Terms of Service

1. Acceptance of Terms

By accessing or using 3PRM's third-party risk management platform and related services (collectively, the "Service"), you agree to be bound by these Terms of Service ("Terms"). These Terms constitute a legally binding agreement between you and 3PRM. If you are using the Service on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.

If you do not agree to these Terms, you may not access or use the Service.

2. Description of Service

3PRM provides a software-as-a-service platform for managing third-party vendor risk, M&A cybersecurity due diligence, and vendor security intelligence. The Service includes:

• Vendor risk assessments and questionnaire management
• AI-powered document analysis, scoring, and recommendations (via the Tria AI agent)
• Continuous external security posture monitoring
• Supply chain visibility and sub-processor mapping
• The Trust Network — a shared vendor intelligence layer
• M&A due diligence workflows including policy comparison, SBOM analysis, and technology cost analysis
• Board-ready reporting and PDF export
• Managed TPRM services (where applicable under a separate service agreement)

We reserve the right to modify, suspend, or discontinue any part of the Service at any time with reasonable notice.

3. Account Registration and Security

You must register for an account to use the Service. You agree to provide accurate, current, and complete information during registration and to update such information to keep it accurate. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

You must notify us immediately at security@3prm.com if you become aware of any unauthorized use of your account. We are not liable for any loss arising from unauthorized use of your account.

We provide multi-tenant architecture with organization-level data isolation. Each organization's data is logically separated through row-level security policies.

4. Data Ownership and License

4.1 Your Data

You retain all ownership rights to the data you input, upload, or create within the Service ("Your Data"). This includes vendor information, assessment responses, uploaded documents, findings, and any other content you provide. We do not claim ownership of Your Data.

4.2 License to Us

By using the Service, you grant us a limited, non-exclusive, worldwide license to use, process, store, and transmit Your Data solely for the purpose of providing the Service to you, including AI-powered analysis, scoring, monitoring, and reporting. This license terminates when your account is closed and Your Data is deleted in accordance with our data retention practices.

4.3 Trust Network Data

If your organization participates in the Trust Network, you grant us an additional license to share designated vendor profile data with other Trust Network participants, as configured by your organization's Trust Network settings. You may modify or revoke this sharing at any time through the platform. Shared data is limited to vendor security profiles and does not include your organization's proprietary assessment findings or internal risk decisions unless you explicitly configure otherwise.

4.4 AI Processing

When you use AI-powered features (including the Tria AI agent), Your Data is processed by our AI service provider to generate analysis, scores, and recommendations. Your Data is not used to train, improve, or fine-tune AI models. AI-generated outputs (analyses, scores, summaries) are provided as informational aids and do not constitute professional security advice.

4.5 Aggregated and Anonymized Data

We may create aggregated, anonymized, or de-identified data derived from Your Data and usage of the Service. Such data does not identify you or your organization and may be used for service improvement, benchmarking, and research purposes.

5. Acceptable Use

You agree not to:

• Use the Service for any unlawful purpose or in violation of any applicable laws or regulations
• Attempt to gain unauthorized access to any part of the Service, other accounts, or systems
• Interfere with or disrupt the integrity or performance of the Service
• Transmit any viruses, malware, or other harmful code
• Reverse engineer, decompile, or disassemble any part of the Service
• Use the Service to store or transmit content that infringes third-party intellectual property rights
• Resell, sublicense, or make the Service available to third parties except through authorized Trust Network participation
• Use automated means (bots, scrapers) to access the Service without our written consent
• Attempt to circumvent rate limits, security controls, or access restrictions

We reserve the right to suspend or terminate access for violations of these terms.

6. Intellectual Property

The Service, including its software, design, documentation, features, and all related intellectual property, is owned by 3PRM and protected by applicable intellectual property laws. These Terms do not grant you any rights to our trademarks, service marks, or trade names.

You may not copy, modify, distribute, or create derivative works based on the Service except as explicitly permitted by these Terms.

7. Confidentiality

Each party agrees to maintain the confidentiality of the other party's Confidential Information. "Confidential Information" includes any non-public information disclosed by one party to the other, including business plans, technical data, pricing, and platform data. Confidential Information does not include information that is publicly available, independently developed, or rightfully received from a third party.

We implement technical and organizational safeguards to protect the confidentiality of Your Data, as described in our Privacy Policy.

8. Service Availability

We strive to maintain high availability of the Service but do not guarantee uninterrupted access. The Service may be temporarily unavailable due to scheduled maintenance, infrastructure provider outages, or circumstances beyond our reasonable control. We will make commercially reasonable efforts to provide advance notice of planned maintenance.

Our infrastructure is hosted on Supabase (AWS) with Cloudflare for content delivery. Availability is subject to the uptime commitments of our infrastructure providers.

9. Payment Terms

Access to the Service may require a paid subscription. Pricing, payment terms, and subscription details are set forth in your order form or subscription agreement. Unless otherwise agreed, subscriptions renew automatically at the then-current rate. You may cancel your subscription in accordance with the cancellation terms in your agreement.

All fees are non-refundable unless otherwise specified in your agreement or required by applicable law.

10. Limitation of Liability

To the maximum extent permitted by applicable law, 3PRM shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, revenue, data, business opportunities, or goodwill, arising out of or related to your use of the Service, regardless of the theory of liability.

Our total aggregate liability for any claims arising out of or related to these Terms or the Service shall not exceed the amounts paid by you to 3PRM in the twelve (12) months preceding the claim.

AI-generated outputs, risk scores, and recommendations are provided for informational purposes and should not be relied upon as the sole basis for security or business decisions. We are not liable for decisions made based on AI-generated content.

11. Indemnification

You agree to indemnify, defend, and hold harmless 3PRM and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your use of the Service; (b) your violation of these Terms; (c) your violation of any third-party rights; or (d) data you input into the Service.

12. Termination

12.1 By You

You may terminate your account at any time by contacting us or through the platform's account settings. Upon termination, your access to the Service will cease and Your Data will be retained for 30 days to allow for export, after which it will be permanently deleted.

12.2 By Us

We may suspend or terminate your account if you breach these Terms, fail to pay applicable fees, or engage in conduct that we reasonably believe is harmful to the Service or other users. We will provide notice where practicable.

12.3 Effect of Termination

Upon termination, sections relating to data ownership, limitation of liability, indemnification, confidentiality, and governing law shall survive.

13. Data Portability

You may export Your Data from the platform at any time using the available export features (including PDF reports, CSV exports, and document downloads). Upon account termination, we will make Your Data available for export during the 30-day retention period.

14. Modifications to Terms

We may update these Terms from time to time. We will notify you of material changes by posting the updated Terms on this page, updating the "Last updated" date, and, where appropriate, sending notification via email or the platform. Your continued use of the Service after changes take effect constitutes acceptance of the revised Terms.

15. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the United States and the state in which 3PRM is incorporated, without regard to conflict of law principles. Any disputes arising out of or relating to these Terms or the Service shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, except that either party may seek injunctive relief in a court of competent jurisdiction.

16. General Provisions

These Terms, together with the Privacy Policy and any applicable order forms, constitute the entire agreement between you and 3PRM. If any provision of these Terms is found to be unenforceable, the remaining provisions shall continue in effect. Our failure to enforce any provision of these Terms shall not constitute a waiver. You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

17. Contact Us

If you have questions about these Terms of Service, please contact us at:

3PRM
Email: legal@3prm.com