Terms of Service

Terms of Service

Effective Date: 01/01/2026
Company Name: ProceMX Ltd
Introduction

These Terms of Service (“Terms”) govern access to and use of the Work and Asset Management software platform, mobile applications, APIs, and related services (the “Services”) provided by ProceMX Ltd (“Company”, “we”, “us”, or “our”).

The Services are operated in alignment with SOC 2 Trust Services Criteria, as applicable to our audited scope.

By accessing or using the Services, you agree to be bound by these Terms.

  1. Description of Services

The Company provides cloud-based enterprise software including but not limited to:

  • Work order and workflow management
  • Asset lifecycle management
  • GIS-enabled asset mapping
  • Mobile workforce applications
  • Reporting and analytics
  • API and third-party integrations

Service features and availability may vary by contract.

  1. Security and SOC 2 Commitment

We maintain an information security program designed to align with the AICPA Trust Services Criteria covering:

  • Security (Common Criteria)
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy (where applicable)

Our security program includes:

  • Documented security policies and procedures
  • Role-based access controls (RBAC)
  • Multi-factor authentication for administrative access
  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (where supported by infrastructure)
  • Continuous monitoring and logging
  • Vulnerability management processes
  • Secure software development lifecycle (SDLC) controls
  • Periodic third-party security assessments

Details of our SOC 2 report may be provided under NDA upon request.

  1. Customer Responsibilities

You are responsible for:

  • Maintaining confidentiality of user credentials
  • Proper configuration of user permissions
  • Ensuring lawful use of the Services
  • Ensuring that Customer Data is accurate and lawful

You agree not to:

  • Attempt unauthorised access
  • Circumvent security controls
  • Introduce malicious code
  • Use the Services for unlawful purposes
  1. Data Ownership and Processing

5.1 Customer Data

You retain ownership of all data uploaded to the Services (“Customer Data”).

We process Customer Data solely for:

  • Providing and maintaining the Services
  • Supporting customer operations
  • Meeting legal and regulatory obligations

5.2 Data Protection

Where applicable under UK GDPR or other data protection laws:

  • You act as Data Controller
  • We act as Data Processor

A separate Data Processing Agreement (DPA) governs data protection obligations.

  1. Confidentiality

We implement controls designed to protect Customer Data classified as confidential, including:

  • Logical segregation of customer environments
  • Access restrictions based on least privilege
  • Confidentiality agreements for personnel
  • Secure data disposal processes

Both parties agree to protect each other’s confidential information.

  1. Availability and Business Continuity

We maintain controls designed to support availability, including:

  • Infrastructure redundancy (where applicable)
  • Backup and restore procedures
  • Disaster recovery planning
  • Incident response procedures

Availability targets, if applicable, are defined in a separate Service Level Agreement (SLA).

We do not guarantee uninterrupted or error-free service.

  1. Incident Response and Breach Notification

We maintain documented incident response procedures.

In the event of a confirmed security incident affecting Customer Data:

  • We will investigate promptly
  • We will take reasonable remediation measures
  • We will notify affected customers without undue delay, in accordance with applicable law

Notification will include known details regarding scope and mitigation steps.

  1. Subprocessors

We may engage trusted third-party service providers (subprocessors) to support delivery of the Services (e.g., cloud infrastructure providers).

We:

  • Maintain due diligence procedures
  • Require contractual security commitments
  • Maintain an up-to-date subprocessor list upon request
  1. Intellectual Property

All intellectual property rights in the Services remain the property of the Company or its licensors.

No rights are granted except the limited licence to use the Services during the contracted term.

  1. Fees and Payment

Fees are payable in accordance with your agreement.

Fees are non-refundable unless otherwise stated.

Failure to pay may result in suspension.

  1. Warranties

We warrant that:

  • The Services will be provided in a commercially reasonable manner
  • We maintain controls aligned to SOC 2 Trust Services Criteria within the scope of our audit

Except as expressly stated, the Services are provided “as is.”

  1. Limitation of Liability

To the maximum extent permitted by law:

  • Our aggregate liability shall not exceed fees paid in the preceding 12 months.
  • We are not liable for indirect, incidental, special, or consequential damages.

Nothing excludes liability for:

  • Death or personal injury caused by negligence
  • Fraud
  • Liability that cannot be excluded under law
  1. Term and Termination

These Terms remain effective during your subscription term.

We may suspend or terminate for:

  • Material breach
  • Non-payment
  • Legal requirement

Upon termination:

  • Access will cease
  • Customer Data handling will follow the DPA and data retention policy
  1. Audit and Compliance Transparency

Where applicable and subject to confidentiality:

  • We may provide SOC 2 reports under NDA to Enterprise Customers
  • We may provide security questionnaires
  • Direct audits are not permitted unless legally required
  1. Force Majeure

We are not liable for failure to perform due to events beyond reasonable control.

  1. Governing Law

These Terms are governed by the laws of Scotland, and disputes shall be subject to the exclusive jurisdiction of its courts.

  1. Contact Information

Chief Executive Officer
Email: info@procemx.com
Address: Skypark 3, Glasgow G3 8EP