IronShield Technologies Inc.
These Terms of Service (“Terms”) constitute a legally binding agreement between IronShield Technologies Inc., a Delaware corporation (“IronShield,” “we,” “us,” or “our”), and the entity or individual accessing or using the IronShield platform (“you” or “Customer”). By accessing or using the Service, you agree to be bound by these Terms.
Please read these Terms carefully. If you do not agree, do not access or use the Service.
These Terms should be read together with our Privacy Policy and, where applicable, a Data Processing Agreement. In the event of a conflict between these Terms and a separately executed order form or enterprise agreement, the order form or enterprise agreement controls.
Subject to these Terms and timely payment of applicable fees, IronShield grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Service solely for your internal compliance management purposes during the term of your subscription.
You are responsible for all actions taken by your Authorized Users. You agree to:
You agree not to:
IronShield may make Beta Features available at no charge or reduced fee. Beta Features are provided “AS IS” without warranty of any kind. IronShield reserves the right to modify, suspend, or discontinue Beta Features at any time without notice or liability.
Demo accounts are subject to these Terms in their entirety. IronShield may limit functionality, data retention periods, or access duration for demo accounts. Compliance Assessment Data entered during a demo period is retained for 90 days following the end of the demo period, after which it will be permanently deleted unless the account converts to a paid subscription. IronShield is not responsible for loss of demo data after this period.
The Service is a compliance management tool only. IronShield does not guarantee CMMC certification, a specific SPRS score, or that use of the Service will result in a passing assessment or government contract award.
IronShield is not a Certified Third-Party Assessment Organization (C3PAO) and does not conduct official CMMC assessments. Nothing provided through the Service constitutes an official CMMC assessment, certification, or validation.
SPRS scores calculated by the Service are estimates based on information you provide. They are not official DoD scores and have not been validated by any government agency. You are solely responsible for any SPRS score you submit to the government through the SPRS portal or otherwise.
IronShield is not a FedRAMP Authorized cloud service provider and does not claim FedRAMP Moderate Equivalency as defined by the DoD Chief Information Officer. The Service is not approved for the processing, storage, or transmission of CUI, CDI, or FCI as defined under DFARS 252.204-7012. Do not upload CUI or classified information to the Service.
IronShield is not endorsed by, affiliated with, or sponsored by the Department of Defense, the Cyber AB, NIST, DCSA, or any federal agency or department.
Nothing in the Service constitutes legal, regulatory, cybersecurity, or professional compliance advice. You should consult qualified legal and cybersecurity professionals for advice specific to your situation and contracts.
IronShield's platform is designed to help defense contractors accurately assess and document their cybersecurity posture. The following provisions reflect the gravity of using compliance data in connection with government contracts.
By using the Service, you warrant that all Compliance Assessment Data you enter into the platform accurately reflects your organization's actual cybersecurity posture and control implementation status to the best of your knowledge. You agree to promptly update any Compliance Assessment Data that becomes inaccurate or incomplete.
Before submitting any SPRS score, POA&M, System Security Plan, or other compliance documentation to the government, a prime contractor, or a C3PAO assessor, you are solely responsible for independently verifying that all data is accurate, complete, and current. IronShield is not responsible for any government submission you make using data generated or stored by the Service.
You acknowledge that knowingly submitting false SPRS scores or compliance certifications to the U.S. government may constitute a violation of the False Claims Act (31 U.S.C. §§ 3729–3733) and the False Statements Act (18 U.S.C. § 1001), which can result in civil and criminal penalties including treble damages, per-claim penalties, and debarment. IronShield bears no liability for any such submissions.
IronShield reserves the right to immediately suspend or terminate access to the Service, without prior notice or liability, if IronShield reasonably believes the Service is being used to: (a) fabricate or falsify compliance documentation intended for government submission; (b) enter materially inaccurate SPRS scores; or (c) otherwise facilitate a violation of the False Claims Act or False Statements Act. IronShield also reserves the right to preserve relevant data and cooperate with law enforcement or government investigations in such circumstances.
You retain all ownership rights to Customer Data. By submitting Customer Data to the Service, you grant IronShield a limited license to process, store, and use Customer Data solely to provide the Service and as described in our Privacy Policy.
IronShield treats Compliance Assessment Data as sensitive business information. IronShield will not use Compliance Assessment Data for advertising, analytics, product improvement, AI model training, or any purpose other than service delivery. IronShield will not disclose Compliance Assessment Data to any third party except as expressly permitted by these Terms, required by applicable law, or directed by you.
Where IronShield processes personal data on your behalf as a data processor, such processing is governed by a Data Processing Agreement (DPA). Enterprise customers may execute a DPA by contacting [email protected]. In the event of a conflict between the DPA and these Terms with respect to the processing of personal data, the DPA controls.
Unless IronShield has separately agreed in writing to FedRAMP-authorized or equivalent data handling, you should not store actual CUI, CDI, or FCI in the Service. IronShield makes no warranty that the Service meets any government data handling requirement.
Customers on paid plans agree to pay all applicable fees as set forth in their order form or subscription agreement. All fees are stated in US dollars.
Fees are non-refundable except as expressly stated in these Terms or required by applicable law. IronShield reserves the right to modify pricing with at least thirty (30) days' written notice. Continued use of the Service after a price change constitutes acceptance of the new pricing. If a pricing change is not acceptable, your sole remedy is to terminate your subscription before the change takes effect.
Accounts more than fifteen (15) days past due may be suspended. Accounts more than thirty (30) days past due may be terminated. IronShield reserves the right to charge interest on overdue balances at 1.5% per month or the maximum rate permitted by law, whichever is lower.
All fees are exclusive of applicable taxes. You are responsible for all taxes associated with your purchase except for taxes based on IronShield's net income.
IronShield retains all right, title, and interest in and to the Service, including all software, algorithms, interfaces, documentation, and any improvements or derivative works thereof. Nothing in these Terms transfers any IronShield intellectual property to you.
You grant IronShield a non-exclusive, royalty-free license to use aggregated, anonymized, de-identified usage data derived from your use of the Service for platform improvement and analytics purposes, provided such data cannot reasonably be used to identify you, your organization, or your compliance posture. IronShield will not use Compliance Assessment Data for this purpose.
Any feedback, suggestions, or ideas you submit to IronShield regarding the Service may be used by IronShield without restriction or compensation.
The Service is provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.
IronShield does not warrant that: (a) the Service will be error-free or uninterrupted; (b) defects will be corrected; (c) the Service is free from security vulnerabilities; (d) SPRS scores or other compliance outputs are accurate or will be accepted by any government agency or assessor; or (e) use of the Service will satisfy any contractual, regulatory, or legal compliance obligation.
To the maximum extent permitted by applicable law, IronShield and its officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, government contracts, or goodwill, arising out of or related to your use of the Service.
IronShield's total cumulative liability shall not exceed:
These limitations apply regardless of the legal theory on which the claim is based and even if IronShield has been advised of the possibility of such damages. IronShield's liability for claims arising from gross negligence or willful misconduct is not limited by this section to the extent prohibited by applicable law.
You agree to indemnify, defend, and hold harmless IronShield and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or related to:
These Terms remain in effect for the duration of your access to the Service. Either party may terminate these Terms upon written notice if the other party materially breaches these Terms and fails to cure such breach within thirty (30) days of written notice.
IronShield may immediately suspend or terminate your access without notice if: (a) you fail to pay applicable fees after fifteen (15) days' notice; (b) you violate Sections 2.3 or 5; (c) IronShield reasonably believes continued access poses a security or legal risk; or (d) required by applicable law or government authority.
Upon termination, your license to use the Service ceases immediately. IronShield will provide a 30-day data export period during which you may download your Customer Data in standard formats. After 30 days, IronShield will permanently delete all Customer Data including backups using NIST SP 800-88 compliant methods. IronShield will provide written deletion confirmation upon request.
Sections 1, 4, 5, 6, 8, 9, 10, 11, 12, 13, and 14 survive termination of these Terms.
These Terms are governed by the laws of the State of Delaware, without regard to its conflict of law provisions. Any dispute arising out of or related to these Terms shall be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. The arbitration shall be conducted in English and the award may be entered in any court of competent jurisdiction.
Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm. Claims for $25,000 or less may be brought in small claims court at either party's election.
Any claims must be brought within two (2) years of the event giving rise to the claim. Claims not brought within this period are permanently barred.
These Terms, together with any applicable order form, DPA, or subscription agreement, constitute the entire agreement between the parties with respect to the Service and supersede all prior agreements, understandings, and representations.
IronShield may update these Terms at any time. We will notify account administrators of material changes via email and in-platform notice at least fourteen (14) days before changes take effect. Non-material changes take effect upon posting. Continued use after the effective date constitutes acceptance. If a material change is not acceptable, your sole remedy is to terminate your subscription before the change takes effect.
If any provision of these Terms is held unenforceable, it will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force.
Failure by either party to enforce any right under these Terms does not constitute a waiver of that right.
You may not assign these Terms or your rights hereunder without IronShield's prior written consent. IronShield may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided that the assignee assumes all obligations under these Terms.
Neither party is liable for delays or failures caused by circumstances beyond its reasonable control, including natural disasters, government actions, internet disruptions, or cyberattacks, provided the affected party gives prompt notice and uses reasonable efforts to resume performance.
IronShield and Customer are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between the parties.
You agree to comply with all applicable US export control laws and regulations, including the Export Administration Regulations (EAR) and ITAR. You will not access or use the Service in any manner that would cause IronShield to violate applicable export control laws.
For questions about these Terms:
IronShield Technologies Inc.
General: [email protected]
Security incidents: [email protected]
Privacy: [email protected]
Last updated: March 16, 2026 · Version 1.1