Service terms summary for DefenceFile pilots.

DefenceFile provides software for organising ECCTA failure-to-prevent-fraud readiness evidence, review trails, attestations, alerts, and exports.

DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.

Public trust, security, privacy, DPA, and cookie summaries describe the product baseline only; signed customer terms control commercial commitments, support, retention, deletion, subprocessors, and transfer safeguards.

Customers remain responsible for the accuracy of submitted information, suitability of evidence, reviewer decisions, legal advice, regulatory interpretation, and use of exported materials.

Customers should not upload material they are not authorised to process or share through the workspace.

Customers remain responsible for documenting controller lawful bases, Article 10 or DPA 2018 Schedule 1 conditions for criminal-offence data where applicable, privacy notices, DPIAs, and legal holds.

Customers remain responsible for controlling who receives zero-login attestation and adviser-share links, revoking links when access should end, and preserving exported audit/evidence records according to their legal hold and retention instructions.

The DefenceFile pilot is operated on Railway (application hosting, US West), Cloudflare (CDN, DNS, R2 object storage), and Resend (transactional email, US). A full sub-processor register is available on the privacy page and in the signed DPA.

Customers requiring specific data residency, private networking, or provider commitments should capture those in the order form before production onboarding.