GRSCIA

Terms of Use

Version: 2025-01 Effective Date: January 1, 2025 Last Updated: February 24, 2026

1. Agreement to Terms

By accessing or using the GRSCIA Platform ("Service"), you agree to be bound by these Terms of Use ("Terms"). If you do not agree to these Terms, do not use the Service.

These Terms constitute a legally binding agreement between you (the "Customer" or "you") and GRSCIA, powered and managed by CISOSHARE INSPECTION AUDIT SERVICES - L.L.C - S.P.C (Company Registration Number: CN-5499111) ("GRSCIA," "we," "us," or "Company").

These Terms of Use are subject to and governed by the Master Service Agreement (MSA). In case of conflict, the MSA shall prevail except where the DPA expressly governs data protection and processing matters.

2. Definitions

  • "ADHICS": Abu Dhabi Healthcare Information and Cyber Security Standard Version 2
  • "Authorized User": Any individual authorized by Customer to access the Service
  • "Content": Data, documents, and information you upload or process through the Service
  • "DoH": Abu Dhabi Department of Health
  • "Owner": The primary account holder who completes onboarding and has administrative privileges
  • "Personal Data": Information relating to an identified or identifiable natural person
  • "Platform": The GRSCIA SaaS application and all related features
  • "Protected Health Information (PHI)": Health information as defined under ADHICS
  • "Service": The GRSCIA SaaS platform and all related features and services
  • "Tenant": Your isolated workspace within the GRSCIA platform

3. Eligibility

3.1 Business Accounts

The Service is intended for healthcare entities, service providers, and related organizations operating within the jurisdiction of the Abu Dhabi Department of Health that require ADHICS compliance.

3.2 Authorization

By creating an account, you represent and warrant that:

  • You are authorized to bind your organization to these Terms and the Master Service Agreement
  • You have a valid UAE Trade License
  • All information provided during registration is accurate, complete, and current
  • You are at least 18 years of age
  • You have the authority to process the data you submit to the Service
  • You have obtained all necessary consents for data processing

3.3 Verification

GRSCIA reserves the right to verify your Trade License and organizational information. Provision of false information constitutes grounds for immediate account termination.

4. Account Registration and Security

4.1 Account Creation

  • You must provide accurate and complete information during onboarding
  • One Trade License corresponds to one Tenant workspace
  • You are responsible for maintaining the confidentiality of your credentials
  • Account credentials must not be shared with unauthorized parties

4.2 Multi-Factor Authentication

In accordance with ADHICS Access Control (AC) requirements:

  • Multi-factor authentication is required for Owner accounts
  • Supported Owner MFA methods include TOTP and UAE Pass
  • You must securely store your backup codes
  • MFA may be required for additional roles based on privilege levels
  • GRSCIA may enforce additional authentication requirements for security purposes

4.3 Account Responsibility

  • You are solely responsible for all activity under your account
  • You must notify us immediately of any unauthorized access or security breach
  • We are not liable for losses due to compromised credentials unless caused by our negligence
  • You must maintain accurate contact information for security notifications

4.4 Session Management

  • Sessions are subject to automatic timeout based on ADHICS requirements
  • Concurrent session limits may apply based on your subscription plan
  • You must log out when using shared or public devices

5. Acceptable Use Policy

5.1 Permitted Use

You may use the Service only for:

  • Lawful business purposes in compliance with UAE laws
  • Managing ADHICS compliance activities for your organization
  • Processing data that you are authorized to process
  • Purposes consistent with the functionality of the Platform

5.2 Prohibited Activities

You must NOT:

Security Violations:

  • Attempt to gain unauthorized access to the Platform, other accounts, or systems
  • Probe, scan, or test the vulnerability of the Service without authorization
  • Interfere with or disrupt the integrity or performance of the Service
  • Bypass or circumvent security measures or access controls
  • Introduce malicious code, viruses, worms, or harmful content

Unauthorized Use:

  • Use the Service for purposes other than ADHICS compliance management
  • Access the Service on behalf of third parties without our consent
  • Resell, sublicense, or provide access to the Service to unauthorized parties
  • Use the Service to process data for organizations not covered by your subscription

Intellectual Property:

  • Reverse engineer, decompile, disassemble, or attempt to derive source code
  • Copy, modify, or create derivative works of the Platform
  • Remove, alter, or obscure proprietary notices or branding

Data Violations:

  • Store or process illegal, fraudulent, or harmful content
  • Process data in violation of ADHICS data residency requirements
  • Transfer Protected Health Information outside the UAE without authorization
  • Process data for which you lack proper consent or legal basis

Misrepresentation:

  • Provide false or misleading information
  • Misrepresent your ADHICS compliance status
  • Impersonate any person or entity

5.3 Consequences of Violation

Violation of this Acceptable Use Policy may result in:

  • Immediate suspension of your account without notice
  • Permanent termination of your account without refund
  • Legal action for damages or injunctive relief
  • Reporting to relevant authorities including DoH
  • Liability for costs incurred in addressing the violation

6. Subscription and Billing

6.1 Free Trial

  • 14-day free trial with full feature access
  • No credit card required during trial period
  • Trial usage is subject to these Terms
  • Data retained if you upgrade within 7 days of trial expiration
  • Trial may not be extended or renewed

6.2 Subscription Plans

  • Starter Plan: For small healthcare facilities
  • Professional Plan: For medium healthcare organizations
  • Enterprise Plan: For large healthcare entities and service providers
  • Current pricing available at: https://grscia.ae/pricing
  • Custom enterprise agreements available upon request

6.3 Billing

  • Billed monthly or annually in advance as specified in your Order Form
  • Payments processed securely through Stripe (PCI DSS compliant)
  • All prices are in AED unless otherwise specified
  • Prices are exclusive of applicable taxes (VAT)
  • Payment is due within 30 days of invoice date

6.4 Refunds

  • No refunds for partial months or early cancellation
  • Trial accounts are not eligible for refunds
  • Service credits for availability failures provided per the SLA
  • Refund requests must be submitted to billing@grscia.ae

6.5 Payment Failure

  • Payment retries and delinquency handling are processed through Stripe subscription workflows
  • A billing grace period applies (configured operationally and documented in billing controls)
  • If delinquency persists beyond grace, the account may be suspended
  • Suspension-triggered lifecycle handling is: soft-delete at suspension + 30 days, then hard-delete due 90 days after soft-delete unless legal hold/statutory retention applies

6.6 Price Changes

  • We may change pricing with 60 days' advance notice
  • Price changes take effect at the next renewal period
  • Current subscribers protected during their active term

7. Data Ownership and Licenses

7.1 Your Content

  • You retain all ownership rights in your Content
  • You are solely responsible for the accuracy, quality, and legality of your Content
  • You grant us a limited, non-exclusive license to host, process, and display your Content solely to provide the Service
  • You represent that you have all necessary rights to submit Content to the Service

7.2 Protected Health Information

  • PHI is processed in accordance with ADHICS requirements
  • Processing is governed by the Data Processing Agreement (DPA)
  • You are responsible for ensuring proper classification of PHI
  • Access to PHI is limited to authorized personnel only

7.3 GRSCIA Intellectual Property

  • The Platform, including all software, code, design, and branding, is our exclusive property
  • You receive a limited, non-exclusive, non-transferable license to use the Service during your subscription
  • No rights are granted beyond access to the Service as expressly provided
  • All improvements, modifications, and derivative works are our exclusive property

7.4 Feedback

Any suggestions, enhancement requests, or feedback you provide may be used by GRSCIA without restriction or obligation to you.

8. Service Availability

8.1 Uptime Commitment

  • Production Services: 99.95% monthly availability (Cloud Deployment)
  • Detailed availability commitments in the Service Level Agreement (SLA)
  • Availability excludes scheduled maintenance windows

8.2 Maintenance

  • Scheduled Maintenance: Announced at least 48 hours in advance via email and in-app notification
  • Maintenance Windows: Friday 11:00 PM - Saturday 5:00 AM GST (preferred)
  • Emergency Maintenance: May occur without notice for security or stability issues
  • Maintenance time excluded from availability calculations

8.3 Service Modifications

  • We may modify, enhance, or discontinue features with reasonable notice
  • Material changes to core functionality announced 30 days in advance
  • We will provide migration assistance when discontinuing features
  • No liability for modifications made to improve security or compliance

8.4 Disclaimer

THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. GRSCIA DOES NOT GUARANTEE ADHICS CERTIFICATION OR COMPLIANCE OUTCOMES. THE PLATFORM PROVIDES TOOLS TO ASSIST WITH COMPLIANCE; ACHIEVING COMPLIANCE REMAINS YOUR RESPONSIBILITY.

9. Privacy and Data Protection

9.1 Privacy Policy

Your use of the Service is subject to our Privacy Policy, which describes how we collect, use, and protect your personal information.

9.2 Data Processing Agreement

Processing of Personal Data and Protected Health Information is governed by the Data Processing Agreement (DPA), which is incorporated by reference.

9.3 Data Residency

  • GRSCIA enforces strict UAE residency for the platform database and tenant databases
  • Certain non-database processing (including approved MCP and billing operations) may run under documented contractual safeguards
  • Additional transfer and residency obligations are governed by the DPA and applicable law

9.4 Security Measures

We implement security measures aligned with ADHICS requirements, including:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Multi-factor authentication
  • Role-based access control
  • Comprehensive audit logging
  • Regular security assessments

10. Termination

10.1 Termination by You

  • You may cancel your subscription at any time through the Platform or by contacting support
  • Cancellation takes effect at the end of the current billing period
  • Data export is available for 30 days from the cancellation timestamp
  • Soft-delete is applied at cancellation + 30 days
  • Hard-delete is due by cancellation + 90 days, subject to legal hold/statutory retention
  • No refunds for prepaid subscription periods

10.2 Termination by GRSCIA

We may suspend or terminate your account immediately for:

  • Material violation of these Terms or the Acceptable Use Policy
  • Non-payment after the grace period
  • Illegal activity or fraud
  • Provision of false or misleading information
  • Security threats to the Platform or other customers
  • Inactivity exceeding 12 months
  • As required by law or regulatory authority

Lifecycle triggers and timelines:

  • Inactivity (>12 months without login activity): soft-delete at threshold; hard-delete due 90 days later
  • Suspension (including billing grace breach): soft-delete at suspension + 30 days; hard-delete due 90 days later

10.3 Effect of Termination

Upon termination:

  • Your access to the Service ceases immediately
  • Delete in customer-facing wording means a staged lifecycle: soft-delete first, then hard-delete
  • Hard-delete execution is performed only by platform super-admin authority (tenant admins cannot hard-delete)
  • We provide export entitlement and deletion handling according to Section 10.1/10.2 and the DPA
  • Certain provisions of these Terms survive termination

10.4 Survival

Sections relating to intellectual property, confidentiality, limitation of liability, indemnification, and governing law survive termination.

11. Limitation of Liability

11.1 Exclusion of Damages

TO THE MAXIMUM EXTENT PERMITTED BY UAE LAW, GRSCIA IS NOT LIABLE FOR:

  • Indirect, incidental, special, consequential, or punitive damages
  • Loss of profits, revenue, business opportunities, or goodwill
  • Loss of data beyond restoration from available backups
  • Business interruption or reputational damage
  • Cost of procuring substitute services

11.2 Liability Cap

GRSCIA's total aggregate liability for all claims under these Terms shall not exceed the greater of:

  • The total fees paid by you in the 12 months preceding the claim
  • AED 50,000

11.3 Exceptions

These limitations do NOT apply to:

  • Liability that cannot be limited under applicable law
  • Your payment obligations
  • Breaches of intellectual property rights
  • Gross negligence or willful misconduct

11.4 Acknowledgment

YOU ACKNOWLEDGE THAT THE FEES REFLECT THE ALLOCATION OF RISK IN THESE TERMS AND THAT GRSCIA WOULD NOT PROVIDE THE SERVICE WITHOUT THESE LIMITATIONS.

12. Indemnification

12.1 Your Indemnification

You agree to defend, indemnify, and hold harmless GRSCIA from and against any claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from:

  • Your violation of these Terms or applicable laws
  • Your Content, including claims of infringement or privacy violations
  • Your unauthorized use of the Service
  • Your failure to obtain necessary consents for data processing
  • Claims by your Authorized Users or third parties related to your account

12.2 Indemnification Procedure

We will:

  • Promptly notify you of any claim (failure to notify does not relieve your obligation)
  • Provide reasonable cooperation in the defense
  • Allow you to control the defense and settlement (with our consent for settlements affecting us)

13. Dispute Resolution

13.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the United Arab Emirates and the Emirate of Abu Dhabi.

13.2 Dispute Resolution Process

  1. Negotiation: Parties shall attempt to resolve disputes through good faith negotiation for 30 days
  2. Escalation: If unresolved, disputes escalated to senior management for 15 days
  3. Arbitration: Binding arbitration administered by Abu Dhabi Commercial Conciliation and Arbitration Centre (ADCCAC)

13.3 Arbitration

  • Conducted in Abu Dhabi in English
  • Single arbitrator mutually agreed or appointed by ADCCAC
  • Arbitral award is final and binding
  • Each party bears its own costs; arbitration costs allocated by tribunal

13.4 Class Action Waiver

You agree to resolve disputes individually and waive any right to participate in class actions, collective proceedings, or representative actions.

13.5 Injunctive Relief

Nothing prevents either party from seeking injunctive or equitable relief from courts to prevent irreparable harm.

14. Changes to Terms

14.1 Modifications

We may modify these Terms at any time:

  • Material changes require 30 days' advance notice via email and in-app notification
  • Non-material changes effective upon posting with updated "Last Updated" date
  • Continued use after notice period constitutes acceptance

14.2 Objection to Changes

If you object to material changes:

  • You may terminate your subscription before the changes take effect
  • Termination must be in writing within the notice period
  • You will receive a pro-rata refund of prepaid fees

14.3 Version History

15. Miscellaneous

15.1 Entire Agreement

These Terms, together with the Master Service Agreement, Service Level Agreement, Data Processing Agreement, Privacy Policy, Cookie Policy, and applicable Order Forms, constitute the entire agreement between you and GRSCIA.

15.2 Order of Precedence

In case of conflict:

  1. Order Form (specific terms)
  2. Master Service Agreement
  3. Data Processing Agreement (for data protection and processing matters)
  4. Service Level Agreement (for availability, support, and operational service matters)
  5. These Terms of Use
  6. Privacy Policy
  7. Cookie Policy

15.3 Severability

If any provision is found invalid or unenforceable, the remaining provisions remain in full force and effect.

15.4 No Waiver

Our failure to enforce any right or provision does not constitute a waiver of that right or provision.

15.5 Assignment

  • You may not assign these Terms without our prior written consent
  • We may assign to an Affiliate or successor entity upon notice
  • Any unauthorized assignment is void

15.6 Force Majeure

Neither party is liable for failures due to circumstances beyond reasonable control, including natural disasters, war, terrorism, pandemics, or government actions.

15.7 Relationship

These Terms do not create any employment, partnership, joint venture, or agency relationship.

15.8 Language

These Terms are executed in English. If translated, the English version prevails.

16. Related Documents

The following documents form an integral part of your agreement with GRSCIA:

DocumentDescriptionReference
Data Processing AgreementData protection obligationsView
Service Level AgreementAvailability and support commitmentsView
Privacy PolicyPersonal data handlingView
Cookie PolicyCookie categories and consent controlsView
Sub-Processor RegisterPublic list of active sub-processorsView

17. Contact Information

For questions about these Terms:

GRSCIA Legal Team Email: compliance@grscia.ae

General Support Email: info@grscia.ae Phone: +971 50 112 3842

Address: GRSCIA, powered and managed by CISOSHARE INSPECTION AUDIT SERVICES - L.L.C - S.P.C Abu Dhabi, United Arab Emirates

Acknowledgment

By clicking "I Accept," signing an Order Form, or using the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms of Use and all Related Documents.

Version: 2025-01 Document Hash: [Calculated upon finalization]