1. Acceptance of Terms

By accessing or using SecuritySurface ("we," "our," or "us") services, including SecuritySurface Browser, SecuritySurface Scan, API services, and related features (collectively, the "Services"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you may not access or use our Services.

These Terms constitute a legally binding agreement between you and SecuritySurface. We may modify these Terms at any time, and such modifications will be effective immediately upon posting. Your continued use of the Services after modifications constitutes acceptance of the modified Terms.

2. Description of Services

SecuritySurface provides cybersecurity intelligence and analysis services, including:

• SecuritySurface Browser: Comprehensive domain and DNS analysis tool providing WHOIS information, DNS records (current and historical), subdomain detection, IP geolocation, real IP detection behind CDNs, IP block authorization, SSL certificate analysis, technology stack identification, DMARC/SPF analysis, and associated domain discovery
• SecuritySurface Scan: Comprehensive security scanning and vulnerability analysis service that performs vulnerability scanning, security assessment, threat detection, scan management, and detailed vulnerability reporting
• Global Probe Search Engine: Advanced search engine that enables users to discover internet-facing assets by keyword, IP address, domain name, protocol, port, ASN (Autonomous System Number), cloud provider, and organization
• API Services: RESTful API providing programmatic access to all SecuritySurface intelligence data, including domain analysis, IP analysis, security scanning, and search capabilities

We reserve the right to modify, suspend, or discontinue any aspect of the Services at any time without prior notice. Services are provided on an "as is" and "as available" basis.

3. Account Registration and Eligibility

3.1 Eligibility

You must be at least 18 years old and have the legal capacity to enter into contracts to use our Services. By creating an account, you represent and warrant that you meet these eligibility requirements.

3.2 Account Creation

To access certain features, you must create an account. You agree to provide accurate, current, and complete information during registration and to update such information to keep it accurate, current, and complete.

3.3 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to notify us immediately of any unauthorized use of your account.

4. Subscription Plans and Credits

4.1 Subscription Plans

We offer various subscription plans (Basic, Standard, Business) with different credit allocations and features. Subscription fees are billed in advance on a monthly or annual basis, as selected by you.

4.2 Credits System

Our Services operate on a credit-based system. Each query, scan, or API call consumes credits according to our pricing structure. Credits are allocated based on your subscription plan and reset according to your billing cycle.

4.3 Credit Expiration

Unused credits do not roll over to the next billing period unless otherwise specified in your subscription plan. Credits expire at the end of each billing cycle.

4.4 API Rate Limits and Quotas

API usage is subject to rate limits and quotas based on your subscription plan. Rate limits may include requests per minute, requests per hour, or requests per day. We reserve the right to modify rate limits at any time. Excessive API usage that exceeds your plan's limits may result in temporary suspension of API access or additional charges.

4.5 Service Availability and Uptime

While we strive to maintain high availability, we do not guarantee uninterrupted or error-free service. Services may be temporarily unavailable due to maintenance, updates, technical issues, or circumstances beyond our control. We are not liable for any damages resulting from service unavailability.

5. Payment Terms

5.1 Payment Methods

We accept payments through Stripe (credit cards). All payments are processed securely by our third-party payment processor.

5.2 Billing

Subscription fees are charged automatically at the beginning of each billing cycle. You authorize us to charge your payment method for all fees associated with your subscription.

5.3 Price Changes

We reserve the right to modify subscription prices at any time. Price changes will not affect your current billing cycle but will apply to subsequent renewals. We will provide reasonable notice of price changes.

5.4 Refunds

All subscription fees are non-refundable except as required by law or as explicitly stated in our refund policy. Refund requests must be submitted within the timeframe specified in our refund policy.

6. Cancellation and Termination

6.1 Cancellation by You

You may cancel your subscription at any time through your account settings. Cancellation will take effect at the end of your current billing period. You will continue to have access to the Services until the end of your paid period.

6.2 Termination by Us

We may suspend or terminate your account and access to the Services immediately, without prior notice, if you violate these Terms, engage in fraudulent activity, or for any other reason we deem necessary to protect our Services or users.

6.3 Effect of Termination

Upon termination, your right to use the Services will immediately cease. We are not obligated to provide refunds or credits for any unused portion of your subscription.

7. Acceptable Use Policy

You agree not to:

• Use the Services for any illegal purpose or in violation of any laws or regulations
• Attempt to gain unauthorized access to our systems or networks
• Interfere with or disrupt the Services or servers connected to the Services
• Use automated systems (bots, scrapers) to access the Services without authorization
• Resell, redistribute, or sublicense access to the Services without our written permission
• Use the Services to harm, threaten, or harass others
• Reverse engineer, decompile, or disassemble any part of the Services
• Remove or alter any copyright, trademark, or other proprietary notices
• Use the Services to collect information about others without their consent
• Exceed reasonable usage limits or engage in activities that degrade service performance
• Scanning Services Specific: Use security scanning or network scanning services to scan systems, networks, or assets without explicit written authorization from the owner or authorized representative. Unauthorized scanning may violate computer fraud and abuse laws, privacy regulations, and other applicable laws in various jurisdictions
• Scanning Services Specific: Use scanning services to conduct malicious activities, including but not limited to denial-of-service attacks, unauthorized access attempts, data exfiltration, or any activity intended to compromise the security, integrity, or availability of systems or networks
• Scanning Services Specific: Use scanning services in a manner that causes service disruptions, performance degradation, or system instability on scanned targets, or in a way that interferes with the normal operation of third-party systems or services
• Scanning Services Specific: Share, distribute, or publish scan results containing sensitive information about third-party systems without proper authorization, or use scan results to exploit vulnerabilities for malicious purposes
• API Services Specific: Use API services to build competing services or to resell, redistribute, or repackage our data without explicit written permission
• API Services Specific: Exceed reasonable API usage limits, engage in automated scraping, or attempt to circumvent rate limiting or access controls
• API Services Specific: Use API services in a manner that degrades service performance for other users or that violates the intended use of the Services
• Data Collection Specific: Use our Services to collect personal information about individuals without their consent or in violation of applicable privacy laws
• Data Collection Specific: Use query results, scan data, or intelligence information to harass, stalk, or harm individuals or organizations
• Probe Search Specific: Use the Global Probe Search Engine to identify and target vulnerable systems for unauthorized access or exploitation

Violation of this Acceptable Use Policy may result in immediate termination of your account and legal action. Unauthorized or malicious use of scanning services, API services, or any other Services may also result in civil and criminal liability under applicable laws.

8. Intellectual Property

8.1 Our Rights

All content, features, and functionality of the Services, including but not limited to text, graphics, logos, icons, images, software, and data, are owned by SecuritySurface or its licensors and are protected by copyright, trademark, and other intellectual property laws.

8.2 Your Rights

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your personal or internal business purposes.

8.3 Data Ownership

You retain ownership of any data you submit to the Services. By using the Services, you grant us a license to use, process, and store your data as necessary to provide the Services and as described in our Privacy Policy.

9. Disclaimers and Limitations of Liability

9.1 Service Availability

We strive to provide reliable Services but do not guarantee that the Services will be available, uninterrupted, or error-free. The Services are provided "as is" and "as available" without warranties of any kind.

9.2 Data Accuracy and Third-Party Data Sources

While we make reasonable efforts to ensure the accuracy of information provided through our Services, we do not warrant that all information is complete, accurate, or up-to-date. Our Services rely on various data sources, including:

• Public Records: WHOIS databases, DNS registries, SSL certificate authorities, and other publicly available information sources
• Third-Party Data Providers: We may aggregate data from multiple third-party sources, and the accuracy of such data depends on the reliability of these sources
• Real-Time Queries: Some data is collected in real-time through direct queries to target systems, which may be subject to rate limiting, blocking, or inaccuracies
• Historical Data: Historical DNS records, WHOIS information, and other historical data may be incomplete or unavailable for certain domains or time periods

You acknowledge that data provided through our Services may contain errors, omissions, or may be outdated. You should verify critical information independently before making decisions based on our Services. SecuritySurface disclaims all liability for any inaccuracies, errors, or omissions in the data provided.

9.3 Security Scanning and Network Scanning Services - Specific Disclaimers

The following disclaimers specifically apply to SecuritySurface Scan and network scanning services:

• Scan Results Accuracy: Security scanning and vulnerability assessment results are provided for informational purposes only. We do not guarantee the accuracy, completeness, or reliability of scan results. Scan results may contain false positives, false negatives, or may not identify all existing vulnerabilities. You acknowledge that security scanning is an ongoing process and that new vulnerabilities may emerge after a scan is completed.
• No Warranty of Security: Our scanning services do not guarantee that scanned systems are secure or free from vulnerabilities. The absence of detected vulnerabilities does not mean that your systems are secure. You are solely responsible for implementing appropriate security measures based on scan results and other security assessments.
• Scanning Limitations: Security scans may not detect all types of vulnerabilities, including but not limited to zero-day vulnerabilities, logic flaws, social engineering attacks, physical security weaknesses, or vulnerabilities in third-party services. Scans are limited to the scope, depth, and timing of the scan configuration and may not reflect the current state of scanned systems.
• Service Disruption Risk: Security scanning activities may cause temporary service disruptions, performance degradation, or system instability on scanned targets. You acknowledge and accept that scanning may impact the availability or performance of scanned systems, and SecuritySurface shall not be liable for any such disruptions or damages resulting from scanning activities.
• Third-Party Systems: When scanning third-party systems or services, you represent and warrant that you have obtained all necessary authorizations, permissions, and consents from the owners or authorized representatives of such systems. SecuritySurface assumes no responsibility for unauthorized scanning activities.
• Legal Compliance: You are solely responsible for ensuring that your use of our scanning services complies with all applicable laws, regulations, and contractual obligations. Unauthorized scanning of systems you do not own or have explicit permission to scan may violate computer fraud and abuse laws, privacy laws, and other regulations in various jurisdictions. SecuritySurface disclaims all liability for your failure to obtain proper authorization or comply with applicable laws.
• Prohibited Uses: You agree not to use our scanning services to: (a) scan systems without explicit authorization; (b) conduct malicious activities, including but not limited to denial-of-service attacks, data exfiltration, or unauthorized access attempts; (c) violate any laws or regulations; (d) infringe upon the rights of third parties; or (e) interfere with or disrupt the operations of any system or network.
• Data Confidentiality: While we implement security measures to protect scan data, you acknowledge that scan results may contain sensitive information about your systems, networks, or vulnerabilities. You are responsible for maintaining the confidentiality of scan results and ensuring appropriate access controls. SecuritySurface shall not be liable for unauthorized disclosure of scan data resulting from your actions or system vulnerabilities.
• Remediation Responsibility: You are solely responsible for evaluating scan results, prioritizing vulnerabilities, and implementing appropriate remediation measures. SecuritySurface provides scanning services only and does not provide security remediation, incident response, or security consulting services unless explicitly agreed upon in a separate agreement.
• No Liability for Exploitation: SecuritySurface shall not be liable for any damages, losses, or security incidents resulting from the exploitation of vulnerabilities identified (or not identified) through our scanning services. You assume all risks associated with the use of scanned systems and are responsible for implementing appropriate security controls.
• Scanning Tool Limitations: Our scanning tools and methodologies are based on known vulnerability databases, security best practices, and industry standards. However, scanning tools may not be updated immediately with the latest vulnerability information, and scanning methodologies may not be suitable for all types of systems or environments.
• Network Impact: Network scanning activities may generate significant network traffic and may be detected by intrusion detection systems, firewalls, or other security monitoring tools. You acknowledge that scanning activities may trigger security alerts or responses from third-party security systems.

By using SecuritySurface scanning services, you acknowledge that you have read, understood, and agree to these specific disclaimers and limitations. You further acknowledge that security scanning is a tool to assist in security assessment but is not a substitute for comprehensive security practices, regular security audits, or professional security consulting.

9.4 API Services - Specific Disclaimers

The following disclaimers specifically apply to API Services:

• API Availability: We do not guarantee uninterrupted API availability. API endpoints may be subject to rate limiting, throttling, or temporary unavailability. We reserve the right to modify, deprecate, or discontinue API endpoints with reasonable notice.
• API Response Times: API response times may vary based on server load, network conditions, and query complexity. We do not guarantee specific response times or service level agreements (SLAs) for API requests.
• Data Freshness: Data provided through APIs may not be real-time and may be cached or aggregated. The freshness of data depends on the type of query and our data update schedules.
• API Versioning: We may update API versions, deprecate older versions, or modify API endpoints. You are responsible for keeping your API integrations up-to-date. We will provide reasonable notice of breaking changes when possible.
• Probe Search Engine Results: Results from the Global Probe Search Engine are based on publicly available information and may not be comprehensive or up-to-date. Search results may include false positives or may miss relevant assets.
• IP Detection Accuracy: Real IP detection behind CDNs is not 100% accurate or successful. Detection methods may fail, and results should be verified independently.
• Subdomain Discovery: Subdomain discovery may not identify all subdomains associated with a domain. Results depend on various factors including DNS configuration, subdomain visibility, and our scanning methodologies.

By using API Services, you acknowledge that you have read, understood, and agree to these specific disclaimers. You are responsible for implementing appropriate error handling, rate limiting, and data validation in your applications.

9.5 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECURITYSURFACE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES RESULTING FROM YOUR USE OF THE SERVICES, INCLUDING BUT NOT LIMITED TO DAMAGES ARISING FROM SECURITY SCANNING ACTIVITIES, VULNERABILITY ASSESSMENTS, NETWORK SCANNING OPERATIONS, API USAGE, DATA INACCURACIES, SERVICE UNAVAILABILITY, OR DECISIONS MADE BASED ON INFORMATION PROVIDED THROUGH OUR SERVICES.

10. Indemnification

You agree to indemnify, defend, and hold harmless SecuritySurface, its officers, directors, employees, and agents from and against any claims, damages, obligations, losses, liabilities, costs, or debt, and expenses (including attorney's fees) arising from your use of the Services, violation of these Terms, or infringement of any rights of another.

11. Privacy

Your use of the Services is also governed by our Privacy Policy, which explains how we collect, use, and protect your information. By using the Services, you consent to the collection and use of your information as described in the Privacy Policy.

12. Dispute Resolution

12.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which SecuritySurface operates, without regard to its conflict of law provisions.

12.2 Dispute Resolution Process

Any disputes arising out of or relating to these Terms or the Services shall be resolved through good faith negotiation. If negotiation fails, disputes shall be resolved through binding arbitration or in a court of competent jurisdiction, as applicable.

13. General Provisions

13.1 Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and SecuritySurface regarding the Services and supersede all prior agreements and understandings.

13.2 Severability

If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

13.3 Waiver

No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term, and our failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision.

13.4 Assignment

You may not assign or transfer these Terms or your rights hereunder without our prior written consent. We may assign these Terms without restriction.

14. Contact Information

If you have any questions about these Terms of Service, please contact us:

• Email: Contact Support
• Website: securitysurface.com/contact