Terms of Service

By accessing or using the Nisium website at nisium.com and our services (the Service), you agree to these Terms of Service, our Privacy Policy, Cookie Policy, and Imprint. If you do not agree, discontinue use immediately.

Expert Allies LTD ("we", "us", "our") operates Nisium. "Customer" means the organization that subscribes to or is provisioned on the Service. "User" means any individual who accesses the Service under a Customer account or as a Site Visitor.

1. Description of services

Nisium provides a multi-tenant software platform including, without limitation:

• NIS2-oriented gap analysis and remediation tracking
• Incident management (timelines, reporting workflows, exports)
• Evidence locker (integrity hashing, metadata, retention, legal hold)
• Vendor risk questionnaires, magic-link access, and related scoring
• Executive dashboards and role-based workspaces
• Optional vendor Compliance Passport purchase flows (where enabled)

Features may change; the Service is provided as-is except where a separate written agreement states otherwise.

2. No legal or regulatory advice

All information, assessments, tools, and materials are for informational and operational support only. They do not constitute legal, regulatory, or professional advice. Customers must obtain independent counsel for interpretation of NIS2 or other obligations.

3. NIS2 regulatory context

We are not a competent authority, national CSIRT, or regulator under the NIS2 Directive or national transposition. The Service helps organizations manage compliance-related workflows; ultimate responsibility for achieving, maintaining, and demonstrating compliance remains with the Customer.

4. Accounts and acceptable use

Users must:

• Provide accurate, current information
• Keep credentials confidential
• Use the Service lawfully and not for fraud, abuse, or harm
• Maintain their own security and backup practices for data they control

Customers are responsible for Users they authorize and for configuration (roles, retention, integrations).

5. Customer data and processor role

Content uploaded or generated in the Service (incidents, evidence, reports, vendor submissions, etc.) is Customer Data. The Customer is the data controller for Customer Data. Expert Allies acts as a processor for Customer Data, processing only on Customer instructions and applicable law, as described in the Privacy Policy and any data processing agreement.

6. Intellectual property

Website content, branding, software, and documentation are owned by Expert Allies LTD or licensors and protected by Bulgarian and EU intellectual property laws. You may not copy, modify, distribute, or commercially exploit our materials without prior written consent.

7. Service availability

We strive for reliable operation but may suspend, limit, or modify the Service for maintenance, security, or operational reasons. Planned maintenance will be communicated when practicable.

8. Disclaimers and limitation of liability

8.1 No guarantee of compliance or security

The Service does not guarantee NIS2 compliance, elimination of vulnerabilities, or prevention of cyber incidents.

8.2 Disclaimer of warranties

Except as expressly stated in a signed agreement, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. The Service is provided "as is" and "as available".

8.3 Limitation of liability

To the fullest extent permitted by Bulgarian law, Expert Allies LTD shall not be liable for indirect, incidental, consequential, special, or punitive damages, including loss of data, business interruption, reputational harm, or regulatory penalties.

8.4 Liability cap

Where liability cannot be excluded, our aggregate liability arising from the Service or these Terms shall not exceed the fees paid by you to us for the Service in the twelve (12) months before the event giving rise to the claim. If no fees were paid, the cap is one hundred (100) EUR.

9. Third-party services

The Service may integrate third-party tools (e.g. identity providers, cloud infrastructure, payment processors). Their terms and privacy practices apply to your use of those tools. We are not responsible for third-party availability or practices beyond our reasonable control.

10. Force majeure

We are not liable for failure or delay due to events beyond reasonable control (natural disasters, widespread outages, cyberattacks, government actions, labor disputes, etc.).

11. Indemnification

You agree to indemnify Expert Allies LTD and its directors, employees, and partners against claims arising from your breach of these Terms or misuse of the Service, except where caused by our intentional misconduct or gross negligence.

12. Governing law and jurisdiction

These Terms are governed by Bulgarian law. Disputes are subject to the exclusive jurisdiction of the competent courts in Sofia, Bulgaria, unless mandatory law provides otherwise.

13. Changes

We may update these Terms by posting a revised version on the website. Material changes affecting existing Customers may be communicated by email or in-product notice where appropriate. Continued use after the effective date constitutes acceptance.

14. Contact

Expert Allies LTD — support@nisium.com