Terms of Service

Effective date: August 17, 2023

THE SUBSCRIPTION AGREEMENT: The use of this website and services on this website and mobile application provided by Secfix GmbH (secfix.com and app.secfix.com referred to as "website") are subject to the following Terms and Conditions, all parts and sub-parts of which are specifically incorporated by reference here.

This Subscription Agreement (“SA”) is effective as of the effective date of an applicable signed order form (such form an “Order Form” and such date the “Effective Date”) and is by and between Secfix GmbH (“Secfix”), with its offices at Lohmühlenstraße 65 c/o Factory Works GmbH, 12435 Berlin under the registered with the commercial register of Munich local court under folio HRB 280059, and the customer set forth on the Order Form (“Customer”) (each a “Party” and together the “Parties”). In the event of any inconsistency or conflict between the terms of the SA and the terms of any Order Form, the terms of the Order Form control.


Secfix helps companies become secure and compliant with standards such as ISO 27001 and other security compliance standards in weeks rather than months. We have a large partner network of pentesting companies, auditors and accredited certification bodies and can reduce the time, effort and cost of an ISO 27001 certification with our software. You can register on our Software either as “Customer” or “Partner”. Depending on the designation of your account, different Services may be available to you. Certain Services may also only be available subject to the payment of such fees detailed on the Software.  

Customers use Secfix to create, automate and maintain security programs according to major security standards such as ISO 27001 and many more. Customers can connect their infrastructure and other software to harden their systems according to security best practices, onboard employees in compliant way, receive certification preparation tasks that are monitored and automated, suit of all necessary policy templates and security compliance management tools, and be referred directly to the best fitting audit and accredited certification partners (“Services”).

How it works:

  • Registration is free.
  • Clients pay an annual fee, or any other fee as further set forth on the Secfix Software or in the Order Form.
  • Secfix collects security and compliance information from connected systems and solutions on behalf of Customers.
  • Secfix’s Security Compliance and Monitoring tools allow Customers to complete their entire journey of preparation to security compliance certification, receive recommendations and preparation tasks, create reports, and monitor their compliance maturity.
  • Customers complete tasks created by Secfix to become compliant until their certification maturity.
  • Customers get recommendations to the partners (e.g. accredited certification body) whose services and solutions best fit according to customer’s size, industry, budget, and other selection criteria to become compliant fast.
  • Customers make payments directly to the partners.
  • After certification is complete customers use Secfix software to stay compliant and have a smooth journey throughout surveillance and recertification audits in the following years.

Partner Services

Partners use Secfix to easily connect with Secfix customers, become verified partners, get a profile listing on Secfix marketplace, accelerate sales through an introduction to the potential customers who show a deep need in their services and software. Partners include but are not limited to: auditors, penetration testing companies, accredited certification bodies, consulting firms, software agencies, and other security services and software providers. (“Partner Services”)

Certification Partner Services

Certification bodies and auditors in addition to general partners can benefit through dedicated training from Secfix. Further, Secfix customers can provide deeper data in a structured and standardized report and evidence to auditors which can substantially accelerate the audit time. (“Certification Partner Services”)



“Agreement” denotes to this Terms and Conditions and the Privacy Policy and other documents provided to you by the Website;

"Secfix", “Secfix GmbH”we”, “us”, and “our” are references to Secfix;

User”, “You” and “your” denotes the person who is accessing the website for taking or availing any service from us. User shall include the company, partnership, sole trader, person, body corporate or association taking services of this Website;

Order Form” means an invoice, order form, quote or other similar documentation that contains the described Services and pricing, and that references this Agreement and is mutually executed by the parties.

Services” means the product(s) and service(s) that are ordered by Customer from Secfix under an Order Form referencing this SA (collectively with the described services in the applicable Order Form or Documentation).

Website” shall mean and include Secfix and any successor Website of the Company or any of its affiliates;


Please read these Terms of Use, our Privacy Policy, and all Applicable Supplemental Terms (Collectively, The "Terms") carefully, as they contain Terms and Conditions that impact your rights, obligations and remedies in connection with your Use of the Services and Content. For example, the Terms include:

  • Your Obligation to comply with all Applicable Laws and Regulations;
  • Limitations of our Liability to you; and
  • A Requirement that you Pursue claims or seek relief against us (Including Monetary, Injunctive, and Declaratory Relief) on an individual basis, rather than as a participant in any class or Representative Action or Proceeding.

Your Access To and Use of The Services is conditioned on Your Acceptance of and Compliance with all Applicable Terms. If you do not agree to these Terms or our Privacy Policy, then please cease using the Services immediately. We reserve the right to change these Terms at any time (see “Changes to these Terms” below.) By accessing, browsing and/or using the Services after updates to these Terms have been posted, you agree to be bound by the updated Terms. These Terms and our Privacy Policy constitute a Binding Agreement between You and Secfix.

Consequences of Non-Compliance

Your failure to comply with the Terms may result in the suspension or termination of your account and/or access to the Services, and may subject you to civil and criminal penalties.


You must be at least 18 (Eighteen) years of age to use this Website or any Services contained herein. By using this Website, you represent and warrant that you are at least 18 years of age and may legally agree to this Agreement. We assume no responsibility or liability for any misrepresentation of your age.


Fees. Customer will pay the fees set forth in the Order Form (the “Fees”). Except as otherwise specified herein or in any applicable Order Form.

Payment; Taxes. Secfix will invoice Customer for Fees, either within the Services or directly, within thirty (30) days of the Effective Date. Customer will pay all invoiced Fees net thirty (30) days from the date of the invoice. Fees do not include local, state, or federal taxes or duties of any kind and any such taxes will be assumed and paid by Customer, except for taxes on Secfix based on Secfix’s income or receipts

Late Payment; Secfix may suspend access to the Services immediately upon notice if Customer fails to pay any amounts hereunder at least fifteen ( 15) days past the applicable due date.


Term. This Agreement commences on the Effective Date and will remain in effect through the Initial Term and all Renewal Terms, as specified in the Order Form, unless otherwise terminated in accordance with this Clause (the Initial Term and all Renewal Terms collectively the “Term”). If the Order Form does not specify, the Initial Term will be one year and will automatically renew for successive one-year periods unless Customer provides Secfix with notice of termination at sixty (60) days prior to the end of the Term.

Termination for Cause. A Party may terminate this Agreement for cause (a) upon notice to the other Party of a material breach if such breach remains uncured after fifteen (15) days from the date of the breaching Party’s receipt of such notice; or (b) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. Non-payment of Fees by Customer past ninety (90) days from an invoice date, and any Prohibited Uses (as defined below), will be considered de facto material breaches of the Agreement.

Cancellation. A Party may terminate the Agreement and an applicable Order Form either (i) in accordance with the renewal provisions of the Order Form or (ii) if such provisions are not specified, by providing written notice to the other Party of termination forty-five (45) days prior to the end of the then-current Term.

Effect of Termination and Survival. Upon termination or cancellation of an Order Form or this Agreement

  1. With respect to termination of the entire Agreement, all Order Forms will concurrently terminate,
  2. Customer will have no further right to use the Services under the terminated or canceled Order Forms and Secfix will remove Customer’s access to same, and
  3. Unless otherwise specified in writing, Customer will not be entitled to any refund of fees paid.

Termination of this Agreement will not limit a Party’s liability for obligations accrued as of or prior to such termination or for any breach of this Agreement.


Licenses. We may provide you with certain information as a result of your use of the Website or Services as set forth in the Order Form. Such information may include but is not limited to, documentation, data, or information developed by us, and other materials which may assist in your use of the Website or Services ("Our Materials"). Subject to this Agreement, we grant you a non-exclusive, limited, non-transferable, and revocable license to use Our Materials solely in connection with your use of the Website and Services. Our Materials may not be used for any other purpose, and this license terminates upon your cessation of use of the Website or Services or at the termination of this Agreement.

Feedback. Customer may provide Secfix with recommendations or comments for enhancements or changes to the Services, new features or functionality, or other feedback (" Feedback ") from time to time. Secfix will have complete autonomy in deciding whether or not to build any desired enhancements, new features, or capabilities. Secfix will have the unrestricted right to utilize, incorporate, and otherwise fully exercise and exploit any such Feedback in connection with its products and services, without any obligation to recompense or reimburse Customer.

Limitations. The following restrictions (the " License Restrictions ") apply to the rights granted hereunder:

(a) reverse engineer, decompile, disassemble, modify, create derivative works of or otherwise create, attempt to create or derive, or permit or assist any third party to create or derive, the source code, object code or underlying structures, ideas or algorithms of the Services or any data related to the Services;

(b) attempt to probe, scan or test the vulnerability of the Services, breach the security or authentication measures of the Services without proper authorization or wilfully render any part of the Services unusable;

(c) use or access the Services to develop a product or service that is competitive with Secfix’s products or Services or engage in competitive analysis or benchmarking;

(d) share, transfer, distribute, resell, lease, license, or assign Services or otherwise offer the Services on a standalone basis; or

(e) otherwise use the Services outside the scope expressly permitted hereunder and in the applicable Order Form.


Confidentiality. If the parties have a separate mutual nondisclosure agreement, that agreement will control.

Otherwise, as used herein,“Confidential Information” means all information or materials furnished by the Disclosing Party to the Receiving Party orally, or in written or electronic form, which is confidential, proprietary, or otherwise not generally available to the public or that the Receiving Party reasonably should understand to be confidential based on the nature of the information or the circumstances surrounding its disclosure. For the sake of clarity, the Parties acknowledge that Confidential Information includes the terms and conditions of this Agreement.

Except as expressly permitted in this Agreement, the Receiving Party will not disclose, duplicate, publish, transfer or otherwise make available Confidential Information of the Disclosing Party in any form to any person or entity without the Disclosing Party’s prior written consent. The Receiving Party will not use the Disclosing Party’s Confidential Information except to perform its obligations under this Agreement, such obligations including, in the case of Secfix, to provide the Services. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to the extent required by law, provided that the Receiving Party:

  1. Gives the Disclosing Party prior written notice of such disclosure so as to afford the Disclosing Party a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure (if such notice is not prohibited by applicable law);
  2. Uses diligent efforts to limit disclosure and to obtain confidential treatment or a protective order; and;
  3. Allows the Disclosing Party to participate in the proceeding. Further, Confidential Information does not include any information that:
  4. is or becomes generally known to the public without the Receiving Party's breach of any obligation owed to the Disclosing Party;
  5. was independently developed by the Receiving Party without the Receiving Party's breach of any obligation owed to the Disclosing Party; or is received from a third party who obtained such Confidential Information without any third party's breach of any obligation owed to the Disclosing Party.


Definitions. “Service Data” means a subset of Confidential Information comprised of electronic data, text, messages, communications, or other materials submitted to and stored within the Services by Customer in connection with use of the Services. Service Data may include, without limitation, any information relating to an identified or identifiable natural person (‘data subject’) where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity of that natural person (such information, “Personal Data”). Service Data does not include metrics and information regarding Customer’s use of the Services, including information about how Authorized Users use the Services (such information, “Usage Data”).

Ownership. Customer will continue to retain its ownership rights to all Service Data processed under the terms of this Agreement and Secfix will own all Usage Data.

‍Secfix’s Use of Data. Secfix will use Service Data, Personal Data, and Usage Data as follows and, to the extent necessary, Customer provides Secfix a license to use, modify, reproduce, distribute, display and disclose same during the Term in accordance with this Agreement:

Operating the Services. Secfix may receive, collect, store and/or process Service Data based on Secfix’s legitimate interest in operating the Services. For example, Secfix may collect Personal Data (such as name or email address) through the account activation process. Secfix may also use Service Data in an anonymized manner for the training of the machine learning models to support certain features and functionality within the Services.

Communications. Secfix may communicate with Customer or Authorized Users

  1. To send product information and promotional offers
  2. About the services generally.

If Customer or an Authorized User does not want to receive such communications, Customer may email info@secfix.com. Customer and necessary Authorized Users will always receive transactional messages that are required for Secfix to provide the Services (such as billing notices and product usage notifications).

Improving the Services. Secfix may collect, and may engage third-party analytics providers to collect, Usage Data to develop new features, improve existing features, or inform sales and marketing strategies based on Secfix’s legitimate interest in improving the Services. When Secfix uses Usage Data, any Personal Data that was included in Service Data shall be anonymized and/or aggregated in such a manner that it no longer constitutes Service Data or Personal Data under applicable data protection laws. Any such third-party analytics providers will not share or otherwise disclose Usage Data, although Secfix may make Usage Data publicly available from time to time.

Connecting to Third-Party Services. Customer may wish to connect third-party services to the Services (e.g., connecting Secfix to Customer’s single-sign-on service to verify 2FA status of Customer’s employees). When Customer uses a third-party service to connect with Secfix, logs into the Services through a third-party authentication service, or otherwise provides Secfix with access to information from a third-party service, Secfix may obtain other information, including Personal Data, from those third parties and combine that Service or Usage Data based on Secfix’s legitimate interest in providing Customer with functionality that supports the Services. Any access that Secfix may receive to such information from a third-party service is always in accordance with the features and functionality, particularly as to authorization, of that service. By authorizing Secfix to connect with a third-party service, Customer authorizes Secfix to access and store any information provided to Secfix by that third-party service, and to use and disclose that information in accordance with this Agreement.

Third-Party Service Providers. Customer agrees that Secfix may provide Service Data and Personal Data to authorized third-party service providers only to the extent necessary to develop and operate the Services. Any such third-party service providers will only be given access to Service Data and Personal Data to the extent reasonably necessary to develop and operate the Services and will be subject to

  1. Confidentiality obligations that are commercially reasonable and substantially consistent with the standards described in this Agreement; and
  2. Their agreement to comply with the data transfer restrictions applicable to Personal Data as set forth below.

‍Service Data Safeguards.

  • Secfix will not sell, rent, or lease Service Data to any third party, and will not share Service Data with third parties, except as permitted by this agreement and to provide, secure, and support the Services.
  • Secfix will maintain commercially reasonable (particularly for a company of Secfix’s size and revenue) appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Service Data.


You agree that the Website and all Services provided by us are the property of Secfix, including all copyrights, trademarks, trade secrets, patents, and other intellectual property ("Our IP"). You agree that we own all rights, title, and interest in and to the Our IP and that you will not use Our IP for any unlawful or infringing purpose. You agree not to reproduce or distribute Our IP in any way, including electronically or via registration of any new trademarks, trade names, service marks, or Uniform Resource Locators (URLs), without express written permission from us.

  • To make the Website and Services available to you, you hereby grant us a royalty-free, non-exclusive, worldwide license to copy, display, use, broadcast, transmit and make derivative works of any content you publish, upload, or otherwise make available to the Website ("Your Content"). We claim no further proprietary rights in your Content.
  • If you feel that any of your intellectual property rights have been infringed or otherwise violated by the posting of information or media by another of our users, please contact us and let us know.


As a user of the Website or Services, you may be asked to register with us. When you do so, you will choose a user identifier, which may be your email address or another term, as well as a password. You may also provide personal information, including, but not limited to, your name. You are responsible for ensuring the accuracy of this information. This identifying information will enable you to use the Website and Services. You must not share such identifying information with any third party, and if you discover that your identifying information has been compromised, you agree to notify us immediately in writing. An email notification will suffice. You are responsible for maintaining the safety and security of your identifying information as well as keeping us apprised of any changes to your identifying information. Providing false or inaccurate information, or using the Website or Services to further fraud or unlawful activity is grounds for immediate termination of this Agreement.


You agree not to use the Website or Services for any unlawful purpose or any purpose prohibited under this clause. You agree not to use the Website or Services in any way that could damage the Website, Services, or general business of Secfix.

  • You further agree not to use the Website or Services:
  • To harass, abuse, or threaten others or otherwise violate any person's legal rights;
  • To violate any of our intellectual property rights or any third party;
  • To upload or otherwise disseminate any computer viruses or other software that may damage the property of another;
  • To perpetrate any fraud;
  • To engage in or create any unlawful gambling, sweepstakes, or pyramid scheme;
  • To publish or distribute any obscene or defamatory material;
  • To publish or distribute any material that incites violence, hate, or discrimination towards any group;
  • To unlawfully gather information about others.


The Website and Services are provided for communication purposes only. You acknowledge and agree that any information posted on Our Website is not intended to be legal advice, medical advice, or financial advice, and no fiduciary relationship has been created between you and us. You further agree that your purchase of any of the products or services on the Website is at your own risk. We do not assume responsibility or liability for any advice or other information given on the Website.


The following restrictions (the " License Restrictions ") apply to the rights granted hereunder:

(a) reverse engineer, decompile, disassemble, modify, create derivative works of or otherwise create, attempt to create or derive, or permit or assist any third party to create or derive, the source code, object code or underlying structures, ideas or algorithms of the Services or any data related to the Services;

(b) attempt to probe, scan or test the vulnerability of the Services, breach the security or authentication measures of the Services without proper authorization or wilfully render any part of the Services unusable;

(c) use or access the Services to develop a product or service that is competitive with Secfix’s products or Services or engage in competitive analysis or benchmarking;

(d) share, transfer, distribute, resell, lease, license, or assign Services or otherwise offer the Services on a standalone basis; or

(e) otherwise use the Services outside the scope expressly permitted hereunder and in the applicable Order Form.

(f) Violate the security of the Website or Services through any unauthorized access, circumvention of encryption or other security tools, data mining, or interference to any host, user, or network.


You agree to defend and indemnify us and any of our affiliates (if applicable) and hold us harmless against any legal claims and demands, including reasonable attorney's fees, which may arise from or relate to your use or misuse of the Website or Services, your breach of this Agreement, or your conduct or actions. You agree that we shall be able to select its legal counsel and may participate in its defense if we wish.


You understand and agree that we (A) do not guarantee the accuracy, completeness, validity, or timeliness of information listed by us or any third parties; and (B) shall not be responsible for any materials posted by us or any third party. You shall use your judgment, caution, and common sense in evaluating any prospective methods or offers and any information provided by us or any third party.

Further, we shall not be liable for direct, indirect consequential, or any other form of loss or damage that may be suffered by a user through the use of the Secfix Website including loss of data or information or any kind of financial or physical loss or damage.

In no event shall Secfix, nor its Owner, directors, employees, partners, agents, suppliers, or affiliates, be accountable for any indirect, incidental, special, eventful, or exemplary costs, including without limitation, loss of proceeds, figures, usage, goodwill, or other intangible losses, consequential from (i) your use or access of or failure to access or use the Service; (ii) any conduct or content of any third party on the Service; (iii) any content attained from the Service; and (iv) unlawful access, use or alteration of your transmissions or content, whether or not based on guarantee, agreement, domestic wrong (including carelessness) or any other lawful concept, whether or not we've been aware of the possibility of such damage, and even if a cure set forth herein is originated to have futile of its important purpose.


The information or data (collectively, "Information") made available at the Secfix Website are provided "AS IS," without warranties of any kind. Secfix expressly disclaims any representations and warranties, including without limitation, the implied warranties of merchantability and fitness for a particular purpose. Secfix shall have absolutely no liability in connection with the services including without limitation, any liability for damage to your computer hardware, data, information, Materials and business resulting from the Information or the lack of information available on the Secfix Website.


You are strictly prohibited from using the Website or any of our Services for illegal spam activities, including gathering email addresses and personal information from others or sending any mass commercial emails.


These Terms. We may make changes in this SA from time to time. In this case the new SA will supersede former versions. Secfix will notify Customer not less than ten (10) days prior to the effective date of any such changes. Customer’s continuous use of the Website and the Service following any such changes maybe considered by Secfix as consent to any such change. You agree that we have the right to modify this Agreement or revise anything contained herein. If we fail to enforce any provision of this SA at any time it does not constitute a waiver of such provision or any other provision of this SA.

Secfix Service. You acknowledge that Secfix may change, deprecate or republish Secfix APIs for any Secfix Services or feature of the Secfix Services from time to time, and that it is your responsibility to ensure that calls or requests you makes to the Secfix Services are compatible with then-current Secfix APIs for the Secfix Services. Although Secfix endeavors to avoid changes to the Secfix APIs or Secfix Services that are not backwards compatible, if any such changes become necessary Secfix will endeavor to notify you at least thirty (30) days prior to Secfix’s implementation of any such incompatible changes to the Secfix Service of which it becomes aware.


This Agreement constitutes the entire understanding between the Parties concerning any use of this Website. This Agreement supersedes and replaces all prior or contemporaneous agreements or understandings, written or oral, regarding the use of this Website.


We may need to interrupt your access to the Website to perform maintenance or emergency services on a scheduled or unscheduled basis. You agree that your access to the Website may be affected by unanticipated or unscheduled downtime, for any reason, but that we shall have no liability for any damage or loss caused as a result of such downtime.


You agree that your use of the Website and Services is at your sole and exclusive risk and that any Services provided by us are on an "As Is" basis. We hereby expressly disclaim any express or implied warranties of any kind, including, but not limited to the implied warranty of fitness for a particular purpose and the implied warranty of merchantability. We make no warranties that the Website or Services will meet your needs or that the Website or Services will be uninterrupted, error-free, or secure. We also make no warranties as to the reliability or accuracy of any information on the Website or obtained through the Services. You agree that any damage that may occur to you, through your computer system, or as a result of the loss of your data from your use of the Website or Services is your sole responsibility and that we are not liable for any such damage or loss.


Under no legal theory, whether in tort, contract, or otherwise, will either party be liable to the other under this agreement for any indirect, special, incidental, consequential or punitive damages of any character that may occur to you as a result of your use of the Website or Services, to the fullest extent permitted by law. This section applies to any claims by you, including, but not limited to, lost profits, lost sales or business, work stoppage, computer failure or malfunction, lost content or data, negligence, strict liability, fraud, or torts of any kind.



  1. JURISDICTION, VENUE & CHOICE OF LAW: The terms herein will be governed by and construed by the laws of Germany without giving effect to any principles of conflicts of law. Any disputes under this SA shall be resolved in a court of general jurisdiction in Berlin, Germany.
  2. ASSIGNMENT: This Agreement, or the rights granted hereunder, may not be assigned, sold, leased, or otherwise transferred in whole or part by you. Should this Agreement, or the rights granted hereunder, be assigned, sold, leased, or otherwise transferred by us, the rights and liabilities of Secfix will bind and inure to any assignees, administrators, successors, and executors.
  3. SEVERABILITY: If any part or sub-part of this Agreement is held invalid or unenforceable by a court of law or competent arbitrator, the remaining parts and sub-parts will be enforced to the maximum extent possible. In such a condition, the remainder of this Agreement shall continue in full force.
  4. NO WAIVER: If we fail to enforce any provision of this Agreement, this shall not constitute a waiver of any future enforcement of that provision or any other provision. Waiver of any part or sub-part of this Agreement will not constitute a waiver of any other part or sub-part.
  5. HEADINGS FOR CONVENIENCE ONLY: Headings of parts and sub-parts under this Agreement are for convenience and organization, only. Headings shall not affect the meaning of any provisions of this Agreement.
  6. NO AGENCY, PARTNERSHIP, OR JOINT VENTURE: No agency, partnership, or joint venture has been created between the Parties as a result of this Agreement. No Party has any authority to bind the other to third parties.
  7. FORCE MAJEURE: We are not liable for any failure to perform due to causes beyond its reasonable control including, but not limited to, acts of God, acts of civil authorities, acts of military authorities, riots, embargoes, acts of nature, and natural disasters, and other acts which may be due to unforeseen circumstances, i.e., COVID-19.
  1. ELECTRONIC COMMUNICATIONS PERMITTED: Electronic communications are permitted to both Parties under this Agreement, including e-mail. For any questions or concerns, please use the contact us form on the website or email us.