposes and in accordance with applicable laws and regulations
  • Provide accurate, complete, and current information
  • Comply with all data protection regulations, including GDPR
  • Not scrape, crawl, or automatically extract data from the Platform
  • Not reverse-engineer, decompile, or attempt to derive the source code
  • Not transmit viruses, malware, or any code of a destructive nature
  • Not use the Platform primarily for competitive analysis through automated scraping or reverse-engineering (legitimate procurement evaluation is permitted)
  • Not share your account credentials or permit unauthorized third-party access

5. Artificial Intelligence Features

5.1 AI-Powered Functionality

The Platform includes AI-powered features utilizing sovereign European AI models (currently from the Mistral family) to assist with risk assessments, compliance analysis, and questionnaire generation. Mindlapse may update the specific AI models used, maintaining equivalent or superior security and sovereignty guarantees.

5.2 Data Protection in AI Processing

When you use AI features:

  • Your data is processed locally within Mindlapse’s EU infrastructure (currently AWS Europe or Scaleway France)
  • Your data is NOT transmitted to any external AI service provider
  • Your data is NOT used to train, fine-tune, or improve any AI model
  • AI model providers have no access to your data

5.3 User Responsibility for AI Outputs

AI-generated outputs (e.g., risk scores, compliance recommendations) are provided solely for informational purposes as decision-support tools. They do not constitute professional advice and must be validated by qualified cybersecurity professionals before any action is taken.

You expressly acknowledge and accept full responsibility for all decisions and actions based on AI outputs. Mindlapse makes no warranties regarding the accuracy, completeness, reliability, or suitability of AI-generated content and disclaims all liability for decisions made in reliance thereon.

6. Intellectual Property

All Platform content, features, functionality, design, graphics, text, and code (“Mindlapse IP”) are the exclusive property of Mindlapse or its licensors. You receive a limited, non-exclusive, non-transferable license to use the Platform solely for purposes authorized in your subscription agreement.

You retain ownership of data you upload to the Platform (“Your Data”). By uploading Your Data, you grant Mindlapse the necessary rights to process, store, and analyze it for Platform delivery only. Your Data shall not be used for any other purpose without your explicit consent.

AI-Generated Outputs: You retain full ownership and intellectual property rights over all AI-generated content (reports, analyses, recommendations) created from Your Data. Mindlapse claims no ownership over such outputs.

You agree not to modify, reverse-engineer, or create derivative works based on the Platform or its components.

7. Warranties and Limitation of Liability

7.1 Service Warranties

Mindlapse warrants that:

  • The Platform will perform substantially in accordance with its documentation
  • Uptime SLA: 99.5% monthly availability (excluding planned maintenance, maximum 4 hours/month with 7 days’ notice)
  • Security controls described in our documentation are implemented and maintained
  • Services will be provided with reasonable skill and care

These warranties do not apply to issues caused by misuse, unauthorized modifications, third-party services outside Mindlapse’s control, or force majeure events.

Remedy: If Mindlapse breaches these warranties, your exclusive remedy is service credits as specified in your subscription agreement, or termination with pro-rata refund if breach persists beyond 60 days.

7.2 Limitation of Liability

General Liability: For claims arising from ordinary negligence, Mindlapse’s total aggregate liability shall not exceed the greater of (i) fees paid during the 12 months preceding the claim, or (ii) €50,000.

Data Breach or Security Incident: For claims arising from data breach, confidentiality violation, or security incident resulting from Mindlapse’s negligence, total liability shall not exceed the greater of (i) 3x fees paid during the 12 months preceding the claim, or (ii) €150,000.

Unlimited Liability: No limitation applies to liability for:

  • Gross negligence or willful misconduct
  • Fraud or fraudulent misrepresentation
  • Personal injury or death
  • Intellectual property infringement
  • Intentional violation of data protection laws
  • Any liability that cannot be excluded under French law

Exclusion of Consequential Damages: TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, EXCEPT THAT:

  • Loss of data constitutes direct damages covered under caps above
  • Loss of profits directly and foreseeably resulting from Platform unavailability exceeding SLA commitments is covered

7.3 Claims Procedure

You must notify Mindlapse of any claim in writing within 30 days of discovering the issue. Claims not filed in court within 12 months of occurrence are time-barred.

8. Data Export and Reversibility

8.1 Data Export During Subscription

You may export Your Data at any time through the Platform interface:

  • Formats: PDF (for reports)
  • Self-service export: Available immediately
  • Bulk export: Available within 5 business days upon request to dpo@mindlapse.ai

8.2 Data Retrieval Upon Termination

Upon account termination or subscription cancellation, you have 60 days to retrieve Your Data using the export functionality described above.

8.3 Data Deletion

Following the 60-day retrieval period, Mindlapse will permanently delete Your Data within 30 days, except where retention is required by law. Deletion confirmation available upon request.

9. Third-Party Services

Support and help center features are provided through Featurebase (Estonia, ISO 27001 certified), which may deposit essential cookies as described in our Cookie Policy. Featurebase acts as a data processor under Article 28 GDPR, with data hosted exclusively in the EU. The Platform uses only essential cookies necessary for authentication, security, and functionality. For details, see our Cookie Policy.

10. Suspension and Termination

10.1 Suspension Rights

Mindlapse may suspend access as follows:

Immediate suspension (without notice):

  • Active security threat or ongoing attack from your account
  • Court order or legal requirement
  • Repeated material breaches after written warning

Suspension with 48-hour notice:

  • Non-payment beyond 30 days after due date
  • Material breach of Terms (with opportunity to cure)

Minor breaches: Written warning with 15 days to remediate before any suspension.

10.2 Right to Contest

You may contest any suspension by contacting dpo@mindlapse.ai within 48 hours. Mindlapse will review and respond within 5 business days.

10.3 Effect of Termination

Upon suspension or termination, your right to use the Platform ceases immediately. Data handling follows Section 8. You remain responsible for fees accrued prior to termination.

11. Data and Privacy

Your use of the Platform is governed by our Privacy Policy, which details how we collect, process, and protect your data. Your Data is hosted on secure servers within the European Union (currently AWS Europe and Scaleway France). No customer business data is transferred outside the EU.

Both parties are subject to applicable data protection regulations. For data subject requests or privacy concerns, contact dpo@mindlapse.ai.

12. Security Incident Notification

Mindlapse will notify you of any security incident affecting Your Data or Platform availability within:

  • 24 hours for critical incidents (data breach, prolonged outage)
  • 72 hours for significant incidents (attempted breach, partial degradation)

Notification will include: nature of incident, affected data/services, mitigation measures, and estimated resolution time. For clients subject to NIS2/DORA, Mindlapse will provide all necessary information for your regulatory notifications.

13. Service Level and Business Continuity

13.1 Availability Commitment

  • Uptime SLA: 99.5% monthly availability (excluding planned maintenance)
  • Planned maintenance: Maximum 4 hours/month, notified 7 days in advance, conducted during off-peak hours

13.2 Recovery Commitments

  • RTO (Recovery Time Objective): 4 hours for critical failures
  • RPO (Recovery Point Objective): 1 hour (maximum data loss)
  • Annual Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) testing

14. Audit Rights

For clients subject to regulatory requirements (DORA, NIS2), upon reasonable request with 30 days’ notice:

  • Mindlapse will provide relevant security certifications (ISO 27001 when obtained, SOC 2 Type II when obtained)
  • Mindlapse will facilitate audit of security controls, subject to confidentiality protections
  • In case of security incident, audit rights available within 15 days

Audit scope and procedures will be mutually agreed to protect Mindlapse’s confidential information and other clients’ data.

15. Governing Law

These Terms are governed by the laws of France, without regard to conflict of laws principles. Any disputes shall be submitted to the courts of Paris or the courts of your registered office location, at your option as claimant. If Mindlapse initiates proceedings, jurisdiction lies with the courts of Paris.

16. Contact

For questions or concerns regarding these Terms of Service, please contact us at: dpo@mindlapse.ai

17. Changes to These Terms

Mindlapse may update these Terms at any time:

  • Minor or administrative updates: Communicated via email or Platform notification; continued use constitutes acceptance
  • Material changes (e.g., significant liability modifications, new data processing purposes): Require your explicit acknowledgment before taking effect

For clients with Master Agreements, amendments to these Terms do not affect existing Master Agreements unless explicitly incorporated by written amendment.

18. Entire Agreement

These Terms (or your Master Agreement, if applicable), together with the Privacy Policy, Cookie Policy, and any Order Forms, constitute the entire agreement between you and Mindlapse regarding the Platform.

These Terms supersede all prior or contemporaneous agreements, communications, and understandings between the parties regarding the subject matter herein.

Amendments to Master Agreements must be in writing and signed by authorized representatives. No failure to exercise any right constitutes a waiver of that right.