Terms of Use

Last Updated Date: 23 May, 2025

"These Terms, as defined herein, govern the relationship between you, either as an individual or a representative of a legal entity, and ZeroThreat, Inc, a corporation registered in USA (108 W. 13th Street, Suite 100 Wilmington, DE 19801-1145, USA) as “ZeroThreat”), as outlined in your subscription or a separate Order Form. These Terms apply to your access and use of the Services provided by ZeroThreat through its websites or other means. If you are accepting these Terms on behalf of another person, a company, or another legal entity, you represent and warrant that you have the full authority to bind that person, company, or legal entity to these Terms. The terms “Customer” and “You” refer to you, either as an individual or the legal entity you represent.

Please read these Terms carefully before using the Services. If you do not agree to these Terms, you must immediately cease using the Services offered by ZeroThreat. BY SIGNING UP FOR AND USING THE SERVICES, YOU HEREBY AGREE TO BE BOUND BY THESE TERMS AND ANY ADDITIONAL TERMS INCORPORATED HEREIN BY REFERENCE (EXCEPT INSOFAR AS THESE TERMS ARE EXPLICITLY REFERENCED AND VARIED BY THE ORDER FORM), INCLUDING, BUT NOT LIMITED TO, THE ACCEPTABLE USE POLICY AND THE PRIVACY POLICY

Acceptable Use Policy

Refers to the specific guidelines and usage rules for ZeroThreat's services, detailed in Section 19 of this document.

Affiliate

Signifies any organization that holds, either directly or indirectly, influence or is influenced by, or is under shared influence with a party, where influence pertains to the capacity to steer or determine the strategic direction or policy-making of an organization.

Agreement

Encompasses these Terms, along with your subscription details or any relevant Order Forms executed accordingly, including any related schedules or supplementary terms mentioned herein.

Application Scanning

Denotes the SaaS-based service offered by ZeroThreat for external Web Application and API Security Scanning, allowing continuous scanning (Scan or Test) of your software, which includes bespoke applications and APIs for vulnerabilities.

Availability

Refers to the extent to which ZeroThreat's services are accessible and operational, as detailed in Section 10 (Service Level Agreement), where applicable.

Attack Surface

Refers to the comprehensive digital footprint encompassing your primary domains and associated subdomains. This includes, but is not limited to, linked domains and the IP addresses these domains resolve to, along with all pertinent details such as DNS records, open network ports, and the various applications and services operating on these domains. It is important to note that this coverage extends to domains and IP addresses linked to your own, which may be under third-party ownership, and are integral to the monitoring and assessment processes conducted through our Application Scanning services.

Confidential Information

Encompasses all proprietary, sensitive, or trade-secret information regardless of its form—written, visual, electronic, or verbal—that includes, but is not limited to, results, customer data, technical details of ZeroThreat's services, strategic plans, databases, technical diagrams, formulas, processes, prototypes, software code, business forecasts, and information on prospective or existing projects or customers. Such information is explicitly marked as confidential or should reasonably be recognized as confidential by the circumstances of its disclosure. Exclusions to Confidential Information cover data: (a) already known to the recipient without an obligation of confidentiality; (b) that is public knowledge or becomes so through no fault of the recipient; (c) independently developed by the recipient; or (d) that the recipient is legally compelled to disclose, provided they promptly inform the discloser and limit the disclosure to the necessary extent.

Customer Data

Signifies any data that you, or an authorized third party on your behalf, upload to ZeroThreat's service platform, encompassing the Results.

Data Processing Agreement

Refers to ZeroThreat's specific agreement outlining data processing protocols and procedures, which is a separate document uploaded on our website.

Disclosing Party

Means as defined in Section 13.1.

Effective Date

The Agreement between you ("Customer") and ZeroThreat becomes operative and binding immediately upon your signup, access, or use of any part of the ZeroThreat Application, whether as a registered user or otherwise. This includes, but is not limited to, browsing the ZeroThreat website, accessing any of its services, or using the application in any capacity. For users who subscribe to specific services offered by ZeroThreat, the Effective Date additionally corresponds to the commencement date of your subscription as recorded in your subscription account. This includes the date you initiate a paid subscription or any agreement formalized through an Order Form, where the Effective Date is as specified within that document. Furthermore, in instances where ZeroThreat offers a Trial Period, such a period shall commence on the date you register for the trial. The Trial Period is an integral part of the Agreement and is subject to all its terms and conditions. The Trial Period allows you to use the Services without financial commitment for the specified duration, providing an opportunity to evaluate the applicability and utility of the Services to your needs. In all cases, by signing up, accessing, or using the ZeroThreat Application and its associated services, you acknowledge and agree to be bound by the terms of this Agreement, including any and all future amendments, modifications, or changes made thereto.

Free Credits

Free Credits refer to scan credits issued by ZeroThreat at no cost, such as credits given upon account registration or monthly promotional allowances. Free Credits are intended for evaluation purposes only and:

  • Do not support Re-Test functionality;
  • Are excluded from SLA-based uptime remedies;
  • May be modified, suspended, or discontinued at ZeroThreat’s discretion without prior notice.

Intellectual Property Rights

Encompasses the full spectrum of exclusive legal rights conferred by law to creators and owners of original works and inventions. These rights include, but are not limited to, copyrights and their ancillary rights, industrial design rights, patents, both registered and unregistered trademarks and service marks, trade secrets, rights to databases, proprietary know-how, and all forms of protection for confidential information. This definition extends globally for the duration of such rights and includes any and all derivative creations, innovations, or developments that arise pursuant to, or in the execution of, this Agreement.

Order Form

A contractual instrument that formalizes the procurement of Services.

Party / Parties

Refers to you (the Customer) and ZeroThreat, individually or collectively.

Privacy Policy

Means the Privacy Policy of ZeroThreat as referenced in these Terms.

Receiving Party

Means as defined in Section 13.1.

Representative

Pertains to those individuals or entities appointed or authorized by either Party, including its Affiliates, who are privy to Confidential Information by necessity of their role. This encompasses: (i) officers and employees with a requisite need for such information; (ii) professional advisors or consultants retained to provide counsel to the Party or its Affiliates; (iii) contractors and subcontractors engaged in work for the Party or its Affiliates; and (iv) any additional parties to whom disclosure of Confidential Information has been consented to in writing by the disclosing Party, provided such disclosure is pertinent to the execution or fulfillment of this Agreement.

Result

Refers to the data and findings produced upon completion of a Test.

Scan Credits

Scan Credits refer to prepaid units purchased by the Customer that authorize one-time security scans. Each credit allows one scan, is valid for one (1) year from purchase, and is non-refundable. Paid Scan Credits do not include Re-Test access.

Re-Test

Re-Test is a one-time follow-up scan to verify the resolution of previously reported vulnerabilities. It is available only for Subscription Plans and must be used within two (2) weeks of the original scan. Re-Test is not available for scans conducted using Free Credits.

Service

The SaaS-enabled cybersecurity services offered by ZeroThreat.

Service Level Agreement

As defined in Section 10.

Subscription Term

Refers to the duration of your subscribed plan.

Target Domain Surveillance

"Target Domain Surveillance" is a specialized service provided by ZeroThreat, employing a SaaS-based framework for meticulous management and ongoing scrutiny of an organization's target domain. This service is specifically designed to keep a vigilant eye on and assess the public-facing elements of your digital infrastructure, with an emphasis on key web applications and domains. The cornerstone of this service lies in its ability to detect and report any exposed files, ports, identify vulnerabilities, and pinpoint any configuration irregularities. Scope of "Target Domain Surveillance" purview is confined to domains for which the client has maintained an active subscription with ZeroThreat.

Test or Scan

Refers to a comprehensive security evaluation performed on your digital assets. Tests may be initiated via Subscription or Scan Credits. Re-Tests do not discover new issues.

Trial

"Trial" denotes a preliminary, complimentary subscription period provided by ZeroThreat, designed for potential clients to experience the Service without incurring any costs. During this trial, clients are granted a specific quota of free credits, which can be utilized for a limited number of scanning hours, adhering to ZeroThreat's fair usage policy. This policy is in place to ensure equitable access and maintain service quality across the board. It's crucial to note that the trial includes constraints on the total scanning duration, aligning with our commitment to resource sustainability and service excellence. While the trial offers a valuable opportunity to evaluate the efficacy and range of ZeroThreat's cybersecurity solutions, it is not an all-encompassing, unlimited scanning service. Clients are encouraged to use the trial period to understand the capabilities and potential of ZeroThreat's services within the boundaries of the provided free credits and the stipulated usage terms.

User

"User" refers to any individual who is authorized to access and utilize ZeroThreat's services. This authorization is granted by either the Customer directly, or through its Affiliates, under the stipulations and conditions set forth in this Agreement. Users are typically members of the Customer's organization or external collaborators, who require access to ZeroThreat's services for the purpose of conducting security scans, analyzing results, or managing cybersecurity protocols. Each User must adhere to the terms of use, policies, and guidelines specified by ZeroThreat, as well as any additional rules or procedures established by the Customer. It is the responsibility of the Customer to ensure that all Users are aware of and comply with these terms and conditions. Furthermore, the Customer is accountable for managing User access, including the assignment of appropriate access levels, monitoring usage, and revoking access when it is no longer required or if a User violates the terms of the Agreement. Users play a critical role in the effective implementation and utilization of ZeroThreat's services, and their compliance with the Agreement is essential for maintaining security and efficacy.

Recorder

"Recorder" refers to a specialized Chrome browser extension developed and provided by ZeroThreat, designed to enhance the efficiency and effectiveness of our cybersecurity services. This tool is engineered to seamlessly capture and record critical data from websites, specifically focusing on website endpoints and the necessary credentials for logging into customer's web platforms. When activated, the Recorder meticulously gathers this information, ensuring that ZeroThreat's services can be tailored and applied with precision to the unique digital landscape of each customer. The information captured by the Recorder is utilized to configure and optimize security scans, making the process more aligned with the specific structure and requirements of the customer's website. This tool operates under strict adherence to data privacy and security protocols, ensuring that all collected information is handled with the utmost confidentiality and is used solely for the purpose of enhancing the service provided to the customer. The use of Recorder is governed by the terms of the Agreement and ZeroThreat's privacy policy, underscoring our commitment to safeguarding customer data while delivering top-tier cybersecurity solutions.

1. Service Objectives

The core aim of ZeroThreat's Service is to proactively monitor and fortify the security of your application's internet-facing components. This includes a comprehensive approach to Application Scanning and Target Domain Surveillance, ensuring a robust defense of your digital Attack Surface, which covers custom-built web applications and other vital online assets.

To achieve these objectives, ZeroThreat employs advanced techniques such as detailed crawling, fuzz testing, authenticated testing, and the strategic deployment of test scripts. These methods are designed to be non-intrusive, focusing on identifying security vulnerabilities within your Systems efficiently.

It is important to recognize that while ZeroThreat endeavors to mitigate any negative impact on your Systems, the nature of security testing may lead to some unavoidable disruptions or side effects. The initiation of all Tests, management of their outcomes, and any consequent issues, including interruptions or adverse effects, are under your purview. The provision of this Service implies your acknowledgment of its risks and your responsibility for any decisions related to the Tests and for addressing any resulting challenges.

Please note:

  • Re-Test functionality is available exclusively to customers under an active Subscription Plan.
  • Free Credits (such as promotional credits or credits granted during Trial) do not include Re-Test functionality.
  • These limitations are intended to preserve platform performance and maintain service integrity for paid plan subscribers.
  • The availability and nature of Free Credits may be changed or discontinued at any time without notice.

2. Use of Service

Under the terms of this Agreement, and contingent upon your compliance with any applicable subscription or Order Form requirements and the timely payment of all relevant fees, ZeroThreat extends to you a non-exclusive, non-transferable, and limited right to utilize the designated Service(s) throughout the duration of your subscription. This right is granted solely for the pursuit of your internal business objectives.

You are permitted to authorize access to the Service for: a) Your own employees, b) Your Affiliates and their respective employees, and c) Third-party consultants who are engaged as independent contractors or subcontractors on your behalf or on behalf of your Affiliates.

Such authorization is specifically for the purpose of enabling these parties to provide relevant services to you and/or your Affiliates. This grant of access is aligned with the overarching objective of facilitating your business operations and must be exercised in accordance with the stipulations of this Agreement.

Please note:

  • Access to certain features, including Re-Test functionality, may depend on the specific plan or credit type associated with your account.
  • Subscription Plans provide access to full features including Re-Test within a limited timeframe.
  • Free Credits do not include Re-Test access and are subject to usage limits and changes without prior notice.
  • ZeroThreat reserves the right to modify the availability or scope of any Service component based on the type of access (Subscription or Credit-based) at its sole discretion.

3. Vulnerability Report

Upon the successful completion of a Test, ZeroThreat compiles a comprehensive Vulnerability Report, which encapsulates the findings and insights derived from the assessment. This report is meticulously crafted to provide a detailed analysis of the security posture of your digital assets, highlighting potential vulnerabilities and areas for improvement.

The data contained within the Vulnerability Report is recognized as your proprietary Customer Data. ZeroThreat ensures that the Application Scanning Reports, as integral components of the Vulnerability Report, are securely stored on the Service platform. You have the flexibility to select the retention period for these reports, with the default period set to twelve (12) months, unless you choose to alter this duration or request the removal of your account.

Notwithstanding the above, ZeroThreat reserves the right to store and utilize anonymized and aggregated data derived from your use of the Service, even after the specified retention period or account removal. This data will be used in a manner that does not identify you or your organization, serving purposes such as enhancing service quality, developing new features, and contributing to research and statistical analysis in the field of cybersecurity.

Please note:

  • Re-Test functionality is available only for reports generated using Subscription Plans.
  • Free Credits do not entitle you to Re-Test follow-up scans.
  • Re-Test must be triggered within two (2) weeks of the original scan date.
  • Report retention and Re-Test availability are subject to change based on plan type or credit usage at ZeroThreat's discretion.
  • Inactive accounts using Free Credits that show no login or scan activity for a period of twelve (12) consecutive months may have their stored data permanently deleted and platform access revoked without further notice, at ZeroThreat’s sole discretion.

4. Acceptable Use of Service

  • As a user of ZeroThreat's services, it is imperative that you strictly adhere to the following guidelines to ensure responsible, secure, and lawful use of the Service:
  • a. Authorization and Compliance: Obtain all necessary authorizations, approvals, and permissions for the lawful use of the Service, especially in relation to the systems to which it is applied.
  • b. Adherence to Agreement: Use the Service exclusively within the bounds of this Agreement.
  • c. User Responsibility: Take full responsibility for any actions or omissions by Users associated with your account.
  • d. Legal and Regulatory Observance: Employ the Service in strict compliance with all applicable laws and government regulations, including those specific to your jurisdiction.
  • e. Policy Conformity: Use the Service in alignment with ZeroThreat's Acceptable Use Policy defined in Section 19 of this agreement.
  • f. Restricted Access and Notification: Prevent unauthorized third-party access to the Service, and promptly inform ZeroThreat of any suspected unauthorized use.
  • g. Prohibition of Reverse Engineering: Refrain from reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code or underlying ideas or algorithms of the Service, in whole or in part.
  • h. No Sublicensing or Redistribution: Do not sublicense, resell, rent, lease, distribute, market, or commercialize the Service without prior written consent from ZeroThreat.
  • i. Non-replication of Services: Avoid creating or attempting to create any substitute or similar service derived from access to or reference to the Service provided by ZeroThreat.
  • j. Usage Limitations Based on Plan Type: Access to specific Service features, such as Re-Test functionality, may be limited to certain plans. Free Credit users are restricted from accessing Re-Test and may experience additional usage limitations.
  • k. Right to Suspend Free Access: ZeroThreat reserves the right to suspend or terminate Free Credit access at any time for any reason, including prolonged inactivity or non-compliance with these Terms.
  • Compliance with this policy is mandatory for all users of the Service.

5. Service Suspension Protocol

ZeroThreat maintains a policy to temporarily suspend access to the Service, either in part or in entirety, for you, your Affiliates, or any individual User, with prior notification, under specific circumstances:

a. Security Concerns: If the use of the Service by you, your Affiliates, or any User compromises the security, availability, or integrity of the Service or poses a risk to other customers' environments.

b. Policy and Agreement Violations: In instances of non-compliance with the established use rights as detailed in the Acceptable Use Policy, this Agreement, Order Forms, or any applicable laws governing the Service.

c. Legal and Liability Issues: When the usage of the Service poses a potential legal risk or liability concern for ZeroThreat.

ZeroThreat will focus the suspension solely on the specific aspects of the Service being misused or in violation of these stipulations. Once the issue leading to the suspension is resolved, ZeroThreat commits to promptly restoring full access to the Service for the affected Customer, Affiliate, or User.

Additionally:

  • Free Credit accounts may be suspended without notice in cases of suspected abuse, inactivity exceeding twelve (12) months, or violation of acceptable use guidelines.
  • Suspension of Free Credit access shall not constitute a breach of this Agreement, and no compensation or remedy shall be owed to the Customer.

6. Warranties

  • 6.1. Representations and Warranties by ZeroThreat: ZeroThreat hereby represents and warrants the following:
  • a. Right to Grant Licenses: ZeroThreat has obtained all necessary legal rights and authorities to grant the licenses and confer the rights relating to the Service as stipulated in this Agreement.
  • b. Conformity to Specifications: The Services will conform materially to the functional specifications, features, and requirements as outlined in the official support manual, which may be accessed and reviewed at ZeroThreat’s support website. This manual is subject to updates and modifications from time to time.
  • c. Quality of Professional Services: Any professional services provided by ZeroThreat will be conducted in a manner that is diligent, timely, and professionally competent, adhering to the prevailing industry standards and practices.
  • 6.2. Disclaimer of Additional Warranties: Subject to the affirmative warranties set forth in Section 6.1, ZeroThreat disavows all other warranties and representations to the fullest extent permissible under applicable laws. This disclaimer encompasses, but is not limited to, implied warranties of merchantability, title, non-infringement, and fitness for a particular purpose. The express warranties in this Agreement are provided in lieu of, and displace, all other legal warranties and representations, whether express, implied, or statutory.
  • ZeroThreat makes no representations or warranties regarding the availability of Re-Test or additional Service functionality for users accessing the platform through Free Credits. These features are expressly limited to Subscription Plan holders.

7. Service Evolution

ZeroThreat is committed to the ongoing enhancement and refinement of its services. Consequently, the content, functionality, and features of the Service may evolve over time. These adjustments are part of our dedication to maintaining state-of-the-art cybersecurity solutions, ensuring that our services consistently deliver effectiveness, relevance, and alignment with the latest advancements in the field.

In line with our commitment to transparency and client-centric practices, ZeroThreat will provide a minimum of 20 days' prior notice for any major modifications to the Service. This advance notification is intended to offer you sufficient time to review and consider the impact of these changes on your utilization of the Service.

We recognize the importance of these modifications in the context of your business operations. As such, you retain the right to terminate your use of the Service if the upcoming changes do not align with your requirements or expectations. This right to termination is a key aspect of our agreement, ensuring that you have the flexibility to make decisions that best suit your business needs in response to service alterations.

ZeroThreat's objective in updating and enhancing the Service is not only to meet the evolving demands of cybersecurity but also to ensure that these changes are manageable and beneficial for our clients. We strive to balance innovation with the practical needs and preferences of our users.

Please note:

  • Features enabled through Free Credits, including complimentary scans or promotional capabilities, may be changed, restricted, or discontinued at any time without notice.
  • These modifications will not entitle Free Credit users to any form of compensation or continued access under previous terms.

8. Security Commitments

8.1. Security Standards and Certification: ZeroThreat proudly holds ISO27001 certification, reflecting our commitment to maintaining and implementing rigorous security measures in line with the best industry practices. Our services are designed and operated with a strong emphasis on safeguarding security and preventing breaches.

8.2. Data Protection Measures: ZeroThreat implements appropriate technical and organizational measures to ensure the protection of any data, including personal data and Confidential Information, processed or received within the scope of our services. This commitment involves safeguarding data against unauthorized or unlawful transfer, processing, alteration, access, as well as against accidental loss, damage, or destruction. Our approach to data security is comprehensive, encompassing both the prevention of security incidents and the mitigation of their potential impact.

8.3. Continual Security Enhancement: In adherence to our ISO27001 certification and our dedication to security excellence, ZeroThreat continuously evaluates and enhances its security measures. This ongoing process ensures that our defenses remain robust against evolving threats and align with emerging best practices in cybersecurity.

Please note:

  • Security protections extend to all paying users under Subscription Plans and those utilizing Paid Scan Credits.
  • While Free Credit users benefit from core security practices, advanced security measures and audit logs may not be included as part of complimentary access tiers.

9. Personal Data Processing

9.1. Data Controller Role: ZeroThreat assumes the role of the data controller for all personal data related to Service User accounts, such as names, email addresses, and phone numbers. ZeroThreat is committed to processing this personal data in strict compliance with applicable data privacy laws, as well as adhering to ZeroThreat's Privacy Policy.

9.2. Data Processing on Behalf of the Client: In instances where ZeroThreat processes personal data on your behalf within the scope of providing the Services, such processing will be governed by a specific Data Processing Agreement. This agreement aligns with the stipulations of applicable data privacy laws, including but not limited to the EU General Data Protection Regulation (GDPR) and its subsequent amendments or variations. ZeroThreat's processing activities under this context will be executed with a high degree of care and security, ensuring the protection and lawful handling of your personal data.

9.3. Data Lifecycle for Free Accounts: For Users accessing the platform through Free Credits, personal data may be retained for up to twelve (12) months of inactivity. After such period, ZeroThreat reserves the right to delete all associated data, including scan results, account credentials, and contact information, in accordance with its data retention policy and applicable regulations.

10. Service Level Agreement and Credit Reimbursement

10.1. Service Level Agreement (SLA)

ZeroThreat's Service Level Agreement (SLA) outlines our commitment to delivering a high-quality and reliable vulnerability scanning service. The SLA includes the following provisions:

a. Service Uptime: We guarantee a service uptime of 99%, measured over a monthly cycle, demonstrating our dedication to maintaining consistent service availability and performance.

b. Scheduled Maintenance: ZeroThreat reserves the right to perform scheduled maintenance, which will not be counted towards the uptime guarantee. Scheduled maintenance will be limited to a maximum of 4 hours per month. Importantly, we will provide a minimum of 7 days advance notice for any scheduled maintenance to ensure minimal disruption to your operations.

c. Uptime Guarantee and Extensions: Should the service uptime fall below the guaranteed level, we offer compensatory extensions as per the following tiered system:

Uptime PercentageExtension Offered
98% to <99%1 day
97% to <98%3 days
96% to <97%5 days
<96%7 days

These extensions, in the form of additional service days, will be added to your current billing cycle at no extra cost.

d. Eligibility for SLA Remedies: SLA remedies apply only to Customers with active Subscription Plans or those using Paid Scan Credits. Users operating under Free Credits, including promotional or complimentary access, are not eligible for SLA compensation or extensions, regardless of system uptime or service interruptions.

10.2. Credit Reimbursement for Failed Scans (Paid Credits Only)

ZeroThreat provides a discretionary credit reimbursement feature for Paid Scan Credits in the event of scan failures. This policy is offered as a gesture of goodwill and is not an entitlement under the SLA.

Customers may request a review if a scan initiated using Paid Scan Credits fails to complete. ZeroThreat will evaluate such requests to determine whether the failure was caused by issues within its own platform or infrastructure. If the issue is deemed to be ZeroThreat’s responsibility, the equivalent scan credit may be reinstated.

Credit reinstatement will not be granted where the scan failure results from:

  • Customer misconfiguration,
  • Inaccessibility of the target application (e.g., downtime or network unavailability),
  • Improper login credentials or scan scope definition,
  • Firewalls or other technical controls that block or filter required requests from ZeroThreat’s scanners,
  • Any external conditions beyond ZeroThreat’s operational control.

All decisions regarding scan credit reinstatement are made solely at ZeroThreat’s discretion and are subject to the Acceptable Use Policy. ZeroThreat reserves the right to deny reimbursement requests that do not meet these criteria or that demonstrate repeated misuse or negligence.

11. Prices and Payment Terms

11.1. Service Fees: You shall pay the fees for the Service as outlined on ZeroThreat's website or in a mutually agreed Order Form. This includes 'Application Usage Charges' which are determined based on the size of the instance and the location of the server instance used for scanning. The fees for the Service may be increased annually by up to a maximum of 8% compared to the previous year for the same quantity of licenses or services. ZeroThreat may modify its fees at its sole discretion, with changes effective once per year.

ZeroThreat offers two billing models:

  • Subscription Plans: Provide unlimited scans within the scope of subscribed target domains during the Subscription Term.
  • Scan Credits: Follow a pay-per-scan model, usable for any valid target domain, with each scan consuming one credit.

Subscription Adjustments and Plan Changes: Customers may add additional targets to their existing Subscription Plan at any time. When targets are added mid-cycle, a pro-rata fee for the current billing period will be charged based on the remaining duration. The updated Subscription cost, reflecting the new total number of targets, will become effective from the next renewal cycle. This adjustment is automatically managed through ZeroThreat’s integration with Zoho Subscriptions.

Customers may upgrade their Subscription from a Monthly Plan to a Yearly Plan at any time, with the appropriate proration applied as per the remaining term. However, downgrading from a Yearly to a Monthly Plan, or reducing the number of subscribed targets during an active term, is not supported.

11.2. Taxes and Governmental Charges: All prices and charges, including 'Application Usage Charges', are exclusive of taxes, levies, or similar governmental charges assessed by any jurisdiction. This includes, but is not limited to, export or local VAT, lease tax, sales, use of goods and service tax, and excise duty.

11.3. Payment by Credit Card: Subscription fees, including 'Application Usage Charges', are payable in advance for the Subscription Term as specified in your subscription or applicable Order Form. License upgrade fees will be charged for the remainder of the Subscription Term upon order. Credit card details are managed by a third-party payment service provider, including a pre-authorization charge for verification.

11.4. Payment by Invoice: If paying by invoice, payment for the Subscription Term, inclusive of 'Application Usage Charges', is due in advance as stated in your subscription or applicable Order Form. All undisputed invoices must be paid within thirty (30) days of the invoice date. ZeroThreat reserves the right to charge interest on late and undisputed payments according to applicable legislation.

11.5. Overuse Charges: ZeroThreat reserves the right to separately charge for overuse of the number of licenses granted in your Subscription or Order Forms, in accordance with the Acceptable Use Policy and the 'Application Usage Charges'.

11.6. Refund Policy: All purchases of Paid Scan Credits are final and non-refundable. Subscription Plans, whether monthly or annual, are also non-refundable. Customers are encouraged to evaluate the Service using Free Credits provided at signup or through promotional offers before purchasing. Free Credits are issued solely for evaluation purposes, have no cash value, and cannot be exchanged, refunded, or converted into Paid Scan Credits.

11.7. Failed Scan Reimbursement (Paid Credits Only): Please refer to Section 10.2 for the policy governing reimbursement of Paid Scan Credits in the event of failed scans. This process is subject to ZeroThreat’s discretion and the Acceptable Use Policy.

12. Intellectual Property Rights

12.1. Ownership of Service-Related IP: All Intellectual Property Rights inherent in, associated with, or arising from the Service, including but not limited to software, technology, tools, scanner logic, detection payloads, and report structures, are the exclusive property of ZeroThreat and/or its licensors. This encompasses all developments, enhancements, and derivative works created in the course of delivering the Service. Under this Agreement, no ownership, title, or interest in the Service or any related Intellectual Property Rights of ZeroThreat is assigned or transferred to you, except for the limited use rights explicitly granted herein.

12.2. Customer Data and Embedded IP Rights: The Results generated through use of the Service, whether under a Subscription Plan or through Paid Scan Credits, constitute your Customer Data and are owned by you. However, the scan reports may contain elements of ZeroThreat’s proprietary technologies — including payload formats, risk logic, detection methodology, and presentation structure — which are protected as embedded Intellectual Property of ZeroThreat. You are granted a limited, non-exclusive license to use such embedded elements solely for the purpose of addressing identified vulnerabilities within your own systems.

You may not share, redistribute, or reverse engineer such embedded content for commercial use or replication. Use of scan results obtained via Free Credits remains subject to ZeroThreat’s Fair Use and Acceptable Use Policies and may be removed after periods of prolonged inactivity.

12.3. License to Anonymized Data: You grant ZeroThreat a non-exclusive, sub-licensable, royalty-free, worldwide, perpetual, and irrevocable license to use any data generated through your use of the Service — whether via Subscription or Paid Credits — in anonymized and aggregated form for the purpose of improving service capabilities, threat intelligence, benchmarking, and analytical research. ZeroThreat shall ensure that such use does not reveal your identity or proprietary system configurations.

12.4. Feedback Ownership: Any feedback, ideas, enhancement requests, recommendations, or suggestions that you provide regarding the Service shall be considered Confidential Information of ZeroThreat and shall become the sole property of ZeroThreat. You hereby irrevocably assign and transfer to ZeroThreat all rights, title, and interest in such feedback, including any associated Intellectual Property Rights.

13. Confidentiality

13.1. Obligations of the Receiving Party: Each Party (“Receiving Party”) agrees to treat all Confidential Information received from the other Party (“Disclosing Party”) as strictly confidential and to use it solely for the purposes of performing its obligations under this Agreement. The Receiving Party shall protect such information with the same degree of care it uses to protect its own confidential information of like kind, but in no event with less than reasonable care. Disclosure of Confidential Information to third parties is strictly prohibited without the prior written consent of the Disclosing Party.

13.2. Permitted Use of Confidential Information: Confidential Information may be used solely for fulfilling obligations under this Agreement. It shall not be disclosed, duplicated, or used for any other purpose unless specifically authorized in writing by the Disclosing Party.

13.3. Disclosure to Representatives: The Receiving Party may disclose Confidential Information only to its Representatives who have a legitimate need to know such information for the purposes of this Agreement. The Receiving Party shall ensure that such Representatives are subject to confidentiality obligations at least as protective as those contained herein. The Receiving Party remains responsible for any breach of this Section by its Representatives.

13.4. Restrictions on Reproduction: The Receiving Party shall not copy, reproduce, or store Confidential Information except as reasonably required to carry out the purposes of this Agreement. All reproductions must retain all proprietary notices.

13.5. Exceptions to Confidentiality Obligations: Confidential Information does not include information that: (a) was already known to the Receiving Party at the time of disclosure without a confidentiality obligation; (b) becomes publicly known through no wrongful act or breach by the Receiving Party; (c) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; or (d) is disclosed pursuant to legal, regulatory, or judicial process, provided that the Receiving Party gives prompt notice and cooperates, at the Disclosing Party’s expense, in any attempt to limit or prevent such disclosure.

13.6. Return or Destruction: Upon request by the Disclosing Party, or upon termination of this Agreement, the Receiving Party shall return or securely destroy all Confidential Information in its possession or control, unless retention is required by law or industry-standard data retention policies. Where destruction is required, the Receiving Party shall confirm in writing that such destruction has been completed.

13.7. Survival: The obligations of confidentiality under this Section shall survive termination of this Agreement for a period of five (5) years, or for such longer period as applicable laws may require.

14. Term of Agreement

14.1. Initial Subscription Term and Renewals: This Agreement becomes effective upon your acceptance of these Terms or from the Effective Date specified in an applicable Order Form. It continues for the Subscription Term outlined in your account or Order Form. Unless otherwise terminated as per this Agreement, the Subscription Term will automatically renew for successive periods equal to the initial term, unless you notify ZeroThreat in writing of your intention not to renew at least thirty (30) days prior to the end of the then-current term.

14.2. Trial and Promotional Access: ZeroThreat may offer Free Credits to newly registered accounts or as part of promotional campaigns. These Free Credits are offered for a limited time to enable users to evaluate the Service. Free Credits do not constitute a full Subscription and may have limitations in functionality or access. ZeroThreat reserves the right to modify or discontinue Free Credit offerings at any time without notice. These credits do not renew, and ZeroThreat may revoke access or remove data for accounts that remain inactive for twelve (12) months or longer.

14.3. Plan Conversion and Restrictions: Customers may convert their Subscription Plan from a Monthly to a Yearly term at any time, with applicable pro-rata adjustments. Downgrading from a Yearly to a Monthly plan, or reducing Subscription scope mid-term, is not supported.

14.4. Applicability of Terms to Promotional Access: From the moment you register and access ZeroThreat’s platform—whether under Free Credits, a Subscription, or Paid Scan Credits—all provisions of this Agreement become binding, with the exception of payment obligations for Free Credits. Terms specific to Free Credits are governed by Section 11.6 and the Trial definition.

15. Termination for Cause

15.1. Right to Terminate: Either Party may terminate this Agreement for cause in the event of a material breach by the other Party. Grounds for termination include, but are not limited to: (a) failure to comply with any material provision of this Agreement; (b) failure to pay undisputed fees when due; or (c) infringement or misappropriation of the other Party’s Intellectual Property Rights. Additionally, ZeroThreat reserves the right to terminate the Agreement if the Service Suspension Protocol (Section 5) is invoked more than three (3) times due to breaches by the Customer. Either Party may also terminate without liability if the other becomes insolvent, enters liquidation, makes an assignment for the benefit of creditors, or is subject to comparable proceedings indicating financial distress.

15.2. Notice and Cure Period: Termination under Section 15.1 requires written notice specifying the nature of the breach. The breaching Party will have thirty (30) days from receipt of such notice to cure the breach. If the breach is not remedied within that period, the non-breaching Party may terminate the Agreement with immediate effect.

15.3. Consequences of Termination: Upon termination for cause, all rights and licenses granted to the Customer under this Agreement shall cease immediately. The Customer must discontinue use of all Services, and any unpaid fees shall become immediately due. For Subscription Plans, ZeroThreat will cancel auto-renewal but allow continued access for the remainder of the prepaid Subscription Term. For Paid Scan Credits, no refunds will be issued for unused credits.

15.4. Survival of Terms: Provisions of this Agreement that by their nature should survive termination shall remain in full force and effect. This includes, but is not limited to, provisions related to confidentiality, intellectual property, data use, indemnification, limitations of liability, and governing law.

16. Effects of Termination

16.1. No Refunds Policy: In accordance with Section 11.6, ZeroThreat does not offer refunds for Subscription Plans or Paid Scan Credits upon termination, regardless of the reason. Subscription users will retain access to the Services through the end of their current prepaid term, but automatic renewal will be cancelled. Paid Scan Credits remain valid until their expiration (one year from purchase) unless otherwise terminated due to breach.

16.2. Payment Obligations Upon Termination by ZeroThreat: Should ZeroThreat terminate this Agreement due to a material breach by the Customer, all outstanding fees owed by the Customer will become immediately due and payable. The Customer shall not be entitled to any credit, refund, or compensation in such cases.

16.3. Account Access and Data Retention: Upon termination of the Agreement, the Customer’s access to the ZeroThreat platform will be disabled, except for read-only access to historical data during the remaining valid Subscription Term (if any). ZeroThreat may delete inactive or free-tier account data after twelve (12) months of inactivity, in accordance with its data retention policy.

16.4. Return or Destruction of Confidential Information: Each Party shall return or destroy all Confidential Information of the other Party within fourteen (14) days of termination, unless required to retain such information by law, regulation, or internal audit policy. Where destruction is not feasible (e.g., archived backups), the data shall remain protected under the confidentiality obligations of this Agreement.

16.5. Continuing Obligations: Termination shall not relieve either Party of any obligations incurred prior to the effective date of termination. Clauses related to confidentiality, IP rights, limitations of liability, dispute resolution, and data use shall continue to apply.

17. Indemnification

17.1. Indemnification by ZeroThreat: ZeroThreat shall defend, indemnify, and hold you, your officers, employees, and agents harmless from and against any claims, damages, liabilities, losses, judgments, and expenses (including reasonable attorneys’ fees) arising out of or related to any third-party claim alleging that the use of the Service as expressly authorized under this Agreement infringes or misappropriates a third-party’s Intellectual Property Rights. This indemnification is conditioned upon you providing prompt written notice of the claim, cooperating fully with ZeroThreat, and allowing ZeroThreat sole control of the defense and settlement.

17.2. Your Indemnification Obligations: You agree to defend, indemnify, and hold harmless ZeroThreat, its officers, directors, employees, and agents from and against all claims, damages, liabilities, losses, judgments, and expenses (including reasonable attorneys’ fees) arising out of:

17.2.1. Your or your Users’ use of the Service in violation of this Agreement or applicable laws; 17.2.2. Your failure to obtain all necessary rights, permissions, or consents to perform or authorize security Tests; 17.2.3. Your breach of Section 4 (Acceptable Use of Service) or any misuse of the Free Credits, Paid Credits, or Subscription access; or 17.2.4. Any content or data supplied or submitted by you that infringes the rights of a third party, including Intellectual Property or data privacy rights.

17.3. Exclusions: ZeroThreat shall have no obligation to indemnify for claims arising from: (a) modifications to the Service made by you; (b) combination of the Service with non-ZeroThreat systems not authorized in writing; or (c) use of the Service in violation of the Agreement.

17.4. Remedies: If your use of the Service becomes, or in ZeroThreat’s opinion is likely to become, the subject of an infringement claim, ZeroThreat may, at its sole discretion and expense: (a) procure the right for you to continue using the Service; (b) replace or modify the Service to make it non-infringing; or (c) if neither (a) nor (b) is commercially feasible, terminate the affected portion of the Service and refund any prepaid, unused Subscription fees on a pro-rata basis.

18. Liability

18.1. Limitation of Liability: To the maximum extent permitted by applicable law, neither Party shall be liable to the other for any indirect, incidental, special, consequential, exemplary, or punitive damages (including loss of profits, revenue, data, or business opportunities) arising from or related to this Agreement, whether in contract, tort (including negligence), strict liability, or otherwise, even if such Party has been advised of the possibility of such damages.

18.2. Exceptions to Limitations: The limitations of liability set forth in this section shall not apply to: (a) either Party’s breach of Section 13 (Confidentiality); (b) either Party’s indemnification obligations under Section 17; (c) any violation of the other Party’s Intellectual Property Rights; or (d) gross negligence, fraud, or willful misconduct.

18.3. Aggregate Liability Cap: Except for liabilities arising under the exceptions listed in Section 18.2, the total cumulative liability of either Party arising out of or relating to this Agreement shall not exceed the total fees actually paid by you to ZeroThreat in the twelve (12) months immediately preceding the event giving rise to the claim. For Paid Scan Credits, this cap will be calculated based on the actual value of credits purchased in the preceding twelve (12) months.

18.4. Acknowledgement of Allocation of Risk: The Parties acknowledge and agree that the disclaimers, exclusions, and limitations of liability set forth in this Agreement reflect a reasonable allocation of risk between the Parties and form an essential basis of the bargain under which the Services are offered and provided.

19. Acceptable Use Policy

This Acceptable Use Policy (“AUP”) outlines the rules and restrictions governing your access to and use of the ZeroThreat platform. The AUP applies to all forms of access, including use of Subscription Plans, Paid Scan Credits, and Free Credits.

19.1. General Usage Restrictions: You must not:

  • Use the Service for any unlawful, harmful, fraudulent, infringing, or offensive purpose;
  • Interfere with, disrupt, or compromise the integrity or performance of the Service or associated systems;
  • Attempt unauthorized access to accounts, systems, or data belonging to ZeroThreat or other users.

19.2. Prohibited Activities: You shall not:

  • Use the Service to violate any applicable laws, regulations, or third-party rights, including Intellectual Property and privacy laws;
  • Modify, reverse engineer, decompile, or attempt to extract source code from the Service;
  • Create or offer a competing scanning product derived from or modeled on ZeroThreat’s platform;
  • Circumvent billing mechanisms or engage in activity to avoid paying for Services actually used.

19.3. Restrictions on Credit Usage:

  • Free Credits are intended solely for evaluation purposes. They must not be used for production environments or commercial applications.
  • Re-Test functionality is not available for scans performed with Free Credits.
  • Complimentary credits are excluded from SLA-based uptime guarantees and may be modified or withdrawn by ZeroThreat without prior notice.

19.4. Misuse of Service:

  • Any attempts to exploit the scanning process to disrupt, damage, or gain unauthorized access to external systems will result in immediate suspension and potential legal action.
  • You are responsible for obtaining all necessary authorizations for any domains or systems you scan.

19.5. Enforcement: Violations of this AUP may result in ZeroThreat taking corrective action, including temporary or permanent suspension of your access to the Service, revocation of Free or Paid Credits, and/or legal action where warranted.

ZeroThreat reserves the right to update this AUP at any time to reflect changes in security, legal, or technical requirements. Continued use of the Service after such updates constitutes acceptance of the revised policy.

20. Assignment

20.1. Restrictions on Assignment: Neither Party may assign or transfer this Agreement, in whole or in part, without the prior written consent of the other Party. Such consent shall not be unreasonably withheld or delayed. Any attempted assignment in breach of this provision shall be null and void.

20.2. Permitted Assignments Without Consent: Notwithstanding Section 20.1, either Party may assign this Agreement without the other Party’s consent:

  • To an Affiliate of the assigning Party; or
  • In connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of the assigning Party’s assets or equity, provided that such successor entity agrees in writing to be bound by the terms of this Agreement.

20.3. Notification Requirement: In the event of an assignment permitted under Section 20.2, the assigning Party must promptly notify the other Party in writing of the assignment, including the identity of the assignee and the effective date of the transfer.

20.4. Continuation of Obligations: Any permitted assignee shall assume all rights and obligations under this Agreement, and any assignment shall not relieve the assigning Party of its responsibilities for obligations that accrued prior to the effective date of assignment.

21. Force Majeure

21.1. Definition and Scope: Neither Party shall be liable for any failure or delay in performance under this Agreement if such failure or delay arises from causes beyond that Party’s reasonable control, including but not limited to acts of God, natural disasters (e.g., earthquakes, floods), war, terrorism, civil unrest, governmental restrictions, embargoes, pandemics, labor strikes, utility failures, or denial-of-service attacks (each a “Force Majeure Event”).

21.2. Duty to Mitigate: The affected Party shall take commercially reasonable steps to mitigate the effects of the Force Majeure Event and resume performance as soon as reasonably practicable.

21.3. Notification Requirement: The Party experiencing the Force Majeure Event shall promptly notify the other Party in writing, describing the nature of the event, the expected duration, and the actions being taken to mitigate its impact. Failure to provide prompt notice may limit the availability of Force Majeure relief.

21.4. Extended Force Majeure: If a Force Majeure Event continues for more than thirty (30) consecutive days and substantially prevents the affected Party from fulfilling its obligations under this Agreement, either Party may terminate the Agreement by giving written notice to the other. In such case, neither Party shall have further liability, except that you shall pay for any Services actually rendered up to the effective termination date.

21.5. Exclusions: Force Majeure shall not excuse payment obligations for amounts accrued prior to the onset of the Force Majeure Event or due under outstanding invoices.

22. Modification of Terms

22.1. Right to Modify: ZeroThreat reserves the right to modify, amend, or update these Terms at any time. Changes will be reflected in the most current version of the Terms, which will be published on the ZeroThreat website along with the date of last update. You are encouraged to review the Terms periodically for updates.

22.2. Notification of Material Changes: For material changes that substantially affect your rights or obligations, ZeroThreat will provide reasonable advance notice through the Service interface or via email to the primary contact listed in your account.

22.3. Acceptance of Changes: By continuing to use the Service after the effective date of any revised Terms, you agree to be bound by the updated version. If you do not agree to the changes, you must discontinue your use of the Service and, if applicable, cancel your Subscription or refrain from purchasing new Scan Credits.

22.4. No Retroactive Changes: Modifications will apply prospectively and will not affect previously purchased Paid Scan Credits or active Subscription Plans, unless specifically agreed in writing.

23. Notices

23.1. Form and Delivery: All notices, requests, consents, claims, demands, waivers, and other communications under this Agreement (“Notices”) must be in writing and delivered by email or registered mail to the contact details provided in the relevant Order Form or subscription account. Notices are deemed effective as follows:

  • Email: When sent, unless the sender receives an automated failure notice;
  • Registered mail: Two (2) business days after posting.

23.2. Notices to You: ZeroThreat may send Notices to the administrative contact(s) specified in your account or Order Form. Alternatively, ZeroThreat may display Notices through the Subscription portal interface visible to your designated Admin User.

23.3. Notices to ZeroThreat: Notices intended for ZeroThreat must be directed to:

Legal Department
ZeroThreat, Inc.
108 W. 13th Street, Suite 100
Wilmington, DE 19801-1145, USA
Email: legal@zerothreat.ai

23.4. Language and Format: All communications must be in English and clearly state the intent of the notice. For legal Notices, you may be required to follow up with a signed, written copy upon request.

23.5. Changes to Notice Information: Either Party may update its notice address by providing written notice to the other Party under this Section.

24. General Terms

24.1. Entire Agreement: This Agreement, including the Privacy Policy, Acceptable Use Policy, applicable Order Forms, and any additional schedules or exhibits, constitutes the entire understanding between the Parties regarding its subject matter. It supersedes all prior agreements, communications, and understandings, whether oral or written.

24.2. Conflict Resolution: If there is a conflict between these Terms and an Order Form, the Order Form shall prevail only to the extent it specifically identifies and overrides the conflicting term in this Agreement.

24.3. Independent Contractors: The relationship between the Parties is that of independent contractors. Nothing in this Agreement shall be construed to create a partnership, joint venture, or agency relationship. Neither Party has the authority to bind the other in any manner.

24.4. Waiver and Remedies: No waiver of any rights or remedies under this Agreement shall be effective unless in writing. Failure to exercise or delay in exercising any right or remedy shall not constitute a waiver. A single or partial exercise of a right or remedy does not prevent further enforcement.

24.5. Severability: If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The invalid or unenforceable provision shall be interpreted to reflect the Parties’ original intent as closely as possible.

24.6. Survival: Provisions of this Agreement that by their nature should survive termination shall survive, including but not limited to Sections 12 (Intellectual Property), 13 (Confidentiality), 16 (Effects of Termination), 17 (Indemnification), 18 (Liability), and 25 (Governing Law and Dispute Resolution).

25. Governing Law and Dispute Resolution

25.1. Governing Law: This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, USA, without regard to conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply.

25.2. Good Faith Negotiation: In the event of a dispute, controversy, or claim arising out of or relating to this Agreement, the Parties agree to first attempt to resolve the matter amicably through good faith negotiations. Either Party may initiate such negotiations by providing written notice to the other.

25.3. Binding Arbitration: If a dispute is not resolved within thirty (30) days of initiation of negotiations, the matter shall be finally resolved by binding arbitration conducted in English in Wilmington, Delaware, USA, under the rules of a mutually agreed-upon arbitration institution. The arbitration shall be conducted by a single arbitrator unless the complexity of the dispute requires three, as mutually agreed.

25.4. Confidentiality of Proceedings: The arbitration process, including all documents and evidence disclosed or submitted during arbitration, shall be confidential and subject to the confidentiality obligations under Section 13 of this Agreement.

25.5. Court Proceedings for Unpaid Fees: Notwithstanding the arbitration clause, ZeroThreat may initiate proceedings in a court of general jurisdiction in Wilmington, Delaware, or pursue collection actions through appropriate legal channels to recover undisputed fees overdue by more than forty-five (45) days.

25.6. Injunctive Relief: Nothing in this section shall prevent either Party from seeking immediate injunctive or equitable relief in any court of competent jurisdiction where such relief is necessary to prevent irreparable harm or unauthorized use of Intellectual Property or Confidential Information.