Terms of Service.

1. About us

AttackEdge is operated by ArmoniaLabs (sole trader, registered business name "ArmoniaLabs"), ABN 81 392 893 669, with registered address at [TBC: your registered business address]. In these terms, "we", "us" and "our" mean ArmoniaLabs. "You" means the person or organisation using the service.

For contact about these terms, email legal@attackedge.io.

2. What the service is

AttackEdge is an external attack-surface scanning service. We collect information about internet-facing systems you nominate, analyse that information with automated tools and AI, and deliver a written report. The full scope of what we check, and what we deliberately do not do, is listed on our methodology page. That methodology page is incorporated by reference into these terms.

What the service is not: a penetration test, a PCI DSS ASV scan, an audit of your internal network or cloud tenants, a SIEM or EDR replacement, or a substitute for legal, compliance, or insurance advice.

3. Your account

You need an account to buy scans, submit targets, and access reports. You are responsible for keeping your credentials secure and for all activity that happens under your account. Tell us at security@attackedge.io if you suspect unauthorised access.

You must be at least 18 and able to enter a binding contract. If you are using AttackEdge on behalf of an organisation, you warrant you have authority to bind that organisation.

4. Scanning authorisation (important)

You warrant that you own, operate, or are expressly authorised to instruct a security scan against every domain, subdomain, IP address, host, and service you submit. Submitting targets you do not own or have authority to scan is a serious breach of these terms and may be a criminal offence under the laws of your jurisdiction, including the Australian Cybercrimes Act 2001, the United States Computer Fraud and Abuse Act, the United Kingdom Computer Misuse Act 1990, and equivalent statutes elsewhere.

We verify ownership before scanning. Standard verification is a DNS TXT record, a file at a well-known path on your webserver, or an email challenge to a standard administrative mailbox (see how to verify your scan target). Where those methods are not practical, you may complete the Scan Authorisation Form, which is a written authorisation you sign electronically. Scans do not run until verification is confirmed. We may at our discretion refuse to scan any target.

You agree to indemnify and hold us harmless against any claim, cost, loss, or damage arising from a scan of a target you did not have authority to submit.

5. Payments and pricing

Prices are listed on the pricing section of our website and are in United States Dollars (USD) unless we tell you otherwise. Stripe presents your local currency at checkout where supported. Payment is processed by Stripe. We do not see or store your full card details.

We offer two ways to pay:

• One-off Scan. A single external scan of one root domain and every subdomain we discover, plus up to five IP addresses you declare. An unsubmitted Scan remains available to submit for twelve months from purchase unless we specify otherwise at point of sale.
• Subscription plan (Starter, Growth, or Scale). Recurring scheduled scans on the assets you declare, up to the root-domain and IP caps of your plan. Plans are billed monthly or annually. The scan cadence (monthly, weekly, or daily) is set by the plan you select.

Subscriptions renew automatically at the end of each billing period until you cancel. You can cancel at any time through the Stripe billing portal (accessible from the Buy page) or by contacting us; cancellation takes effect at the end of the current billing period and we do not prorate the unused portion.

We may change our pricing at any time for new purchases. Changes do not affect Scans you have already bought or subscriptions already in an active billing period.

6. Refunds

Our refund policy is written out separately at attackedge.io/refund and is incorporated into these terms. In short:

• One-off Scan: if you are not happy with the report, we will refund the full purchase price on request within 14 days of report delivery. An unsubmitted one-off Scan is also refundable on request within 12 months of purchase.
• Subscription plans (Starter, Growth, Scale): cancel-anytime, but the current billing period is not refunded. Cancellation takes effect at the end of the period and scheduled scans continue through that period. Charges already processed are non-refundable.
• These arrangements are in addition to, and do not limit, any statutory right you have under the Australian Consumer Law or an equivalent law that applies to you (see section 8).

7. Acceptable use

Your use of AttackEdge is bound by our Acceptable Use Policy, which covers target ownership, prohibited uses, and responsible disclosure. Breach of that policy may result in immediate suspension or termination of your account.

8. Consumer guarantees

If you are a "consumer" within the meaning of the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010), nothing in these terms excludes, restricts, or modifies any consumer guarantee, right, or remedy that cannot be lawfully excluded. Our liability for breach of those non-excludable guarantees is, to the extent permitted by law, limited to resupplying the service or refunding the price paid.

9. Our warranties

We will provide the service with reasonable care and skill, using industry-recognised tools and techniques. We will deliver Scan reports within 24 hours of a scan being queued, barring extraordinary circumstances beyond our control.

We do not guarantee that scans will find every vulnerability that exists in your systems, or that fixing every finding in our report will make your systems secure. Attack surface scanning is one piece of a broader security posture.

10. Limitation of liability

To the maximum extent permitted by law, and subject to section 8 above, our total liability to you for any claim arising out of or in connection with your use of the service is limited to the amount you paid us in the twelve months preceding the event giving rise to the claim. We are not liable for indirect, consequential, special, or incidental loss, including loss of profit, loss of data, business interruption, or reputational harm, even if such loss was foreseeable.

11. Your indemnity

You agree to indemnify us against any claim, cost, loss, or damage we suffer arising from:

• Targets you submitted that you did not own or have authority to scan.
• Your breach of these terms or our Acceptable Use Policy.
• Your unlawful or negligent conduct in connection with the service.

12. Termination

Either of us can terminate at any time. If you stop using the service, you can close your account by emailing hello@attackedge.io. We may suspend or terminate your account immediately if you breach these terms or our Acceptable Use Policy.

On termination, we delete your account and scan history within a reasonable time unless we are required to retain information for legal, accounting, or dispute-resolution purposes. See our Privacy Policy for retention specifics.

13. Changes to these terms

We may update these terms from time to time. If a change materially affects your rights or obligations, we will notify you by email or through the product before the change takes effect. Your continued use of the service after notice means you accept the updated terms. You can always see the current version on this page.

14. Governing law and jurisdiction

These terms are governed by the laws in force in New South Wales, Australia. You and we submit to the exclusive jurisdiction of the courts of New South Wales and the courts competent to hear appeals from those courts.

If you are outside Australia, this choice of law and forum still applies. You may have additional rights under your local consumer-protection law that cannot be waived by contract; those rights are preserved.

15. General

16. Contact

Questions about these terms: legal@attackedge.io. General questions: hello@attackedge.io.