Terms of Service - Our Commitment to You | devguard | devguard
Chapter A General provisions
1. Scope and General Information
These General Terms and Conditions (GTC) of devguard AG, Gussstrasse 10, 8180 Bülach ZH, (hereinafter referred to as “devguard”) apply to all business relationships between devguard and its customers.
devguard offers its customers services in the area of software-as-a-service solutions (“SaaS”) and on-premise software. It owns and operates the website www.devguard.ch and its subdomains for this purpose.
A customer is defined as any natural person over the age of 18 in the B2B sector and any legal entity that maintains business relations with devguard.
These GTC apply exclusively. Any terms and conditions that conflict with, supplement, or deviate from these GTC require the express written confirmation of devguard in order to be valid.
By using the services of devguard, by using www.devguard.ch and its subdomains, or by concluding a contract, the customer confirms that they fully accept these GTC.
For reasons of better readability, the masculine form is used in these GTC for personal designations and specific nouns. Corresponding terms apply to all genders in the sense of equal treatment. The abbreviated language form is used exclusively for editorial reasons and does not imply any evaluation.
2. Information from devguard
Brochures and advertising material from devguard, as well as the website www.devguard.ch, subdomains, and posts on social media channels, contain information about services. Prices and offers are subject to change, as are technical specifications. All information (service descriptions, illustrations, films, dimensions, weights, technical specifications, and other details, as well as prices) is non-binding and does not constitute a guarantee of characteristics or warranties, unless explicitly stated otherwise. devguard endeavors to provide all information and details correctly, completely, up-to-date, and clearly, but devguard cannot guarantee this either explicitly or implicitly.
All information is provided without guarantee and may change at any time without notice prior to the conclusion of a contract.
3. Prices
Unless otherwise stated, all prices are net prices in Swiss francs (CHF), excluding value added tax (VAT). The applicable statutory value added tax will be added to the prices quoted.
4. Contract Agreement
The offers and quotations provided by devguard constitute an invitation to the customer to make use of devguard's services. The offers and quotations are not binding on devguard. Offers, dates, and deadlines announced by devguard prior to the conclusion of a contract are subject to change and non-binding.
The customer may register for the Free plan free of charge. Use of the Free plan for productive purposes is permitted within the published Free-plan feature limits. The Free-plan account is permanent and is not blocked or deleted for non-payment. The contract is concluded after the customer has made an online payment and devguard has sent written confirmation of payment. The customer has no right of withdrawal after the purchase has been made.
devguard may change prices at any time. If the customer does not agree with the price change, they have the right to terminate the corresponding contract with immediate effect within 14 calendar days of written notification of the price change.
5. Payment Terms
The customer can choose from the payment methods specified during the ordering process.
By selecting an online payment method, the customer authorizes devguard to collect payment using the corresponding method.
6. Rights and Obligations of devguard
Unless otherwise agreed, devguard shall fulfill its obligations by providing the agreed service.
devguard is obligated to provide the agreed software in a functional form, to ensure technical operation in the SaaS model, and to carry out updates, security updates, and improvements within reasonable limits. devguard shall ensure the careful selection and monitoring of subcontractors used and compliance with applicable data protection laws. devguard has the right to further develop the software, carry out maintenance windows, and restrict access in the event of serious breaches of contract. The customer uses any beta versions provided at their own risk.
7. Subcontractors, Hosting, and Maintenance
devguard is entitled to use subcontractors to provide its services, in particular for hosting, cloud services, development, payments, or support. devguard remains responsible for the careful selection, instruction, and supervision of subcontractors.
Maintenance work and functional updates may also be carried out during the term of the contract, provided that these are reasonable for the customer. devguard will notify the customer of planned maintenance windows in advance, to the extent possible.
In emergencies, security-related incidents, or to protect system integrity, devguard is entitled to take necessary measures at short notice, which may lead to temporary restrictions.
8. Rights and Obligations of the Customer
The customer is obliged to provide the information necessary for the provision of services in a complete and correct manner, to enable access to their systems or data where this is necessary for the use or installation of the software, and to create suitable technical conditions.
The customer is responsible for the lawful use of the software and compliance with regulatory requirements within their company. Their cooperation is particularly necessary for setup, user administration, the definition of internal processes, and—in the case of on-premise software—the secure operation of their own infrastructure. Without this cooperation, the service can only be provided to a limited extent or not at all.
9. Usage Concept and Technical Specifications
The customer undertakes to use the software exclusively for the purposes specified in the contract and to comply with all technical specifications and usage instructions provided by devguard.
The disclosure of access data, including user names, passwords, and API keys, to third parties is prohibited. The customer shall take appropriate measures to keep their access data confidential and secure and shall inform devguard immediately of any suspected misuse.
Any unauthorized multiple use of the software is prohibited.
10. Technical Interference and Unlawful Use
The customer is prohibited from making technical modifications to the software without the express written consent of devguard, in particular from performing load and stress tests, circumventing protective mechanisms, or removing technical limitations.
Circumventing security measures, publishing or transmitting illegal content, and any improper use of the software are not permitted.
11. Subscriptions
Subscriptions with a fixed term are automatically renewed for the same term unless terminated by one of the parties before expiration.
12. Termination for Cause
Each party is entitled to terminate the contract with immediate effect for good cause. Good cause shall include, in particular, serious or repeated breaches of contractual obligations or the use of the software for illegal purposes.
Upon termination of the contract, all customer data shall be deleted, unless there are legal obligations to retain such data.
13. Warranty
devguard undertakes to provide the agreed services with due care and to the best of its knowledge and belief. The service specified in the contract or in the service description shall be decisive.
The customer is obliged to report any recognizable defects in the SaaS service immediately, at the latest within seven days of discovery, in writing (e.g., by email). Hidden defects must be reported immediately after their discovery. If the defect is not reported in a timely manner, claims for rectification of the defect in question shall lapse, provided that this does not result in unreasonable disadvantages for the customer.
In the event of a justified and timely notification of defects, devguard shall have the right to subsequent performance. If the subsequent performance fails, the customer may demand a reasonable reduction in remuneration or, in the case of significant defects, withdraw from the contract.
No warranty is provided for damage caused by improper use or unauthorized modifications by the customer.
Warranty claims expire one year after the start of the statutory limitation period, unless a longer period is prescribed by law.
14. Liability
The use of devguard's services is at the customer's own risk and peril. Accordingly, devguard excludes any liability, regardless of its legal basis, as well as claims for damages against devguard and any auxiliary persons and vicarious agents. In particular, devguard shall not be liable for failures in the services of cloud providers, nor for indirect damages and consequential damages, lost profits, or other personal injury, property damage, or pure financial losses suffered by the customer or third parties.
This does not affect any further mandatory legal liability, for example, for gross negligence or unlawful intent.
15. Intellectual Property Rights
All copyrights, trademarks, designs, patents, and other intellectual property rights to the software, source and object code, user interface, documentation, and all further developments remain the sole property of devguard or its licensors.
For the duration of the contract, the customer shall only receive a simple, non-transferable, and non-sublicensable right to use the software within the scope of the contractually permitted purpose.
In particular, the customer is prohibited from copying, decompiling, reverse engineering, modifying, or making the software or parts thereof accessible to third parties, unless this is permitted by law or has been expressly authorized in writing by devguard. The removal of trademarks, logos, or copyright notices is also prohibited.
If the customer uses content, texts, or visual material in connection with devguard to which third parties have property rights, the customer must ensure that no third-party property rights are infringed, otherwise they must indemnify devguard in full.
16. Changes
These General Terms and Conditions may be amended by devguard at any time. The customer will be informed of the amendment in advance by email. The new version shall come into effect if the customer does not object within 14 calendar days.
17. Confidentiality
Both parties undertake to treat all information submitted or acquired in connection with the services provided by devguard (hereinafter referred to as “confidential information”) as strictly confidential. Confidential information includes, but is not limited to, technical, commercial, financial, legal, operational, and other information, as well as trade secrets, regardless of whether this information is disclosed verbally, in writing, electronically, in physical form, or in any other form.
The receiving party may use confidential information exclusively for the purpose of cooperation between the parties. Disclosure to third parties is only permitted with the prior written consent of the disclosing party. The receiving party undertakes to take all reasonable measures to maintain the confidentiality of the information.
Excluded from the confidentiality obligation is information that was already lawfully known to the receiving party, that becomes generally known without breach of this agreement, that is lawfully obtained from an authorized third party, and that must be disclosed due to legal regulations, official or court order, in which case the receiving party shall, to the extent legally permissible, immediately inform the disclosing party of such disclosure obligation.
This confidentiality obligation shall apply for the duration of the contract between the parties and for a period of three years after its termination.
Upon termination of the contract between the parties, the receiving party shall, at the request of the disclosing party, immediately return all confidential information and copies thereof or destroy them in a verifiable manner, unless this conflicts with any statutory retention obligations.
The customer agrees that devguard may list them as a reference (online or in print). If the customer does not wish this, they may notify devguard in writing at any time. References already provided remain unaffected.
18. Force Majeure
If devguard is unable to fulfill its obligations on time due to force majeure, such as natural disasters, earthquakes, volcanic eruptions, avalanches, pandemics, storms, thunderstorms, wars, unrest, civil wars, revolutions and uprisings, terrorism, sabotage, strikes, nuclear accidents or reactor damage, devguard shall be released from the performance of the affected obligations for the duration of the force majeure and a reasonable start-up period after its end. If the force majeure lasts longer than 30 days, devguard may withdraw from the contract. devguard shall reimburse the customer in full for any payments already made for services not yet rendered.
Any further claims, in particular claims for damages as a result of force majeure, are excluded.
19. Data Protection
The protection of its customers' personal data is important to devguard. devguard takes data protection seriously and ensures appropriate security measures are in place. devguard processes and maintains personal data in accordance with the provisions of the Federal Act on Data Protection (DSG), the Ordinance to the Federal Act on Data Protection (VDSG) and, where applicable, other data protection regulations, in particular the General Data Protection Regulation of the European Union (DSGVO).
The customer acknowledges and agrees that devguard may process their personal data for the purpose of providing its services and may also pass it on to third parties. The customer may revoke this consent at any time in writing (by email is sufficient).
Reference is also made to devguard's privacy policy, which can be viewed at www.devguard.ch/privacy, and to the order data processing in Chapter B.
The customer agrees that devguard may use their data for advertising purposes (online or print), in particular to send them information about offers.
The customer has the option of objecting to these advertising purposes at any time by activating or deactivating them in the application.
20. Partner and Referral Programs
Additionally, separate terms and conditions apply to programs with partners, affiliates, or resellers. Participation does not entitle you to represent devguard and does not establish an employment, agency, or corporate relationship.
Chapter B Data Processing Agreement
21. General Information
Hereinafter, the customer shall be referred to as the client, and devguard AG shall be referred to as the contractor.
The client and the contractor enter into an agreement for the use of the contractor's software, under which the contractor provides software-as-a-service (SaaS) to the client.
For this purpose, the contractor may have access to personal data that is disclosed to the contractor directly by the client or on its behalf by third parties or made available in any other way (hereinafter referred to as personal data).
The client and the contractor wish to ensure that the processing of personal data carried out by the contractor on behalf of the client, either directly or through third parties, complies with the applicable data protection laws, and in doing so agree on certain conditions for the aforementioned data processing, which are set out below.
22. Automatic Inclusion and Validity
Applicable data protection laws refer to the revised Swiss Federal Act on Data Protection (DSG, SR 235.1) and the revised Swiss Ordinance to the Federal Act on Data Protection (DSV, SR 235.11).
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 5 lit. j DSG).
The processor is the natural or legal person who processes personal data on behalf of the controller (Art. 5 lit. k DSG).
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the data subject); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person (Art. 5 lit. a DSG).
Processing is any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion, or destruction of data (Art. 5 lit. d DSG).
Disclosure is the transmission or making available of personal data (Art. 5 lit. e DSG).
23. Scope and Subject Matter
This Chapter B applies to all forms of processing of personal data for the client by the contractor.
In particular, the contractor provides services for the provision, maintenance, and operation of software, cloud, and on-premises solutions, authentication services, user management, logging, monitoring, support, and billing, as described in more detail in the main contract and these agreements.
The subject matter, duration, nature, and purpose of the processing are set out in an individual agreement between the Client and the Contractor.
The type of personal data and the categories of data subjects are specified below.
In particular, the following categories of personal data are processed: User and contact data (name, email, role, organization), communication and support data, log and usage data (e.g., login times, IP addresses), contract and billing data. Data subjects are in particular: employees, contractors, or customers of the client, users of the platforms, and other persons whose data is processed as a result of using the platform.
24. Obligations of the Contractor
24.1 Processing in Accordance with Instructions
The contractor undertakes to process the data exclusively for the purposes of fulfilling the contract and in accordance with the documented instructions/guidelines of the client. This applies in particular to the transfer of data to a third country or to an international organization. If the contractor is obliged to carry out further processing under the law of the European Union, the member states, or a non-EU member state to which it is subject, it shall inform the client of these legal requirements prior to processing.
The client may issue new instructions, supplement existing instructions, or change existing instructions at any time. This also includes instructions regarding the correction, deletion, and blocking of personal data. All instructions issued must be documented in writing by both the client and the contractor.
The contractor undertakes to process the data exclusively for the purposes of fulfilling the contract and in accordance with the documented instructions/guidelines of the client. This applies in particular to the transfer of data to a third country or to an international organization. If the contractor is obliged to carry out further processing under the law of the European Union, the member states, or a non-EU member state to which it is subject, it shall inform the client of these legal requirements prior to processing.
The client may issue new instructions, supplement existing instructions, or change existing instructions at any time. This also includes instructions regarding the correction, deletion, and blocking of personal data. All instructions issued must be documented in writing by both the client and the contractor.
24.2 Duty of Confidentiality
The contractor undertakes and warrants that it has bound all persons entrusted with data processing, including vicarious agents, to confidentiality in writing prior to commencing work or that they are subject to an appropriate statutory confidentiality obligation, and that the confidentiality obligation of the persons entrusted with data processing shall remain in force even after they have ceased working for the contractor. The contractor shall be liable for any breach of confidentiality by persons entrusted with data processing, including vicarious agents, as for its own conduct.
24.3 Protective Measures Taken by the Contractor
The contractor undertakes and warrants that it has taken and will maintain all necessary measures to ensure the security of processing in accordance with Articles 7 and 8 of the DSG in order to prevent unauthorized processing, loss, or damage to personal data.
24.4 Support Obligations
The contractor is obliged to support the client at any time and to the extent possible in complying with the applicable data protection laws upon request.
a. Requests and Rights of Data Subjects
The contractor undertakes to support the client with appropriate technical and organizational measures so that the client can fulfill its obligation to respond to requests for the exercise of the rights of the persons concerned (in particular information, access, correction and deletion, data portability, objection, and automated decision-making in individual cases) within the statutory deadlines at any time, and shall provide the client with all necessary information available to it for this purpose.
If a corresponding request is made to the contractor, the contractor shall forward the request to the client without delay. The contractor must leave the response to such requests to the client, unless it is legally obliged to do so. In any case, the parties agree to mutually discuss the response to such requests.
b. Further Duty to Provide Information and Support
The contractor undertakes to support the client in complying with the obligations set out in Articles 7, 8, 22–24 of the DSG (data security measures, reporting of personal data breaches to the supervisory authority, notification of the person affected by a personal data breach, data protection impact assessment, and prior consultation).
The contractor undertakes to notify the client immediately in the event of (i) any actual or suspected data protection breach, providing all information available to the contractor in accordance with Art. 24 para. 2 DSG, (ii) any actual or imminent impairments or deficiencies on the part of the contractor that prevent compliance with the provisions of the main contract, including this contract, (iii) the existence of any requests for access to personal data and the actual access to personal data by authorities, unless such notification is prohibited by law for important reasons of public interest.
24.5 Setting Reporting Deadlines for Data Protection Incidents
The contractor shall report any known incident that has led or could lead to the unlawful disclosure, alteration, or deletion of personal data to the client immediately, at the latest within 48 hours of becoming aware of it. The report shall contain details of the nature of the incident, the data affected, the potential consequences, and the countermeasures taken.
24.6 Obligation to Return or Delete Upon Termination of Contract
Upon termination of the contract with the client, the contractor undertakes to return all personal data to the client or, at the client's request, to delete it without retaining a copy, subject to statutory retention obligations, and to confirm the deletion to the client accordingly.
24.7 Timely Deletion and Export Mechanisms
Upon termination of the contract with the client, the contractor shall delete all personal data of the client within 30 days at the latest or, upon written request by the client, provide the client with the personal data in a common, machine-readable format. The contractor shall provide written confirmation of the deletion; this does not apply to data for which there are statutory retention obligations.
24.8 Client's Rights of Control
The contractor undertakes to provide the client with all information necessary to verify the contractor's compliance with this contract and to enable and actively support checks, including inspections, by the client itself, an auditor commissioned by the client, or by the supervisory authority. Checks at the contractor's premises must be carried out without causing any avoidable disruption to business operations.
25. Location of Data Processing
Data processing shall only be carried out at the locations listed in devguards's Trust Center (see https://www.devguard.ch/trust/).
The contractor undertakes not to transfer any personal data, even in part, to a third country without the prior written consent of the client.
26. Use of Subcontractors
devguard provides a current list of all subcontractors used in the Trust Center (https://www.devguard.ch/trust/). Changes to this list shall be notified to the client at least 30 days before they take effect, either by email or by a notice in the respective application. The client may object to a change within this period. If no objection is made, the change shall be deemed approved. In the event of a justified objection, the parties shall endeavor to find a solution; if this is not possible, the client may terminate the contract on an extraordinary basis to the extent affected.
27. Implementation of Additional Agreements
The contractor agrees, at the request of the client, to conclude further agreements with the client within the framework of the existing contracts for the processing of personal data, provided that the client reasonably considers this necessary for compliance with applicable data protection law.
28. Extraordinary Right of Termination
The client may terminate the contract with the contractor at any time without notice if the contractor commits a serious breach of data protection regulations, if the contractor is unable or unwilling to carry out an instruction from the client, or if the contractor refuses to allow the client to exercise its rights of control in breach of the contract. In particular, failure to comply with the obligations agreed in this contract and derived from Art. 9 DSG constitutes a serious breach.
29. Priority of Data Protection and Application of European Regulations
Data protection priority and application of European regulations In the event of contradictions between this Chapter B of these General Terms and Conditions and other contractual documents, the present provisions shall take precedence in all data protection-related matters. If the client is based in the European Economic Area (EWR) or if the data processing is subject to the scope of the GDPR, the mandatory data protection provisions of the GDPR shall take precedence over any deviating provisions of Swiss law.
The provisions of this contract shall remain in force even after the termination of the main contract as long as the contractor is in possession of the client's personal data.
30. Technical and Organizational Measures
The following describes the technical and organizational measures based on Articles 7 and 8 of the DSG and Article 2 of the DSV that must be taken by the contractor in connection with the processing of personal data and the fulfillment of its obligations as minimum precautions to ensure a level of protection appropriate to the risk with regard to data protection and data security of the data provided.
The contractor shall ensure an appropriate level of security through the following measures:
Admission control Secure data centers (Switzerland/EU), access logs, access only for authorized personnel
Access control MFA login, role-based permissions, password hashing, least privilege principle
Subject control Role and rights management, encrypted transmission (TLS 1.3), encrypted data storage
Disclosure control Data transfers only via encrypted channels (HTTPS, SSH), VPN security
Input control Logging of changes, audit-proof logs
Availability control Redundant systems, daily backups, disaster recovery plans
Segregation control Multi-tenant data architecture, logical data separation per customer
Integrity / data protection by design Encryption, pseudonymization, access restrictions, security reviews
Order control Contractual obligations of all sub-processors, regular reviews
Chapter C Further Provisions
31. Final Provisions
Should individual provisions of these General Terms and Conditions be wholly or partially void and/or ineffective, the validity and/or effectiveness of the remaining provisions or parts of such provisions shall remain unaffected. The invalid and/or ineffective provisions shall be replaced by provisions that come closest to the meaning and purpose of the invalid and/or ineffective provisions in a legally effective manner. The same applies to any gaps in the provisions.
In the event of disputes, Swiss substantive law shall apply exclusively, excluding conflict of law rules.
The place of jurisdiction is Zurich.
These GTC are translated into various languages. Only the German version is legally binding.
Last update: Bülach, June 4, 2026
Changes
01.12.2025: Initial publication.
04.06.2026: Changes from a 14-day free trial to a freemium model with predefined usage limits.
Help shape the future of compliance.
Join the teams making compliance effortless. Start free, no setup friction — and stay continuously audit ready.
Our commitment is to provide a clear, reliable, and transparent service. We promise fair terms, early notice on any pricing changes, straightforward billing, secure payments, and the freedom to cancel at any time.