Terms of Service
These Terms govern your access to and use of the Sycrion Service. Please read them carefully — by using Sycrion you agree to be bound by them.
Definitions
“Sycrion”, “we”, “us” means [LEGAL ENTITY NAME], registered at [REGISTERED ADDRESS], company number [REG. NUMBER], VAT number [VAT NUMBER].
“Service” means the Sycrion software-as-a-service platform, including the website, dashboard, scanning engine, integrations, APIs, reports and any related communications (email alerts, exports, support).
“Customer”, “you” means the legal person or company that creates an account, accesses the Service or signs an order form with us. Where you act on behalf of a company you warrant that you have authority to bind it to these Terms.
“Target” means any domain, subdomain, IP address, application or digital asset that you submit for assessment.
“Report” means the structured output we produce about a Target — risk verdict, findings, business-impact estimate, recommendations and supporting evidence.
Acceptance & scope of the agreement
By creating an account, clicking “I agree”, paying a subscription fee, importing API credentials or otherwise using the Service, you accept these Terms in full. If you do not accept them, you must not use the Service.
These Terms, together with our Privacy Policy, our Data Processing Addendum (provided on request) and any order form you sign, form the entire agreement between you and Sycrion regarding the Service and supersede any prior agreements, proposals or representations, written or oral.
What the Service does — and what it does NOT do
The Service scans publicly reachable assets, correlates the results with public threat-intelligence feeds (vulnerability databases, vendor advisories, CERT bulletins, exploit corroboration feeds, public IOC feeds), and produces a business-language risk verdict.
The Service is a decision-support tool, not a guarantee of security.
- It does not replace a manual penetration test, a security audit, a SOC, a CISO, insurance, legal advice or compliance certification.
- It does not claim to detect every possible vulnerability. Threat landscapes change continuously; absence of a finding does not imply absence of risk.
- Business-impact figures (€ losses, severity, urgency) are estimates generated by automated models and intelligence sources. They are not financial advice and not warranted as accurate for your specific business.
- Specialist-handoff recommendations are informational only. The decision to engage a security professional remains yours.
You acknowledge that you must exercise your own judgement before acting on any output of the Service.
Authorisation to scan · acceptable use
You may only submit Targets that you own or are explicitly authorised, in writing, to assess. This is the most important obligation you take on under these Terms.
By using the Service you represent and warrant that, for every Target:
- You are the registered owner of the Target, or
- You hold a current, written authorisation from the owner that covers the full scope of the assessment (passive recon, active probing, vulnerability scanning, public threat-intelligence correlation), or
- You are subject to a “bug bounty” / responsible-disclosure programme whose scope expressly permits automated scanning by third-party tooling.
You must not use the Service to attempt to access, disrupt, degrade or harm any system that does not belong to you, to reverse-engineer the Service, to circumvent our rate limits or quotas, to harvest information for purposes other than defending the authorised Target, or in any manner that violates applicable computer-misuse, anti-hacking, sanctions, export-control or privacy laws.
You are solely responsible for the legality of every scan you initiate. Where local law requires advance notification to a CERT, supervisory authority, hosting provider or target owner, you are responsible for providing it.
We may suspend or terminate your account, refuse a scan, withhold a Report and report activity to law enforcement if we reasonably suspect any breach of this Section 04 — without notice and without refund.
Accounts, credentials & security
You must provide accurate, current and complete information when creating an account and keep it up to date. You are responsible for safeguarding your credentials, API keys and any access tokens issued to you.
You are liable for all activity that occurs under your account, including by employees, contractors or agents acting on your behalf. Notify us immediately at [SECURITY EMAIL] if you suspect unauthorised access.
Subscriptions, fees & refunds
Paid plans are billed in advance on a recurring basis (monthly or annually) at the price displayed at the time of purchase, plus any applicable taxes. Subscriptions renew automatically until cancelled.
You may cancel at any time from your dashboard. Cancellation stops the next renewal but does not refund the current billing period. Fees already paid are non-refundable except where required by mandatory consumer law.
We may change pricing on at least thirty (30) days’ notice. Continued use after the price change takes effect constitutes acceptance.
Intellectual property
The Service, its source code, the scanning engine, the threat-intelligence pipeline, the AI prompts, the Reports’ structure and the Sycrion brand are owned by us and protected by intellectual-property law. We grant you a non-exclusive, non-transferable, revocable licence to use the Service strictly for your internal business purposes during your subscription.
You retain ownership of the input data you submit (Targets, scan configuration, uploaded evidence). You grant us a worldwide, royalty-free licence to process it solely to operate the Service, generate Reports, and improve detection logic in de-identified, aggregated form.
You may share Reports we generate with your employees, auditors, insurers and security advisers, but you may not resell, sublicense, public-publish or use the Reports to train competing AI/scanning products.
Confidentiality
Each party will treat the other’s non-public information as confidential, use it only to perform this agreement, and protect it with reasonable security measures (no less than the measures it applies to its own confidential information of similar sensitivity). Confidentiality survives termination for five (5) years.
Data protection (GDPR)
Where the Service processes personal data on your behalf (e.g. domains and asset metadata you submit for scanning) we act as a data processor and you act as the data controller. Our Data Processing Addendum (DPA), incorporated by reference, governs that processing and includes the EU Standard Contractual Clauses for any transfer outside the EEA.
For visitors of our website and registered users we are the data controller; see our Privacy Policy for details.
You warrant that you have a lawful basis (consent, contract, legitimate interest, etc.) to submit any personal data to the Service, and that you will provide the affected individuals with all required notices.
Disclaimer of warranties
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE”. TO THE MAXIMUM EXTENT PERMITTED BY LAW, SYCRION DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NON-INFRINGEMENT, UNINTERRUPTED OPERATION OR ERROR-FREE RESULTS.
We do not warrant that the Service will detect every vulnerability, that Reports will be free of false positives or false negatives, that scans will complete within a particular time, or that threat-intelligence sources will be available at any moment.
Limitation of liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL SYCRION BE LIABLE FOR:
- Indirect, incidental, special, consequential, punitive or exemplary damages;
- Loss of profit, revenue, goodwill, data or business opportunity;
- Damages resulting from security incidents, breaches, intrusions, ransomware, extortion, or any third-party act of the kind the Service tries to help you avoid;
- Damages caused by your reliance on a Report, by your action or inaction in response to a finding, or by your failure to engage a qualified security professional when one was recommended;
- Damages caused by inaccurate threat-intelligence or AI-generated content.
OUR TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THE SERVICE, WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE, IS LIMITED TO THE AMOUNT ACTUALLY PAID BY YOU TO SYCRION IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR ONE HUNDRED EUROS (€100) — WHICHEVER IS HIGHER.
Nothing in these Terms limits any liability that cannot be excluded under applicable law (e.g. for fraud, wilful misconduct, gross negligence, or personal injury caused by negligence).
Indemnification
You will defend, indemnify and hold harmless Sycrion, its affiliates and their respective officers, directors, employees and agents from and against any third-party claim, demand, fine or action — and the resulting losses, damages, settlements, investigation costs, regulatory penalties and legal fees — arising out of:
- Your breach of Section 04 (Authorisation to scan);
- Any data or content you submit to the Service;
- Your use of any Report or recommendation;
- Your violation of any law, regulation or third-party right;
- A claim that your scanned Target, or any conduct by you using the Service, caused unauthorised access, denial of service or other harm to a third-party system.
Suspension & termination
We may suspend or terminate your access immediately, with or without notice, if you breach these Terms, if your account is delinquent, or if we reasonably believe your use of the Service violates applicable law or threatens the security or stability of the Service.
You may terminate at any time from the dashboard. On termination your right to use the Service ends; we may delete your data after a 30-day grace period (subject to retention required by law).
Service availability
We aim for high availability but do not commit to a specific uptime SLA unless one is set out in a signed order form. Planned maintenance will be announced when reasonably practicable. We are not liable for downtime caused by force majeure, upstream providers, DDoS, your network or your end-users.
Changes to the Service or to these Terms
We may modify the Service and these Terms from time to time. Material changes will be announced at least thirty (30) days before they take effect (e.g. by email or in-product notice). If you do not accept the change, your remedy is to terminate; continued use after the effective date constitutes acceptance.
Governing law & jurisdiction
These Terms are governed by the laws of [GOVERNING-LAW COUNTRY], excluding conflict-of-laws rules and the UN Convention on Contracts for the International Sale of Goods.
Any dispute arising out of or in connection with these Terms will be submitted to the exclusive jurisdiction of the courts of [COURT / SEAT], except that we may seek injunctive relief in any competent jurisdiction to protect our intellectual-property rights or confidential information.
Miscellaneous
Assignment. You may not assign these Terms without our prior written consent. We may assign them in connection with a merger, acquisition or reorganisation.
Severability. If any provision is held unenforceable, the remainder will continue in full force.
No waiver. Failure to enforce a right is not a waiver of it.
Notices. Legal notices to us must be sent to legal@sycrion.com and to our registered address.
Survival. Sections 04, 07–12, 16 and 17 survive termination.