ControlStandard.Tools — Terms and Conditions

Last updated: 5 June 2026
Provider: Scorchsoft Ltd (company no. 07246693), registered in England and Wales.
Registered office: 13 Portland Road, Edgbaston, Birmingham, B16 9HN, United Kingdom.
Contact: info@scorchsoft.com

Marks: Scorchsoft® is a registered trade mark of Scorchsoft Ltd. The Control Standard™ and ControlStandard.Tools™ are trade marks used by Scorchsoft Ltd. Unauthorised use is prohibited.

1. Definitions

"Account Owner" means the User designated as administrator of the Customer's Organisation, with authority to bind the Customer, manage subscriptions and seats, configure Teams, configure SSO, and issue or revoke API Keys.
"Agreement" means these Terms and Conditions and any documents expressly incorporated by reference (including the Privacy Policy).
"API" means the read-only application programming interface that we make available at /api/v1 (and any future versioned mounts) for programmatic access to your Organisation's data.
"API Key" means a bearer-token credential we issue under your Organisation that authenticates calls to the API.
"Authorised Users" means your employees, contractors, and other people whom you authorise to access the Service under your account or organisation. Authorised Users must be under your direction and control.
"Customer", "you", "your" means the individual or entity who accepts this Agreement, creates an account, or uses the Service.
"Organisation" means the workspace created when you register, to which one or more Authorised Users may be linked.
"Service" or "Platform" means the ControlStandard.Tools web application and its features, including the Control Score and Pain Automation diagnostics, the Control Index Snapshot, project tracking, chapter assessments, the Pocket Standard download, and the API.
"Scorchsoft", "we", "us", "our" means Scorchsoft Ltd.
"SSO" means single sign-on via an external identity provider configured for your Organisation.
"Team" means an optional sub-group of Authorised Users within an Organisation, used to scope what each member can see.
"Team Manager" means the User designated as manager of a particular Team, with visibility of that Team's projects, check-ins, and member-level results.
"Your Content" means inputs, narratives, project data, check-in answers, reflections, and other materials you or your Authorised Users actively submit to the Service.
"Written" or "in writing" includes email. Notices in writing are validly given when sent to the email address on the relevant party's account, or to info@scorchsoft.com for notices to us.

2. Contract formation and term

2.1 Acceptance. By creating an account, accepting an invitation to an Organisation, or otherwise using the Service, you agree to this Agreement. If you do not agree, do not use the Service.

2.2 Authority. If you register or accept these Terms on behalf of an organisation, you warrant that you have authority to bind that organisation, and references to "you" include the organisation and its Authorised Users.

2.3 Eligibility. You confirm you are at least 18, are legally capable of entering into a contract, and are not prohibited from using the Service under applicable laws or sanctions.

2.4 Term. This Agreement begins when you first access the Service and continues until terminated in accordance with Clause 6.

2.5 Updates. We may update this Agreement from time to time. Where the changes are material we will notify you by email or by an in-Service notice and will require you to re-accept the updated Agreement before continuing to use the Service.

2.6 Intended use. The Service is intended for business or professional use. By using the Service you confirm you are acting in a business or professional capacity and not as a consumer.

3. Licence grant and Authorised Users

3.1 Licence grant. Subject to your compliance with this Agreement, we grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Service during the term of this Agreement for your internal business purposes.

3.2 Licence restrictions. This licence does not include any right to:

(a) sublicense, resell, rent, or otherwise redistribute access to the Service;

(b) use the Service to provide a competing service or to benchmark it for that purpose;

(d) access the Service other than through the interfaces we provide;

(e) use the Service in any manner that exceeds the scope of the licence granted, or in breach of the Acceptable Use rules in Clause 10.

3.3 Authorised Users. You may permit Authorised Users to access the Service under your Organisation. You are responsible for:

(a) ensuring each Authorised User complies with this Agreement;

(b) all acts and omissions of your Authorised Users as if they were your own;

(d) promptly revoking access for any Authorised User who leaves your organisation or no longer requires access; and

(e) ensuring that Authorised Users do not share credentials.

3.4 User and seat limits. We may impose limits on the number of Authorised Users, seats, projects, snapshots, or other usage parameters depending on your plan. Such limits will be communicated via the Service or in your plan.

3.5 Account security. You must promptly notify us if you suspect unauthorised access to your account. You are responsible for all activity performed using your credentials until you notify us and we have had a reasonable opportunity to act. Where multi-factor authentication is available, we recommend you and your Authorised Users enable it. Where you mark a device as "trusted" to reduce repeated 2FA prompts, you are responsible for revoking that trust if the device is lost, shared, or otherwise no longer under your control.

3.6 Roles and Team scoping. Within your Organisation, the Account Owner has authority to bind the Customer, manage billing, configure Teams, manage SSO, and issue API Keys. Team Managers can see the projects, check-ins, and member-level results of the Team(s) they manage. Aggregate Team views may surface results across Authorised Users to Team Managers and the Account Owner. You are responsible for assigning these roles correctly and for any visibility or access that those role assignments confer.

4. API access

4.1 Licence. Subject to your compliance with this Agreement, we grant you a limited, non-exclusive, non-transferable, revocable licence to access the API during the term of this Agreement for your internal business purposes. Read-only access is the only form of API access currently offered; we make no commitment to provide write endpoints.

4.2 API Keys are credentials. API Keys are bearer tokens — anyone in possession of an active API Key can read the data within its scope. You must:

(a) keep API Keys secret and treat them with at least the same care as a password;

(b) not share API Keys with third parties other than systems acting under your direction;

(d) rotate or revoke any API Key you suspect may have been disclosed or compromised.

You are responsible for all activity performed using a valid API Key issued under your Organisation until you revoke it, or until you notify us and we have had a reasonable opportunity to act.

4.3 Issuance and scope. The Account Owner (and any other User with the necessary permission) may create API Keys with either Organisation-wide scope or Team scope. Team-scoped keys return only data within the named Team. We may impose caps on the number of active keys per Organisation or per Team, set expiry, and require periodic rotation. Current caps are published in the Service and may be changed on reasonable notice.

4.4 Rate limits and acceptable use. API requests are subject to rate limits and to the Acceptable Use rules in Clause 10. We may throttle, block, or revoke any API Key without prior notice to protect the Service, address suspected compromise, or respond to a breach of this Agreement.

4.5 Audit. We maintain a record of API Key lifecycle events (creation, rotation, revocation, and restoration) and per-day request counters, for your security and ours.

4.6 Changes to the API. The API is versioned at /api/v1. We may add, change, deprecate, or remove API endpoints, fields, error formats, rate limits, and key caps on reasonable notice (and immediately where required for security or to comply with law). Endpoints marked "beta" or "preview" are provided as-is under Clause 11.4.

4.7 No SLA. Unless a separate service-level agreement has been signed in writing, the API is provided on the same "reasonable efforts" basis as the rest of the Service under Clause 11.1.

5. Single sign-on and external identity providers

5.1 Configuration. The Account Owner may configure one or more external identity providers (for example, OIDC or SAML) for the Organisation. The selection, configuration, and ongoing security of those providers is your responsibility.

5.2 Reliance on the IdP. When SSO is enabled for your Organisation, we rely on the identity provider's assertions about each user (including the user's identifier, email address, and whether the email is verified). We do not independently verify those assertions and are not responsible for any error, mis-issuance, or compromise at the identity provider.

5.3 Auto-provisioning. Where you enable auto-provisioning, sign-in via the identity provider may create new Authorised User accounts under your Organisation and apply the default role you have selected. You are responsible for confirming that role choice is appropriate, for promptly de-provisioning leavers in the identity provider, and for any consequences of users gaining access via your identity provider configuration.

5.4 Outages and downtime. We are not liable for failures of, downtime in, or delays caused by your identity provider, your network, or any intermediary between you and us. SSO failures may prevent sign-in even when the Service itself is available.

6. Account suspension and termination

6.1 Termination for cause. We may suspend or terminate your account immediately, without notice, for:

(a) material breach of this Agreement (including the Acceptable Use rules in Clause 10);

(b) abusive, fraudulent, or unlawful conduct;

(d) threat to the security or integrity of the Service or to other users; or

(e) where required by law or by a competent authority.

6.2 Termination for convenience. Either party may terminate this Agreement on 30 days' written notice. We may terminate immediately on written notice if your Organisation has been inactive for an extended period and we reasonably believe the account has been abandoned.

6.3 Your cancellation. You may cancel your account at any time via your account settings or by emailing info@scorchsoft.com. For paid plans, access continues until the end of any paid period.

6.4 Effect of termination. On termination:

(a) access to the Service ceases (immediately on termination for cause; otherwise at the end of the notice period);

(b) all licences granted to you are revoked and all active API Keys cease to function;

(d) any prepaid fees are non-refundable except where termination is by you for our material uncured breach.

6.5 Data export. You may use the API to export Your Content at any time during the term, subject to its read-only scope. In addition, you may request an export of Your Content within 30 days of termination, except where we have terminated for cause under Clause 6.1. We will provide a reasonable export within 14 days of request.

7. Plans, fees and billing

7.1 Free and paid plans. The Service is offered on a free tier and on one or more paid tiers. The current plans, features, and prices are shown on the pricing page within the Service and form part of this Agreement when you select a plan.

7.2 Currency and tax. All fees are in pounds sterling (GBP) unless otherwise stated. Fees exclude VAT and other applicable taxes, which will be added where required. UK VAT-registered customers will be charged VAT at the prevailing rate.

7.3 Billing and renewal. Where fees apply, subscriptions are billed in advance (monthly or annually as selected) and renew automatically at the end of each billing period unless cancelled before the renewal date.

7.4 Payment processor. Payments are processed by Stripe. We do not store full payment card details on our systems. By providing a payment method you agree to Stripe's terms in addition to these Terms.

7.5 Late payment. For overdue invoices we may, in addition to any other remedies:

(a) charge interest at 8% above the Bank of England base rate;

(b) suspend access until payment is received; and

7.6 Price changes. We may change prices with at least 30 days' written notice. Changes apply at your next renewal — you may cancel before the new price takes effect.

7.7 Refunds. Except for the money-back guarantee in clause 7.10, fees are non-refundable except where required by law or where you terminate for our material uncured breach. We may, at our discretion, offer a refund or credit as a goodwill gesture.

7.8 Chargebacks. You are responsible for cancelling before renewal. Filing a chargeback or payment dispute for validly charged fees constitutes a material breach and may result in immediate suspension and recovery of disputed amounts plus reasonable costs.

7.9 Free tier. Free access creates no entitlement to continued free access. We may change the features available on the free tier or retire it on reasonable notice.

7.10 14-day money-back guarantee. For a new paid subscription you may request a full refund of your most recent payment within 14 days of that payment, provided that, at the time of the request, the Account Owner has (a) completed less than half of the course content then available on the plan and (b) not been issued a course completion certificate. This self-service refund is available from the billing page within the Service; processing it cancels your subscription and returns your Organisation to the free tier with immediate effect. Requests that fall outside these conditions are not granted automatically, but you are welcome to contact us and we will consider them in good faith.

8. Your Content and how we use it

8.1 Ownership. As between you and us, you retain all rights, title, and interest in Your Content. We do not claim ownership of Your Content.

8.2 Licence to us. You grant us a worldwide, non-exclusive, royalty-free licence to host, copy, transmit, display, and process Your Content solely as necessary to provide and improve the Service to you and your Authorised Users, and for the purposes described in the Privacy Policy.

8.3 No model training on Your Content. We do not, and will not without your separate prior written consent, use Your Content (including narratives, check-in answers, reflections, and project data) or personal data we hold about you to train any generative AI or machine-learning model, whether ours or a third party's, and we will not share Your Content with any third party for that purpose.

8.4 Aggregated and de-identified data. We may produce and use aggregated, de-identified statistics about usage of the Service (for example, average control scores or feature engagement), provided that such data does not identify you, your Organisation, or any individual.

8.5 Your responsibilities for Your Content. You warrant that:

(a) you have all necessary rights and permissions to submit Your Content to the Service;

(b) Your Content does not infringe the rights of any third party (including intellectual property, privacy, and confidentiality rights) and does not violate any applicable law; and

(c) where Your Content includes personal data of third parties (for example, names of teammates added as Authorised Users), you have a lawful basis for processing that data and have given any required notices to those individuals.

9. Diagnostic outputs and assessments

9.1 Indicative tooling. The Control Score, Pain Automation Score, Control Index Snapshot, chapter assessments, and other diagnostic features are decision-support tools. They generate indicative scores and suggestions based on the answers you provide.

9.2 No professional advice. Outputs from the Service are not legal, financial, accounting, tax, medical, safety, or other regulated professional advice. You remain solely responsible for any decisions you take based on those outputs.

9.3 No guarantee of outcomes. We do not warrant that following any suggestion produced by the Service will achieve any particular operational, commercial, or business outcome.

9.4 Chapter assessments and certificates. Where the Service generates a certificate based on chapter assessments, the certificate evidences that the answers given met the published threshold at the time of issue. It does not constitute a professional qualification, accreditation, or warranty of competence.

9.5 Indicative financial tools. The Drift-Tax Calculator, ROI estimator, and any related cost-of-drift, build-cost, or return-on-investment tools provided as part of the Service ("Financial Tools") are illustrative decision-support aids only. They produce indicative figures from the inputs you provide (or sensible defaults derived from your diagnostic score) and a generic cost model. You are responsible for the accuracy of any inputs you supply. Build-cost or support-cost ranges shown (including any indicative Scorchsoft pricing) are illustrative and do not constitute a quotation, offer, or contract. Any formal quote is agreed separately in writing on a per-project basis. We do not warrant that any figure, ratio, or projection generated by a Financial Tool is accurate, complete, fit for any particular purpose, or that adopting any product, service, or course of action will result in the savings, efficiencies, or return on investment shown. The Financial Tools do not apply foreign-exchange conversion when a non-default currency symbol is selected; the underlying numbers are unchanged. You must not rely on Financial Tool outputs as a substitute for your own analysis or for independent professional advice.

10. Acceptable use

You agree not to, and not to permit any Authorised User to:

(a) use the Service in breach of any applicable law or regulation;

(b) upload, submit, or transmit content that is unlawful, defamatory, harassing, threatening, obscene, or that infringes any third party's rights;

(d) probe, scan, or test the vulnerability of the Service except as part of an authorised disclosure programme agreed with us in writing;

(e) interfere with or disrupt the Service, its servers, or any networks connected to the Service;

(f) introduce malware, viruses, ransomware, or other harmful code;

(g) use automated means (including scraping, crawling, or bulk extraction) to access the Service except where expressly permitted, or use the API or any API Key at a volume or frequency that disrupts the Service or circumvents published rate limits;

(h) circumvent or attempt to circumvent any rate limits, plan limits, or access controls;

(i) use the Service to send unsolicited communications or for unlawful direct marketing;

(j) impersonate any person or misrepresent your affiliation with any person or entity; or

(k) use the Service to develop, train, or evaluate a competing product.

We may investigate, suspend, or remove access in response to suspected breaches of this Clause 10 and may report unlawful conduct to the relevant authorities.

11. Service availability and changes

11.1 Reasonable efforts. We will use commercially reasonable efforts to keep the Service available and operational. The Service may be temporarily unavailable for scheduled maintenance, updates, or events outside our reasonable control.

11.2 No service-level commitment unless agreed. Unless a separate service-level agreement has been signed in writing, we make no formal commitment to specific uptime or response targets.

11.3 Changes to the Service. We may add, modify, or remove features of the Service, including API endpoints, fields, rate limits, and API Key caps. Where we materially reduce the functionality of a paid plan we will provide reasonable notice.

11.4 Beta features. Features marked "beta", "preview", or similar are provided as-is and may be unstable, incomplete, or withdrawn without notice. You should not rely on beta features for time-critical or business-critical purposes.

12. Intellectual property

12.1 Our IP. All rights, title, and interest in and to the Service (including its software, design, structure, methodology, the ten control disciplines framework, the diagnostic question banks, and the contents of The Control Standard) are and remain owned by Scorchsoft Ltd or its licensors.

12.2 No implied licences. Except for the limited licence in Clause 3 and the API licence in Clause 4, no rights are granted to you in or to the Service by implication, estoppel, or otherwise.

12.3 Feedback. If you provide us with suggestions, ideas, or feedback about the Service, you grant us a perpetual, irrevocable, royalty-free licence to use that feedback to improve the Service, without obligation to compensate or credit you.

12.4 Branding. You must not use our trade marks, logos, or branding except as expressly permitted in writing.

12.5 Image Library figures. The figures we make available to download from the Image Library (the illustrations, diagrams, and infographics from The Control Standard, each carrying a baked-in ControlStandard.Tools credit) remain the property of Scorchsoft Ltd. We grant you a non-exclusive, worldwide, royalty-free, revocable licence to reproduce and display these figures unaltered — including the credit shown on each image — for internal training, presentations, coaching, and similar educational use within your Organisation, provided that you (a) keep the ControlStandard.Tools credit visible and do not remove, crop out, obscure, or alter it; (b) do not sell, sub-license, or redistribute the figures as standalone assets; and (c) do not use them to market, endorse, or promote a competing product or service. This licence grants no ownership and may be revoked if these conditions are not met. All rights not expressly granted here are reserved.

13. Third-party services

13.1 The Service relies on certain third-party providers (including, currently, Stripe for payments, MailerSend for transactional email, Mailchimp for marketing email, Insightly for business-enquiry CRM, and other infrastructure providers) to operate.

13.2 Where you connect a third-party service to your account, your use of that service is governed by the third party's own terms. We are not responsible for the acts, omissions, or content of third-party services beyond our reasonable control as your processor.

14. Disclaimers

14.1 To the maximum extent permitted by law, the Service is provided "as is" and "as available". We disclaim all warranties not expressly stated in this Agreement, including any implied warranties of merchantability, fitness for a particular purpose, accuracy, and non-infringement.

14.2 We do not warrant that the Service will be error-free, uninterrupted, or free of harmful components, or that defects will be corrected.

14.3 The Service is a tool to support your judgement; it does not replace your own professional, operational, or commercial decision-making.

15. Limitation of liability

15.1 Liabilities not excluded. Nothing in this Agreement excludes or limits any liability that cannot lawfully be excluded or limited, including liability for death or personal injury caused by negligence, fraud, or fraudulent misrepresentation.

15.2 Excluded losses. Subject to Clause 15.1, neither party is liable to the other for:

(a) loss of profits, revenue, or anticipated savings;

(b) loss of business, contracts, or opportunity;

(d) loss, corruption, or destruction of data (other than our obligations under the Privacy Policy and applicable data protection law); or

(e) any indirect, special, or consequential loss,

in each case whether arising in contract, tort (including negligence), under statute, or otherwise.

15.3 Aggregate cap. Subject to Clauses 15.1 and 15.2, our total aggregate liability arising out of or in connection with this Agreement in any 12-month period is limited to the greater of:

(a) the fees paid by you to us under this Agreement in the 12 months preceding the event giving rise to the claim; and

(b) £100.

15.4 Free tier. For users of the free tier, where no fees have been paid, the cap in Clause 15.3 is £100.

15.5 Financial Tools. Without prejudice to Clauses 15.1–15.4, and to the maximum extent permitted by law, we exclude all liability for any loss, cost, or damage arising out of or in connection with your reliance on figures, ratios, or projections generated by the Financial Tools described in Clause 9.5, including (without limitation) any difference between an indicative build-cost range and the price ultimately quoted or charged for any project. All warranties (express or implied) as to the accuracy, completeness, or fitness for purpose of any Financial Tool output are disclaimed.

16. Indemnity

You agree to indemnify and hold harmless Scorchsoft Ltd and its officers, employees, and agents from any third-party claims, damages, costs, and expenses (including reasonable legal costs) arising out of or in connection with:

(a) Your Content;

(b) your or any Authorised User's breach of this Agreement;

(c) your or any Authorised User's misuse of the Service, including any use or misuse of an API Key issued under your Organisation (whether by you, an Authorised User, or any third party in possession of a valid API Key); or

(d) your configuration of, or any failure or compromise at, an external identity provider you have connected to the Service under Clause 5.

We will notify you promptly of any such claim, give you reasonable assistance (at your cost), and not settle without your prior written consent (not to be unreasonably withheld).

17. Confidentiality

17.1 Each party may disclose to the other information that is marked confidential or that should reasonably be understood to be confidential ("Confidential Information").

17.2 Each party must keep the other's Confidential Information confidential, use it only as necessary to perform this Agreement, and protect it with at least the same degree of care it uses for its own confidential information (and in any event no less than a reasonable degree of care).

17.3 Confidential Information does not include information that is or becomes public through no breach of this Agreement, was lawfully known before disclosure, is lawfully obtained from a third party, or is independently developed.

17.4 Each party may disclose Confidential Information where required by law or competent authority, giving the other party (where lawful) reasonable advance notice.

18. Data protection

18.1 Each party will comply with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018 ("Data Protection Laws").

18.2 Our processing of personal data is described in the Privacy Policy, which forms part of this Agreement.

18.3 Where we process personal data on your behalf as a processor (for example, personal data you upload about your teammates as Authorised Users), we will:

(a) process it only on your documented instructions, including as set out in this Agreement;

(b) ensure that personnel who process the data are bound by appropriate confidentiality obligations;

(d) assist you, taking into account the nature of the processing, in responding to data-subject requests and complying with your obligations under Data Protection Laws;

(e) on termination, delete or return the personal data in accordance with the Privacy Policy; and

(f) make available information reasonably necessary to demonstrate compliance with this Clause 18.

19. Notices

19.1 Notices to us must be sent by email to info@scorchsoft.com.

19.2 Notices to you may be given by email to the address on your account or by posting a notice in the Service.

19.3 Notices are deemed received when sent, provided no delivery failure is received within a reasonable time.

20. General

20.1 Entire agreement. This Agreement (together with the Privacy Policy and any plan-specific terms) is the entire agreement between the parties on its subject matter and supersedes all prior representations, save for fraud or fraudulent misrepresentation.

20.2 No partnership. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship between the parties.

20.3 Assignment. You may not assign or transfer your rights or obligations under this Agreement without our prior written consent. We may assign this Agreement to an affiliate or to an acquirer of our business or assets on written notice.

20.4 Subcontracting. We may use subcontractors and sub-processors to provide the Service. We remain responsible for their performance.

20.5 Severability. If any provision is held unenforceable, it will be modified to the minimum extent necessary to make it enforceable; the remaining provisions remain in full force.

20.6 No waiver. A failure or delay in exercising any right is not a waiver of that right.

20.7 Third-party rights. A person who is not a party to this Agreement has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term.

20.8 Force majeure. Neither party is liable for delay or failure to perform caused by events outside its reasonable control (including outages of major cloud providers, internet failures, civil unrest, strikes, epidemics, or governmental action), provided it takes reasonable steps to mitigate.

20.9 Survival. Clauses 8, 10, 12, 14, 15, 16, 17, 18, 19, and 20 survive termination of this Agreement.

21. Governing law and jurisdiction

21.1 This Agreement and any dispute or claim (including non-contractual disputes) arising out of or in connection with it are governed by the laws of England and Wales.

21.2 The courts of England and Wales have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement, save that we may bring proceedings to enforce our intellectual-property rights, or to seek urgent injunctive relief, in any competent jurisdiction.

21.3 If you are using the Service from outside the United Kingdom, you remain responsible for complying with any local laws that apply to your use.

22. Contact

Questions about these Terms should be sent to:

Scorchsoft Ltd 13 Portland Road, Edgbaston, Birmingham, B16 9HN, United Kingdom info@scorchsoft.com

This document was last updated on the date shown at the top of this page.