These Terms of Service constitute a legally binding agreement between you (as a Customer or User) and PT CloudSphere Digital Indonesia. If you do not agree to these terms, please discontinue use of our services.
1. Definitions
In this document, the following terms have the meanings set out below:
"CloudSphere"
PT CloudSphere Digital Indonesia, the company that provides GRC and VAPT services.
"Services"
All SaaS platforms, GRC consulting services, security testing (VAPT), and digital products provided by CloudSphere.
"Customer"
A company, organization, or individual that has agreed to a Service Agreement with CloudSphere.
"User"
An individual who accesses or uses the Services on behalf of a Customer based on granted authorization.
"Service Agreement"
A written contract or Statement of Work (SoW) signed between CloudSphere and the Customer for a specific engagement.
"Customer Data"
All information, documents, and data uploaded or processed through the CloudSphere platform by the Customer.
2. Use of Services
By using our Services, you represent and warrant that:
- You are at least 18 years old or have the legal capacity to enter into commercial agreements in Indonesia.
- You use the Services solely for lawful, ethical purposes consistent with the laws of the Republic of Indonesia.
- All information you provide to CloudSphere is accurate, complete, current, and not misleading.
- You are fully responsible for the security of your account credentials and must promptly report any unauthorized access to us.
- You will not allow unauthorized parties to access the account or Services using your identity.
- Use of the Services by any User you authorize is the full responsibility of the Customer.
3. Prohibited Use
You are expressly prohibited from using the Services for the following activities:
Illegal activities or those that violate applicable laws and regulations in Indonesia
Distributing malware, viruses, ransomware, or malicious code in any form
Conducting penetration testing on third-party systems without valid written authorization
Copying, modifying, distributing, or selling CloudSphere products without written permission
Accessing other Customers' accounts, systems, or data without explicit authorization
Reverse engineering or decompiling CloudSphere software
Taking actions that could disrupt the integrity or availability of the Services
Impersonating or representing another entity without valid authorization
Violations of these prohibitions may result in immediate service termination and legal action under applicable regulations.
4. Consulting Services & VAPT
For GRC consulting services and security testing (Vulnerability Assessment & Penetration Testing), additional terms set forth in the Service Agreement apply:
- Scope — Testing is conducted only against systems, applications, and infrastructure explicitly listed in the Service Agreement. Testing outside the agreed scope is not permitted.
- Mandatory Authorization — The Customer must possess and provide valid written authorization for all systems to be tested before testing begins. CloudSphere is not responsible for testing performed based on invalid authorization.
- Deliverables — Schedules, formats, and quality standards for reports follow the applicable Service Agreement.
- Confidentiality of Findings — All vulnerability findings and reports are confidential and may not be disclosed to third parties without written consent from CloudSphere.
- VAPT Liability Limitation — CloudSphere is not liable for system disruptions resulting from testing conducted within the agreed scope and performed according to standard procedures.
5. Payment & Billing
- Prices and payment schedules are set out in writing in the Service Agreement or proposal approved by both parties.
- Payment is due on the date specified in the invoice. Delays of more than 30 calendar days may result in temporary suspension of Service access.
- All listed prices are exclusive of Value Added Tax (VAT) per applicable Indonesian tax regulations.
- A late fee of 2% per month may be charged on outstanding invoices past the due date.
- Refund policies are specified in each Service Agreement. For billing inquiries, contact billing@cloudsphere.id.
6. Service Level Agreement (SLA)
CloudSphere is committed to maintaining the availability and quality of SaaS platform services in accordance with the Service Level Agreement established for each product:
VendorSphere, RiskSphere, AssetSphere, PeopleSphere
GuardSphere
SLA Compensation: If CloudSphere fails to meet the uptime commitment in a calendar month, the Customer is entitled to submit a service credit claim. Claim procedures and credit amounts are governed by each Service Agreement.
SLA does not apply to disruptions caused by: force majeure, Customer actions, scheduled maintenance that was notified in advance, or third-party infrastructure failures beyond CloudSphere's reasonable control.
7. Intellectual Property
All intellectual property rights in the platform, software, documentation, methodologies, trademarks, and CloudSphere products remain the exclusive property of PT CloudSphere Digital Indonesia or its licensors. Use of the Services does not grant you any ownership rights over our intellectual property in any form.
Rights to Deliverables: Reports, recommendations, and deliverables produced specifically for the Customer under a Service Agreement become the Customer's property upon settlement of all payment obligations, unless otherwise agreed in writing.
Rights to Methodology: Methodologies, frameworks, templates, and tools developed by CloudSphere remain the property of CloudSphere even if used in Customer engagements.
Rights to Customer Data: The Customer retains full ownership of all Customer Data. CloudSphere uses such data only to the extent necessary to provide the Services.
8. Confidentiality
Both parties agree to maintain the confidentiality of all sensitive information obtained or communicated during the performance of the Services, including but not limited to:
- Security vulnerability findings and testing reports
- Business strategies, financial data, and customer information of each party
- CloudSphere's internal methodologies, tools, and processes
- Technical information and system architecture of the Customer
This confidentiality obligation remains in effect for 3 (three) years after the termination of the Service Agreement, unless otherwise agreed in writing. The obligation does not apply to information that has entered the public domain through no breach of this agreement, or that must be disclosed pursuant to law or court order.
9. Limitation of Liability
To the extent permitted by applicable law, CloudSphere is not liable for:
- Indirect, incidental, or consequential losses arising from use of or inability to use the Services
- Loss of data, profits, or business opportunities of an indirect nature
- Business operational disruptions due to factors beyond CloudSphere's reasonable control
- Losses resulting from unauthorized use of Customer credentials by third parties
- Failures of third-party systems integrated with our platform
Liability Cap
CloudSphere's total liability to the Customer for any single incident, under any circumstances, shall not exceed the total fees paid by the Customer to CloudSphere in the last 3 (three) months preceding the incident.
10. Termination
CloudSphere reserves the right to terminate or suspend your access to the Services, with or without prior notice depending on the severity of the breach, if:
- You violate any provision of these Terms of Service or the Service Agreement
- There are outstanding payment arrears that have not been settled past the due date
- There is suspicious, illegal, or potentially harmful activity that threatens platform security
- The Service Agreement expires or is terminated by either party
The Customer may terminate the Service Agreement in accordance with the notice period specified therein. Obligations that arose before the termination date remain in effect.
11. Force Majeure
CloudSphere will not be deemed in breach of its obligations under these terms if a delay or failure to perform is caused by events beyond its reasonable control, including but not limited to: natural disasters, pandemics, civil unrest, government action, national internet infrastructure outages, or other force majeure events recognized under Indonesian law.
CloudSphere will notify the Customer as soon as practicable if a force majeure event affects the performance of the Services, along with an estimated impact assessment and recovery plan.
12. Governing Law & Jurisdiction
These Terms of Service, together with all Service Agreements that reference them, are governed by and construed in accordance with the laws of the Republic of Indonesia.
Any dispute arising out of or in connection with this document will be resolved through:
- Amicable Resolution — The parties must endeavor to resolve the dispute amicably within 30 calendar days from the date the first written notice is sent.
- Mediation — If amicable resolution fails, the parties may pursue mediation with a mutually agreed mediator.
- Arbitration / Litigation — If mediation is also unsuccessful, the dispute will be resolved through the Indonesian National Arbitration Board (BANI) or the competent District Court in the Jakarta area.
13. Changes to Terms
CloudSphere reserves the right to modify these Terms of Service at any time to reflect changes in Services, regulations, or operational needs. For material changes:
- Notice will be sent by email at least 30 days before the change takes effect
- The “Last updated” date at the top of this document will be updated
- For active Customers, changes take effect on the date specified in the notice
Continued use of the Services after a change takes effect constitutes acceptance of the revised terms. If you object to a change, you may terminate the Service Agreement in accordance with the applicable procedure.
14. Contact Us
For legal or administrative questions regarding these Terms of Service:
PT CloudSphere Digital Indonesia
Jl. Haji Salim, Gang Haji Musa 1 RT 006/RW 010
Cimanggis, Tugu, Kota Depok 16451
Legal Email: legal@cloudsphere.id
General Email: hello@cloudsphere.id
See also: Privacy Policy and Security Policy.
