Skip to main content
CrownSyncCrownSync
Home

Terms of Service

CrownSync LTD — All Services

Last updated: April 2026

This legal document is currently available in English only.

Part A — General Terms (All CrownSync Services)

These Terms of Service (“Terms”) govern your access to and use of any product, website, application, platform, content, feature, or service (together, the “Services”) operated by CrownSync LTD (“CrownSync”, “we”, “us”, or “our”), a company registered in England and Wales under company number 15464490, whose registered office is at 128 City Road, London, EC1V 2NX, United Kingdom.

By creating an account, accessing, or using any Service, you agree to be bound by these Terms. If you use a Service on behalf of an organisation, you represent and warrant that you have authority to bind that organisation to these Terms, and references to “you” include that organisation.

Each Service may also have additional service-specific terms set out in a Schedule to these Terms. If there is any conflict between a Schedule and Part A, the relevant Schedule will prevail for that Service only.

The Services currently covered by these Terms are:

  • CrownSync CE Readiness (ce.crownsync.uk) — see Schedule 1
  • CrownSync Playbooks (pb.crownsync.uk) — see Schedule 2

These Terms, the applicable Schedules, our Privacy Policy, Cookie Policy, and any applicable Data Processing Addendum or incorporated privacy/data processing terms together form the entire agreement between you and CrownSync in relation to the Services.

1. Accounts, Eligibility, and Authority

1.1 You must be at least 18 years old and have authority to enter into these Terms to create an account or use the Services on behalf of an organisation.

1.2 Unless we expressly agree otherwise in writing or in a service-specific Schedule, accounts must be registered using a valid organisational or business email address. We may permit personal email domains for sole traders, microbusinesses, pilots, or other limited cases at our discretion.

1.3 You are responsible for maintaining the confidentiality and security of your login credentials, authentication methods, recovery methods, access links, API keys, and tokens, and for all activity carried out through your account except to the extent caused by our breach.

1.4 Organisation owners and administrators are responsible for managing user permissions, access rights, and prompt removal of access for users who no longer require it, including leavers and contractors.

1.5 You must notify us without undue delay at [email protected] or [email protected] if you become aware of any actual or suspected unauthorised access, credential compromise, or security incident affecting your account.

1.6 We may suspend, restrict, or terminate accounts that breach these Terms, create a security risk, are used unlawfully or fraudulently, or expose us, other users, or third parties to material risk.

2. Acceptable Use

2.1 You may use the Services only for lawful internal business purposes and in accordance with these Terms.

2.2 You must not, and must not permit any user or third party to:

  1. provide false, misleading, or materially inaccurate information;
  2. share credentials, secure links, tokens, or authentication methods with unauthorised persons;
  3. attempt to gain unauthorised access to another organisation’s account, data, environment, or records;
  4. use bots, crawlers, scraping tools, or other automated means to access, extract, monitor, index, copy, or harvest the Services or their content, except where expressly permitted by us in writing;
  5. reverse engineer, decompile, disassemble, copy, adapt, translate, frame, mirror, republish, or otherwise attempt to derive source code, underlying ideas, structure, models, prompts, or methodologies from any Service, except where such restriction is prohibited by law and only to the minimum extent permitted;
  6. interfere with or disrupt the integrity, performance, security, or availability of any Service;
  7. upload, transmit, or introduce malicious code, malware, or harmful material;
  8. use any Service to create a competing product or service, or to benchmark the Service for external publication without our prior written consent;
  9. use any Service in a way that misrepresents your organisation’s actual security, compliance, governance, or operational posture; or
  10. use the Services in a way that infringes any third-party rights or breaches any applicable law or regulation.

2.3 We may investigate suspected misuse and take proportionate action, including suspension, restriction of access, deletion of unlawful material where permitted, and referral to relevant authorities where legally required or reasonably necessary.

3. Intellectual Property Rights

3.1 Our Materials. We and our licensors own all intellectual property rights in and to the Services, including the software, source material, interfaces, workflows, visual design, structure, taxonomy, templates, playbook architecture, methodologies, guidance, databases, reports, analytics formats, and all original content made available by us, excluding Your Content and third-party materials.

3.2 Your Content.You retain ownership of the content, data, files, text, records, answers, responses, and customisations submitted or uploaded by you or your authorised users to the Services (“Your Content”).

3.3 Licence from You to Us. You grant us a non-exclusive, worldwide, royalty-free licence for the duration of your use of the Services, and for such limited period afterwards as necessary to perform our legal and operational obligations, to host, copy, process, transmit, display, back up, and otherwise use Your Content solely to the extent necessary to provide, secure, maintain, improve, support, and administer the Services, and to comply with applicable law.

3.4 Feedback. If you provide feedback, suggestions, enhancement requests, or ideas relating to the Services, you grant us a perpetual, irrevocable, worldwide, royalty-free licence to use and incorporate them without restriction or compensation, provided we do not identify you publicly without your consent.

3.5 Third-Party Content. Where the Services include content, frameworks, standards references, or materials owned by third parties, all rights in those materials remain with the relevant third-party owner. Relevant details may be set out in the applicable Schedule.

3.6 Equitable Relief. You acknowledge that any breach of the intellectual property, licence, or confidentiality provisions in these Terms or any Schedule may cause irreparable harm to CrownSync for which damages alone would not be an adequate remedy. CrownSync shall be entitled to seek injunctive or other equitable relief in addition to any other remedies available at law or in equity, without the requirement to prove actual damages or post a bond or security.

4. Confidentiality

4.1 Each party may receive confidential information from the other in connection with the Services. “Confidential Information” means information disclosed by one party to the other that is identified as confidential or which ought reasonably to be understood to be confidential given its nature and the circumstances of disclosure.

4.2 Each party shall:

  1. keep the other party’s Confidential Information confidential;
  2. use it only for the purposes of performing or receiving the Services; and
  3. disclose it only to those personnel, contractors, professional advisers, and sub-processors who need to know it for those purposes and who are bound by appropriate confidentiality obligations.

4.3 Confidential Information does not include information that:

  1. is or becomes public through no breach of these Terms;
  2. was lawfully known to the receiving party before disclosure;
  3. is lawfully received from a third party without restriction; or
  4. is independently developed without use of the disclosing party’s Confidential Information.

4.4 A party may disclose Confidential Information where required by law, court order, or regulatory authority, provided that, where lawful and practicable, it gives prior notice to the other party.

5. Data Protection

5.1 Each party shall comply with its respective obligations under applicable data protection law, including the UK GDPR, the Data Protection Act 2018, and, where applicable, the EU GDPR.

5.2 The parties acknowledge that, in relation to personal data processed through the Services:

  • you will generally act as controller of personal data contained in Your Content; and
  • CrownSync will generally act as processor on your behalf,

except to the extent CrownSync processes personal data as an independent controller for its own legitimate business purposes, including account administration, billing, fraud prevention, legal compliance, platform security, abuse prevention, and service analytics generated at platform level.

5.3 Where CrownSync acts as your processor, CrownSync shall:

  1. process personal data only on your documented instructions, unless otherwise required by applicable law;
  2. ensure persons authorised to process personal data are subject to appropriate duties of confidentiality;
  3. implement appropriate technical and organisational measures to protect personal data;
  4. take into account the nature of the processing and assist you, where reasonably possible, in responding to data subject requests;
  5. assist you, where reasonably possible, with security, breach notification, impact assessments, and prior consultation obligations, taking into account the nature of processing and the information available to us;
  6. delete or return personal data at the end of the provision of Services, unless applicable law requires retention;
  7. make available information reasonably necessary to demonstrate compliance with our processor obligations; and
  8. impose materially equivalent data protection obligations on authorised sub-processors.

5.4 You instruct CrownSync to process personal data as necessary to provide the Services in accordance with these Terms, the applicable Schedule, your configuration and use of the Services, and your written instructions.

5.5 We may use affiliated service providers and third-party sub-processors to operate the Services. A current list of material sub-processors will be made available on request or in our privacy/data processing documentation. We remain responsible for our sub-processors to the extent required by law.

5.6 You are responsible for ensuring that:

  1. you have an appropriate lawful basis for using the Services and for sharing personal data with us;
  2. you have provided any notices required to your users, staff, contractors, contributors, signatories, and other relevant individuals; and
  3. your instructions to us do not infringe applicable law.

5.7 Where personal data is transferred outside the UK or EEA, we will ensure that appropriate safeguards are used where required by law.

6. Security and Hosting

6.1 We implement and maintain appropriate technical and organisational security measures designed to protect the confidentiality, integrity, and availability of data processed through the Services.

6.2 Unless otherwise stated in a service-specific document, customer data is hosted using infrastructure located within the European Economic Area.

6.3 You acknowledge that no system, network, software, or internet transmission can be guaranteed completely secure. We do not warrant that the Services will be invulnerable to all security incidents.

6.4 You are responsible for maintaining your own internal security measures, including access controls, endpoint protection, backups, and change management within your own environment.

7. Data Retention, Deletion, and Anonymisation

7.1 We retain personal data and service records only for as long as reasonably necessary for the purposes for which they are processed, including provision of the Services, security, audit, dispute resolution, legal compliance, and enforcement of these Terms, as further described in our Privacy Policy.

7.2 If a user requests erasure of personal data, we may, where appropriate and lawful, delete personal data or anonymise personal identifiers associated with that user rather than deleting entire shared organisational records.

7.3 Where we anonymise data, we do so with the aim that the individual is no longer identifiable, taking into account the means reasonably likely to be used to identify them. Where data is anonymised such that individuals are no longer identifiable, that information falls outside the scope of UK GDPR.

7.4 Where full anonymisation is not possible or appropriate, we may instead restrict processing, delete specific identifiers, or retain limited data where necessary for legal claims, fraud prevention, security, audit integrity, or compliance obligations.

8. Data Subject Rights

8.1 Subject to applicable law, individuals may have rights of access, rectification, erasure, restriction, objection, and portability in relation to their personal data.

8.2 Requests may be submitted using the method set out in our Privacy Policy or by emailing [email protected].

8.3 Where CrownSync acts as processor, we may refer the request to the relevant customer or organisation where appropriate, or assist the customer in handling the request.

8.4 If you believe we have not handled personal data appropriately, you may complain to the Information Commissioner’s Office (ICO) at ico.org.uk. Our ICO registration number is ZC109210.

9. Audit Logging

9.1 We record and retain audit logs and system event records relating to use of the Services for security, fraud prevention, support, governance, dispute resolution, legal compliance, and service integrity.

9.2 Audit records may include account identifiers, organisation identifiers, action type, timestamps, IP address, browser or device metadata, and related technical event information.

9.3 Audit logs are retained for up to 6 years following the relevant activity for governance, legal compliance, and dispute resolution purposes. Audit logs may be retained beyond account closure where necessary for legitimate business interests, legal compliance, or establishment, exercise, or defence of legal claims. Organisation owners and assessment owners may access relevant audit records at any time during the life of their account.

9.4 Where appropriate following a valid erasure request, we may remove or anonymise personal identifiers within audit records while retaining the event history itself where necessary for governance, security, or evidential integrity.

10. No Professional Advice

10.1 The Services and all related templates, playbooks, prompts, reports, analytics, regulatory references, recommendations, guidance, or output are provided for general informational and operational support purposes only.

10.2 They do not constitute legal advice, cybersecurity consultancy, regulatory advice, certification advice, managed security services, tax advice, accountancy advice, or any other regulated or professional advice.

10.3 You are solely responsible for:

  1. verifying the suitability of any guidance or output for your specific circumstances;
  2. making your own decisions;
  3. testing and validating changes before implementation; and
  4. obtaining independent professional advice where appropriate.

10.4 You should not rely on the Services as your sole source of advice or assurance in relation to regulatory compliance, certification outcomes, cyber resilience, legal obligations, or technical implementation decisions.

11. Service Availability and Support

11.1 Unless expressly agreed in writing, the Services are provided on an “as available” basis and we do not guarantee uninterrupted availability, uptime, response times, restoration times, support response times, or service levels.

11.2 We may modify, improve, replace, suspend, or discontinue any part of a Service from time to time.

11.3 Where reasonably practicable, we will provide advance notice of material adverse changes, planned discontinuation, or significant downtime, except where immediate action is required for security, legal, or operational reasons.

11.4 We may perform maintenance, updates, patches, or emergency work that temporarily affects availability.

12. Suspension Rights

12.1 We may suspend or restrict access to any Service immediately, with or without prior notice, where reasonably necessary to:

  1. protect the security, integrity, or availability of the Services;
  2. investigate suspected misuse, fraud, or unlawful activity;
  3. prevent harm to us, other users, or third parties;
  4. comply with law, regulation, court order, or regulator request; or
  5. address a material breach of these Terms.

12.2 Where the reason for suspension allows, we will use reasonable efforts to notify you and to restore access once the issue is resolved.

13. Fees, Purchases, Subscriptions, and Taxes

13.1 Some Services or features may be offered free of charge on a temporary or ongoing basis. We may introduce charges for previously free Services in the future on reasonable prior notice.

13.2 Where we introduce paid plans for an existing Service, we may offer existing users a transitional period, legacy arrangement, or preferential pricing at our discretion.

13.3 Where a Service includes one-time purchases, licences, or bundles, access rights are governed by the relevant Service description, order, or Schedule, and continue for the period expressly stated there. Where a one-time purchase expressly grants lifetime access, that access continues for the lifetime of the purchasing organisation’s active account.

13.4 Where a Service is sold on a subscription basis, subscriptions will renew automatically for successive periods unless cancelled before the applicable renewal date stated at purchase or in your billing settings.

13.5 All prices are stated exclusive of VAT unless expressly stated otherwise. VAT and any other applicable taxes will be charged as required by law.

13.6 You are responsible for providing accurate billing and tax information.

14. Refunds

14.1 Because the Services are digital business services and digital content, fees are generally non-refundable except as expressly stated in these Terms, required by law, or agreed by us in writing.

14.2 Where we offer refunds for one-time digital purchases, trial conversions, or first-year subscriptions, we may refuse a refund where you have materially consumed, exported, downloaded, customised, or derived substantial benefit from the relevant Service or content.

14.3 For the purpose of Section 14.2, “materially consumed or customised” includes, by way of example:

  1. exporting or downloading paid content or paid reports;
  2. materially editing or tailoring purchased content;
  3. assigning, issuing, or completing live operational workflows; or
  4. using the Service beyond a nominal evaluation purpose.

14.4 Nothing in this Section affects any non-excludable statutory rights.

15. Warranties and Disclaimers

15.1 To the maximum extent permitted by law, the Services are provided “as is” and “as available”.

15.2 We disclaim all warranties, representations, conditions, and other terms, whether express or implied, including any implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement, or that the Services will meet your requirements.

15.3 In particular, we do not warrant that:

  1. the Services will be uninterrupted, error-free, or free from vulnerabilities;
  2. any output, content, recommendation, or guidance will be complete, accurate, current, or suitable for your organisation;
  3. any certification, regulatory, or standards-based content will always reflect the latest official changes immediately upon publication by third parties; or
  4. use of any Service will achieve a particular result, outcome, certification, assurance level, or regulatory status.

16. Liability

16.1 Nothing in these Terms excludes or limits liability for:

  1. death or personal injury caused by negligence;
  2. fraud or fraudulent misrepresentation; or
  3. any liability that cannot lawfully be excluded or limited.

16.2 Subject to Section 16.1, our total aggregate liability arising out of or in connection with the Services, whether in contract, tort (including negligence), breach of statutory duty, misrepresentation, restitution, or otherwise, shall not exceed:

  • the greater of (a) the fees paid by you to CrownSync for the relevant Service in the 12 months preceding the event giving rise to the claim, or (b) £10,000; or
  • where the relevant Service was provided entirely free of charge, £100.

16.3 Subject to Section 16.1, we shall not be liable for any:

  1. indirect or consequential loss;
  2. loss of profits;
  3. loss of revenue;
  4. loss of anticipated savings;
  5. loss of contracts;
  6. loss of goodwill;
  7. loss of opportunity;
  8. business interruption; or
  9. loss, corruption, or inaccuracy of data,

in each case whether direct or indirect.

16.4 We are not responsible for losses arising from:

  1. your misuse of the Services;
  2. your failure to follow our instructions or implement reasonable safeguards;
  3. your own systems, infrastructure, vendors, personnel, or third-party providers;
  4. inaccurate, incomplete, or misleading information supplied by you or your users; or
  5. actions or omissions of persons to whom you grant access, assign tasks, or send secure links.

16.5 The exclusions and limitations in these Terms reflect the allocation of risk between the parties and apply even if a remedy fails of its essential purpose.

17. Your Indemnity to CrownSync

You shall indemnify and keep indemnified CrownSync, its officers, employees, and contractors against losses, damages, liabilities, costs, and expenses (including reasonable legal fees) arising from any third-party claim, regulatory complaint, or investigation resulting from:

  1. Your Content;
  2. your unlawful or improper use of the Services;
  3. your breach of these Terms;
  4. your infringement of any third-party rights; or
  5. your failure to obtain necessary permissions, lawful bases, or notices in relation to personal data or confidential information you submit to the Services,

except to the extent caused by our breach of these Terms or applicable law.

18. Insurance

18.1 CrownSync LTD maintains professional indemnity insurance with cover of £1,000,000 and cyber and data protection insurance with cover of £1,000,000. Public and product liability insurance is also held.

18.2 Further details of insurance cover, including the identity of insurers, are available on request, subject to confidentiality and insurer restrictions.

19. Term and Termination

19.1 These Terms take effect when you first access or use a Service and continue until terminated in accordance with these Terms.

19.2 You may stop using the Services at any time. Where account closure functionality is not available in-product, you may request closure by contacting [email protected].

19.3 We may terminate these Terms or your access to a Service:

  1. on notice if you materially breach these Terms and fail to remedy the breach within a reasonable period where it is capable of remedy; or
  2. immediately where the breach is serious, unlawful, fraudulent, or creates a material security, legal, or reputational risk.

19.4 On termination:

  1. your right to access and use the relevant Service ceases;
  2. all licences granted to you under these Terms and applicable Schedules terminate immediately, except as expressly stated in Section 19.6;
  3. we may disable or delete access credentials and secure links;
  4. you may request an export of Your Content for a limited period after termination where reasonably practicable, subject to technical feasibility, legal obligations, payment of outstanding sums, and our retention rights; and
  5. previously exported documents (such as signed PDFs) remain subject to the licence restrictions and intellectual property provisions in these Terms and the applicable Schedule, including after termination.

19.5 The following provisions shall survive termination or expiry of these Terms: Section 3 (Intellectual Property Rights), Section 3.6 (Equitable Relief), Section 4 (Confidentiality), Section 5 (Data Protection), Section 7 (Data Retention, Deletion, and Anonymisation), Section 8 (Data Subject Rights), Section 9 (Audit Logging), Section 10 (No Professional Advice), Section 15 (Warranties and Disclaimers), Section 16 (Liability), Section 17 (Indemnity), Section 22 (Assignment and Subcontracting), Section 23 (Third-Party Rights), Section 24 (Severance and Waiver), and Section 25 (Governing Law and Jurisdiction), together with any provisions in the Schedules that by their nature are intended to survive termination.

19.6 Where a terminated user is required by law, regulation, or regulatory expectation to retain specific documents or records created during the licence period (for example, signed incident response playbooks retained for regulatory compliance or audit purposes), they may retain those specific exported documents in read-only form solely for that purpose. This retention right does not extend to continued operational use, customisation, redistribution, or any purpose other than passive regulatory or legal record-keeping.

20. Changes to the Services and Terms

20.1 We may update or amend these Terms from time to time.

20.2 If we make a material change, we will use reasonable efforts to provide at least 30 days’ notice by email, in-product notice, or other reasonable method, unless a shorter period is required for legal, regulatory, or security reasons.

20.3 By continuing to use the relevant Service after the updated Terms take effect, you agree to the revised Terms.

21. Force Majeure

We are not liable for any delay, failure, or interruption in performance to the extent caused by events beyond our reasonable control, including internet or telecommunications failure, cloud or hosting provider outage, denial of service attack, labour dispute, pandemic, epidemic, natural disaster, fire, flood, war, civil unrest, malicious third-party attack, or governmental action.

22. Assignment and Subcontracting

22.1 You may not assign, transfer, novate, declare a trust over, or otherwise dispose of any of your rights or obligations under these Terms without our prior written consent.

22.2 We may assign, transfer, novate, subcontract, or otherwise deal with any of our rights or obligations under these Terms as part of a group reorganisation, financing, business sale, merger, acquisition, outsourcing, or similar transaction, provided this does not materially reduce your contractual protections.

23. Third-Party Rights

A person who is not a party to these Terms shall have no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of these Terms, except where expressly stated otherwise.

24. Severance and Waiver

24.1 If any provision of these Terms is held to be invalid, unlawful, or unenforceable, that provision shall be deemed modified to the minimum extent necessary, and if that is not possible, deleted, without affecting the remainder of these Terms.

24.2 A failure or delay by either party to exercise any right shall not operate as a waiver of that right.

25. Governing Law and Jurisdiction

25.1 These Terms and any non-contractual obligations arising out of or in connection with them are governed by the laws of England and Wales.

25.2 The courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or the Services.

26. Contact Details

CrownSync LTD
128 City Road, London, EC1V 2NX, United Kingdom

Company No. 15464490 | ICO Registration: ZC109210

Part B — Service-Specific Schedules

Schedule 1 — CrownSync CE Readiness (ce.crownsync.uk)

This Schedule applies to CrownSync CE Readiness in addition to Part A.

S1.1 Description of the Service

CrownSync CE Readiness is an independent preparation and workflow platform designed to help organisations prepare for Cyber Essentials certification and related internal governance activity. Features may include assessment workflows, structured questionnaires, collaboration, question assignment, remediation tracking, board sign-off workflow management, reporting, export functionality, and configurable notifications (off by default, configurable in account settings).

S1.2 No Affiliation; No Certification

CrownSync CE Readiness is not affiliated with, endorsed by, authorised by, or operated in partnership with the National Cyber Security Centre (NCSC), IASME Consortium, or any accredited Cyber Essentials certification body unless we expressly state otherwise in writing.

Use of the Service does not itself amount to Cyber Essentials certification, accreditation, or assurance. Official certification must be obtained separately through an appropriately accredited certification body.

S1.3 No Guarantee of Certification

We do not guarantee that use of the Service will result in certification, successful submission, acceptance by any certification body, or alignment with any regulator’s current expectations.

S1.4 Third-Party Content

The Cyber Essentials self-assessment question set (currently the Danzell question set) is published by IASME on behalf of the NCSC and is used in this Service for preparation purposes only. All intellectual property rights in the question set remain with NCSC and IASME.

Where the Service incorporates or references other official or third-party frameworks, terminology, or materials, all intellectual property rights in that material remain with the relevant third-party owner.

S1.5 Team Members and Contributors

(a) Assessment owners may invite team members and contributors to participate in an assessment.

(b) By inviting a contributor, you confirm that:

  1. you are authorised to share the relevant assessment information with them;
  2. their involvement is lawful and appropriate for your organisation; and
  3. you are responsible for their use of the Service in connection with your assessment.

(c) Contributor access is limited to answering assigned questions and is provided via a time-limited secure link. Contributors do not require a full account.

(d) You are responsible for revoking contributor access when it is no longer required.

(e) Contributors who wish to request erasure of their personal data may do so by emailing [email protected] or submitting a request at ce.crownsync.uk/privacy/erasure-request. Contributor personal identifiers will be anonymised within 30 days of a valid request. Assessment answers submitted by contributors will be retained in anonymised form as part of the organisation’s assessment record.

S1.6 External Assignees

Assessment owners may assign remediation actions or related tasks to external contractors, managed service providers, advisers, or other third parties. You are solely responsible for determining whether any information shared with those persons is appropriate, lawful, and contractually permitted.

S1.7 Board Sign-Off

Where the Service includes a board sign-off or equivalent approval workflow, that workflow records a formal declaration by the named signatory or approver based on the information presented to them.

This declaration is not a substitute for external certification, legal advice, or independent assurance. CrownSync LTD accepts no liability for any reliance placed on a board sign-off declaration.

S1.8 Signatory Integrity

Sign-off links or approval actions are issued to named signatories only and are intended only for the named signatory or authorised approver. Forwarding a sign-off link to another person, or approving an assessment on behalf of a named signatory without their explicit instruction, is a misuse of the platform and is prohibited.

The person clicking the approve button makes a formal declaration that they are the named signatory and are authorised to sign off the assessment. CrownSync LTD accepts no liability for approvals completed by persons other than the named signatory.

S1.9 Locked Assessments

Once a board sign-off has been completed and all required approvals received, the assessment is permanently locked and cannot be modified. Users wishing to make changes after sign-off must start a new assessment. This measure protects the integrity of the signed declaration.

S1.10 Multiple Assessments

Users may create multiple assessments for the same organisation. Each assessment is an independent record. Signed-off assessments are retained for 12 months in read-only form.

S1.11 Customer Responsibility for Inputs

You are solely responsible for the truthfulness, completeness, and accuracy of all answers, supporting information, declarations, and approvals entered into the Service. We accept no liability for decisions, outcomes, or certification results based on inaccurate, incomplete, or misleading information supplied by you or your users.

S1.12 Free Launch Period

The Service is currently provided free of charge during a launch period. All features are available at no cost, including team collaboration, gap analysis, board sign-off, exports, and the contributor portal. The general provisions on future pricing in Section 13 of Part A apply. Existing users will receive reasonable advance notice before any charges are introduced, along with a preferential rate.

Schedule 2 — CrownSync Playbooks (pb.crownsync.uk)

This Schedule applies to CrownSync Playbooks in addition to Part A.

S2.1 Description of the Service

CrownSync Playbooks provides incident response and governance playbook content, workflows, templates, and related tools that may be customised based on your organisation’s profile, sector, selected workflows, or stated regulatory context. Features may include editing, collaboration, version control, audit logging, and export functionality including signed PDF export.

S2.2 Licence

Subject to your compliance with these Terms and payment of applicable fees (or during any free or trial period), we grant you a limited, non-exclusive, non-transferable, non-sublicensable licence to use the Playbooks service and the licensed playbook content for your own internal business purposes.

For one-time purchases (individual playbooks and bundles), this licence continues for the lifetime of the purchasing organisation’s active account. For subscriptions, this licence continues for the duration of the active subscription term.

Upon termination of your account or expiry of your subscription for any reason, the licence granted in this Section terminates immediately, subject to the limited regulatory record-keeping exception in Section 19.6 of Part A.

S2.3 Scope of Licence

Unless we agree otherwise in writing:

  1. the licence is granted to the specific organisation that purchased or was granted access;
  2. the content is for internal use only;
  3. you may customise playbooks for your own internal operational use;
  4. you may not resell, redistribute, sublicense, publish, or commercially exploit the playbook content outside your organisation; and
  5. you may not use the playbook content or structure to build, train, populate, seed, or support a competing product or service.

S2.4 Derivative, Competitive, and Automated Use

(a) You may not use our playbooks, templates, structure, drafting logic, or methodology to create a library, managed service, consultancy deliverable catalogue, software product, or other commercial offering that competes with or substitutes for the Services, except as expressly authorised under a separate partner or reseller agreement.

(b) You may not use, input, upload, or make available the playbook content, templates, structure, or methodology (whether in whole or in material part) to any artificial intelligence system, machine learning model, large language model, or similar automated tool or service for the purpose of generating, deriving, training, fine-tuning, summarising, paraphrasing, or reproducing content that replicates, substitutes for, or competes with the playbook content or any part of it. This restriction does not prevent you from using general-purpose AI tools to assist with your own original customisations provided you do not input our template content as training data, source material, or prompts designed to reproduce our content.

S2.5 Exported Documents

(a) Exported PDFs or other generated documents may contain both our licensed template material and Your Content. Intellectual property rights in each component remain with the relevant owner.

(b) Exported documents remain subject to the licence restrictions in S2.2 and S2.3 of this Schedule, including after export. You may share exported documents only with your own employees, officers, directors, professional advisers, auditors, regulators, and insurers for legitimate operational, compliance, legal, or governance purposes directly relating to your organisation.

(c) You may not redistribute, publish, make publicly available, or provide exported documents to third parties for their own commercial use or benefit. For the avoidance of doubt, sharing an exported playbook with a third party for the purpose of enabling that third party to create its own playbook content, serve its own clients, or build a competing product or service is prohibited.

S2.6 Partners

Partners such as MSPs, MSSPs, consultancies, or delivery partners may only manage playbooks on behalf of client organisations where permitted under a separate written partner agreement with CrownSync.

S2.7 Regulatory References

Any references to UK regulatory frameworks, guidance, enforcement expectations, or standards (including but not limited to ICO, FCA, NIS, DSPT, and SRA requirements) are general informational references only and do not constitute legal or regulatory advice.

End of Terms of Service

CrownSync LTD — Company No. 15464490 — ICO Registration: ZC109210