This document applies to access and use of the Defero Spot client portal (the "Portal") by administrative users authorised by a customer that contracts directly with Defero Spot (each, a "Customer"). It includes (A) Terms of Use for the Portal and (B) the Privacy Policy for Portal admin users.

Commercial terms (including fees, subscription scope, support level, and any specific service description) are set out in an order form, statement of work, or similar ordering document agreed between Defero Spot and the Customer (an "Order Form"). If there is a conflict between an Order Form and these Terms of Use, the Order Form prevails for that conflict.

1. About these Terms

1.1 These Terms of Use (the "Terms") govern your access to and use of the Portal and any related support materials made available through it.
1.2 By creating an account, logging in, or otherwise using the Portal, you agree to be bound by these Terms on behalf of yourself and, where applicable, your employer or organisation.

2. Parties and contact details

2.1 "Defero Spot" means Defero Spot Ltd (company number: 15895550) of 44 Broadway, London, England, E15 1XH, or another Defero Spot contracting entity specified in the relevant Order Form.
2.2 Support: contact@deferospot.com]
2.3 Legal notices: contact@deferospot.com

3. Definitions

In these Terms:
- "Admin User" means a user account with administrative permissions within a Customer's workspace.
- "Customer Data" means all data and content submitted to the Portal by or on behalf of the Customer, including personal data.
- "Documentation" means user guides and instructions made available by Defero Spot.
- "Portal" means the Defero Spot hosted web application and related interfaces used by the Customer.
- "Services" means the hosted Portal and any related services described in the Order Form.
- "Sub-processor" means a third party engaged by Defero Spot to process personal data on behalf of the Customer.

4. Account creation and access

4.1 You must be authorised by the Customer to create or use an Admin User account.
4.2 You must provide accurate account information and keep it up to date.
4.3 You are responsible for maintaining the confidentiality of your login credentials and for all activity under your account.
4.4 You must promptly notify Defero Spot if you suspect unauthorised access or a security incident affecting your account.

5. Customer and Admin User responsibilities

5.1 The Customer is responsible for (a) appointing and managing Admin Users, (b) configuring permissions appropriately, (c) ensuring that its use of the Services complies with applicable law, and (d) obtaining all necessary rights, consents, and notices for Customer Data.
5.2 As an Admin User, you must use the Portal in accordance with the Customer's instructions and these Terms, and you must take reasonable steps to prevent unauthorised access (including using strong passwords and enabling multi-factor authentication where available).

6. Acceptable use

6.1 You must not (and must not permit any third party to):
(a) use the Portal for unlawful, harmful, or misleading purposes;
(b) upload or transmit malware, exploit code, or any material designed to disrupt or degrade the Services;
(c) attempt to access or interfere with systems, accounts, or data not belonging to the Customer;
(d) reverse engineer, decompile, or attempt to derive source code of the Portal, except to the extent permitted by law;
(e) perform security testing (e.g., penetration testing) without Defero Spot's prior written consent;
(f) use the Services to store or transmit special-category or other highly sensitive data unless expressly permitted in the Order Form and configured appropriately.
6.2 Defero Spot may suspend access to the Portal where it reasonably believes there is a breach of these Terms, a security risk, or a legal requirement to do so.

7. Service availability and changes

7.1 Defero Spot will use reasonable efforts to provide the Services in accordance with the Order Form and Documentation.
7.2 Planned maintenance may temporarily reduce availability. Where practicable, Defero Spot will provide advance notice through the Portal or email.
7.3 Defero Spot may modify the Portal to improve performance, security, or functionality, provided such changes do not materially reduce the core functionality purchased under the Order Form.

8. Customer Data and data protection

8.1 Customer Data remains the property of the Customer or its licensors. Defero Spot does not claim ownership of Customer Data.
8.2 Where Defero Spot processes personal data contained in Customer Data on behalf of the Customer, the Customer is the controller and Defero Spot is the processor, unless the Order Form states otherwise.
8.3 Processing of personal data in Customer Data is governed by the data processing agreement ("DPA") incorporated by reference into the Order Form, or, if no DPA is executed, a DPA that Defero Spot makes available on request.
8.4 The Customer is responsible for determining the purposes and lawful bases for processing Customer Data, issuing required privacy notices, and responding to data subject requests (subject access, deletion, etc.). Defero Spot will provide reasonable assistance as required by applicable data protection law and the DPA.

9. Security

9.1 Defero Spot maintains appropriate technical and organisational measures designed to protect the Services and Customer Data against unauthorised or unlawful processing, and against accidental loss, destruction, or damage.
9.2 No method of transmission or storage is completely secure. You acknowledge that security risk cannot be eliminated entirely.
9.3 If Defero Spot becomes aware of a personal data breach relating to Customer Data, it will notify the Customer without undue delay in accordance with the DPA.

10. Confidentiality

10.1 "Confidential Information" means non-public information disclosed by one party to the other that is marked confidential or would reasonably be understood to be confidential.
10.2 Each party must protect the other party's Confidential Information and use it only for purposes of providing or receiving the Services.
10.3 Confidentiality obligations do not apply to information that is (a) publicly available without breach, (b) independently developed, or (c) required to be disclosed by law.

11. Intellectual property

11.1 The Portal, Documentation, and all related intellectual property rights are owned by Defero Spot or its licensors.
11.2 Subject to the Order Form and these Terms, Defero Spot grants the Customer a limited, non-exclusive, non-transferable right for authorised users to access and use the Portal during the subscription term.
11.3 The Customer grants Defero Spot a limited licence to host, process, transmit, and display Customer Data solely to provide the Services.

12. Third-party services and integrations

12.1 The Portal may enable integrations with third-party services chosen by the Customer. Use of third-party services is governed by the third party's terms.
12.2 Defero Spot is not responsible for third-party services, their availability, or their processing of data once shared with them at the Customer's instruction.

13. Fees and payment

13.1 Fees, billing cycle, and payment terms are set out in the Order Form.
13.2 Taxes are payable as set out in the Order Form and applicable law.
13.3 Defero Spot may suspend access for overdue undisputed amounts, subject to any cure period in the Order Form.

14. Suspension and termination

14.1 Defero Spot may suspend access immediately to address a security incident, protect the Services, or comply with law.
14.2 Either party may terminate as set out in the Order Form. In addition, Defero Spot may terminate for material breach of these Terms not cured within 30 days of written notice.
14.3 On termination or expiry, access to the Portal ends. Customer Data handling (export, deletion, and retention) is governed by the Order Form and/or DPA.

15. Disclaimers

15.1 The Services are provided on an "as is" and "as available" basis, subject to the express commitments in the Order Form.
15.2 Defero Spot does not provide legal, tax, accounting, or other regulated professional advice through the Portal. Any templates or automated outputs are for informational purposes only and must be reviewed by the Customer.

16. Limitation of liability

16.1 Nothing in these Terms limits or excludes liability for (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, or (c) any liability that cannot be limited or excluded under applicable law.
16.2 Subject to clause 16.1 and to the extent permitted by law, Defero Spot will not be liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, goodwill, or data, arising out of or in connection with the Services.
16.3 Defero Spot's aggregate liability arising out of or in connection with the Services will not exceed the fees paid or payable by the Customer for the Services in the 12 months preceding the event giving rise to the claim, unless the Order Form states a different cap.

17. Indemnity

17.1 The Customer will indemnify Defero Spot against claims arising from (a) Customer Data (including allegations that Customer Data infringes third-party rights), (b) the Customer's breach of applicable law, or (c) unauthorised use of the Services by the Customer or its users, except to the extent caused by Defero Spot's breach of these Terms.
17.2 Defero Spot will indemnify the Customer against claims that the unmodified Portal infringes third-party intellectual property rights, subject to standard conditions (notice, control of defence, cooperation) and excluding claims arising from Customer Data, third-party services, or Customer's misuse.

18. Changes to these Terms

18.1 Defero Spot may update these Terms from time to time for legal, security, or operational reasons.
18.2 If changes materially reduce your rights, Defero Spot will provide reasonable notice. Continued use of the Portal after the effective date of the updated Terms constitutes acceptance.

19. Governing law and disputes

19.1 Unless the Order Form states otherwise, these Terms are governed by the laws of England and Wales.
19.2 The courts of England and Wales have exclusive jurisdiction, unless applicable law requires otherwise.

1. Who we are

1.1 For Portal admin user personal data described in this Privacy Policy, Defero Spot acts as a controller.
1.2 For personal data that the Customer uploads or otherwise makes available in the Portal about its own clients, employees, or other individuals (Customer Data), Defero Spot generally acts as a processor on behalf of the Customer. That processing is governed by the DPA and the Customer's own privacy notices.

2. Personal data we collect

We may collect the following categories of personal data about Portal admin users:
- Account data: name, email address, phone number (if provided), job title, organisation, and authentication details (e.g., hashed passwords, MFA status).
- Usage data: audit logs, actions taken in the Portal, feature usage, and interaction history.
- Device and technical data: IP address, device identifiers, browser type, operating system, and diagnostic data.
- Support and communications: messages to support, call recordings (if you consent and where lawful), and related metadata.
- Cookie and similar technology data: identifiers and preferences as described in the Cookies section.

3. How we use personal data

We use admin user personal data to:
(a) provide, secure, and administer the Portal (including authentication and access control);
(b) operate support, incident response, and customer communications;
(c) monitor performance, prevent fraud and abuse, and maintain audit trails;
(d) improve the Portal, develop new features, and conduct analytics;
(e) meet legal obligations and enforce our agreements.

4. Legal bases

We rely on one or more of the following legal bases (as applicable):
- Performance of a contract (providing the Portal under the Order Form);
- Legitimate interests (e.g., securing the Portal, preventing abuse, improving the Services);
- Compliance with legal obligations;
- Consent (where required, e.g., certain cookies or marketing communications).

5. Sharing and disclosures

We may share personal data with:
- The Customer (your employer/organisation) and its authorised users, for administration and audit purposes;
- Our service providers acting as processors (e.g., hosting, email delivery, monitoring, support tooling);
- Professional advisors (legal, accounting, auditors) under confidentiality;
- Public authorities where required by law.

We maintain a list of Sub-processors upon request or via a published list: [Sub-processor List URL].

6. International transfers

Where personal data is transferred internationally, we use appropriate safeguards such as UK International Data Transfer Addendum, EU Standard Contractual Clauses (as applicable), and risk assessments, unless an adequacy decision applies.

7. Data retention

We retain admin user personal data for as long as necessary for the purposes described above, including to provide the Portal, maintain security and audit logs, comply with legal obligations, and resolve disputes. Retention periods may also be set out in the Order Form or DPA.

8. Security

We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit, and monitoring. You should also use appropriate security measures (strong passwords and MFA where available).

9. Your rights

Subject to applicable law (UK GDPR and, where relevant, EU GDPR), you may have rights to:
- access your personal data;
- correct inaccurate personal data;
- delete personal data (in certain circumstances);
- restrict or object to processing (in certain circumstances);
- data portability (in certain circumstances);
- withdraw consent (where processing is based on consent).

To exercise rights, contact us using the details below. If your request relates to Customer Data, we may refer you to the Customer as controller.

10. Cookies and similar technologies

The Portal uses cookies and similar technologies for authentication, security, and performance. Some cookies are strictly necessary for the Portal to operate. Where required, we provide cookie controls.
For more information, see our Cookie Notice: [Cookie Notice URL].

11. Children

The Portal is intended for business users and is not directed at children. We do not knowingly collect personal data from children.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version in the Portal or otherwise notify Customers where appropriate.

13. Contact and complaints

Contact us:
- Privacy: contact@deferospot.com

If you are in the UK, you can also complain to the Information Commissioner's Office (ICO). If you are in the EEA, you may complain to your local data protection supervisory authority.