Terms of Service

1. About These Terms

These Terms of Service ("Terms") govern your access to and use of MandateRoom ("Service"), a virtual data room platform for document sharing and due diligence workflows.

MandateRoom is operated by Aniket Raj, an individual trading as MandateRoom, a sole proprietor registered under the MSME/Udyam framework in India (Udyam Registration No. UDYAM-UP-29-0238002).

By creating an account or using the Service, you agree to these Terms. If you do not agree, do not use the Service.

These Terms form a binding contract between you (the "Customer" or "User") and the operator. There is no separate corporate entity — you are contracting with an individual.

2. Nature of the Service

MandateRoom provides:

• A hosted platform for uploading, organising, and sharing confidential documents in connection with M&A transactions, private equity processes, legal reviews, and similar workflows.
• A system by which document owners ("Workspace Owners") invite other users ("Viewers") to access specific documents within a controlled environment.
• Document rendering as watermarked images to reduce unauthorised distribution.
• An immutable access audit log recording who viewed which document and when.
• Access controls including permission management and instant access revocation.

The Service is a software tool. It is not a law firm, financial adviser, or compliance consultant. Nothing in the Service constitutes legal, financial, tax, or regulatory advice.

3. Eligibility and Accounts

You must be at least 18 years old and have legal capacity to enter binding contracts in your jurisdiction to use the Service.

You are responsible for:

• Maintaining the confidentiality of your login credentials.
• All activity that occurs under your account.
• Ensuring that all users you invite to your workspace comply with these Terms.
• Notifying us promptly at hello@mandateroom.com if you suspect unauthorised access.

We may suspend or terminate accounts that violate these Terms, that are used for fraudulent purposes, or that pose a risk to other users or to the platform's integrity.

4. Payments and Billing

Payments are processed by Lemon Squeezy (a service of Lemon Squeezy, LLC), which acts as the Merchant of Record for all transactions. When you subscribe to a paid plan:

• You are entering a payment relationship with Lemon Squeezy, subject to their terms and privacy policy.
• Lemon Squeezy is responsible for collecting and remitting applicable taxes (including VAT, GST, and sales tax) in jurisdictions where they are required to do so.
• Pricing is displayed in USD. Your bank or card issuer may apply currency conversion fees; we have no control over these.

Refunds: All subscription fees are non-refundable except where required by applicable law. If you believe a charge was made in error, contact us at hello@mandateroom.com within 30 days of the charge.

We reserve the right to change pricing with at least 30 days' notice communicated by email or via the platform. Continued use after a price change takes effect constitutes acceptance of the new pricing.

5. Acceptable Use

You may use MandateRoom only for lawful business purposes. You must not use the Service to:

• Upload, share, or process documents that you do not have the right to share.
• Facilitate unlawful transactions, money laundering, fraud, or any activity prohibited by applicable law.
• Circumvent, attempt to reverse-engineer, or attack the platform's technical controls.
• Upload content containing malware, viruses, or malicious code.
• Impersonate another person or organisation.
• Use the Service in a manner that could damage, overload, or impair its availability for other users.

We do not monitor the content of documents uploaded to the Service. You are solely responsible for ensuring that your use of the platform — including the content you upload and the parties you invite — complies with all applicable laws.

6. Your Content and Data

You own your content. Uploading documents to MandateRoom does not transfer ownership or grant us any licence to your content beyond what is necessary to provide the Service (specifically: storing, retrieving, and rendering your documents in the platform).

You represent and warrant that:

• You own or have the necessary rights to upload and share the documents you place on the platform.
• Your content does not violate any third-party intellectual property rights, privacy rights, or applicable law.

We will not access, read, or disclose your documents except:

• As technically necessary to operate and support the platform.
• Where required by law or a valid legal process (see Section 12).
• With your explicit permission.

7. Infrastructure and Sub-processors

The Service relies on the following third-party infrastructure providers. Each operates under its own security and compliance certifications. We do not independently audit or certify them:

Your data is stored primarily on infrastructure located in the United States. For customers in the European Economic Area (EEA) and United Kingdom, please see the Privacy Policy for information about international data transfers.

The security properties described in our marketing materials (encryption at rest, TLS in transit, etc.) are in large part provided by these infrastructure vendors. Our representations about these properties are based on those vendors' published documentation and are subject to change if vendor configurations change.

8. Security — Honest Statement

We have implemented the following technical security measures:

• Encryption at rest: Documents stored in Cloudflare R2 are encrypted at rest using AES-256, as provided by Cloudflare.
• Encryption in transit: Data transmitted between your browser and the platform is encrypted using TLS, as provided by Vercel and Cloudflare.
• Audit logging: All document access events are logged with a HMAC-SHA256 cryptographic signature to detect tampering.
• Watermarking: Documents are rendered as watermarked images containing viewer-identifying information.
• Access controls: Document access can be granted and revoked instantly; no access is permitted without explicit authorisation.

What we do not have:

• We are not SOC 2 certified, ISO 27001 certified, or certified under any other information security standard.
• We do not have a dedicated security team, a formal incident response team, or 24/7 security monitoring.
• We do not provide a guaranteed recovery time objective (RTO) or recovery point objective (RPO).
• We do not carry cyber liability insurance (or if we do, coverage is limited — see Section 9).

We take security seriously and have designed the platform with security in mind. However, no system is perfectly secure. We cannot guarantee that the Service will be free from breaches, unauthorised access, or data loss.

9. Limitation of Liability

Read this section carefully. It significantly limits our legal responsibility to you.

9.1 Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE FROM SECURITY VULNERABILITIES.

9.2 Limitation of Damages

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO YOUR USE OF THE SERVICE — INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, BREACH OF CONFIDENTIALITY, OR BUSINESS INTERRUPTION — EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9.3 Cap on Liability

OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR YOUR USE OF THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) USD 100.

9.4 Why This Cap Exists — Plain English

MandateRoom is operated by a single individual with no corporate entity, no legal team, and no insurance against large-scale liability claims. The documents you share on the platform may be of very high commercial value. We cannot accept unlimited liability for the value of transactions conducted using the Service. If unlimited liability is a requirement for your organisation, MandateRoom may not be the right product for you at this stage.

9.5 Indemnification

You agree to indemnify and hold harmless the operator of MandateRoom from and against any claims, losses, damages, and expenses (including reasonable legal fees) arising from: (a) your violation of these Terms; (b) your content; (c) your use of the Service in violation of applicable law; or (d) any dispute between you and another user of your workspace.

10. Availability and Service Changes

We aim to provide reliable access to the Service but do not guarantee any specific level of uptime. The Service may be unavailable due to maintenance, infrastructure outages at our providers, or circumstances beyond our control.

We may modify, suspend, or discontinue any part of the Service at any time. For material changes, we will provide at least 30 days' notice by email where reasonably possible. For paid subscribers, if we discontinue the Service entirely, we will provide a pro-rated refund of prepaid fees.

11. Termination

You may terminate your account at any time by contacting us at hello@mandateroom.com or using the account deletion feature in the platform (if available). Termination does not entitle you to a refund of fees already paid.

We may terminate your account immediately if you materially breach these Terms, if required by law, or if continued operation of your account creates risk to the platform or other users.

Upon termination:

• Your access to the Service will be revoked.
• We will retain your data for up to 30 days to allow you to request an export, after which it will be deleted in accordance with our standard data retention practices.
• Sections 6, 9, 12, and 13 survive termination.

12. Law Enforcement and Legal Requests

If we receive a valid legal order, court order, or government demand requiring us to disclose your data, we will:

• Review the request for legal validity.
• Notify you unless we are legally prohibited from doing so.
• Disclose only the minimum data required to comply.

We are an Indian-registered operator. Legal requests from non-Indian jurisdictions will be reviewed on a case-by-case basis. We will not disclose data in response to informal requests lacking legal authority.

13. Governing Law and Disputes

These Terms are governed by the laws of India, without regard to conflict of law principles.

For customers in the European Union: Nothing in these Terms removes rights you have under mandatory EU consumer or business protection laws that cannot be contractually excluded.

For customers in the United Kingdom: Nothing in these Terms removes rights under the Unfair Contract Terms Act 1977 or other mandatory UK law.

For customers in the United States: You agree to resolve disputes through binding individual arbitration under the rules of an internationally recognised arbitration body, to the extent enforceable in your jurisdiction, rather than through class actions.

Informal resolution: Before initiating any formal dispute, both parties agree to attempt good-faith negotiation for 30 days. Contact us at hello@mandateroom.com.

14. Changes to These Terms

We may update these Terms from time to time. For material changes, we will notify you by email or via an in-platform notice at least 14 days before the changes take effect. Continued use of the Service after the effective date of revised Terms constitutes acceptance.

15. Contact

For questions about these Terms, to report a security issue, or to make a data request:

Email: hello@mandateroom.com
Operating as: MandateRoom, sole proprietorship, India
Udyam Registration No.: UDYAM-UP-29-0238002
Registered Address: Vasundhara, Ghaziabad, Uttar Pradesh - 201012, India

These Terms were last reviewed on June 2026. They reflect the honest legal position of a solo-operated product and should not be interpreted as the terms of a large corporation.