These Terms of Use (this “Agreement”) govern access to and use of the Defendis services, websites, and related materials (collectively, the “Service”) provided by Defendis Technology Inc. (“Defendis,” “we,” “us,” or “our”). By accessing or using the Service, you agree to be bound by this Agreement. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation, and “Customer,” “you,” and “your” refer to both you and that organisation.

You are contracting with Defendis Technology Inc., a Delaware corporation, unless an order form, statement of work, or reseller agreement (each, an “Order”) expressly identifies a different Defendis affiliate as the contracting entity. Your use of the Service may also be governed by additional written agreements with Defendis or an authorised reseller (collectively, “Other Agreements”). If there is a conflict between this Agreement and any Order or Other Agreement, the Order or Other Agreement controls solely with respect to the conflicting terms.

1. Definitions

1. Customer Data: means information, data, content, or materials that Customer (including its users) submits to or makes available through the Service.
2. Documentation: means user guides, specifications, and policies for the Service made available by Defendis.
3. Output: means data, reports, alerts, graphs, or analytics generated by the Service from inputs and sources.
4. Reseller: means a Defendis‑authorised reseller identified in an Order.
5. AUP: means the Acceptable Use Policy in Appendix A.

2. Scope of Use and License Grant

Subject to this Agreement and timely payment of all applicable fees, Defendis grants Customer a limited, non‑exclusive, non‑transferable (except as permitted in Section 21), revocable right during the applicable subscription term to access and use the Service and Documentation solely for Customer’s internal security purposes and in accordance with the applicable Order. No rights are granted except as expressly set forth herein.
If specified in an Order, Defendis may provide API access subject to API‑specific quotas and limits. Except as permitted via an API license, automated scraping, harvesting, or indexing of the Service is prohibited.

3. Free or Beta Services

Defendis may offer certain features or services at no charge, on a trial basis, or identified as beta, preview, or evaluation (“Beta Services”). Beta Services are provided “AS IS,” may be modified or discontinued at any time, and may be subject to additional terms. Defendis may terminate free or Beta Services at any time without liability.

4. Accounts and Security

Customer is responsible for: (a) the confidentiality and use of its accounts and credentials; (b) configuring and securing its environment; and (c) all activities under its accounts. Each user login is for a named individual and may not be shared.

5. Restrictions

Customer will not, and will not permit any third party to: (a) reverse engineer, decompile, or otherwise attempt to derive the Service’s source code; (b) copy, modify, translate, or create derivative works of the Service; (c) resell, sublicense, lease, lend, or provide the Service to a third party or for the benefit of any third party (including an affiliate) except as authorised in an Order; (d) circumvent fees, user limits, or usage restrictions; (e) use the Service or Output to compete with Defendis; (f) use any Service data or Output to train machine learning or AI models; (g) scrape, data‑mine, harvest, or index the Service; (h) publish benchmarks or performance tests without Defendis’s prior written consent; (i) interfere with or disrupt the Service or related infrastructure; (j) use the Service or Output for marketing, credit reporting, or other uses restricted by law; (k) use the Service in harmful, malicious, or unlawful ways, including misuse of personal data or violation of privacy, intellectual‑property, export, or sanctions laws; or (l) violate the AUP in Appendix A.

6. Customer Data, Approvals, and Data License

Customer is solely responsible for Customer Data, including the means by which it is collected, provided, and used. Customer represents and warrants that it has obtained all rights, consents, and approvals necessary to submit Customer Data to the Service and to grant the licenses in this Agreement, and that Customer Data does not violate any law, third‑party rights, or the AUP.
Customer grants Defendis a worldwide, non‑exclusive, royalty‑free license to host, store, process, transmit, and display Customer Data solely to provide, secure, support, and improve the Service and related operations. Defendis may use de‑identified or aggregated data derived from Customer’s use of the Service to maintain and improve the Service and for industry analytics, provided such data does not identify Customer or any individual.

7. Module‑Specific Consents (Non‑Intrusive Scanning)

If Customer requests attack surface or exposure scanning, Customer authorises Defendis to perform non‑intrusive scans of internet‑facing assets that Customer owns or controls (e.g., domains, IP ranges) and represents that it has the authority to grant such authorisation. Customer will not request scanning of assets it does not own or control.

8. Third‑Party Services and Content

The Service may reference or interoperate with third‑party websites, software, or services. Defendis is not responsible for third‑party products or content, and use of them may be subject to separate terms.

9. Confidentiality

Each party will protect the other’s non‑public information marked or reasonably understood to be confidential (“Confidential Information”) with at least the same degree of care it uses to protect its own similar information, but no less than reasonable care. The Service, Documentation, pricing, and non‑public roadmaps are Defendis Confidential Information. Confidentiality obligations do not apply to information that is: (a) publicly available through no breach; (b) independently developed; (c) rightfully received from a third party without duty of confidentiality; or (d) disclosed under legal process with prompt notice (where lawful). Upon termination, each party will return or destroy the other’s Confidential Information, except for archival copies maintained under standard backup policies, which remain subject to confidentiality.

10. Privacy

Defendis will handle personal data in accordance with its Privacy Policy available on its website. Customer is responsible for providing legally sufficient notices and obtaining consents from end users where required. The Service is not designed for processing special‑category data (e.g., health, biometric, children’s data) unless expressly agreed in writing.

11. Fees, Taxes, and Late Payments

Fees, subscription terms, and usage limits are stated in the applicable Order. Unless otherwise specified, invoices are due net thirty (30) days from invoice date. Late amounts may accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law. Customer is responsible for all taxes, duties, and similar charges related to the Service, excluding taxes based on Defendis’s income. If Customer purchases through a Reseller and fails to pay amounts owed, such failure constitutes a material breach hereof.

12. Term, Suspension, Termination, and Data Export

The subscription term and renewal, if any, are set forth in the applicable Order. Either party may suspend or terminate the Service for a material breach that remains uncured after notice, or immediately if the other party’s use poses a security or legal risk. Defendis may suspend access for non‑payment. Upon termination or expiration, Customer will stop using the Service. Upon Customer’s written request within thirty (30) days after termination, Defendis will make commercially reasonable efforts to provide an export of Customer Data in a reasonable format; thereafter Defendis may delete Customer Data from active systems, subject to archival copies retained under standard backup policies.

13. Disclaimers

TO THE FULLEST EXTENT PERMITTED BY LAW, THE SERVICE, OUTPUT, AND DOCUMENTATION ARE PROVIDED “AS IS” AND “AS AVAILABLE.” DEFENDIS DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON‑INFRINGEMENT. DEFENDIS DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR‑FREE OR UNINTERRUPTED, OR THAT OUTPUT WILL BE ACCURATE, COMPLETE, OR SUITABLE FOR ANY PARTICULAR PURPOSE.

14. Indemnification

Customer will defend, indemnify, and hold harmless Defendis and its affiliates, and their officers, directors, employees, and agents from and against all third‑party claims, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of: (a) Customer Data; (b) Customer’s violation of law or third‑party rights; or (c) Customer’s breach of this Agreement.
Defendis will defend Customer against any third‑party claim alleging that Customer’s authorised use of the Service infringes a U.S. patent, copyright, or trademark, and will pay resulting damages and reasonable attorneys’ fees finally awarded, provided Customer promptly notifies Defendis and cooperates in the defence. If such a claim arises, Defendis may, at its option and expense: (i) procure the right for Customer to continue using the Service; (ii) modify or replace the Service to be non‑infringing; or (iii) terminate the affected Order and refund any pre‑paid, unused fees. Defendis has no obligation for claims based on: (1) Customer Data or third‑party products; (2) modifications not made by Defendis; (3) combinations with items not provided by Defendis; or (4) use not in accordance with this Agreement. THIS SECTION STATES CUSTOMER’S EXCLUSIVE REMEDY FOR INTELLECTUAL PROPERTY INFRINGEMENT.

15. Limitation of Liability and Claim Window

TO THE FULLEST EXTENT PERMITTED BY LAW, DEFENDIS’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE SERVICE OR THIS AGREEMENT WILL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER FOR THE SERVICE DURING THE TWELVE (12) MONTHS BEFORE THE EVENT GIVING RISE TO LIABILITY. NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR LOST PROFITS, REVENUE, DATA, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY. ANY CLAIM MUST BE BROUGHT WITHIN ONE (1) YEAR AFTER THE CLAIM ACCRUES.

16. Compliance, Export Controls, and Sanctions

Customer will comply with all applicable laws, including data‑protection, export, anti‑corruption, and sanctions laws. Customer represents that it is not (a) a person or entity subject to sanctions or on a restricted‑party list administered by the U.S., EU, UK, or UN, or (b) located, organised, or ordinarily resident in a comprehensively embargoed jurisdiction. Customer will not submit Customer Data that requires government authorisation to export without first obtaining such authorisation.

17. Third‑Party Requests and E‑Discovery

If Defendis receives a subpoena, court order, governmental request, or similar demand relating to Customer’s use of the Service and Defendis is not a party to the matter, Customer will reimburse Defendis for its reasonable costs (including attorneys’ fees) incurred in responding, to the extent permitted by law.

18. Publicity

Defendis may identify Customer by name and logo as a customer of the Service on its website and in marketing materials. Upon Customer’s written request, Customer may opt out of further public use of its name and logo.

19. Changes to this Agreement

Defendis may update this Agreement from time to time. We will post the updated Agreement and update the Effective Date. Customer’s continued use of the Service after the update becomes effective constitutes acceptance of the updated Agreement.

20. Notices

Notices to Defendis must be sent to legal@defendis.ai. Defendis may provide notices to Customer via email or through the Service interface using contact information provided in the Order.

21. Assignment

Customer may not assign or transfer this Agreement without Defendis’s prior written consent. Defendis may assign this Agreement to an affiliate or in connection with a merger, acquisition, corporate reorganisation, or sale of substantially all its assets.

22. Governing Law and Dispute Resolution

This Agreement is governed by the laws of the State of Delaware, without regard to conflict of laws rules. For customers whose principal place of business is outside the United States, any dispute arising out of or relating to this Agreement will be finally resolved by binding arbitration under the Rules of Arbitration of the International Chamber of Commerce (ICC) by one arbitrator. The seat of arbitration will be Wilmington, Delaware, U.S.A., and the language will be English. Either party may seek temporary injunctive relief in a court of competent jurisdiction.

23. DMCA and Takedowns

If you believe content available through the Service infringes your copyright, please send a notice to legal@defendis.ai with the subject line “DMCA Notice,” including the information required by 17 U.S.C. § 512(c)(3). Defendis may remove or disable access to alleged infringing material and may terminate repeat infringers’ accounts.

24. Miscellaneous

Entire Agreement. This Agreement, together with the Orders and Other Agreements, constitutes the entire agreement between the parties regarding the Service. If any provision is unenforceable, the remainder remains in effect. Failure to enforce any provision is not a waiver.
Force Majeure. Neither party is liable for delays or failures due to causes beyond its reasonable control, including acts of God, labor disputes, supply‑chain disruptions, internet or telecommunications failures, government actions, or emergencies.
Equitable Relief. A breach of Sections 5 (Restrictions), 9 (Confidentiality), or 13 (Disclaimers) may cause irreparable harm; the non‑breaching party may seek injunctive relief in addition to other remedies.
No Third‑Party Beneficiaries. There are no third‑party beneficiaries to this Agreement.
Interpretation. Headings are for convenience only. “Including” means “including without limitation.”

Appendix A – Acceptable Use Policy (AUP)

Customer remains responsible for acts of its users, affiliates, contractors and will not use the Service to:

1. Violate law or encourage illegal activity
2. Infringe, misappropriate, or violate intellectual‑property or privacy rights
3. Collect, process, or disclose personal data without a lawful basis and required notices/consents
4. Transmit malware, spyware, ransomware, or other harmful code
5. Probe, scan, or test the vulnerability of any system without authorisation
6. Send spam or other unsolicited communications
7. Publish or disclose benchmarks or performance tests without prior written consent
8. Scrape or harvest data from the Service or circumvent technical protections
9. Use Output for marketing profiles, consumer credit decisions, or other regulated uses
10. Train or fine‑tune models using Service data or Output
11. Interfere with other users’ access to the Service or the underlying infrastructure.

Appendix B – Attack‑Surface Scanning Consent

By enabling scanning features or submitting assets for scanning, Customer: (a) authorises Defendis to perform non‑intrusive scans on designated assets that Customer owns or controls; (b) ensures scans will be conducted only on assets for which Customer has authority; and (c) will promptly notify Defendis of any restrictions, maintenance windows, or compliance constraints relevant to scanning.