CrestNode Compliance — legal
Terms of Use
Plain-language terms governing your subscription to CrestNode Compliance. These terms apply to financial institutions accessing the platform under our master subscription agreement.
1. Liability
CrestNode Compliance accepts liability for direct losses caused by our breach of these Terms or our negligence, capped at the total fees paid by your institution for the affected service in the twelve months prior to the event. We do not accept liability for indirect losses such as lost profits, lost data that you have not enabled retention for, regulator findings stemming from controls outside our scope, or business interruption caused by upstream third parties. Nothing in these Terms limits liability where Korean law does not permit it, including liability for fraud or for personal injury caused by negligence. Where a deployment depends on third-party tools (your MDM, IAM, SIEM), responsibility for the configuration and licensing of those tools remains with you. Where we make commitments in a written statement of work that go beyond these Terms, the statement of work prevails for that engagement only.
2. Intellectual property
CrestNode retains ownership of the platform, the policy library, the reporting templates, and the runbook content. You retain ownership of the data you put into the platform — your endpoint inventory, your evidence records, your reports — and of any policy text you author. License to use the platform is granted to your named users for the term of your subscription. You may export your data at any time in standard formats; we do not hold export hostage to renewal. You may not copy our policy library or reporting templates outside the platform, sublicense the platform, or build a competing product on top of it. Where you contribute language or examples back to the platform during onboarding, you grant us a non-exclusive license to use them in your own tenant only.
3. Termination
Either party may terminate the subscription at the end of an active term with 30 days written notice. Mid-term exit is available where there has been material non-delivery on our side, with the trigger criteria spelled out in your master subscription agreement. If you terminate, your evidence and reporting data remains accessible for 60 days for export, after which it is deleted on a defined schedule. We will provide reasonable handover assistance at no additional cost during the active term, and at our then-current professional services rate after termination. Suspension for non-payment follows a 14-day cure window with two written notices. Termination does not extinguish your obligations to pay for services already rendered, our obligations to honor data export requests in the 60-day window, or either party's confidentiality obligations.
4. Governing law
These Terms are governed by the laws of the Republic of Korea. Any dispute that cannot be resolved through good-faith discussion within 60 days will be referred to the Seoul Central District Court, unless both parties agree in writing to arbitration under the Korean Commercial Arbitration Board rules. For institutional clients headquartered outside KR, we are willing to negotiate a different governing law in the master agreement; the default for KR-domiciled clients remains Korean law. Local consumer-protection statutes that apply to your business as a financial institution remain unaffected. Where regulatory authority — including FSC, FSS, and Personal Information Protection Commission — issues guidance affecting the platform, we will work with you to remain in alignment within the timeframes specified by the regulator.
5. Acceptance
Acceptance of these Terms occurs at the moment your institution executes the master subscription agreement, the order form, or, where neither is in place, the first authenticated use of the platform by an authorized administrator. You confirm that the individual accepting on your behalf has the authority to bind your institution. We may revise these Terms with 60 days written notice to your nominated business contact; revisions affecting fees or scope require positive acceptance rather than silent continuation. Where a revision is required by regulation we will explain the regulatory basis in the notice. Your continued use of the platform after the notice period without objection constitutes acceptance of non-fee, non-scope revisions.
6. Service description
CrestNode Compliance is a managed endpoint compliance automation platform for mid-market banks. Core services include policy orchestration across endpoint management tools, audit-ready evidence collection and retention, regulator-ready reporting templates, and managed remediation playbooks. Specific features available to your institution are listed in your order form. The platform operates as a managed SaaS with optional self-hosted evidence storage in your S3-compatible buckets. Service availability target is 99.7% measured monthly across the production tenant, with maintenance windows scheduled outside KR business hours and announced 14 days in advance. Performance and uptime credits, where applicable, follow the matrix in your master agreement.
7. User obligations
You agree to keep authentication credentials confidential, to notify us promptly of suspected credential compromise, and to maintain the underlying tools (MDM, IAM, identity provider) in a configuration consistent with our integration prerequisites. You agree to use the platform only for the lawful endpoint compliance purposes covered by your subscription, and not to attempt to extract or replicate the policy library or reporting templates outside the platform. You will provide CrestNode the access required to deliver the contracted services, including access to integration endpoints, named technical contacts, and approval signatories within reasonable response times. You will inform us of any change in regulatory scope, ownership, or fleet size that materially affects the engagement so the configuration can be adjusted in good time.
Questions about this document can be sent to contact@platform-node.one.