Terms and Conditions for FoundationShield Single Sign-On Service

Preamble

These Terms and Conditions, as well as any disputes arising in connection with the use of our website or services, shall be exclusively governed by and construed in accordance with the laws of The Republic of Kosovo. The parties submit to the exclusive jurisdiction of the courts of Pristina District Court, Pristina XK-10000, Republic of Kosovo.

1. Acceptance of Terms

By accessing, creating an account for, logging in to, integrating with, or otherwise using the Service, the user and, where applicable, the user’s employer or other legal entity (the Company Customer) agree to these Terms and Conditions. If an individual uses the Service on behalf of a Company Customer, that individual represents and warrants that they have authority to bind that Company Customer to these Terms.

2. Service Description

The Service is a single sign-on and identity platform that enables users to create accounts, authenticate, manage login credentials, and obtain authorization for access to applications, systems, websites, and services operated by the same Company Customer or by approved third parties. SSO commonly enables users to authenticate through an identity provider and then access multiple related services using that authentication framework, and SAML or OAuth-based authorization may be used depending on the integration design.

3. Definitions

For purposes of these Terms, the following definitions apply. Capitalized terms used in these Terms have the meanings set out below, whether used in singular or plural form, which is consistent with the way SaaS terms commonly present a dedicated definitions section.

Account means a registered credential set, profile, or service record used to access or administer the Service.

Administrator means an individual authorized by a Company Customer to create, manage, configure, suspend, or control Accounts, integrations, permissions, settings, or access rights within the Service.

Authorized User means an employee, contractor, agent, or other individual whom a Company Customer has permitted to use the Service in accordance with these Terms.

Company Customer means the legal entity, business, employer, or organization that registers for, purchases, controls, or makes the Service available to its personnel or other Authorized Users.

Identity Provider or IdP means a service or system that stores, manages, or verifies digital identity information and authenticates a user or other principal for access to connected systems; identity providers commonly work with SSO services to authenticate users across applications.

Personal Data means any information relating to an identified or identifiable natural person, including information that identifies a person directly or indirectly by reference to identifiers such as a name, identification number, location data, or online identifier.

Sanctions Laws means applicable economic or trade sanctions, export restrictions, embargoes, blocked-party restrictions, denied-party restrictions, and related laws, regulations, rules, or governmental orders administered, enacted, or enforced by a competent authority.

Service means the technoluma sh.p.k. single sign-on, authentication, account management, access control, federation, provisioning, and related identity and authorization services, together with related websites, applications, APIs, dashboards, and documentation made available by technoluma sh.p.k. and/or it's affiliated Companies.

Third-Party Application means any software, website, application, platform, API, or service not operated by ACME, Inc. that interoperates with, connects to, or is accessed through the Service.

The Service may support direct account creation, federated login, delegated authentication, multi-tenant organization management, and authorization flows involving external identity providers, relying parties, and third-party applications. Use of third-party identity providers or connected applications may be subject to separate terms and privacy policies imposed by those third parties.

4. Eligibility and Restricted Persons

The Service may be used only by persons and entities that are legally permitted to use it under applicable law. The Service may not be used by, for the benefit of, or on behalf of any individual or entity that is subject to sanctions, embargoes, blocked-party restrictions, denied-party restrictions, or similar trade restrictions administered or enforced by a competent governmental authority.

Without limiting the foregoing, access is prohibited for persons or entities listed on sanctions or restricted-party lists, including the U.S. Office of Foreign Assets Control sanctions lists and related blocked or non-blocked sanctions datasets. OFAC publishes sanctions datasets and search tools covering SDN and non-SDN lists, which are commonly used for screening and compliance checks.

The provider may require screening, verification, geo-blocking, supplemental representations, or documentary evidence to confirm eligibility, and may suspend or deny access where sanctions risk or compliance concerns arise.

5. Account Registration and Security

Users must provide accurate, current, and complete registration information and must keep that information updated. Users are responsible for all activity occurring under their accounts, credentials, organizational tenants, administrative consoles, API keys, and identity-provider configurations.

Where the Service is configured to rely on a third-party identity provider, the Company Customer remains responsible for its own configuration choices, access mappings, user lifecycle controls, and the confidentiality of credentials and administrative settings. SSO providers commonly disclaim responsibility for losses caused by customer-side misconfiguration or third-party identity-provider behavior.

Users must promptly notify the provider of suspected unauthorized access, credential compromise, impersonation, fraud, or misuse of the Service.

6. Permitted Use

Subject to these Terms, the provider grants a limited, revocable, non-exclusive, non-transferable, non-sublicensable right to access and use the Service solely for legitimate internal business purposes and authorized application access. The Service may be used only in accordance with the documentation, security requirements, technical limits, and written policies published or otherwise provided by the provider.

7. Prohibited Conduct

Users must not, and must not permit others to: use the Service for unlawful, fraudulent, deceptive, abusive, harmful, or unauthorized purposes; impersonate any person or entity, misrepresent affiliation, falsify identity attributes, or create accounts using false or misleading information; access or attempt to access another account, tenant, or application without authorization; use the Service to facilitate phishing, credential stuffing, account takeover, synthetic identity activity, money laundering, sanctions evasion, export-control evasion, terrorism financing, or other illicit engagement; test, probe, reverse engineer, bypass, disable, or interfere with security controls, rate limits, authentication flows, or monitoring systems except where expressly authorized in writing; upload, transmit, or store malware, malicious code, illegal content, or data obtained without lawful authority; use automated means to create fake accounts, submit fraudulent verification data, or simulate user activity for improper purposes; or resell, rent, sublicense, or exploit the Service for unauthorized bureau, surveillance, scraping, or profiling purposes. Any abuse, fraud, impersonation, illicit engagement, or attempted circumvention of compliance controls is a material breach of these Terms.

8. Third-Party Services and Authorization

The Service may interoperate with third-party identity providers, applications, APIs, and authorization frameworks. Availability and functionality may depend in part on those third-party services, and the provider does not control their uptime, policy changes, processing activities, or security practices. ​ The provider may exchange authentication, directory, session, profile, claim, token, provisioning, and authorization-related data with same-company systems and approved third-party services to enable login, account linking, access control, session management, provisioning, deprovisioning, audit logging, and related identity operations. ​ Users are responsible for ensuring that they have the legal right and internal authority to connect third-party applications or authorize access on behalf of a Company Customer.

9. Data Use and Record Keeping

The provider may collect, use, store, analyze, disclose, and otherwise process account, profile, tenant, device, session, log, network, and transaction-related data as reasonably necessary to: create and maintain accounts; authenticate users and manage sessions; authorize access to same-company and approved third-party resources; support provisioning, deprovisioning, and role or entitlement management; detect, prevent, investigate, and remediate abuse, fraud, impersonation, sanctions risks, security incidents, and other misuse; maintain system integrity, troubleshoot issues, and improve service performance; and comply with legal obligations, lawful requests, audits, and enforcement needs. The provider may maintain records reasonably related to registration, consent, authentication events, login timestamps, source IPs, device or browser identifiers, configuration changes, administrative actions, token issuance, consent grants, provisioning events, access decisions, error events, fraud indicators, and compliance screening outcomes, subject to applicable law and the provider’s retention schedule. Where the Service is used for identity and authorization workflows, such record keeping is intended to support security, traceability, incident response, customer support, compliance verification, and lawful operation of the Service. Third-party identity-provider integrations commonly require the exchange and processing of service data for the purpose of enabling SSO and related access functions. ​ The provider does not sell personal data solely by reason of these Terms. Additional details regarding data handling, retention, international transfers, and data subject rights should be addressed in the provider’s Privacy Notice and, where required, a separate data processing agreement.

10. Compliance and Screening

Users must comply with all applicable laws relating to privacy, data protection, anti-fraud controls, anti-money laundering where applicable, export controls, trade sanctions, and computer misuse. The provider may use manual or automated tools to screen users, organizations, administrators, transactions, domains, IP addresses, and related metadata against sanctions, fraud, abuse, and risk indicators, and may block or restrict access based on that screening. ​ The provider may file reports, preserve evidence, cooperate with law enforcement, or disclose information where permitted or required by law, legal process, or legitimate security and compliance needs.

11. Suspension and Termination

The provider may suspend, restrict, disable, or terminate any account, tenant, integration, or access to the Service at any time, with or without notice, and with or without cause, in its sole discretion, including for business, security, legal, compliance, risk, operational, reputational, or policy reasons.

Without limiting that right, the provider may take such action immediately where it suspects abuse, fraud, impersonation, illicit engagement, sanctions exposure, unauthorized access, unlawful conduct, or material breach of these Terms. Termination or suspension may result in the loss of access to accounts, tokens, settings, logs, linked applications, or associated data, subject to applicable law and any separate written agreement.

Users may stop using the Service at any time. Any provisions that by their nature should survive termination, including compliance, liability limitations, indemnity, data-use rights needed for legal retention, and dispute provisions, will survive.

12. Intellectual Property

The Service, including its software, interfaces, workflows, documentation, branding, and related content, is owned by the provider or its licensors and is protected by applicable intellectual property laws. Except for the limited rights expressly granted in these Terms, no rights are granted by implication, estoppel, or otherwise.

The "technoluma" Logo, The "NETRODA TECHNOLOGIES" Logo, The NETRODA TECHNOLOGIES and technoluma Iconographics, The Slogan "Crating success together", "bridging intelligence", "technoluma.com", "netroda.com" and other denominating product names, logos, drawings and polygons, domain names or symbols are either registered or unregistered Trademarks of TECHNOLUMA, NETRODA TECHNOLOGIES It's subsidiaries or parent companies, in- and outside of the governing countries subjected to the WIPO Madrid System, the EUIPO or the United States Patent and Trademark Office (USPTO). Pat. Pending

13. Disclaimers

THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS TO THE MAXIMUM EXTENT PERMITTED BY LAW. THE PROVIDER DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.

The provider does not warrant that any third-party identity provider, connected application, or authorization flow will remain continuously available or unchanged. SSO functionality may depend on third-party provider features that may change or be withdrawn without notice.

14. Limitation of Liability

To the maximum extent permitted by law, the provider will not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenues, goodwill, data, business opportunities, or business interruption arising out of or relating to the Service.

To the maximum extent permitted by law, the provider’s total aggregate liability arising out of or relating to these Terms or the Service will not exceed the greater of the fees paid by the relevant customer for the Service during the twelve months before the event giving rise to the claim, or one hundred euros if no fees were paid.

15. Indemnity

The user and, where applicable, the Company Customer will defend, indemnify, and hold harmless the provider and its affiliates, officers, employees, and agents from and against claims, damages, liabilities, losses, costs, and expenses arising out of or related to:

• use of the Service in violation of these Terms or applicable law;
• abuse, fraud, impersonation, illicit engagement, or sanctions violations;
• data, content, credentials, or configurations supplied by the user or Company Customer; or
• disputes between the user and any third-party application, identity provider, or relying party.

16. Changes to Terms

The provider may modify these Terms from time to time. Updated Terms become effective when posted or otherwise communicated, unless a later effective date is specified. Continued use of the Service after the effective date of updated Terms constitutes acceptance of the updated Terms.

17. Governing Law and Disputes

These Terms and Conditions, as well as any disputes arising in connection with the use of our website or services, shall be exclusively governed by and construed in accordance with the laws of The Republic of Kosovo. The parties submit to the exclusive jurisdiction of the courts of Pristina District Court, Pristina XK-10000, Republic of Kosovo. technoluma NETRODA TECHNOLOGIES does explicitly not participate on third-party arbitration boards.

18. Contact

The provider should publish a current legal notice email address and, where required, a physical mailing address for legal notices, abuse reports, sanctions-related inquiries, and privacy requests.