Terms & Conditions and Acceptable Use Policy
Last Updated: 12/3/2025
By using the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms & Conditions and Acceptable Use Policy.
Osinto.ai is owned and managed by Osinto Software Ltd, Registered in England and Wales, #12130187 | VAT # 339 1718 85
Registered Office: 4 Reading Road, Berkshire RG8 7LY, UK
Trading Office: Theodore Fontane St 1, Schenefeld 22869, Hamburg, Germany
Last Updated: December 2025 (Revising the July 2025 version)
By using the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms & Conditions and Acceptable Use Policy.
1. ACCEPTANCE OF TERMS
By accessing, registering for, or using the Osinto.ai platform (the "Service") , you agree to be bound by these Terms & Conditions and Acceptable Use Policy (the "Terms"). If you do not agree to these Terms, you must not use the Service. These Terms constitute a legally binding agreement between you ("User," "you," or "your") and Osinto.ai ("Company," "we," "us," or "our").
2. SERVICE DESCRIPTION
The Service provides two integrated AI-enhanced products for the Security, Resilience and Defence sector:
• A Search Engine: Advanced search capabilities for security and intelligence-related information.
• A Discussion Forum: Collaborative platform for information sharing, analysis and discussion.
Infomration shared via the Discussion forum is ingested into the system's database in order for to me made available via the Search Engine and further marketing services.
Access to all Services requires user registration and is subject to payment terms outlined herein. Further products may be released or curtailed by the Company depending on our product development and commercial strategy.
3. REGISTRATION AND ACCOUNT REQUIREMENTS
3.1 Registration
Users must create an account and provide accurate, complete information. Users must be at least 18 years of age and have legal authority to enter into these Terms. Registration is subject to Company approval and verification.
3.2 Account Security
Users are responsible for maintaining account confidentiality. Users must immediately notify Company of any unauthorized access. Company reserves the right to suspend or terminate accounts for security reasons. Multi-factor authentication (MFA) is supported for user accounts and is strongly recommended.
3.3 Geographic Restrictions
Service access is restricted in the following territories: Russia, China, Vietnam, Indonesia, Brunei, Myanmar, North Korea, and Turkmenistan. Users attempting to access from restricted territories will be blocked. Use of VPNs, remote desktop applications, proxy servers, or any other method designed to mask, obfuscate, or misrepresent the User's actual geographic location is prohibited and constitutes a material breach of these Terms.
3.4 DATA CLASSIFICATION AND USER RESPONSIBILITY
• USER ACKNOWLEDGMENT: Users are SOLELY AND ABSOLUTELY responsible for assessing the classification, sensitivity, and legality of any data uploaded, shared, discussed, or processed through the Service.
• COMPANY DISCLAIMER: The Service is NOT CERTIFIED, APPROVED, OR INTENDED for handling classified government information (e.g., SECRET, TOP SECRET, CONFIDENTIAL) or any other highly restricted data.
• WARRANTY AGAINST CLASSIFIED DATA: By using the Service, the User warrants and represents that they WILL NOT upload, process, or distribute any classified, sensitive, or confidential information in violation of any legal, statutory, or regulatory obligation.
• Security Assessment: Users must conduct their own security assessments and receive necessary internal authorizations before using the Service.
• Company accepts NO RESPONSIBILITY OR LIABILITY for the handling of classified, sensitive, or confidential information.
4. PAYMENT TERMS AND BILLING
4.1 Payment Models
• Primary Subscription Model: Monthly subscription options may be available. Subscriptions auto-renew unless cancelled. Subscription fees are charged in advance. No refunds are provided for partial periods. Subscriptions form the basis of CREDITS (Pay per use) for accessing the AI-related systems
• Secondary Pay-Per-Use Model: Users draw down on initial subscription funds, but may purchase additional credits/funds through a minimum upload amount. Credits are deducted for each request/search submission and interaction with features requiring payment. Credit purchase prices are variable and displayed in the COSTS section of the website at the time of purchase. Credits are non-refundable and non-transferable. Unused Credits roll into the following monthly billing period. Continued unused credits expire after 12 months from the purchase date.
4.2 Billing and Payments
All payments must be made in advance. Company accepts Card and PayPal payments. Prices are subject to change with 30 days notice. Users are responsible for all applicable taxes including VAT.
4.3 Insufficient Funds and Account Deletion
Service access will be suspended immediately if the account balance is insufficient. Company reserves the right to delete accounts with a zero credit balance for a continuous period of six (6) months or with prolonged non-payment where a subscription is applicable. Upon deletion, all remaining unexpired user content and data may be deleted permanently after 30 days.
5. ACCEPTABLE USE POLICY
5.1 Permitted Uses
Users may use the Service only for:
• Legitimate security, resilience, and defence purposes.
• Professional intelligence analysis and research.
• Collaborative discussion within legal and ethical boundaries.
• Compliance with all applicable laws and regulations.
5.2 Prohibited Uses
Users must NOT use the Service for:
• Any illegal activities or purposes.
• Harassment, threats, or intimidation.
• Spreading misinformation or disinformation.
• Unauthorized access to systems or data.
• Violating intellectual property rights.
• Circumventing security measures.
• Commercial espionage or unauthorized intelligence gathering.
• Activities that could compromise national security.
• Sharing classified information without proper authorization.
5.3 Content Standards
All content must comply with applicable laws. Users must not post malicious code or harmful content. Users must respect intellectual property and attribution requirements. Users must maintain professional standards in forum discussions.
5.4 Security Obligations
Users must comply with all security protocols. Users must report security vulnerabilities immediately. Users must maintain appropriate clearance levels for accessed content and follow data classification and handling procedures.
6. INTELLECTUAL PROPERTY
6.1 Company Rights
Company retains all rights to the Service, software, and underlying technology. Company name, logos, and trademarks remain Company property. Users receive a limited, non-exclusive license to use the Service.
6.2 User Content
Users retain ownership of content they create. Users grant Company a perpetual, worldwide, royalty-free license to use content for the operation, maintenance, and improvement of the Service. Users represent they have rights to all submitted content. Company may remove content that violates these Terms. Company does not undertake any obligation to monitor content and disclaims liability for any failure to remove or restrict access to content, unless required by law.
6.3 AI-Generated Content
AI-generated results are provided strictly for informational purposes and constitute the output of a software tool. Users must independently verify all AI-generated information. Users acknowledge and accept that the AI-Generated Content is a tool, not a certified intelligence product. Company disclaims responsibility for AI-generated content accuracy. Company shall not be liable for any decisions, actions, or consequences resulting from reliance on AI-generated output, regardless of the nature of such reliance.
7. PRIVACY AND DATA PROTECTION
7.1 UK Data Protection Compliance
Company complies with UK GDPR, Data Protection Act 2018, and PECR. Users have rights to access, rectify, erase, restrict processing, data portability, and object to processing. Users may lodge complaints with the ICO. Detailed privacy practices are outlined in our separate Privacy Policy.
7.2 Data Collection
Company collects data necessary for Service operation. Data handling complies with applicable privacy laws. Users consent to data processing as outlined in the Privacy Policy.
7.3 Data Security
Company implements reasonable security measures. Users must protect their own data and credentials. Data breaches will be reported according to legal requirements.
7.4 Data Retention
User account data is retained for six (6) years after account closure. Usage logs are retained for 12 months. Payment records are retained for six (6) years (UK tax requirements). Support communications are retained for three (3) years. Data may be retained longer for legal, regulatory, or security purposes, including in response to a legal hold or national security investigation. Users may request data deletion subject to legal limitations.
7.5 Third-Party Service Providers (STRENGTHENED)
The Service operates using various necessary third-party systems (e.g., hosting, AI processing). Users acknowledge that reliance on these providers is essential to the core functionality of the Service and consent to data sharing with these necessary providers. These providers may have access to user data as necessary. Company ensures providers comply with data protection requirements and are contractually bound to appropriate security and data protection standards. Company disclaims liability for any loss, damage, or unauthorized access arising from the actions or failures of third-party service providers.
8. DISCLAIMERS AND LIMITATIONS
8.1 Service Availability
Service provided "as is" without warranties. Company does not guarantee uninterrupted service. Planned maintenance may cause temporary unavailability. Company shall not be liable for any failure or delay in performance due to events beyond its reasonable control, including but not limited to natural disasters, war, terrorism, cyberattacks, government action, or Internet service disruption.
8.2 Information Accuracy
AI-generated results may contain errors or inaccuracies. Users must independently verify all information. Company disclaims liability for decisions based on Service results.
8.3 Third-Party Content
Service may include third-party content and links. Company is not responsible for third-party content. Users access third-party content at their own risk.
9. LIMITATION OF LIABILITY
9.1 Liability Limits
TO THE MAXIMUM EXTENT PERMITTED BY UK LAW: Company’s total liability is limited to the greater of £100 or the total amount paid by User in the 12 months preceding the claim. Company excludes liability for indirect, consequential, or punitive damages. Company accepts no responsibility for liabilities arising from connections made through use of the website. These limitations apply regardless of the theory of liability. Nothing in these Terms excludes liability for death or personal injury caused by negligence, fraud, or other liabilities that cannot be excluded under UK law.
9.2 Security and Intelligence Disclaimers
Company provides no warranties specific to intelligence or security use. Users acknowledge the Service is not certified for classified information handling. Company is not responsible for security breaches beyond its reasonable control. Users assume full responsibility for any security implications of their use of the Service. Company disclaims all liability for decisions made based on intelligence gathered through the Service.
10. INDEMNIFICATION
Users agree to indemnify, defend, and hold Company harmless from and against any and all claims, demands, losses, liabilities, costs, or expenses (including reasonable legal fees) arising out of or relating to:
• Claims arising from User's use of the Service.
• User's violation or material breach of these Terms.
• User's violation of applicable laws or regulations.
• User's infringement of third-party rights.
• Any claim, fine, or penalty arising from the User's unauthorized uploading, processing, or distribution of classified, sensitive, or restricted data through the Service.
11. TERMINATION
11.1 Termination by User
Users may terminate accounts at any time. No refunds for prepaid unused services or credits will be provided. Users remain liable for all charges incurred.
11.2 Termination by Company
Company may terminate accounts immediately for:
• Material breach of these Terms.
• Illegal or harmful activities.
• Security concerns.
• Non-payment of fees.
11.3 Effect of Termination
User access is immediately revoked. User data may be deleted after 30 days. Surviving provisions, including Sections 6, 8, 9, 10, and 12, remain in effect.
12. DISPUTE RESOLUTION
12.1 Governing Law
These Terms are governed by the laws of England and Wales.
12.2 Dispute Resolution Process
Users must first attempt informal resolution. Any dispute not resolved informally shall be settled by binding arbitration under the rules of the London Court of International Arbitration (LCIA), with proceedings conducted in London, England.
12.3 Injunctive Relief
Company may seek injunctive relief for security violations or IP infringement in any court of competent jurisdiction.
13. GENERAL PROVISIONS
13.1 Modifications
Company may modify these Terms with 30 days notice. Continued use constitutes acceptance. Material changes require explicit user consent.
13.2 Regulatory Compliance (STRENGTHENED)
Users must comply with all applicable UK laws including but not limited to the Official Secrets Act, Counter-terrorism legislation, and Money Laundering Regulations. Users are solely responsible for export control and sanctions compliance and warrant that they are not a national or resident of any territory restricted by the UK, US, or EU. Company disclaims liability for any violations committed by Users. Company may restrict access based on geography or regulation.
13.3 Severability
If any provision is invalid, others remain in effect.
13.4 Entire Agreement
These Terms and the separate Privacy Policy constitute the full agreement between the User and the Company.
13.5 Assignment
Users may not assign rights without Company consent. Company may assign rights to affiliates or successors.
SECURITY POLICY (Osinto.ai)
Security of User Data and Services Last Updated: December 2025
1. PURPOSE
This Security Policy outlines the technical and organisational measures implemented by Osinto ("Company," "we," "us," or "our") to safeguard the personal data and activity of users ("you," "your," or "User") when accessing our website, software, and associated services ("Services").
2. SCOPE
This policy applies to all data collected, processed, transmitted, or stored through the Services, including:
• User registration and account data.
• Payment and billing data.
• Communications and submissions made through the platform.
• Usage and activity logs.
• Any personal information shared voluntarily or required for service delivery.
3. DATA SECURITY PRINCIPLES
We adhere to the following core principles in securing user data:
• Data minimisation: Only collect and retain data necessary for service provision.
• Confidentiality: Protect data against unauthorised access or disclosure.
• Integrity: Prevent data alteration or corruption.
• Availability: Ensure continuous and secure access to data and services.
4. TECHNICAL SECURITY MEASURES
We implement industry-standard and evolving technical measures to protect your data, including:
• SSL/TLS encryption for all data in transit.
• Encrypted storage for sensitive data (including passwords hashed using modern algorithms).
• Multi-factor authentication (MFA) for admin access and supported for user accounts.
• Firewalls, intrusion detection systems, and anti-malware defences.
• Regular penetration testing and vulnerability assessments.
5. ORGANISATIONAL MEASURES
• Role-based access controls ensure that only authorised staff can access user data.
• Mandatory confidentiality agreements and security awareness training for personnel.
• Data protection impact assessments (DPIAs) for new services or significant changes.
• Incident response procedures for identifying, managing, and notifying data breaches in accordance with applicable laws.
6. THIRD-PARTY PROVIDERS
Our Services may use third-party infrastructure providers (e.g., hosting, AI processing, analytics). We:
• Vet all third parties for security and compliance standards.
• Bind them contractually to equivalent data protection obligations.
• Conduct periodic audits or reviews where possible.
7. USER RESPONSIBILITIES
To help maintain security, Users must:
• Keep their passwords and login credentials confidential.
• Report any suspected security issues or unauthorised access promptly.
• Avoid sharing sensitive personal or classified information via unsecured methods.
• Ensure local device security when accessing our Services.
• Use the 2FA systems provided in the Account Management pages.
8. DATA RETENTION AND DISPOSAL
Data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. When no longer required:
• Electronic data is securely deleted or anonymised.
• Paper records (if any) are destroyed using secure methods.
9. DATA BREACH NOTIFICATION
In the event of a data breach affecting your personal data:
• We will notify you without undue delay once the breach is confirmed.
• We will outline the nature of the breach, what data was affected, potential consequences, and mitigation steps.
• We will notify the relevant supervisory authorities as required under the UK GDPR and related legislation.
10. COMPLIANCE AND MONITORING
We regularly review this policy and our practices to ensure ongoing compliance with:
• UK GDPR and Data Protection Act 2018.
• PECR (Privacy and Electronic Communications Regulations).
• Other relevant UK or international standards and legal obligations.
Registered Office: 4 Reading Road, Berkshire RG8 7LY, UK
Trading Office: Theodore Fontane St 1, Schenefeld 22869, Hamburg, Germany
Last Updated: December 2025 (Revising the July 2025 version)
By using the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms & Conditions and Acceptable Use Policy.
1. ACCEPTANCE OF TERMS
By accessing, registering for, or using the Osinto.ai platform (the "Service") , you agree to be bound by these Terms & Conditions and Acceptable Use Policy (the "Terms"). If you do not agree to these Terms, you must not use the Service. These Terms constitute a legally binding agreement between you ("User," "you," or "your") and Osinto.ai ("Company," "we," "us," or "our").
2. SERVICE DESCRIPTION
The Service provides two integrated AI-enhanced products for the Security, Resilience and Defence sector:
• A Search Engine: Advanced search capabilities for security and intelligence-related information.
• A Discussion Forum: Collaborative platform for information sharing, analysis and discussion.
Infomration shared via the Discussion forum is ingested into the system's database in order for to me made available via the Search Engine and further marketing services.
Access to all Services requires user registration and is subject to payment terms outlined herein. Further products may be released or curtailed by the Company depending on our product development and commercial strategy.
3. REGISTRATION AND ACCOUNT REQUIREMENTS
3.1 Registration
Users must create an account and provide accurate, complete information. Users must be at least 18 years of age and have legal authority to enter into these Terms. Registration is subject to Company approval and verification.
3.2 Account Security
Users are responsible for maintaining account confidentiality. Users must immediately notify Company of any unauthorized access. Company reserves the right to suspend or terminate accounts for security reasons. Multi-factor authentication (MFA) is supported for user accounts and is strongly recommended.
3.3 Geographic Restrictions
Service access is restricted in the following territories: Russia, China, Vietnam, Indonesia, Brunei, Myanmar, North Korea, and Turkmenistan. Users attempting to access from restricted territories will be blocked. Use of VPNs, remote desktop applications, proxy servers, or any other method designed to mask, obfuscate, or misrepresent the User's actual geographic location is prohibited and constitutes a material breach of these Terms.
3.4 DATA CLASSIFICATION AND USER RESPONSIBILITY
• USER ACKNOWLEDGMENT: Users are SOLELY AND ABSOLUTELY responsible for assessing the classification, sensitivity, and legality of any data uploaded, shared, discussed, or processed through the Service.
• COMPANY DISCLAIMER: The Service is NOT CERTIFIED, APPROVED, OR INTENDED for handling classified government information (e.g., SECRET, TOP SECRET, CONFIDENTIAL) or any other highly restricted data.
• WARRANTY AGAINST CLASSIFIED DATA: By using the Service, the User warrants and represents that they WILL NOT upload, process, or distribute any classified, sensitive, or confidential information in violation of any legal, statutory, or regulatory obligation.
• Security Assessment: Users must conduct their own security assessments and receive necessary internal authorizations before using the Service.
• Company accepts NO RESPONSIBILITY OR LIABILITY for the handling of classified, sensitive, or confidential information.
4. PAYMENT TERMS AND BILLING
4.1 Payment Models
• Primary Subscription Model: Monthly subscription options may be available. Subscriptions auto-renew unless cancelled. Subscription fees are charged in advance. No refunds are provided for partial periods. Subscriptions form the basis of CREDITS (Pay per use) for accessing the AI-related systems
• Secondary Pay-Per-Use Model: Users draw down on initial subscription funds, but may purchase additional credits/funds through a minimum upload amount. Credits are deducted for each request/search submission and interaction with features requiring payment. Credit purchase prices are variable and displayed in the COSTS section of the website at the time of purchase. Credits are non-refundable and non-transferable. Unused Credits roll into the following monthly billing period. Continued unused credits expire after 12 months from the purchase date.
4.2 Billing and Payments
All payments must be made in advance. Company accepts Card and PayPal payments. Prices are subject to change with 30 days notice. Users are responsible for all applicable taxes including VAT.
4.3 Insufficient Funds and Account Deletion
Service access will be suspended immediately if the account balance is insufficient. Company reserves the right to delete accounts with a zero credit balance for a continuous period of six (6) months or with prolonged non-payment where a subscription is applicable. Upon deletion, all remaining unexpired user content and data may be deleted permanently after 30 days.
5. ACCEPTABLE USE POLICY
5.1 Permitted Uses
Users may use the Service only for:
• Legitimate security, resilience, and defence purposes.
• Professional intelligence analysis and research.
• Collaborative discussion within legal and ethical boundaries.
• Compliance with all applicable laws and regulations.
5.2 Prohibited Uses
Users must NOT use the Service for:
• Any illegal activities or purposes.
• Harassment, threats, or intimidation.
• Spreading misinformation or disinformation.
• Unauthorized access to systems or data.
• Violating intellectual property rights.
• Circumventing security measures.
• Commercial espionage or unauthorized intelligence gathering.
• Activities that could compromise national security.
• Sharing classified information without proper authorization.
5.3 Content Standards
All content must comply with applicable laws. Users must not post malicious code or harmful content. Users must respect intellectual property and attribution requirements. Users must maintain professional standards in forum discussions.
5.4 Security Obligations
Users must comply with all security protocols. Users must report security vulnerabilities immediately. Users must maintain appropriate clearance levels for accessed content and follow data classification and handling procedures.
6. INTELLECTUAL PROPERTY
6.1 Company Rights
Company retains all rights to the Service, software, and underlying technology. Company name, logos, and trademarks remain Company property. Users receive a limited, non-exclusive license to use the Service.
6.2 User Content
Users retain ownership of content they create. Users grant Company a perpetual, worldwide, royalty-free license to use content for the operation, maintenance, and improvement of the Service. Users represent they have rights to all submitted content. Company may remove content that violates these Terms. Company does not undertake any obligation to monitor content and disclaims liability for any failure to remove or restrict access to content, unless required by law.
6.3 AI-Generated Content
AI-generated results are provided strictly for informational purposes and constitute the output of a software tool. Users must independently verify all AI-generated information. Users acknowledge and accept that the AI-Generated Content is a tool, not a certified intelligence product. Company disclaims responsibility for AI-generated content accuracy. Company shall not be liable for any decisions, actions, or consequences resulting from reliance on AI-generated output, regardless of the nature of such reliance.
7. PRIVACY AND DATA PROTECTION
7.1 UK Data Protection Compliance
Company complies with UK GDPR, Data Protection Act 2018, and PECR. Users have rights to access, rectify, erase, restrict processing, data portability, and object to processing. Users may lodge complaints with the ICO. Detailed privacy practices are outlined in our separate Privacy Policy.
7.2 Data Collection
Company collects data necessary for Service operation. Data handling complies with applicable privacy laws. Users consent to data processing as outlined in the Privacy Policy.
7.3 Data Security
Company implements reasonable security measures. Users must protect their own data and credentials. Data breaches will be reported according to legal requirements.
7.4 Data Retention
User account data is retained for six (6) years after account closure. Usage logs are retained for 12 months. Payment records are retained for six (6) years (UK tax requirements). Support communications are retained for three (3) years. Data may be retained longer for legal, regulatory, or security purposes, including in response to a legal hold or national security investigation. Users may request data deletion subject to legal limitations.
7.5 Third-Party Service Providers (STRENGTHENED)
The Service operates using various necessary third-party systems (e.g., hosting, AI processing). Users acknowledge that reliance on these providers is essential to the core functionality of the Service and consent to data sharing with these necessary providers. These providers may have access to user data as necessary. Company ensures providers comply with data protection requirements and are contractually bound to appropriate security and data protection standards. Company disclaims liability for any loss, damage, or unauthorized access arising from the actions or failures of third-party service providers.
8. DISCLAIMERS AND LIMITATIONS
8.1 Service Availability
Service provided "as is" without warranties. Company does not guarantee uninterrupted service. Planned maintenance may cause temporary unavailability. Company shall not be liable for any failure or delay in performance due to events beyond its reasonable control, including but not limited to natural disasters, war, terrorism, cyberattacks, government action, or Internet service disruption.
8.2 Information Accuracy
AI-generated results may contain errors or inaccuracies. Users must independently verify all information. Company disclaims liability for decisions based on Service results.
8.3 Third-Party Content
Service may include third-party content and links. Company is not responsible for third-party content. Users access third-party content at their own risk.
9. LIMITATION OF LIABILITY
9.1 Liability Limits
TO THE MAXIMUM EXTENT PERMITTED BY UK LAW: Company’s total liability is limited to the greater of £100 or the total amount paid by User in the 12 months preceding the claim. Company excludes liability for indirect, consequential, or punitive damages. Company accepts no responsibility for liabilities arising from connections made through use of the website. These limitations apply regardless of the theory of liability. Nothing in these Terms excludes liability for death or personal injury caused by negligence, fraud, or other liabilities that cannot be excluded under UK law.
9.2 Security and Intelligence Disclaimers
Company provides no warranties specific to intelligence or security use. Users acknowledge the Service is not certified for classified information handling. Company is not responsible for security breaches beyond its reasonable control. Users assume full responsibility for any security implications of their use of the Service. Company disclaims all liability for decisions made based on intelligence gathered through the Service.
10. INDEMNIFICATION
Users agree to indemnify, defend, and hold Company harmless from and against any and all claims, demands, losses, liabilities, costs, or expenses (including reasonable legal fees) arising out of or relating to:
• Claims arising from User's use of the Service.
• User's violation or material breach of these Terms.
• User's violation of applicable laws or regulations.
• User's infringement of third-party rights.
• Any claim, fine, or penalty arising from the User's unauthorized uploading, processing, or distribution of classified, sensitive, or restricted data through the Service.
11. TERMINATION
11.1 Termination by User
Users may terminate accounts at any time. No refunds for prepaid unused services or credits will be provided. Users remain liable for all charges incurred.
11.2 Termination by Company
Company may terminate accounts immediately for:
• Material breach of these Terms.
• Illegal or harmful activities.
• Security concerns.
• Non-payment of fees.
11.3 Effect of Termination
User access is immediately revoked. User data may be deleted after 30 days. Surviving provisions, including Sections 6, 8, 9, 10, and 12, remain in effect.
12. DISPUTE RESOLUTION
12.1 Governing Law
These Terms are governed by the laws of England and Wales.
12.2 Dispute Resolution Process
Users must first attempt informal resolution. Any dispute not resolved informally shall be settled by binding arbitration under the rules of the London Court of International Arbitration (LCIA), with proceedings conducted in London, England.
12.3 Injunctive Relief
Company may seek injunctive relief for security violations or IP infringement in any court of competent jurisdiction.
13. GENERAL PROVISIONS
13.1 Modifications
Company may modify these Terms with 30 days notice. Continued use constitutes acceptance. Material changes require explicit user consent.
13.2 Regulatory Compliance (STRENGTHENED)
Users must comply with all applicable UK laws including but not limited to the Official Secrets Act, Counter-terrorism legislation, and Money Laundering Regulations. Users are solely responsible for export control and sanctions compliance and warrant that they are not a national or resident of any territory restricted by the UK, US, or EU. Company disclaims liability for any violations committed by Users. Company may restrict access based on geography or regulation.
13.3 Severability
If any provision is invalid, others remain in effect.
13.4 Entire Agreement
These Terms and the separate Privacy Policy constitute the full agreement between the User and the Company.
13.5 Assignment
Users may not assign rights without Company consent. Company may assign rights to affiliates or successors.
SECURITY POLICY (Osinto.ai)
Security of User Data and Services Last Updated: December 2025
1. PURPOSE
This Security Policy outlines the technical and organisational measures implemented by Osinto ("Company," "we," "us," or "our") to safeguard the personal data and activity of users ("you," "your," or "User") when accessing our website, software, and associated services ("Services").
2. SCOPE
This policy applies to all data collected, processed, transmitted, or stored through the Services, including:
• User registration and account data.
• Payment and billing data.
• Communications and submissions made through the platform.
• Usage and activity logs.
• Any personal information shared voluntarily or required for service delivery.
3. DATA SECURITY PRINCIPLES
We adhere to the following core principles in securing user data:
• Data minimisation: Only collect and retain data necessary for service provision.
• Confidentiality: Protect data against unauthorised access or disclosure.
• Integrity: Prevent data alteration or corruption.
• Availability: Ensure continuous and secure access to data and services.
4. TECHNICAL SECURITY MEASURES
We implement industry-standard and evolving technical measures to protect your data, including:
• SSL/TLS encryption for all data in transit.
• Encrypted storage for sensitive data (including passwords hashed using modern algorithms).
• Multi-factor authentication (MFA) for admin access and supported for user accounts.
• Firewalls, intrusion detection systems, and anti-malware defences.
• Regular penetration testing and vulnerability assessments.
5. ORGANISATIONAL MEASURES
• Role-based access controls ensure that only authorised staff can access user data.
• Mandatory confidentiality agreements and security awareness training for personnel.
• Data protection impact assessments (DPIAs) for new services or significant changes.
• Incident response procedures for identifying, managing, and notifying data breaches in accordance with applicable laws.
6. THIRD-PARTY PROVIDERS
Our Services may use third-party infrastructure providers (e.g., hosting, AI processing, analytics). We:
• Vet all third parties for security and compliance standards.
• Bind them contractually to equivalent data protection obligations.
• Conduct periodic audits or reviews where possible.
7. USER RESPONSIBILITIES
To help maintain security, Users must:
• Keep their passwords and login credentials confidential.
• Report any suspected security issues or unauthorised access promptly.
• Avoid sharing sensitive personal or classified information via unsecured methods.
• Ensure local device security when accessing our Services.
• Use the 2FA systems provided in the Account Management pages.
8. DATA RETENTION AND DISPOSAL
Data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. When no longer required:
• Electronic data is securely deleted or anonymised.
• Paper records (if any) are destroyed using secure methods.
9. DATA BREACH NOTIFICATION
In the event of a data breach affecting your personal data:
• We will notify you without undue delay once the breach is confirmed.
• We will outline the nature of the breach, what data was affected, potential consequences, and mitigation steps.
• We will notify the relevant supervisory authorities as required under the UK GDPR and related legislation.
10. COMPLIANCE AND MONITORING
We regularly review this policy and our practices to ensure ongoing compliance with:
• UK GDPR and Data Protection Act 2018.
• PECR (Privacy and Electronic Communications Regulations).
• Other relevant UK or international standards and legal obligations.