Terms of Service

1. About This Agreement

These terms govern your use of ControlHub for Sisense (“the Service”), provided by RAPID BI PTY LTD (ABN 50 639 508 857) (“we”, “us”, “our”). By creating an account or using the Service, you agree to these terms on behalf of your organisation (“you”, “your”, “Customer”).

Our Data Processing Agreement is incorporated into and forms part of these Terms of Service.

2. What the Service Does

ControlHub for Sisense is a cloud-hosted (SaaS) platform that provides backup, restore, promotion, migration, and monitoring tools for Sisense environments. The Service connects to your Sisense instances using credentials you provide, and performs operations on your behalf including:

• Automated and manual backup of Sisense asset definitions to Git repositories
• Restore of assets from backups to Sisense instances
• Promotion and migration of assets between Sisense instances
• Uptime and dashboard health monitoring with alerts
• Optional de-identification of data files during migration

The Service acts as an intermediary — it reads from and writes to your Sisense instances and Git repositories using the access you grant it. For full details of what data we access, store, and exclude, see our Trust & Security page.

3. Your Account

Registration

You must provide accurate information when registering. You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.

Free Trial

New accounts receive a free trial with a credit allowance. During the trial, certain features may be limited (e.g., migrations are not available, promotes are capped at 10 assets per job, and a maximum of 2 Sisense instances may be connected). Trial credits do not expire based on time — the trial runs until credits are exhausted or you subscribe to a paid plan.

4. Billing and Payment

Usage-Based Pricing

The Service uses usage-based pricing. You are charged based on the operations you perform (backups, restores, migrations, monitoring checks). There are no per-seat fees or lock-in contracts.

Credits and Payment

• You purchase credits in advance or set up automatic top-ups
• Credits are consumed as you use the Service
• Unused credits do not expire while your account is active
• We may suspend your account if invoices are overdue for more than 14 days
• All prices are in the currency configured for your account

Refunds

All credit purchases are non-refundable. Unused credits are forfeited upon account termination.

5. Your Credentials and Access

What We Need

To function, the Service requires credentials (API tokens, usernames, and passwords) for your Sisense instances and, optionally, your Git repositories. You provide these voluntarily when enrolling instances.

How We Handle Them

• All credentials are encrypted at rest using industry-standard encryption (Fernet symmetric encryption)
• Credentials are never logged in plain text
• Credentials are used only to perform operations you initiate or schedule within the Service
• We do not sell or share your credentials with any third party
• During migrations, connection credentials may be transferred between Sisense instances in memory and are immediately re-encrypted by the destination — they are never persisted to disk or logged
• Credentials can be updated or removed by you at any time through the Service

Your Responsibility

• You are responsible for ensuring the credentials you provide have appropriate permissions for the operations you intend to perform
• You should use credentials with the minimum permissions necessary (principle of least privilege)
• You are responsible for rotating credentials in accordance with your organisation’s security policies
• If you believe credentials have been compromised, update them immediately in the Service and in the source system

6. Your Data

Ownership

Your data remains yours. We do not claim any ownership of your Sisense assets, configurations, dashboards, datamodels, or any other content managed through the Service.

What the Service Stores

The Service stores asset definitions and metadata only (dashboard structures, datamodel schemas, connection metadata with credentials stripped, notebooks, and configuration files). These are stored in Git repositories. No customer data (database contents, CSV/Excel data, query results) is stored by the Service. See our Trust & Security page for a full breakdown.

Backup Storage

• You may connect your own Git repository (Gitea, GitHub, GitLab, Bitbucket, or any Git host) for full control over where your backup data is stored
• If you use our managed storage, your backups are stored in dedicated per-client folders with no cross-client access
• You control backup frequency, asset selection, and retention

Important: The Service provides backup tooling, not a guaranteed disaster recovery service. While we make reasonable efforts to ensure backups complete successfully, we do not guarantee the availability, completeness, or recoverability of backup data — particularly when using managed storage. For mission-critical environments, we strongly recommend connecting your own Git repository so that backup data is under your direct control and subject to your own redundancy and disaster recovery measures.

De-Identification

When you use the optional de-identification feature during migrations, the Service replaces PII in copies of CSV/Excel data files using deterministic hashing. De-identification is applied to copies during transfer — source data is never modified.

7. What We’re Responsible For

We will:

• Maintain the Service in reasonable working order
• Fix bugs and security vulnerabilities in a timely manner
• Encrypt all credentials at rest and in transit
• Not access your instances or data except as directed by your use of the Service
• Not use your data for training AI models, analytics, or any purpose other than providing the Service
• Maintain multi-tenant isolation between customers
• Provide reasonable support for configuration and usage issues
• Comply with our obligations under the Data Processing Agreement

8. What We’re Not Responsible For

Sisense Platform

The Service interacts with Sisense via its APIs. We are not responsible for:

• Sisense API changes, outages, or behaviour that affects Service operations
• Data loss or corruption caused by Sisense platform issues
• Compatibility issues arising from Sisense version updates we have not yet tested against

Operations You Initiate

The Service performs operations that you configure and initiate (or schedule). This includes operations that modify your Sisense environments such as restore, promotion, and migration. You are responsible for:

• Reviewing what an operation will do before confirming it
• Ensuring you have appropriate backups before performing destructive operations
• Testing operations in non-production environments before applying them to production
• Understanding the impact of overwriting existing assets

Data Accuracy

The Service transfers data as-is from your Sisense instances. We do not validate the accuracy or completeness of your data.

Third-Party Infrastructure

We are not responsible for outages or issues with your Sisense instances, Git repositories, network connectivity, or notification endpoints (email, webhooks, Slack, Teams).

9. Limitation of Liability

To the maximum extent permitted by law:

• Our total aggregate liability for any claim arising from your use of the Service is limited to the fees you paid for the Service in the 12 months preceding the event giving rise to the claim
• We are not liable for indirect, incidental, special, consequential, or punitive damages, including loss of data, profits, revenue, or business opportunity, even if advised of the possibility of such damages
• We are not liable for damages arising from operations you initiated, configured, or scheduled through the Service, including but not limited to restore, promotion, or migration operations that modify or overwrite assets on your Sisense instances
• We are not liable for damages arising from backup failures, incomplete backups, or loss of backup data in managed storage — for mission-critical environments, you should use your own Git repository
• We are not liable for damages arising from your failure to use available security features (such as de-identification or bring-your-own-repository)
• We are not liable for business losses, downtime, lost revenue, or reputational damage arising from any use of or inability to use the Service

Nothing in these terms limits our liability for fraud, wilful misconduct, or anything that cannot be limited by applicable law.

10. Service Availability

• We target high availability but do not guarantee 100% uptime
• Scheduled maintenance will be communicated in advance where possible
• In the event of extended downtime, we will communicate status updates via email or our status channels

11. Security and Privacy

We implement comprehensive security measures as detailed on our Trust & Security page, including:

• Encryption of all credentials at rest (Fernet symmetric encryption)
• Immutable audit logging of all significant actions (365-day retention)
• Role-based access control with two-factor authentication support
• Multi-tenant data isolation with no cross-client access
• Sensitive fields (passwords, secrets, SSO certificates, user emails) redacted from all backups
• We do not use your data for training AI models or any purpose other than providing the Service

Our data processing practices are governed by the Data Processing Agreement, which complies with GDPR, UK GDPR, the Australian Privacy Act, and US state privacy laws including CCPA/CPRA.

If you discover a security vulnerability, please report it to security@controlhub.cloud.

12. Acceptable Use

You agree not to:

• Use the Service to violate any law or regulation
• Attempt to access other customers’ data or accounts
• Reverse engineer, decompile, or disassemble the Service
• Use the Service to perform operations on Sisense instances you do not have authorisation to access
• Share your Service login credentials with unauthorised individuals
• Use the Service in a manner that degrades performance for other customers

13. Termination

• You may request account termination at any time by contacting legal@controlhub.cloud
• Upon termination, your account data will be deleted within 30 days in accordance with our Data Processing Agreement
• Backup data stored in your own Git repository remains yours and is unaffected by termination
• Backup data in managed storage will be deleted within 30 days of account termination
• We may suspend your account if invoices are overdue for more than 14 days
• We may terminate your access if you materially breach these terms, with reasonable notice where possible
• Any outstanding credit balance is forfeited upon termination

14. Changes to These Terms

We may update these terms from time to time. We will notify you of material changes via the Service or email at least 30 days before they take effect. Continued use after the effective date constitutes acceptance. If you do not agree with the changes, you may terminate your account before the effective date.

15. Governing Law

These terms are governed by the laws of the State of Victoria, Australia. The parties submit to the exclusive jurisdiction of the courts of Victoria, Australia. To the extent required by applicable data protection laws, the provisions of those laws shall take precedence.

16. Contact

For questions about these terms, the Service, or security concerns:

RAPID BI PTY LTD (ABN 50 639 508 857)
General: support@controlhub.cloud
Legal: legal@controlhub.cloud
Security: security@controlhub.cloud
Web: controlhub.cloud