Terms of use & scan authorization

1. Definitions

For purposes of these Terms:

• “RiskMeter”, “we”, “us” means RiskMeter Cybersecurity and its personnel.
• “Site” means the website at www.riskmetercybersecurity.com and any related pages or services we provide from that domain.
• “You”, “Applicant” means the individual and/or organization submitting an application or otherwise using the Site.
• “Authorized Asset” means each domain, web application, or related public-facing service that is identified in writing by you as in scope for testing and that you have the legal right to authorize for testing.
• “Scan” means the website security scanning activity that RiskMeter performs against an Authorized Asset in accordance with our published Rules of Engagement.
• “Scan Report” means the written findings RiskMeter delivers to you following a Scan.

2. Acceptance of these Terms

By accessing the Site or by submitting an application via the Site, you agree to be bound by these Terms of Use and Scan Authorization (the “Terms”), our Privacy Policy, and our Rules of Engagement, each of which is incorporated into these Terms by reference. If you do not agree, do not use the Site or submit an application.

3. Eligibility, accuracy & authority

By using the Site you represent and warrant that:

• You are at least 18 years old.
• The information you submit through the Site is true, accurate, and complete to the best of your knowledge.
• If you submit an application on behalf of an organization, you have the authority to bind that organization to these Terms.
• You either own each Authorized Asset that you list or have the legal authority of the asset's owner to authorize security testing of it. You will not submit, request, or imply consent for testing of any asset for which you cannot establish such authority on request.
• You will provide a working point of contact and respond to reasonable RiskMeter requests for clarification within a reasonable time.

4. Free-scan offer — no guarantee of acceptance

RiskMeter intends to perform a free Scan and Scan Report for up to ten (10) qualified Applicants during its launch period. Submission of an application does not constitute an offer, a contract, an acceptance, or any obligation by RiskMeter to perform any Scan. RiskMeter may decline any application at its sole discretion and without explanation, and may modify, suspend, or end the launch offer at any time without notice.

5. Scan authorization (granted only upon RiskMeter acceptance)

If, and only if, RiskMeter accepts your application and confirms scope to you in writing, you hereby grant RiskMeter the following limited, non-exclusive, revocable, royalty-free authorization for the duration of the agreed scan window and for a reasonable period thereafter to complete and document the work:

1. To perform the Scan against the Authorized Assets identified in the written scope confirmation, in accordance with our published Rules of Engagement.
2. To collect, retain, and analyze technical information about those Authorized Assets (including HTTP responses, headers, certificate metadata, banners, and configuration data) for the purpose of producing the Scan Report.
3. To deliver the resulting Scan Report to your designated contact and to retain records of the engagement as described in our Privacy Policy.

You acknowledge that this grant of authorization is a material condition of any Scan we perform. RiskMeter may decline to begin or continue a Scan if the authorization or its scope is unclear or appears to have been improperly granted.

6. Your representations & warranties about Authorized Assets

Consultants, managed service providers (MSPs), agencies, and other third parties acting on behalf of an asset owner are welcome to submit applications. The email address you use to apply is not required to be on the same domain as the Authorized Asset, and the choice of any particular email address does not by itself create or imply authority to authorize testing. Authority comes from the representations and warranties below (and, where applicable, the underlying engagement between you and the asset owner) — not from the email domain you use.

You represent and warrant that, for each Authorized Asset:

• You own the asset, or you have obtained from the owner all consents required by law and by any contract between you and the owner to authorize a third-party security scan of the asset, and you can produce written evidence of that authority on RiskMeter's reasonable request.
• Authorizing testing of the asset will not breach any agreement with a hosting provider, infrastructure provider, payment processor, identity provider, or other third party.
• You will not include any asset that is hosted by a third party without first confirming the third party's authorization requirements (e.g., AWS, Cloudflare, Heroku, Vercel, and most managed hosts have published requirements you must follow).
• Any individuals whose personal data may incidentally appear in public responses from the asset have received any disclosures required under applicable privacy law before that data is exposed publicly.

7. Revocation of authorization

You may revoke the authorization granted in Section 5 at any time by written notice to legal@riskmetercybersecurity.com. Upon receipt, RiskMeter will cease active scanning within a commercially reasonable time and will confirm cessation in writing. Revocation does not retroactively undo activity performed prior to receipt of notice, and does not affect provisions of these Terms that by their nature should survive revocation (including Sections on confidentiality, IP, indemnification, limitation of liability, and dispute resolution).

8. No fees; no payment information

The Scan offered during the launch period is provided at no cost. RiskMeter does not collect payment information through this Site and will not invoice an Applicant for the launch Scan. If RiskMeter offers a paid product in the future, that product will be governed by a separate written agreement and you will not be billed without affirmative consent.

9. Intellectual property

The Site.The Site, including its design, source code, text, graphics, and trademarks (including “RiskMeter” and the RiskMeter mark), is the property of RiskMeter or its licensors and is protected by intellectual property laws. We grant you a limited, revocable, non-exclusive, non-transferable license to access and use the Site for the purpose of evaluating, applying for, or receiving the services described on it.

Your content. You retain all rights in any information or content you submit to us. You grant RiskMeter a limited, non-exclusive license to use that information solely as necessary to evaluate your application and perform any Scan you authorize.

Scan Reports. RiskMeter retains ownership of the copyright in each Scan Report we author. Upon delivery, we grant you a perpetual, worldwide, non-exclusive, royalty-free license to use the Scan Report internally for your own security and remediation purposes, including sharing it with your employees, contractors, auditors, insurers, and counsel under reasonable confidentiality obligations. You may not publish a Scan Report or use it for marketing, comparative claims, or republication outside your organization without our prior written consent.

10. Acceptable use of the Site

You agree not to (and not to attempt to):

• Submit applications for assets you are not authorized to approve for testing
• Use the Site or any Scan Report to harm, defame, or compete unfairly with RiskMeter or any third party
• Probe, scan, or attempt to compromise the Site itself outside the scope of our published Vulnerability Disclosure Policy
• Submit content that is unlawful, deceptive, infringing, or malicious (including malware, phishing payloads, or attempts to inject content into our systems)
• Use automation to submit applications, scrape the Site at scale, or circumvent rate limits or other access controls
• Resell, sublicense, or commercialize access to the Site or to a Scan Report without our prior written consent

11. Confidentiality

Each party agrees to treat as confidential any non-public information disclosed by the other party in connection with the Site, an application, or a Scan (“Confidential Information”), and to use such information solely for the purposes contemplated by these Terms. Confidential Information does not include information that (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party before disclosure; (c) is rightfully obtained from a third party without a confidentiality obligation; or (d) is required to be disclosed by law or valid legal process, provided that the receiving party gives the disclosing party prompt notice (where legally permitted) and an opportunity to seek a protective order.

Each party will protect the other's Confidential Information with at least the degree of care it uses to protect its own confidential information, and in no event less than a commercially reasonable standard of care.

12. Disclaimers of warranties

The Site, any Scan, and any Scan Report are provided “as is” and “as available” without warranty of any kind, express or implied. To the maximum extent permitted by applicable law, RiskMeter disclaims all warranties, including the implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and any warranty arising out of course of dealing or usage of trade.

A Scan reflects the state of an Authorized Asset at a single point in time, using a defined set of techniques and signatures. A Scan is not a guarantee that an Authorized Asset is secure, free of vulnerabilities, or compliant with any specific regulatory regime. The absence of a finding in a Scan Report does not constitute a representation that no vulnerability exists.

Nothing in these Terms excludes or limits any warranty or liability that cannot be excluded or limited under applicable law (for example, certain consumer protections in some jurisdictions).

13. Limitation of liability

To the maximum extent permitted by applicable law:

• RiskMeter and its personnel will not be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages, or for any loss of profits, revenue, data, goodwill, business opportunity, or anticipated savings, arising out of or related to the Site, any Scan, any Scan Report, or these Terms — even if RiskMeter has been advised of the possibility of such damages.
• RiskMeter's total aggregate liability arising out of or related to these Terms, the Site, any Scan, or any Scan Report shall not exceed the greater of (a) one hundred U.S. dollars (US $100) or (b) the total amount, if any, paid by you to RiskMeter in the twelve (12) months preceding the event giving rise to the claim. Because the launch Scan is provided at no cost, the practical cap during the launch period is US $100.
• The limitations in this Section apply regardless of the legal theory of liability (contract, tort, statute, strict liability, or otherwise) and survive any termination of these Terms.

14. Indemnification

You agree to defend, indemnify, and hold harmless RiskMeter, its affiliates, and their respective personnel from and against any claim, demand, loss, damage, liability, cost, or expense (including reasonable attorneys' fees) arising out of or related to:

• your breach of these Terms;
• your inaccurate, incomplete, or misleading representations about ownership of, or authority to authorize testing of, any Authorized Asset;
• any third-party claim alleging that your authorization for a Scan exceeded your actual authority (for example, a hosting provider, customer, or asset owner asserting that you were not permitted to grant the authorization); or
• your use of any Scan Report or any decision you make in reliance on it.

RiskMeter will give you prompt written notice of any claim subject to this Section, and will reasonably cooperate in the defense at your expense. You will not settle any claim that imposes liability or admits fault on RiskMeter without RiskMeter's prior written consent.

15. Term & termination

These Terms apply for as long as you use the Site or have an open application or active Scan with RiskMeter. RiskMeter may suspend or terminate your access to the Site, or any in-progress application or Scan, at any time and for any reason, including for suspected violation of these Terms. Sections that by their nature should survive termination (including Confidentiality, Intellectual Property, Disclaimers, Limitation of Liability, Indemnification, Governing Law, and Dispute Resolution) will survive.

16. Modifications to these Terms

RiskMeter may update these Terms from time to time. Material changes will be reflected by the “last updated” date at the top of this page. For substantial changes that affect your rights, we will provide additional notice (such as an email to applicants and customers affected). Your continued use of the Site after any change constitutes acceptance of the updated Terms.

17. Governing law & venue

These Terms, and any dispute arising out of or relating to them, are governed by the laws of the State of Delaware, United States, without regard to its conflict-of-law principles. The parties consent to the exclusive jurisdiction of the state and federal courts located in New Castle County, Delaware for any dispute that is not subject to the dispute-resolution process in Section 18.

The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.

18. Dispute resolution

Informal resolution. Before filing a claim formally, the parties will attempt to resolve any dispute by good- faith negotiation. The party raising the claim will send written notice to legal@riskmetercybersecurity.com describing the dispute and proposed resolution. The parties will attempt to resolve the dispute within thirty (30) days of that notice.

No class actions; jury trial waiver. To the maximum extent permitted by applicable law, the parties waive any right to bring or participate in a class, collective, or representative action, and waive any right to a trial by jury.

19. Notices

We may give you notice via the email address you provide in your application or by posting on the Site. You may give us notice by email to legal@riskmetercybersecurity.com for legal notices, or to hello@riskmetercybersecurity.com for general communications.

20. Assignment

You may not assign or transfer these Terms or any rights or obligations under them without RiskMeter's prior written consent. RiskMeter may assign these Terms in connection with a merger, acquisition, sale of substantially all of its assets, or similar corporate transaction, on notice to you. Any attempted assignment in violation of this Section is void.

21. Force majeure

RiskMeter is not liable for any delay or failure to perform caused by circumstances beyond its reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, government action, labor disputes, internet outages, denial-of-service attacks against shared infrastructure, or failures of essential third-party services.

22. Entire agreement, severability & waiver

These Terms (together with the documents they incorporate by reference) constitute the entire agreement between you and RiskMeter regarding the Site and any Scan, and supersede any prior agreements between us on the subject. If any provision is held to be unenforceable, the remaining provisions will remain in full force and effect, and the unenforceable provision will be modified only to the minimum extent necessary to make it enforceable. No waiver of any term will be deemed a further or continuing waiver of that term or any other term.

23. Contact

Legal notices and questions about these Terms: legal@riskmetercybersecurity.com. See additional contact options in our Privacy Policy.