Terms of Service

1. Who we are and what this agreement covers

These Terms of Service (“Terms”) govern your access to and use of CyberCheck, a cybersecurity assessment platform operated by Monarch Compass (“CyberCheck”, “we”, “us”, or “our”), a company incorporated in Nova Scotia, Canada.

CyberCheck operates two products:

• CyberCheck Quick Screen (Quick-10): A free, 10-question cybersecurity risk screen made available to small and medium-sized businesses (“SMBs”) through their security advisor or insurance broker (“Broker”).
• CyberCheck Deep Assessment: A paid, approximately 40-question assessment mapped to the NIST Cybersecurity Framework 2.0, resulting in a scored PDF report (“Report”). Available directly to individuals and businesses on a self-serve basis.

These Terms apply to all users of the platform, including SMBs completing assessments (“Users”) and Brokers accessing results on behalf of their clients. Brokers are subject to additional terms set out in Section 11.

2. Eligibility and capacity

To use CyberCheck, you must:

• Be at least 18 years of age; and
• Not be prohibited from using the platform under applicable Canadian law.

By using the platform, you represent and warrant that you meet these requirements. CyberCheck is not directed at individuals under 18 and we do not knowingly collect their information.

3. Account registration and security

The Deep Assessment requires you to create an account using a verified email address, Google OAuth, or a passkey. You are responsible for:

• Providing accurate and complete account information;
• Maintaining the security of your sign-in method;
• All activity that occurs under your account; and
• Notifying us immediately at info@monarchcompass.ca if you suspect unauthorized access to your account.

We reserve the right to suspend or terminate accounts that we reasonably believe have been compromised or are being used in violation of these Terms.

4. Fees, payment, and refunds

4.1 Pricing

The Deep Assessment is currently priced at $50.00 CAD per assessment, plus applicable taxes. Prices may change on 30 days’ written notice to existing users. Price changes do not affect assessments already purchased.

4.2 Payment processing

Payments are processed by Stripe, Inc. You agree to Stripe’s terms of service in addition to these Terms. We do not store your credit card details.

4.3 Promo codes

We may issue promotional codes that waive the assessment fee in whole or in part. Codes are non-transferable, have no cash value, and may be subject to expiry dates and additional conditions communicated at issuance.

4.4 Taxes

The $50.00 CAD fee is all-inclusive. You are responsible for any taxes applicable to your use of the platform in your jurisdiction that we are not required to collect.

4.5 Refund policy

Because the Report is generated immediately upon payment, all sales are final once the Report has been made available for download. If you experience a technical failure that prevents access to your completed Report, contact us at info@monarchcompass.ca and we will work to resolve it. We may issue refunds at our sole discretion in exceptional circumstances.

5. Nature of the service — not professional advice

Your score reflects what you reported at the time of completion. It may not account for all risks relevant to your organization and does not guarantee that your organization will not experience a cybersecurity incident.

6. Acceptable use

You agree not to:

• Provide false, misleading, or inaccurate answers with intent to obtain a more favourable result;
• Access or attempt to access the accounts or data of other users;
• Reverse-engineer, decompile, or attempt to extract the source code or scoring algorithm;
• Use the platform to develop competing products or services;
• Submit content that is unlawful, defamatory, or infringes intellectual property rights;
• Use automated scripts, scrapers, or bots to access the platform; or
• Interfere with the platform’s integrity or availability, including by attempting to introduce malicious code, conducting denial-of-service attacks, or exploiting security vulnerabilities.

Violation of this section may result in immediate suspension or termination of your account and may expose you to civil or criminal liability under the Criminal Code of Canada (including ss. 342.1 and 430) and other applicable law.

7. Your data and our right to use it

7.1 Your ownership

You retain ownership of the information you submit through assessments. By submitting it, you grant us a limited licence to store, process, and display it for the purpose of delivering the services described in these Terms.

7.2 De-identified data and academic research

We may de-identify your assessment responses by permanently removing all personal identifiers — including name, email address, company name, contact details, and any combination of fields that could reasonably re-identify you or your organization — and use the resulting anonymized data for academic research purposes.

De-identified data may be:

• Shared with academic institutions, research partners, or published in academic papers, conference proceedings, or reports;
• Aggregated with data from other respondents to identify trends in SMB cybersecurity posture at a sector, regional, or national level; and
• Retained indefinitely in anonymized form for longitudinal research purposes, even after you delete your account.

Because de-identified data cannot reasonably be used to identify any individual or organization, it ceases to be “personal information” within the meaning of the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Our de-identification process is designed to meet or exceed the standard set by the Office of the Privacy Commissioner of Canada’s guidance on anonymization.

Your identifiable assessment results are never sold, shared with insurers for underwriting decisions about you, or disclosed to third parties except as described in our Privacy Policy.

7.3 Aggregate and industry statistics

We may also publish aggregate statistics derived from the platform — for example, “X% of Atlantic Canadian SMBs in the retail sector have implemented MFA” — without attribution to any individual respondent.

8. Intellectual property

CyberCheck and all content, software, scoring algorithms, question sets, report templates, and visual design comprising the platform are owned by us or our licensors and are protected by Canadian and international copyright, trademark, and other intellectual property law.

We grant you a limited, non-exclusive, non-transferable licence to access and use the platform and your generated Report for your internal business purposes. You may share your Report with your insurance broker, security advisor, or other professional advisors.

You may not reproduce, distribute, publicly display, resell, or create derivative works from any part of the platform or the Reports without our prior written consent.

9. Privacy

Our collection, use, and disclosure of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the platform, you consent to the practices described in the Privacy Policy.

Personal information you submit may be stored on servers located outside Canada (currently in the United States). We take steps to ensure it is protected to a standard consistent with Canadian privacy law, as described in the Privacy Policy.

10. Disclaimer of warranties

To the maximum extent permitted by applicable law, CyberCheck and the Reports are provided “as is” and “as available” without warranty of any kind, whether express, implied, or statutory, including but not limited to warranties of merchantability, fitness for a particular purpose, accuracy, completeness, or non-infringement.

We do not warrant that the platform will be uninterrupted, error-free, or free of viruses or other harmful components, or that any defects will be corrected. We do not warrant that the platform will meet your specific requirements or that results will be accurate, complete, or reliable in all circumstances.

Some jurisdictions do not allow the exclusion of implied warranties. To the extent that such exclusions are not permitted, they apply to the maximum extent allowable under applicable law.

11. Additional terms for Brokers

If you are accessing CyberCheck as a Broker — a security advisor, insurance intermediary, or other professional who presents the platform to SMB clients — the following additional terms apply to you:

• Client consent. You are responsible for ensuring that each SMB client is informed that their assessment results will be shared with you, and for obtaining their consent before directing them to the platform.
• Handling of results. You must handle SMB assessment results in compliance with PIPEDA and applicable provincial privacy legislation, and in accordance with any data processing agreement we enter into with you.
• No underwriting use without consent. You must not use individual SMB assessment results as the sole or primary basis for underwriting decisions, coverage denial, or premium adjustment without the explicit informed consent of the SMB.
• Platform fee. Access to Broker features (multi-client dashboard, result exports, and white-label branding) is subject to a separate platform subscription agreement.
• White-label use. Co-branding of the platform with your firm’s name and logo is permitted under your subscription. You may not remove or obscure CyberCheck attribution or misrepresent the platform as proprietary software you developed.

12. Limitation of liability

To the maximum extent permitted by applicable law, in no event will CyberCheck, its officers, directors, employees, or contractors be liable for any:

• Indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, goodwill, or business opportunities;
• Damages arising from your reliance on assessment results, including any cybersecurity incident that occurs despite a favourable score; or
• Damages arising from unauthorized access to or alteration of your data by third parties.

Our total aggregate liability to you for any claims arising from or relating to these Terms or the platform — whether in contract, tort, statute, or otherwise — will not exceed the greater of: (a) the amount you paid us in the 12 months preceding the claim; or (b) $100 CAD.

Some jurisdictions do not allow the exclusion or limitation of certain damages. The above limitations apply to the maximum extent permitted by applicable law.

13. Indemnification

You agree to indemnify, defend, and hold harmless CyberCheck and its officers, directors, employees, and contractors from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or relating to: (a) your use of the platform in violation of these Terms; (b) any false or misleading information you submitted; or (c) your violation of any applicable law or the rights of a third party.

14. Suspension and termination

We may suspend or terminate your access to the platform at any time, with or without notice, if we reasonably believe you have violated these Terms or applicable law, or if we discontinue the platform. Upon termination:

• Your right to access the platform ceases immediately;
• We will retain your data for the periods described in our Privacy Policy and then delete or anonymize it; and
• Sections 5, 7.2, 7.3, 8, 10, 12, 13, 15, and 16 survive termination.

You may close your account at any time by contacting us at info@monarchcompass.ca. Closing your account does not entitle you to a refund of any fees already paid.

15. Governing law and dispute resolution

These Terms are governed by and construed in accordance with the laws of the Province of Nova Scotia and the federal laws of Canada applicable therein, without regard to conflict of law principles.

Any dispute arising out of or relating to these Terms or your use of the platform that cannot be resolved through good-faith negotiation will be submitted to the exclusive jurisdiction of the courts of Nova Scotia, Canada. You consent to personal jurisdiction in those courts.

Nothing in this section prevents either party from seeking injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm pending the resolution of a dispute.

16. Changes to these Terms

We may update these Terms from time to time. When we do:

• We will update the “Last updated” date at the top of this page;
• For material changes, we will provide at least 30 days’ notice by email to registered users; and
• Your continued use of the platform after the effective date constitutes acceptance of the revised Terms. If you do not agree, you must stop using the platform before the change takes effect.

17. Force majeure

We will not be liable for any delay or failure to perform our obligations under these Terms where that delay or failure results from circumstances beyond our reasonable control, including but not limited to:

• Natural disasters, fire, flood, earthquake, or severe weather;
• Acts of government, war, civil unrest, terrorism, or sanctions;
• Epidemic or pandemic;
• Failure or unavailability of third-party infrastructure, including internet service providers, cloud hosting providers, or payment processors; or
• Cyberattacks, distributed denial-of-service attacks, or other malicious acts directed at our infrastructure that are not attributable to our failure to apply reasonable security measures.

If a force majeure event prevents us from delivering the platform for more than 30 consecutive days, you may request a refund of any fees paid for services not yet received by contacting us at info@monarchcompass.ca. We will resume performance as soon as reasonably practicable after the event ends and will notify registered users of any extended outage by email where feasible.

18. General provisions

• Entire agreement. These Terms, together with the Privacy Policy and any applicable Broker subscription agreement, constitute the entire agreement between you and CyberCheck and supersede all prior understandings relating to the platform.
• Severability. If any provision of these Terms is found unenforceable, it will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force.
• No waiver. Our failure to enforce any right or provision does not constitute a waiver of that right or provision.
• Assignment. You may not assign your rights under these Terms without our written consent. We may assign our rights in connection with a merger, acquisition, or sale of all or substantially all of our assets, with 30 days’ notice to registered users.
• Language. These Terms are written in English. Where required by law, a French translation will be made available.

19. Contact us

For questions about these Terms, please contact: