Legal · Acceptable Use Policy

V/ergent Acceptable Use Policy

Version 2026-04. Operated by Vergent Technology Solutions Ltd. Questions: legal@vergent.co.ke.

This Acceptable Use Policy (the "AUP") governs your use of the V/ergent platform (the "Service") operated by Vergent Technology Solutions Ltd. ("Vergent", "we", "us"). By accepting this policy at sign-up — or by continuing to use the Service — you (the "Customer" and each individual "User") agree to the terms below. This AUP is in addition to any signed master services agreement, statement of work, or order form between Vergent and the Customer; in case of conflict, the signed agreement governs.

1. Permitted use & scope of authority

The Service is licensed for use only against systems and data the Customer is legally authorised to audit. The Customer represents and warrants that, for every system, dataset, file, credential, or connector configured in the Service, it has obtained all necessary internal approvals, third-party consents, regulatory clearances, and contractual rights to allow Vergent to read, process, and analyse that data on the Customer's behalf.

Users must not:

  • Configure the Service to scan, ingest, or audit systems they do not own or are not contractually authorised to assess.
  • Use the Service to attack, probe, exploit, or disrupt any system — including Vergent's own infrastructure — beyond the read-only audit functionality the Service provides.
  • Attempt to bypass rate limits, authentication, or scope controls within the Service.
  • Reverse-engineer, decompile, or attempt to extract the source code, models, rule sets, or proprietary algorithms behind the Service.
  • Resell, sublicense, or expose the Service (or any output that materially reproduces the Service's findings logic) to third parties without a written reseller agreement with Vergent.

2. Intellectual property

All software, source code, documentation, audit-rule libraries, scoring models, branding, and design of the Service are and remain the exclusive intellectual property of Vergent. The Customer is granted a limited, non-exclusive, non-transferable, non-sublicensable licence to use the Service for the term of the agreement and only for the Customer's own internal compliance, security, and audit purposes.

The Customer retains full ownership of:

  • All data they upload, connect, or extract through the Service (the "Customer Data").
  • Findings, reports, and remediation evidence produced by the Service from Customer Data.

Vergent may retain de-identified, aggregated telemetry — for example, "X% of Oracle Fusion tenants surveyed had MFA disabled" — to improve the Service. Vergent will never use Customer Data, Customer-specific findings, or any personally identifying information for training shared models, marketing other customers, or external publication without the Customer's written consent.

3. Confidentiality & data handling

  • Customer Data is treated as confidential and stored encrypted in transit (TLS 1.2+) and at rest.
  • Connector credentials are encrypted with per-tenant keys and never exposed in logs, emails, or reports.
  • By default, Customer Data is retained for twelve (12) months after each engagement closes, then permanently deleted. The Customer may request earlier deletion in writing.
  • Vergent staff access Customer Data only to deliver the Service, support the Customer, or comply with a lawful order — and only the minimum number of staff with a need to know.

4. Customer responsibilities & liability for misuse

The Customer is solely responsible for:

  1. Authorisation. Confirming each connected system is in scope and that the Service's access has been approved by the system owner.
  2. User governance. Promptly removing users who leave the Customer's organisation, keeping role assignments accurate, and protecting login credentials.
  3. Acting on findings. Deciding which findings to remediate, accept, or transfer; how to time those decisions; and how to communicate them inside their organisation. Vergent surfaces evidence — the Customer interprets and acts on it.
  4. Sharing of reports. Reports and findings exported from the Service may identify systems, users, and sensitive controls. The Customer is responsible for handling exports under their own information-classification rules.
Misuse. If a User configures the Service to ingest data they did not have authority to access, or shares reports outside their authorised audience, the Customer is fully responsible for the consequences — including any third-party claims, regulatory fines, or breach-notification obligations that follow. The Customer agrees to defend, indemnify, and hold Vergent harmless from any third-party claim arising out of (a) the Customer's misuse of the Service, (b) data or systems connected without authority, or (c) decisions the Customer made on the basis of the Service's output.

5. Vergent's role & liability disclaimer

The Service is an audit and intelligence platform. It surfaces evidence and risk-rated findings. It does not make remediation decisions, accept residual risk on the Customer's behalf, or replace internal control owners or auditors.

The Service is provided "as is" and "as available". To the maximum extent permitted by law, Vergent disclaims all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement. Specifically, Vergent does not warrant that:

  • Every vulnerability or control failure in the Customer's environment will be detected by the Service.
  • Every finding the Service produces is material in the Customer's specific business or regulatory context — Customer judgement is required.
  • The Service will be uninterrupted or error-free at every moment.

Vergent's aggregate liability for any claim arising out of the Service is capped at the fees paid by the Customer to Vergent in the twelve (12) months preceding the claim. Vergent is not liable for indirect, consequential, special, or punitive damages, including lost profits, lost revenue, lost data, or business interruption. The Customer remains solely responsible for the security, compliance, and operational decisions it makes on the basis of the Service.

6. Suspension & termination

Vergent may suspend or terminate access to the Service if a User materially breaches this AUP — for example, by attempting to scan unauthorised systems, abusing rate limits, exporting credentials, or reverse-engineering the platform. Where practical, Vergent will give the Customer notice and a chance to cure. Where the breach is causing or about to cause harm, Vergent may suspend immediately and notify the Customer in parallel.

7. Changes to this policy

Vergent may update this AUP from time to time. The current version is shown above. When the version changes meaningfully, Users will be prompted to re-accept on their next login. Continued use of the Service after re-acceptance constitutes agreement to the updated AUP.

8. Governing law & contact

This AUP is governed by the laws of the Republic of Kenya. Disputes will be resolved in the courts of Nairobi, save where the Customer's signed master services agreement specifies a different forum.

Questions, security disclosures, or notices: legal@vergent.co.ke · Vergent Technology Solutions Ltd., Nairobi, Kenya.

This page is operational guidance and does not replace tailored legal advice. Customers regulated under DORA, NIS2, HIPAA, or other regimes should review this AUP alongside their own legal counsel and their signed agreement with Vergent.