Terms of Service

Effective 25 June 2026

Template pending review by qualified counsel before publication. Items in square brackets — legal entity, registered address, and governing law — must be confirmed. The remaining text describes how Normproof actually works.

These terms are a contract between you and Nomad Crow s.r.o. ("we", "us") and govern your use of Normproof (the "Service"). By creating an account or using the Service, you agree to them.

1. The Service

Normproof helps software manufacturers prepare and maintain a conformity package for the EU Cyber Resilience Act (Regulation (EU) 2024/2847): a software bill of materials (SBOM), vulnerability handling, technical documentation, and a draft EU Declaration of Conformity. The Service generates these artefacts from the information and source/build data you connect.

2. Not legal advice; you self-declare conformity

Normproof is a tool, not a law firm, a notified body, or a conformity-assessment body. We do not provide legal advice and we do not certify your products. Under the CRA default category (Annex VIII, Module A) the manufacturer assesses and declares conformity on its own responsibility. The documents the Service produces are drafts and evidence to support your assessment; you are responsible for reviewing them, supplying accurate inputs, completing any items marked “needs input”, and deciding whether to sign and rely on the Declaration of Conformity. Nothing in the Service shifts that responsibility to us.

3. Accounts

You must provide accurate registration details and keep your credentials secure. You are responsible for activity under your account and your organisation’s workspace. Roles (Owner, Admin, Editor, Viewer) determine what each member may do. Notify us promptly of any unauthorised access.

4. Acceptable use

You agree not to:

  • access another customer’s organisation or data, or attempt to defeat tenant isolation;
  • probe, scan, or load-test the Service except through features we provide for your own data;
  • upload unlawful content or material you have no right to submit;
  • resell or provide the Service to third parties except as expressly permitted; or
  • misuse the free, public CRA readiness checker (it is rate-limited and for genuine evaluation).

5. Your data

You retain all rights in the data you submit (“Customer Data”), including source and build metadata, SBOMs, and the generated dossiers. You grant us a limited licence to process Customer Data solely to operate and improve the Service for you. How we handle personal data is described in our Privacy Policy.

6. Plans, billing and trials

The public readiness checker and the open-source SBOM/scan CLI are free. Paid plans (documents, monitoring, and audit trail) are billed through our payment processor, Stripe. Fees are stated at checkout, charged in advance for the billing period, and exclusive of taxes unless stated. Subscriptions renew automatically until cancelled; you can cancel anytime and retain access through the end of the paid period. Except where required by law, fees are non-refundable.

7. Availability and changes

We aim to keep the Service available but do not guarantee uninterrupted operation. We may update features, the rules library, and document templates; material changes that affect your dossiers are versioned so prior outputs remain reproducible.

8. Third-party services

The Service relies on sub-processors (for example cloud hosting in the EU, Stripe for payments, and an email provider). It also draws on public vulnerability data sources. We are not responsible for the content or availability of third-party services.

9. Warranties and disclaimer

The Service is provided “as is” and “as available”. To the maximum extent permitted by law, we disclaim all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that use of the Service will result in regulatory compliance or a successful conformity assessment.

10. Limitation of liability

To the maximum extent permitted by law, neither party is liable for indirect, incidental, or consequential damages. Our aggregate liability arising out of the Service is limited to the fees you paid in the twelve months before the event giving rise to the claim. Nothing limits liability that cannot be limited by law.

11. Termination

You may stop using the Service and close your account at any time. We may suspend or terminate access for material breach of these terms. On termination you may export your Customer Data for a reasonable period, after which we may delete it in line with the Privacy Policy.

12. Governing law

These terms are governed by the laws of the Slovak Republic, and the courts of that jurisdiction have exclusive jurisdiction, without prejudice to mandatory consumer-protection rights you may have where you live.

13. Changes to these terms

We may update these terms. We will post the new version here and update the effective date; material changes will be notified to account holders. Continued use after changes take effect means you accept them.

14. Contact

Nomad Crow s.r.o., Astrová 43, 900 41 Rovinka, Slovakia. Questions about these terms: legal@normproof.com.

Questions? See the Privacy Policy and Terms of Service, or contact support@normproof.com.