Terms of Service

1. Agreement to Terms

By creating an account, clicking “I agree,” or otherwise accessing or using the services provided by Technology Strategy & Security Association of Canada, doing business as TSSAC and related trade names (“TSSAC”, “we”, “us”, or “our”), you agree to be bound by these Terms of Service (“Terms”) and our Privacy Policy.

These Terms are commercial terms intended for business-to-business use. Our services are designed for Canadian businesses and organizations, not individual consumers. By accepting these Terms, you confirm that you are entering into this agreement in a commercial capacity on behalf of a business or organization, not as an individual consumer.

If you are accepting these Terms on behalf of an organization, you represent and warrant that you have the authority to bind that organization. If you do not agree to these Terms, do not use our services.

These Terms constitute a legally binding agreement between you and TSSAC. By clicking “I agree” during account registration, you acknowledge that: (a) you have read and understood these Terms in their entirety, including the warranty disclaimer (Section 11), limitation of liability (Section 12), and indemnification (Section 13) provisions, (b) you have had the opportunity to seek independent legal advice, and (c) you agree to be bound by these Terms. We maintain a record of your acceptance, including the date, time, and version of Terms accepted.

2. Membership

2.1 Eligibility

TSSAC membership is available to Canadian businesses and organizations. By applying for membership, you represent that: (a) you are at least 18 years of age, (b) you have the authority to bind your organization to these Terms, and (c) the information you provide is accurate and complete.

2.2 Membership Tiers

We offer various membership tiers with different service levels and pricing. Details of each tier are available on our pricing page. We reserve the right to modify membership offerings with at least 30 days written notice.

2.3 Account Responsibility

You are responsible for: (a) maintaining the confidentiality of your account credentials, (b) all activities that occur under your account, (c) promptly notifying us of any unauthorized use of your account, and (d) ensuring that authorized users within your organization comply with these Terms.

3. Services

3.1 Service Description

TSSAC provides technology services including but not limited to:

• Managed IT support and helpdesk
• Microsoft 365 security monitoring and management
• Security awareness training and phishing simulations
• Cyber insurance readiness assessments
• CRM and business operations tools
• Microsoft 365 license provisioning (as a CSP partner)
• Device management and endpoint security

Specific services available depend on your membership tier.

3.2 Service Availability

We strive to maintain high availability of our services but do not guarantee uninterrupted access. We may perform maintenance that temporarily affects service availability, with reasonable notice when possible. Our target uptime is 99.9% for the platform, excluding scheduled maintenance windows.

3.3 Microsoft 365 Licensing

Microsoft 365 licenses provided through our CSP partnership are subject to Microsoft's terms of service. We act as a reseller and managed service provider. We do not control Microsoft's services and are not responsible for outages or changes made by Microsoft.

3.4 Third-Party Services

Our platform integrates with third-party services (Stripe for payments, Clerk for authentication, etc.). Your use of these services is subject to their respective terms and privacy policies. We are not responsible for the practices or availability of third-party services.

4. Managed IT Services Terms

The following terms apply specifically to managed IT services, security monitoring, and technology management services provided by TSSAC.

4.1 Scope of Managed Services

Our managed IT services include monitoring, alerting, configuration management, and advisory support for your technology environment. These services are designed to reduce risk, not eliminate it. Specifically:

• Security monitoring detects and alerts on known threat patterns but cannot guarantee detection of all threats, including zero-day vulnerabilities, advanced persistent threats, or novel attack vectors
• Security assessments and scores (including Microsoft 365 security scores, cyber insurance readiness reports, and vulnerability scans) are advisory in nature and represent a point-in-time evaluation. They do not constitute a guarantee of security
• Security awareness training and phishing simulations are educational tools. Completion of training does not guarantee that employees will not fall victim to actual attacks
• Device management and endpoint protection relies on third-party security products (e.g., SentinelOne, Microsoft Defender). We configure and monitor these tools but do not control their detection capabilities
• Backup monitoring verifies that backups are running as configured. We are not responsible for the completeness or recoverability of backups managed by third-party solutions (e.g., Dropsuite, Microsoft)

4.2 No Guarantee Against Data Loss or Security Breaches

While we implement industry-standard practices to protect your environment, no managed service provider can guarantee the prevention of all data loss, security breaches, ransomware attacks, unauthorized access, or system failures. You acknowledge that:

• Cyber threats evolve constantly and may bypass current protections
• Security depends on factors outside our control, including your employees' actions, your hardware, your network, and third-party vendor systems
• We are not responsible for data loss, corruption, theft, or unauthorized access to your systems, data, or accounts, except where caused directly by our gross negligence
• We are not responsible for business interruption, lost revenue, reputational harm, or any consequential damages arising from security incidents, even if we were providing monitoring or management services at the time of the incident

4.3 Third-Party Vendor Dependencies

Our managed services rely on third-party vendors and products. We are not responsible for:

• Outages, bugs, or security failures in Microsoft 365, Azure, or any Microsoft product or service
• Failures of endpoint security products (SentinelOne, Microsoft Defender, etc.) to detect or prevent malware
• Data loss or service disruption caused by backup providers (Dropsuite, Microsoft, etc.)
• Changes to third-party APIs, pricing, or feature availability that affect our ability to deliver services
• Actions or omissions of your other IT vendors, consultants, or internal IT staff

4.4 Recommendations and Compliance

We may recommend security configurations, policies, or practices for your environment. These recommendations are based on industry best practices and our professional judgment. However:

• Recommendations are advisory and do not constitute legal, compliance, or insurance advice
• You are responsible for deciding which recommendations to implement
• If you decline or delay implementing a recommended security measure, TSSAC is not liable for any resulting security incident or data loss
• Cyber insurance readiness assessments do not guarantee that you will obtain, retain, or successfully claim on a cyber insurance policy

4.5 Access to Your Environment

To provide managed services, you grant TSSAC administrative access to your Microsoft 365 tenant, devices, and other systems as required. You acknowledge that:

• We will use this access solely to deliver contracted services
• Administrative access is managed through Microsoft GDAP (Granular Delegated Admin Privileges) with least-privilege principles
• You may revoke access at any time, but doing so may prevent us from delivering managed services
• You are responsible for ensuring that granting us access complies with your own privacy policies, contracts, and regulatory requirements

5. Member Responsibilities

Effective IT security and managed services require cooperation. As a member, you are responsible for:

5.1 Security Responsibilities

• Maintaining your own independent data backups (we monitor but do not guarantee third-party backup solutions)
• Implementing security recommendations provided by TSSAC in a timely manner
• Ensuring your employees complete assigned security awareness training
• Reporting suspected security incidents to TSSAC promptly (within 24 hours of discovery)
• Maintaining strong passwords and multi-factor authentication on all accounts
• Not sharing credentials, access tokens, or API keys with unauthorized parties
• Keeping your devices and software updated as recommended

5.2 Cooperation

• Providing accurate and complete information about your IT environment
• Responding to service requests and security alerts in a timely manner
• Notifying TSSAC of changes to your IT environment that may affect managed services (e.g., new vendors, system changes, staff changes)
• Maintaining a current list of authorized users and administrators
• Obtaining necessary consents from your employees and customers for data processed through our services

5.3 Consequences of Non-Compliance

If you fail to meet the responsibilities above, and a security incident, data loss, or service disruption occurs as a result, TSSAC shall not be held liable. We reserve the right to document declined recommendations and unresponsive behaviour for our records.

6. Payment Terms

6.1 Fees

Membership fees are billed monthly in Canadian dollars (CAD). Applicable taxes (GST/HST/PST) will be added based on your province of registration.

6.2 Payment Methods

We accept major credit cards and pre-authorized debit, processed securely through Stripe. Payment is due on the billing date each month. You authorize us to charge your selected payment method for recurring fees.

6.3 Late Payments

If payment is not received within 15 days of the due date, we may: (a) suspend access to your services until payment is received, (b) charge interest at 1.5% per month on overdue amounts, and (c) after 60 days, terminate your membership. We will notify you before taking any of these actions.

6.4 Price Changes

We may adjust pricing with at least 30 days written notice. Price changes will take effect at the start of your next billing cycle following the notice period.

7. Cancellation and Termination

7.1 Cancellation by You

You may cancel your membership at any time with 30 days written notice to support@tssac.ca. Upon cancellation:

• You will retain access until the end of your current billing period
• We will assist with data export upon request (available for 30 days after cancellation)
• Microsoft 365 licenses can be transferred to another CSP provider
• No refunds are provided for partial months

7.2 Termination by TSSAC

We may suspend or terminate your account if you: (a) violate these Terms, (b) fail to pay fees after notice, (c) engage in activity that threatens the security of our platform or other members, or (d) provide false information. We will provide reasonable notice except in cases of security threats or illegal activity.

8. Acceptable Use

You agree not to:

• Use our services for any unlawful purpose
• Attempt to gain unauthorized access to our systems or other members' data
• Interfere with or disrupt our services or infrastructure
• Use our services to send spam, malware, or phishing attacks
• Resell, sublicense, or redistribute our services without authorization
• Reverse engineer, decompile, or attempt to extract the source code of our platform
• Use automated tools to scrape or collect data from our platform
• Upload content that infringes intellectual property rights of others

Violation of this section may result in immediate suspension or termination of your account.

9. Data and Privacy

9.1 Your Data

You retain ownership of all data you upload, create, or provide through our services (“Your Data”). By using our services, you grant us a limited license to process Your Data solely to provide the services you have requested.

9.2 Data Processing

We process your data in accordance with our Privacy Policy. Your data is stored primarily in Canada (AWS ca-central-1, Montreal). Some third-party service providers may process data in the United States, as described in our Privacy Policy.

9.3 Data Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments. However, no system is completely secure, and we cannot guarantee absolute security.

9.4 Data Portability

Upon request, we will provide an export of Your Data in a commonly used, machine-readable format within 30 days.

10. Intellectual Property

10.1 Our Property

The TSSAC platform, including its design, features, code, documentation, and branding, is owned by TSSAC and protected by Canadian and international intellectual property laws. Your membership grants you a non-exclusive, non-transferable right to use the platform for its intended purpose during the term of your membership.

10.2 Feedback

If you provide feedback, suggestions, or ideas about our services, we may use them without obligation to you. You grant us a non-exclusive, royalty-free license to use such feedback to improve our services.

11. Warranty Disclaimer

This disclaimer does not affect any warranties that cannot be excluded or limited under applicable Canadian law. To the extent any implied warranty cannot be disclaimed, such warranty is limited in duration to the shortest period permitted by law.

12. Limitation of Liability

12.1 General Limitation

To the maximum extent permitted by Canadian law:

• TSSAC shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of data, loss of business opportunities, business interruption, or reputational harm
• Our total aggregate liability for any claims arising from these Terms or your use of our services shall not exceed the fees paid by you in the twelve (12) months preceding the claim

12.2 Managed Services Exclusions

Without limiting Section 12.1, TSSAC is specifically not liable for:

• Data loss or corruption — including loss caused by ransomware, accidental deletion, hardware failure, software bugs, or third-party backup failures
• Security breaches — including unauthorized access, phishing attacks, malware infections, or credential compromise, even if we were actively monitoring your environment at the time
• Third-party failures — outages, bugs, data loss, or security failures in Microsoft 365, SentinelOne, NinjaRMM, or any other third-party product or service
• Failure to implement recommendations — any incident resulting from your decision not to implement, or delay in implementing, security recommendations provided by TSSAC
• Member actions or omissions — incidents caused by your employees, contractors, or authorized users, including clicking phishing links, sharing credentials, disabling security features, or installing unauthorized software
• Regulatory fines or penalties — fines, penalties, or regulatory actions imposed on your organization by any government or regulatory body, including those related to data breaches, PIPEDA non-compliance, or cyber insurance claims
• Incomplete assessments — any reliance on security scores, cyber insurance readiness reports, or vulnerability assessments as a guarantee of security posture or insurability
• Prior conditions — pre-existing security vulnerabilities, misconfigurations, or compromises in your environment that existed before you became a TSSAC member

12.3 Additional Exclusions

We are not liable for damages resulting from:

• Your failure to maintain adequate independent data backups
• Your failure to maintain account security or multi-factor authentication
• Force majeure events (see Section 17)
• Your violation of these Terms or applicable law
• Delays in reporting incidents to TSSAC
• Use of our services in a manner not contemplated by these Terms

12.4 Acknowledgement

You acknowledge that: (a) the fees charged for our services reflect this allocation of risk, (b) you are responsible for maintaining your own cyber insurance coverage, (c) TSSAC's services supplement but do not replace your own IT governance, risk management, and security obligations, and (d) you have had the opportunity to review these Terms and seek independent legal advice.

Nothing in these Terms excludes or limits liability for: (a) fraud or intentional misrepresentation, (b) wilful misconduct or gross negligence, (c) death or personal injury caused by negligence, or (d) any other liability that cannot be excluded or limited under applicable Canadian law, including Ontario's Consumer Protection Act, 2002 to the extent it applies.

13. Indemnification

You agree to indemnify and hold harmless TSSAC, its officers, directors, employees, and agents from any claims, damages, losses, or expenses (including reasonable legal fees) arising from: (a) your use of our services, (b) your violation of these Terms, (c) your violation of any third-party rights, or (d) content you upload or submit through our platform.

14. Dispute Resolution

If a dispute arises under these Terms, we encourage you to first contact us at support@tssac.ca to seek an informal resolution. If we cannot resolve the dispute informally within 30 days, either party may pursue formal resolution.

15. Changes to Terms

We may modify these Terms at any time. We will provide at least 30 days notice of material changes via email to the address associated with your account and by posting a notice on our platform. Your continued use of our services after changes take effect constitutes acceptance of the new Terms. If you do not agree, you may cancel your membership.

16. Governing Law

These Terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any disputes shall be resolved in the courts of Ontario. This choice of law does not deprive you of any mandatory consumer protection rights in your province of residence.

17. General Provisions

• Entire Agreement: These Terms, together with our Privacy Policy, constitute the entire agreement between you and TSSAC regarding the use of our services and supersede all prior agreements, representations, and understandings
• Severability: If any provision of these Terms is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable. If it cannot be modified, it shall be severed from these Terms. The invalidity or unenforceability of any provision shall not affect the validity or enforceability of any other provision, and all remaining provisions shall continue in full force and effect. The parties agree that a court may reform any invalid provision to achieve the original intent to the maximum extent permitted by law
• Survival: Sections 4 (Managed IT Services Terms), 5 (Member Responsibilities), 9 (Data and Privacy), 10 (Intellectual Property), 11 (Warranty Disclaimer), 12 (Limitation of Liability), 13 (Indemnification), and 17 (General Provisions) shall survive the expiration or termination of these Terms for any reason
• Waiver: Our failure to enforce any provision does not constitute a waiver of that provision or our right to enforce it in the future. Any waiver must be in writing and signed by TSSAC to be effective
• Assignment: You may not assign your rights under these Terms without our prior written consent. We may assign our rights in connection with a merger, acquisition, or sale of assets. Any purported assignment in violation of this section is void
• Force Majeure: Neither party is liable for failure to perform due to circumstances beyond reasonable control, including natural disasters, pandemics, government actions, cyberattacks on internet infrastructure, or internet disruptions
• No Third-Party Beneficiaries: These Terms do not create any rights for any person or entity that is not a party to these Terms
• Headings: Section headings are for convenience only and do not affect the interpretation of these Terms

18. Contact

For questions about these Terms, please contact us: