Terms of Service

By accessing or using the CRATrust website (cratrust.com) or platform, you agree to be bound by these Terms of Service (“Terms”). If you do not agree, do not use our services. These Terms are governed by EU law. Any disputes are subject to the exclusive jurisdiction of the courts of the relevant EU member state.

These Terms constitute the entire agreement between you and CRATrust (“CRATrust”, “we”, “us”) regarding your use of the service.

CRATrust is currently in beta. The service is provided free of charge during the beta period. We reserve the right to modify, suspend, or terminate the service at any time during beta without liability.

Beta users will receive at least 30 days advance notice before any transition to a paid service. You will never be automatically charged. Continued use after beta requires affirmative acceptance of paid plan terms.

Beta software may contain bugs or errors. We make no guarantees regarding uptime, data availability, or feature completeness during beta.

You may use CRATrust solely for your internal business compliance purposes. You agree not to:

• Use the service for any unlawful purpose
• Attempt to access another user's account or data
• Reverse engineer, decompile, or disassemble the platform
• Resell or sub-license the service without our written consent
• Introduce malicious code or attempt to disrupt the service
• Use the service to generate false compliance documentation

You retain full ownership of all data you upload to CRATrust (including SBOMs, product data, and compliance documents). You grant CRATrust a limited licence to process your data solely to provide the service to you.

We do not use your compliance data to train AI models or for any purpose other than operating the service. See our Privacy Policy and Data Processing Agreement.

CRATrust provides tools to assist with EU Cyber Resilience Act compliance. The platform's outputs, including SBOM reports, vulnerability assessments, and documentation templates, are provided for informational and operational assistance purposes only.

CRATrust does not provide legal advice. You remain solely responsible for your organisation's compliance with applicable law, including Regulation (EU) 2024/2847. We strongly recommend engaging qualified legal counsel for compliance determinations.

The CRATrust platform, including its design, software, documentation, and content, is the exclusive property of CRATrust and protected by applicable intellectual property laws. These Terms do not grant you any rights to our intellectual property beyond a limited licence to use the service.

To the maximum extent permitted by law, CRATrust is not liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the service, including but not limited to regulatory fines, loss of data, or loss of business.

Our total liability to you for any claim arising under these Terms shall not exceed the amount you have paid us in the 12 months preceding the claim. During the beta period (when the service is free), our total liability shall not exceed €100.

We aim to keep the platform available but make no uptime guarantees during beta. We may modify these Terms at any time. Material changes will be notified via email with at least 14 days notice. Continued use after the notice period constitutes acceptance of the updated Terms.

Either party may terminate access to the service at any time. You may delete your account by contacting [email protected]. We may suspend or terminate your access if you breach these Terms.

Upon termination, you may request an export of your data within 30 days. After 30 days, your data will be deleted in accordance with our Privacy Policy.

CRATrust is a private software platform designed to assist organisations in meeting regulatory obligations under the EU Cyber Resilience Act (CRA). CRATrust is not a governmental body and is not affiliated with or endorsed by the European Commission or ENISA.

Questions about these Terms: [email protected]

CRATrust