Skip to content
Encor
HomePricingPrivacySign inStart free
Legal

Terms of Service

What you agree to when you use Encor — including what the product is, what it isn't, and the limits of our liability around ISO/IEC 42001 certification outcomes.

Terms of Service

Last updated: 2026-05-15

1. Agreement

These Terms ("Terms") govern your use of Encor, operated by [Encor Operating Entity Inc.] ("Encor", "we"). By creating an account, clicking "I agree", or using the service you accept these Terms in their entirety. If you accept on behalf of an organisation, you confirm you have authority to bind it.

For enterprise contracts, an MSA + Order Form takes precedence over these Terms.

2. The service — what Encor is and is not

Encor is a SaaS product that helps organisations prepare for ISO/IEC 42001 certification by generating documented information templates, maintaining registers, and producing audit-ready evidence packages.

Encor is software, not a certification body, not an auditor, not a consultancy, and not a substitute for legal, regulatory, or compliance advice. Specifically:

  • ISO/IEC 42001 certification can only be granted by an accredited third-party certification body that audits your operating management system. Encor is not such a body and has no role in any formal audit.
  • Encor's outputs — generated documents, register entries, Statement of Applicability, evidence indices, gap assessments, AI-suggested text — are drafts and templates. They reflect Encor's interpretation of the standard's requirements and are intended as a starting point you adapt, verify, and approve.
  • Encor's outputs may contain errors, omissions, outdated references, or content generated by large language models that appears confident but is incorrect. AI-generated text is, by its nature, never guaranteed to be accurate or appropriate for your specific context.
  • Operating an AI management system that conforms to ISO/IEC 42001 requires real organisational practice — leadership commitment, trained personnel, evidence of operation over time — that no SaaS product can supply on your behalf.

2A. Your responsibilities — verification and audit readiness

You are solely responsible for:

  • Reviewing every Encor output — every generated document, every register entry, every SoA justification, every AI-drafted suggestion — for accuracy, completeness, fitness for purpose, and conformance with the version of ISO/IEC 42001 that applies to your audit.
  • Verifying that the artefacts Encor produces accurately describe your actual operating reality. Encor cannot know what your organisation actually does; it generates plausible drafts based on the answers and inputs you provide.
  • Engaging qualified professionals — internal compliance staff, a consultancy, your accredited certification body's pre-audit advice, or external counsel — to validate your AI management system before any external audit.
  • Selecting and engaging an accredited certification body and passing their audit on the merits of your operating evidence.
  • Maintaining your management system between audits, including updates required by changes to the standard, your AI systems, your organisational structure, applicable law, or audit findings.
  • Determining the legal, regulatory, and contractual obligations that apply to your AI systems in each jurisdiction you operate. Encor surfaces high-level prompts but does not provide legal advice.

You acknowledge that the success or failure of any certification audit is determined entirely by your organisation's preparation, operating practice, and the auditor's judgement — not by the use of Encor.

2B. No certification guarantee

Encor makes no representation, warranty, or guarantee, express or implied, that:

  • Use of Encor will result in any specific audit outcome, including but not limited to passing an ISO/IEC 42001 certification audit, surveillance audit, or recertification audit;
  • Encor's outputs are sufficient, complete, accurate, current, or appropriate for any particular audit, auditor, certification body, jurisdiction, or use case;
  • Encor's outputs reflect the most recent version of ISO/IEC 42001 or any related standard, regulation, guidance, or interpretation;
  • Use of Encor will reduce your audit timeline, audit cost, audit finding count, or audit risk;
  • An auditor will accept Encor-generated documentation in the form Encor provides; auditors typically require evidence of operation, not just documents.

You assume all risk arising from your use of Encor's outputs in any audit, regulatory submission, customer due-diligence response, investor diligence, or other context.

3. Accounts and workspaces

You're responsible for:

  • The accuracy of data you provide.
  • Keeping credentials confidential. Enabling 2FA is recommended for any user with admin or owner role.
  • The acts and omissions of users you invite to your workspace.
  • Authorisation to upload any third-party content you upload.

4. Acceptable use

You may not:

  • Reverse-engineer the service except as permitted by law.
  • Bypass usage limits, rate limits, or security controls.
  • Use the service to generate or distribute illegal content.
  • Use Encor-hosted infrastructure to attack other systems.
  • Resell access to the service without written permission.
  • Use the service in violation of any export-control or sanctions law.

We can suspend an account that materially violates this section, with notice where practicable.

5. Subscriptions and payment

  • Paid plans renew automatically until cancelled.
  • Fees are stated on encorsys.com/pricing or in your Order Form.
  • Plans are billed monthly or annually (your choice).
  • Prices may change at the start of any new term with 30 days' notice.
  • Refunds are not generally provided; we'll consider them case-by-case when we've materially failed to deliver.
  • All fees exclude tax. You're responsible for local VAT/sales tax, which we collect via Stripe Tax where required.

6. Customer data and IP

  • You own the content you put into your workspace ("Customer Data").
  • You grant Encor the limited licence required to host, process, and display Customer Data to you and your invited users.
  • We do not use Customer Data to train AI models, ours or any third party's.
  • You can export your Customer Data at any time via the audit-kit ZIP
    • per-doc downloads.
  • Encor owns the service software, the Encor templates, and improvements to them.

7. Confidentiality

Each party will treat the other's non-public information as confidential and use it only to perform under these Terms. Confidential information does not include data that is public, independently developed, or disclosed under legal compulsion.

8. Warranties and disclaimers

We warrant only that the service will perform materially as described in our documentation. EXCEPT FOR THIS LIMITED EXPRESS WARRANTY, THE SERVICE AND ALL OUTPUTS ARE PROVIDED "AS IS" AND "AS AVAILABLE". ENCOR DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WITHOUT LIMITATION:

  • MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, NON-INFRINGEMENT, QUIET ENJOYMENT, AND TITLE;
  • ANY WARRANTY THAT THE SERVICE OR ITS OUTPUTS WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF HARMFUL COMPONENTS;
  • ANY WARRANTY ARISING OUT OF COURSE OF DEALING, USAGE, OR TRADE.

Without limiting the foregoing, Encor expressly disclaims any warranty that:

  • The service or its outputs will result in or contribute to a successful ISO/IEC 42001 certification audit, recertification, surveillance audit, internal audit, or any other compliance, regulatory, or assurance outcome;
  • The service or its outputs are accurate, current, complete, or appropriate for your specific organisation, AI systems, jurisdiction, customers, regulators, or auditors;
  • AI-generated content within the service is correct, reliable, or free from hallucination, omission, or misinterpretation of the underlying standard;
  • The service constitutes legal advice, audit advice, regulatory advice, or professional consulting of any kind.

You waive any claim against Encor based on reliance on the service's outputs in any audit, regulatory submission, contract representation, marketing claim, or other use.

9. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

(a) NO INDIRECT DAMAGES. Neither party shall be liable to the other for any indirect, incidental, special, consequential, exemplary, or punitive damages; for loss of profits, revenue, business, goodwill, anticipated savings, opportunity, or data; for cost of substitute goods or services; or for damages arising from any certification audit failure, regulatory enforcement action, contractual penalty, or third-party claim — even if Encor has been advised of the possibility of such damages and even if any limited remedy fails of its essential purpose.

(b) AGGREGATE CAP. Encor's total cumulative liability arising out of or related to these Terms or the service, regardless of the form of action (contract, tort, statute, or otherwise), shall not exceed the lesser of (i) the fees you actually paid Encor in the twelve (12) months preceding the event giving rise to the claim, or (ii) USD $100.

(c) AUDIT-RELATED CLAIMS. Without limiting subsection (b), Encor has zero liability for any loss, cost, fee, penalty, or damage of any kind arising out of, related to, or in connection with any ISO/IEC 42001 certification audit, surveillance audit, recertification audit, internal audit, regulatory examination, or third-party assessment — including without limitation auditor fees, consultancy fees, lost certification, lost contracts, lost revenue, reputational harm, or remediation costs — regardless of whether such loss arises from errors, omissions, or hallucinations in Encor's outputs, from your reliance on those outputs, or from any other cause.

(d) BASIS OF THE BARGAIN. You acknowledge that the fees Encor charges reflect the allocation of risk in this section, that without this allocation Encor could not offer the service at its current price, and that you have had the opportunity to consult counsel regarding these limitations.

The exclusions and limitations in this section do not apply to: (i) a party's indemnification obligations under section 10; (ii) breach of the confidentiality obligations in section 7; (iii) a party's gross negligence, willful misconduct, or fraud; or (iv) any liability that applicable law prohibits limiting (in which case, this section applies to the maximum extent permitted).

10. Indemnification

We will defend and indemnify you against third-party claims that the service, as provided by us and used in accordance with these Terms, infringes that party's IP rights, subject to commercially reasonable mitigation by us.

You will defend and indemnify us against third-party claims arising from your Customer Data or your breach of section 4.

11. Termination

You may cancel a subscription at any time effective at the end of the current billing period. We may terminate for material uncured breach on 30 days' notice. On termination you have 60 days to export Customer Data; thereafter we delete it.

12. Service modifications

We may modify the service so long as we don't materially reduce core functionality during a paid term. Material changes are announced in-product with at least 30 days' notice.

13. Governing law and venue

These Terms are governed by the law of [State / Province / Country — typically Delaware (US) or England & Wales for international SaaS]. Venue: [same]. Both parties waive the right to a jury trial in any dispute arising under these Terms.

14. Miscellaneous

  • These Terms are the complete agreement and supersede prior discussions.
  • If any term is unenforceable, the rest remain in effect.
  • Notices to Encor: legal@encorsys.com.
  • Notices to you: the email on your account.
  • You may not assign these Terms without our consent (except in a bona fide M&A).
  • Force majeure: neither party is liable for delays due to events outside reasonable control.
© Encor. ISO/IEC 42001 references are informational; we paraphrase, never reproduce.
PrivacySecurityTerms