LexoregTry Free Demo
Back to Lexoreg

Terms of Service

Last updated: April 24, 2026

1. Introduction

These Terms of Service ("Terms") govern your use of the Lexoreg platform ("Service") operated by Lexoreg ("Lexoreg", "we", "us", "our"), based in Espoo, Finland.

By creating an account or using the Service, you ("Customer", "you") agree to be bound by these Terms. If you are accepting these Terms on behalf of an organization, you represent that you have the authority to bind that organization.

2. Service Description

Lexoreg is a compliance management platform that helps manufacturers of products with digital elements manage their obligations under the EU Cyber Resilience Act (Regulation (EU) 2024/2847) and related regulations.

The Service includes:

  • Product registry and lifecycle management
  • Software Bill of Materials (SBOM) upload, parsing, and management
  • Automated vulnerability monitoring and detection
  • Vulnerability triage and resolution workflow
  • ENISA Article 14 incident report generation
  • CRA compliance checklist and CE readiness tracking
  • Cryptographic audit trail
  • Technical documentation generation
  • Supplier management

2.1 What the Service Is NOT

Lexoreg is a compliance management tool. It is NOT legal advice, regulatory consulting, a guarantee of regulatory compliance, a substitute for internal security practices, a vulnerability scanning or penetration testing service, or a certification or audit service. Customers are solely responsible for their own regulatory compliance decisions.

3. Account Registration

3.1. You must provide accurate and complete information when creating an account.

3.2. You are responsible for maintaining the confidentiality of your account credentials.

3.3. You must notify us immediately of any unauthorized use of your account.

3.4. One person or organization may not maintain more than one free trial account.

4. Free Trial

4.1. New accounts receive a 14-day free trial with full access to all features.

4.2. No credit card is required for the free trial.

4.3. After the trial period expires, accounts enter read-only mode. You may view and export your data but cannot create or modify records.

4.4. To restore full access, you must subscribe to a paid plan.

4.5. Data from expired trial accounts is retained for 90 days, after which it may be deleted.

5. Subscription Plans and Payment

5.1 Plans

Lexoreg offers tiered subscription plans with varying product limits, workspace limits, and feature access. Current plans and pricing are available upon request at hello@lexoreg.io.

5.2 Billing

  • Monthly plans are billed in advance on the same day each month.
  • Annual plans are billed in advance for the full year.
  • All prices are in Euros (EUR) and exclude applicable VAT.
  • VAT is charged according to Finnish and EU tax regulations.

5.3 Price Changes

We may change pricing with 30 days written notice. Price changes take effect at the next billing cycle. If you do not agree to a price change, you may cancel before the next billing cycle.

6. Cancellation and Refunds

6.1 Monthly Plans

  • You may cancel at any time with 30 days written notice to hello@lexoreg.io.
  • No refunds are issued for the current billing period.
  • Your access continues until the end of the current billing period.

6.2 Annual Plans

In accordance with the EU Data Act (Regulation (EU) 2023/2854), customers may terminate annual subscriptions at any time with two (2) months written notice to hello@lexoreg.io.

  • Service continues for the two-month notice period with full access.
  • Customer has 30 days after the termination date to export all data.
  • An early termination fee equal to one (1) month's subscription fee applies for terminations before the annual renewal date. No early termination fee applies within the final two months of the annual term.
  • Annual plans do not automatically renew without explicit confirmation from the Customer.
  • Upon early termination, any prepaid fees for the remaining term (minus the early termination fee) will be refunded on a pro-rata basis.

6.3 Data After Cancellation

After cancellation, your account enters read-only mode for 30 days. During this period, you may export all your data. After 30 days, your data may be permanently deleted. Audit trail records are retained for 5 years as required for CRA compliance evidence, even after account cancellation.

7. Data Ownership

7.1. Your data is yours. All data you upload or create in the Service (products, SBOMs, vulnerability records, compliance checks, reports, audit logs) remains your property.

7.2. You grant Lexoreg a limited license to process your data solely for the purpose of providing the Service.

7.3. You may export your data at any time using the export functions available in the Service.

7.4. We will not sell, share, or use your data for purposes other than providing the Service.

7.5. Aggregated, anonymized data (e.g., total CVE counts across all customers) may be used for product improvement. No individual customer data is identifiable in aggregated data.

8. Data Portability and Switching

In accordance with the EU Data Act (Regulation (EU) 2023/2854), Lexoreg supports your right to switch providers or terminate the Service:

  • You may export all your data at any time using the export functions in the Service, without charge.
  • Exported data is provided in standard, machine-readable formats (JSON and CSV).
  • You may terminate this agreement with two (2) months written notice as described in Section 6.
  • Upon termination, Lexoreg will maintain the Service and assist with data migration for 30 calendar days at no additional charge.
  • Lexoreg does not charge switching fees, data export fees, or migration fees.
  • Lexoreg does not impose technical barriers to data portability. All exportable data is available through the Service's built-in export functions and API.

9. Acceptable Use

You agree not to:

  • Use the Service for any unlawful purpose.
  • Upload malicious files, malware, or content that could harm the Service.
  • Attempt to gain unauthorized access to other customers' data or accounts.
  • Reverse engineer, decompile, or attempt to extract the source code of the Service.
  • Share account credentials with unauthorized parties.
  • Exceed the usage limits of your subscription plan through automated means.
  • Resell or sublicense access to the Service without written permission.

Violation of these terms may result in immediate account suspension.

10. Intellectual Property

10.1. Lexoreg and its licensors own all rights, title, and interest in the Service, including all software, algorithms, interfaces, documentation, and branding.

10.2. These Terms do not grant you any rights to Lexoreg's intellectual property except the limited right to use the Service as described herein.

10.3. "Lexoreg" and the Lexoreg logo are trademarks of Lexoreg.

11. Liability Limitations

IMPORTANT: PLEASE READ THIS SECTION CAREFULLY. IT LIMITS LEXOREG'S LIABILITY TO YOU.

11.1 Compliance Disclaimer

COMPLIANCE DISCLAIMER

Lexoreg provides tools to assist with CRA compliance. Lexoreg does not guarantee regulatory compliance and is not liable for any fines, penalties, sanctions, product recalls, market access restrictions, or legal consequences resulting from non-compliance with the EU Cyber Resilience Act (Regulation (EU) 2024/2847), the EU AI Act, or any other regulation.

The Customer is solely responsible for: the accuracy and completeness of data uploaded to the Service; making compliance decisions based on information provided by the Service; meeting regulatory deadlines including ENISA reporting deadlines; the content of reports submitted to regulatory authorities; and ensuring their products meet all applicable regulatory requirements.

Lexoreg does not provide legal advice. The use of Lexoreg does not create a lawyer-client or consultant-client relationship. Customers should seek independent legal counsel for regulatory compliance matters.

11.2 Service Availability

Lexoreg aims for high availability but does not guarantee uninterrupted service. We are not liable for damages caused by service interruptions, including missed regulatory deadlines during downtime.

11.3 Vulnerability Data

Vulnerability data is sourced from public databases (NVD, OSV, CISA KEV, EUVD). Lexoreg does not guarantee the completeness or accuracy of vulnerability data from these sources. Absence of a vulnerability match does not mean your product is vulnerability-free.

11.4 Maximum Liability

To the maximum extent permitted by Finnish law, Lexoreg's total aggregate liability under these Terms shall not exceed the total fees paid by the Customer in the three (3) months immediately preceding the event giving rise to the claim.

11.5 Exclusion of Damages

To the maximum extent permitted by Finnish law, Lexoreg shall not be liable for: indirect, incidental, special, consequential, or punitive damages; loss of profits, revenue, data, or business opportunities; regulatory fines or penalties imposed on the Customer; or costs of substitute services.

12. Indemnification

You agree to indemnify and hold harmless Lexoreg, its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including legal fees) arising from: your use of the Service; your violation of these Terms; your violation of any applicable law or regulation; or any claim that data you uploaded infringes a third party's rights.

13. Data Protection

Our processing of personal data is governed by our Privacy Policy. We comply with the EU General Data Protection Regulation (GDPR) and Finnish data protection legislation. Customer data is stored in the European Economic Area (EEA).

14. Confidentiality

Each party agrees to keep confidential any non-public information received from the other party. Confidentiality obligations survive for 3 years after termination of these Terms.

15. Changes to Terms

We may update these Terms at any time. Material changes will be communicated via email at least 30 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance. If you do not agree to the updated Terms, you may cancel your subscription before the changes take effect.

16. Governing Law and Disputes

16.1. These Terms are governed by and construed in accordance with the laws of Finland.

16.2. Any disputes arising from these Terms shall be resolved in the District Court of Espoo, Finland.

16.3. Before initiating legal proceedings, both parties agree to attempt to resolve disputes through good-faith negotiation for a period of 30 days.

17. Miscellaneous

17.1. Entire Agreement. These Terms, together with the Privacy Policy, constitute the entire agreement between you and Lexoreg.

17.2. Severability. If any provision of these Terms is held to be invalid, the remaining provisions continue in full force.

17.3. Force Majeure. Neither party is liable for delays caused by events beyond reasonable control, including natural disasters, war, government actions, or infrastructure failures.

17.4. Assignment. You may not assign these Terms without our written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

18. Contact

For questions about these Terms:

Lexoreg
Email: hello@lexoreg.io
Website: lexoreg.io
Espoo, Finland