Last updated: February 2026
By accessing or using IdentityFirst (the “Service”), you agree to be bound by these Terms of Service (“Terms”). If you do not agree, do not use the Service. These Terms apply to all users — individuals, enterprise account holders, and their authorised team members.
IdentityFirst is a SaaS identity security platform. It connects to your identity systems — such as Active Directory, Entra ID, AWS IAM, Okta, and others — in read-only mode and provides assessment, reporting, drift detection, and monitoring capabilities. IdentityFirst does not make changes to your identity environment unless you explicitly configure and approve automated enforcement actions within the platform.
You are responsible for keeping your login credentials secure and for all activity that occurs under your account. You must notify us immediately at security@identityfirst.net if you suspect unauthorised access.
Enterprise accounts may add multiple users under a single subscription. The account owner is responsible for ensuring that all users comply with these Terms.
To provide the Service, we process identity metadata from your connected systems — this includes account names, group memberships, permission assignments, and activity timestamps. We do not store authentication credentials (passwords, tokens, or keys) beyond the temporary session required to make read-only API calls.
Full details of what data is collected, how it is used, and your rights as a data subject are set out in our Privacy Policy and, for enterprise customers, our Data Processing Agreement (DPA). To request a copy of the DPA, email legal@identityfirst.net.
You agree not to:
We target 99.5% monthly uptime for the Service, excluding planned maintenance windows. We will notify customers of planned maintenance via status@identityfirst.net with at least 48 hours advance notice except in the case of emergency maintenance required to protect the security or integrity of the Service.
To the maximum extent permitted by applicable law, IdentityFirst's total liability to you for any claim arising from or related to the Service is limited to the fees you paid in the 12 months preceding the claim.
In no event will IdentityFirst be liable for indirect, incidental, special, consequential, or punitive damages — including loss of profits, data, or business — even if we have been advised of the possibility of such damages.
Either party may terminate these Terms with 30 days written notice. We may also suspend or terminate your access immediately if you materially breach these Terms or if continued access poses a security or legal risk.
On termination, your data will be deleted from our systems within 30 days, unless we are legally required to retain it for longer. You may request an export of your assessment data before termination takes effect.
These Terms are governed by the laws of England and Wales. Any disputes arising under or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where mandatory local consumer protection law applies.
We may update these Terms from time to time. Material changes will be communicated by email to the account owner at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised Terms.
For questions about these Terms, please contact:
IdentityFirst Ltd
Email: legal@identityfirst.net
Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Company No: 15234567 (England & Wales)