This Subscription Agreement (“Agreement”) is a legal agreement between Cogito Group Pty Ltd, an Australian-registered corporation (“Service Provider” or “Cogito”), and you, either as an individual, organisation, or legal entity (“Subscribing Party”), effective from the date the Subscribing Party first accesses or uses the Soft Certificate Service (“Effective Date”). Each may be referred to as a “Party” and collectively as the “Parties.”

By accessing or using the Soft Certificate Service, the Subscribing Party agrees to be bound by this Agreement. If accepting on behalf of another organisation, the Subscribing Party warrants they have full authority to bind that organisation. If the Subscribing Party does not agree to these terms, they must not use the service.

1. Nature of the Service

Cogito provides a managed Soft Certificate Service delivered from Australia by security-cleared personnel. The service includes certificate lifecycle management functions such as issuance, renewal, revocation, and key management performed under Cogito’s accredited PKI environment.

Use of the service requires:
a. Successful identity verification;
b. One-off organisation registration (non-refundable);
c. Selection of a 1-year or 2-year subscription term, billed in advance;
d. Ongoing compliance with certificate policy requirements.

All service fees are billed automatically in accordance with the Fee Schedule. All fees (including registration, subscription, and lifecycle fees) are non-refundable.

2. Certificate Lifecycle Services

2.1 Issuance

Certificates are issued following successful identity checks and registration, in accordance with applicable Certificate Policies.

2.2 Renewal

Renewals occur automatically based on the subscription term purchased (1-year or 2-year), provided the subscription remains active and payment has been received.

2.3 Revocation

Cogito may revoke certificates based on:
– Subscribing Party request;
– Compromise or suspected compromise;
– Credential misuse;
– Violations of this Agreement;
– Risk, compliance, or policy requirements.

Revocation does not entitle the Subscribing Party to refunds.

3. Fees, Billing and Subscription Terms

3.1 One-Off Business Registration Fee

A one-time, non-refundable Business Registration Fee applies to each new organisation onboarded for Soft Certificate Services.
This covers organisational validation, identity verification, and PKI enrolment administration.

This registration fee is separate from the subscription cost and is not charged again for renewals.

3.2 Annual Billing (1-Year or 2-Year Subscription)

The Subscribing Party must select a subscription duration:
– 1-year term, billed annually in advance; or
– 2-year term, billed in full at commencement.

Subscriptions renew automatically for the same term unless cancelled before the renewal date.

3.3 Additional Fees

Requests outside standard certificate lifecycle operations—such as administrative queries, assistance, or changes—may incur charges at Cogito’s Professional Services rates, billed automatically to the nominated payment method.

3.4 Failed Payments and Suspension

If payment is not received:
– The service may be suspended without notice;
– Certificates may not renew;
– Outstanding amounts remain due;
– Service can only be reinstated once payments are settled.

3.5 No Refunds

All payments (registration, subscription, issuance, lifecycle services) are non-refundable, including where:
– a subscription is cancelled mid-term,
– certificates are revoked before expiry,
– the service is unused or partially used.

4. Subscribing Party Responsibilities

The Subscribing Party is responsible for:
a. Secure storage, use, and management of certificates in their environment;
b. Compliance with all applicable laws, regulatory obligations, and certificate policies;
c. Ensuring all authorised personnel follow correct security practices;
d. Immediately notifying Cogito of any suspected compromise or misuse.

Cogito does not provide internal IT administration, security configuration, or compliance advisory unless contracted separately.

5. No Warranties and Limitation of Liability

5.1 No Warranties

Soft Certificate Services are provided “as is” without warranties of any kind, including:
– merchantability,
– fitness for purpose,
– uninterrupted service,
– error-free operation.

5.2 Limitation of Liability

Cogito is not liable for any indirect, consequential, incidental, or special damages arising from use of the service, including but not limited to:
– issuance, renewal, or revocation delays;
– outages or service interruptions;
– certificate misuse by the Subscribing Party;
– data loss or security issues in the Subscribing Party’s environment.

5.3 Indemnification

The Subscribing Party agrees to indemnify Cogito for any claims, damages, or losses arising from:
– misuse of certificates;
– failures in their internal systems;
– non-compliance with policies or legal requirements.

6. Unauthorised Security Testing

Penetration testing, vulnerability scanning, or similar activities targeting the Soft Certificate platform are strictly prohibited without prior written authorisation.

Unauthorised testing may result in:
– immediate suspension,
– permanent access termination,
– legal action if necessary.

7. Use Restrictions

If trial accounts or evaluation accounts are provided, they:
– must not be used in production,
– must not be used for commercial or revenue-generating purposes,
– must be upgraded to a paid subscription for operational use.

Any breach constitutes a material violation.

8. Modification of Terms

Cogito may modify these Terms at any time. Updates are effective once posted on the Cogito website. Continued use of the service constitutes acceptance of updated Terms.

9. Termination

9.1 Termination by Subscribing Party

The Subscribing Party may terminate the subscription by:
– ceasing use of the service;
– ensuring all outstanding invoices are settled;
– cancelling before their next renewal date.

Terminations do not result in refunds for any unused subscription period.

9.2 Termination by Cogito

Cogito may terminate the Agreement due to:
– non-payment;
– breach of terms;
– misuse of certificates or platform;
– security risks;
– policy non-compliance.

9.3 Effect of Termination

Upon termination:
– all issued certificates may be revoked;
– the Subscribing Party must cease use of all certificates issued under this service;
– all data may be deleted according to retention policies.

10. Governing Law and Dispute Resolution

This Agreement is governed by the laws of the Australian Capital Territory (ACT).
Any dispute must be resolved through the courts of the ACT.

For all enquiries, the Subscribing Party must contact Cogito via the website contact form.