Terms of Service

1. Acceptance of Terms

By accessing or using Vigil (“the Service”), operated by TODO: Legal entity name and registered address, you agree to be bound by these Terms of Service (“Terms”). If you do not agree, do not use the Service.

2. Description of Service

Vigil is an attack surface management platform that performs automated reconnaissance, DNS analysis, open-source intelligence gathering, and AI-assisted security analysis on internet-facing assets that you own or are authorised to test.

TODO: Describe service tiers (free, growth, pro), uptime commitments, and any service-level agreement terms.

3. Eligibility and Account Registration

You must be at least 18 years old and have the legal capacity to enter into contracts to use the Service. By registering, you represent that all information you provide is accurate and that you will keep it current.

TODO: Address business accounts, authorised representatives, and multi-user organisations.

4. Authorised Use and Scanning Policy

You may only scan domains and internet-facing assets that you own or for which you have explicit written authorisation to perform security testing. By adding a domain to Vigil and completing domain verification, you represent and warrant that you have such authorisation.

Vigil implements DNS TXT record verification to establish scanning authority. You are solely responsible for ensuring that your authority to scan a domain remains valid for the duration of any scheduled scans.

Prohibited uses include, without limitation:

• Scanning domains you do not own or are not authorised to test
• Using the Service to facilitate attacks on third-party systems
• Attempting to exceed rate limits or circumvent usage controls
• TODO: Add further prohibited use cases (e.g., scraping, reverse engineering, resale).

5. Subscription, Billing, and Payment

TODO: Describe subscription plans, billing cycles (monthly/annual), auto-renewal, free trial terms, upgrade/downgrade rules, refund policy, and consequences of non-payment (grace period, suspension, data retention after cancellation).

All payments are processed by Stripe. By providing payment information you authorise us to charge the applicable fees.

6. Intellectual Property

The Service, including all software, designs, and documentation, is owned by TODO: Legal entity name and is protected by intellectual property laws. You receive a limited, non-exclusive, non-transferable licence to access and use the Service for your internal business purposes only.

You retain all rights to data you submit to the Service. You grant us a limited licence to process that data solely to provide the Service.

7. Data and Privacy

Our collection and use of personal data is described in our Privacy Policy, which forms part of these Terms. By using the Service you consent to the data practices described therein.

8. Confidentiality

TODO: Define confidential information, mutual obligations, exclusions (publicly available information, independently developed information), and duration of confidentiality obligations.

9. Disclaimer of Warranties

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

We do not warrant that the Service will identify every security vulnerability or that scan results are complete or error-free. Security assessments should be part of a broader security programme and not relied upon as the sole means of risk evaluation.

10. Limitation of Liability

TODO: Insert jurisdiction-appropriate liability cap (e.g., capped at fees paid in the preceding 12 months), exclusions for consequential/indirect damages, and any required local law carve-outs.

11. Indemnification

You agree to indemnify, defend, and hold harmless TODO: Legal entity name, its officers, directors, employees, and agents from any claims, damages, or expenses arising from: (a) your use of the Service in violation of these Terms; (b) your scanning of domains without proper authorisation; or (c) your violation of any applicable law.

12. Term and Termination

These Terms remain in effect while you use the Service. We may suspend or terminate your account at any time for violation of these Terms. You may cancel your account at any time via account settings.

TODO: Specify data retention/export window after termination, survival of clauses (payment obligations, IP, indemnity).

13. Governing Law and Dispute Resolution

TODO: Specify governing jurisdiction, courts of competent jurisdiction, and any arbitration or mediation requirements. For EU customers, note any mandatory consumer protection rights that cannot be waived.

14. Changes to These Terms

We may update these Terms from time to time. We will notify you of material changes by email or by posting a notice in the Service. Your continued use after the effective date constitutes acceptance of the revised Terms.

15. Contact

Questions about these Terms should be sent to legal@vigil.security.

TODO: Add registered postal address for formal legal notices.