Terms of Service

2.1 Eligibility

The Service is available to individuals who are at least 18 years old and to organizations that are legally formed and in good standing. By creating an Account, you represent that you meet these requirements.

2.2 Account Creation

You must provide a valid email address to create an Account. Authentication is performed via magic-link email. You are responsible for maintaining access to the email address associated with your Account.

2.3 Account Security

You are responsible for all activity that occurs under your Account. You must notify VibeSec immediately at [email protected] if you believe your Account has been compromised.

2.4 Accurate Information

You agree to provide accurate, current, and complete information during registration and to keep your Account information up to date.

2.5 One Account Per Person

Each individual may maintain only one Account. Creating multiple Accounts to circumvent usage limits, access free-tier limits multiple times, or for any other purpose is prohibited.

3.1 Verification Required

Before VibeSec will perform any Scan on a Domain, you must complete VibeSec's domain verification process by adding a specific DNS TXT record to the Domain's DNS configuration. This verification confirms that you have administrative control over the Domain.

3.2 Authorization Representation

By adding a Domain to your Account and completing verification, you represent and warrant that:

• You are the owner of the Domain, or you have explicit, current, written authorization from the Domain owner to conduct security assessments on the Domain;
• Your authorization to test the Domain has not expired, been revoked, or been limited in a way that would prohibit the types of assessments performed by the Service;
• Scanning the Domain will not violate any law, regulation, contract, or third-party right.

3.3 No Scanning Without Verification

VibeSec will not initiate any Scan against a Domain that has not been verified. If verification is removed or becomes invalid (e.g., DNS TXT record is deleted), VibeSec may suspend scanning for that Domain until verification is restored.

3.4 Re-Verification

VibeSec reserves the right to periodically re-verify domain ownership. If re-verification fails, scanning for the affected Domain may be suspended.

3.5 Your Responsibility

You are solely responsible for ensuring that you have proper authorization to scan each Domain. VibeSec's domain verification process is a technical confirmation of DNS control and does not constitute legal verification of your authorization to conduct security testing.

4.1 Free Tier

VibeSec offers a limited free assessment (header-only scan with limited findings shown) that does not require a paid Subscription. The free tier is subject to these Terms, including all usage restrictions and disclaimers.

4.2 Pro Subscription

The Pro Subscription is currently priced at $199 per month and provides access to the full 4-phase automated security assessment for one Domain.

4.3 Additional Domain Add-On

Additional Domains may be added to a Pro Subscription at $99 per month per additional Domain.

4.4 Custom Pentest

Custom penetration testing engagements are priced individually and governed by a separate Statement of Work.

4.5 Pricing Changes

VibeSec reserves the right to change pricing with at least thirty (30) days' written notice to the email address on your Account. Price changes take effect at the start of the next billing cycle following the notice period. If you do not agree to a price change, you may cancel your Subscription before the new price takes effect.

4.6 Payment Processing

All payments are processed by Stripe, Inc. VibeSec does not store your full credit card number or payment credentials. Your use of Stripe is subject to Stripe's terms of service.

4.7 Billing Cycle

Subscriptions are billed monthly on the date you first subscribe. Each billing cycle runs from that date to the same date in the following month.

4.8 Auto-Renewal

Your Subscription automatically renews at the end of each billing cycle unless you cancel before the renewal date. By subscribing, you authorize VibeSec to charge your payment method on file for each renewal period.

4.9 Failed Payments

If a payment fails, VibeSec may retry the charge and/or suspend your access to paid features until payment is successfully processed. VibeSec will notify you by email of any failed payment.

4.10 Taxes

All prices are in U.S. Dollars (USD) and do not include applicable sales tax, VAT, or other government-imposed fees, which are your responsibility.

4.11 Cancellation

You may cancel your Subscription at any time from your Dashboard. Cancellation takes effect at the end of the current billing period. You retain access to paid features through the end of the period you have already paid for. No partial refunds are issued for unused portions of a billing period.

4.12 Refund Policy

Due to the nature of the Service, Subscriptions are generally non-refundable after use. If you believe you are entitled to a refund due to a Service defect or billing error, contact [email protected] within seven (7) days.

5.1 Permitted Use

You may use the Service to:

• Run automated security assessments on your Verified Domains;
• View and manage assessment results in the Dashboard;
• Export and download Assessment Reports in PDF format;
• Share Assessment Reports with members of your organization, auditors, consultants, and other parties for internal business purposes.

5.2 Fair-Use Scan Limits

"Unlimited scans" under the Pro Subscription means no per-scan fee and no hard monthly cap. However, to maintain service quality for all customers, the following fair-use limits apply:

• Concurrent Scans: Maximum of three (3) Scans running simultaneously per Account;
• Daily Scans: Maximum of ten (10) Scans initiated per day per Account;
• Scan Duration: Individual Scans typically take 2–4 hours. VibeSec reserves the right to terminate Scans that exceed 12 hours;
• Reasonable Use: Usage must be consistent with individual organizational security testing needs. Patterns indicating abuse, resale of scan capacity, or automated bulk scanning beyond normal organizational use may result in throttling or suspension.

5.3 Acceptable Use Policy

You agree NOT to:

• Use the Service to scan any Domain that you do not own or for which you do not have explicit, current authorization to test;
• Attempt to scan Domains that have not completed VibeSec's domain verification process;
• Use the Service to conduct denial-of-service attacks, exploit vulnerabilities on live systems, or cause intentional harm to any system;
• Resell, redistribute, or provide access to the Service to third parties, or use the Service to provide security assessment services to third parties without VibeSec's written consent;
• Attempt to reverse-engineer, decompile, or extract the underlying assessment methodologies, agent definitions, or scanning techniques from the Service;
• Interfere with or disrupt the Service, its infrastructure, or other customers' use of the Service;
• Use the Service for any illegal purpose or in violation of any applicable law or regulation, including the Computer Fraud and Abuse Act (18 U.S.C. 1030) or equivalent laws;
• Create multiple Accounts to circumvent free-tier limits, fair-use limits, or any other restriction;
• Transmit malicious code, viruses, or other harmful technology through the Service;
• Use the Service in a manner that could create liability for VibeSec or impair the Service for other users.

5.4 Scanning Acknowledgment

You acknowledge that:

• Automated security scanning may cause minor disruption to the scanned Domain, including triggering web application firewalls (WAFs), intrusion detection systems (IDS), rate limiters, or security alerts;
• You are solely responsible for notifying relevant parties (e.g., hosting providers, IT teams, WAF administrators) that authorized security testing is being conducted;
• VibeSec is not liable for any disruption, downtime, or alerts caused by Scans that you initiate on your Verified Domains.

6.1 VibeSec Platform Ownership

VibeSec retains all right, title, and interest in the Service, including the platform, assessment agents, scanning infrastructure, methodologies, report templates, scoring algorithms, and all related intellectual property.

6.2 Customer Data Ownership

You retain ownership of the factual scan data contained in your Assessment Reports (vulnerability findings, security scores, and descriptions of your infrastructure's security posture). VibeSec does not claim ownership of the facts about your Domain's security.

6.3 Report Use

You may use, copy, and share your Assessment Reports for internal business purposes, including sharing with auditors, consultants, management, insurers, and regulators. You may NOT:

• Resell Assessment Reports or use them as deliverables in a competing security assessment service;
• Remove VibeSec branding, disclaimers, or attribution from Reports;
• Represent that a VibeSec Assessment Report constitutes a professional penetration test, security audit, or compliance certification unless it was generated under a Custom Pentest SOW.

6.4 Feedback

If you provide feedback, suggestions, or improvement ideas regarding the Service, you grant VibeSec a perpetual, irrevocable, royalty-free license to use, modify, and incorporate such feedback without obligation or compensation to you.

6.5 Third-Party References

The Service and Reports may reference third-party security frameworks and identifiers, including OWASP, MITRE ATT&CK, CWE, CVE, and NIST standards. These are referenced for informational purposes and are the property of their respective owners.

7.1 As-Is Service

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VIBESEC EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO:

• THE IMPLIED WARRANTY OF MERCHANTABILITY;
• THE IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE;
• THE IMPLIED WARRANTY OF NON-INFRINGEMENT;
• ANY WARRANTY ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE USAGE.

7.2 No Warranty of Detection

VIBESEC DOES NOT WARRANT THAT THE SERVICE WILL DETECT ALL VULNERABILITIES, SECURITY DEFECTS, MISCONFIGURATIONS, OR WEAKNESSES IN ANY DOMAIN OR APPLICATION. THE SERVICE IS AN AUTOMATED SECURITY ASSESSMENT AID, NOT A COMPREHENSIVE SECURITY ASSESSMENT, PENETRATION TEST, OR SECURITY AUDIT. NO AUTOMATED TOOL, INCLUDING AI-ASSISTED TOOLS, CAN DETECT ALL VULNERABILITIES. A PASSING SCORE, LOW-SEVERITY RESULT, OR "NO CRITICAL FINDINGS" REPORT FROM THE SERVICE DOES NOT MEAN YOUR DOMAIN OR APPLICATION IS SECURE.

7.3 No Warranty of Accuracy

VIBESEC DOES NOT WARRANT THAT ASSESSMENT RESULTS, SECURITY SCORES, VULNERABILITY CLASSIFICATIONS, SEVERITY RATINGS, OR REMEDIATION GUIDANCE GENERATED BY THE SERVICE WILL BE ACCURATE, COMPLETE, CURRENT, OR RELIABLE. THE SERVICE USES AI-POWERED ASSESSMENT AGENTS THAT MAY PRODUCE INCORRECT, INCOMPLETE, OR MISLEADING RESULTS. ALL FINDINGS SHOULD BE VERIFIED BY QUALIFIED SECURITY PROFESSIONALS BEFORE BEING ACTED UPON.

7.4 No Warranty of Availability

VIBESEC DOES NOT WARRANT THAT THE SERVICE WILL BE AVAILABLE WITHOUT INTERRUPTION, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS. THE SERVICE MAY EXPERIENCE DOWNTIME FOR MAINTENANCE, UPDATES, OR DUE TO FACTORS OUTSIDE VIBESEC'S CONTROL.

7.5 Not a Professional Engagement

USE OF THE SERVICE DOES NOT CREATE A PROFESSIONAL-CLIENT RELATIONSHIP, AUDITOR-CLIENT RELATIONSHIP, OR CONSULTING ENGAGEMENT BETWEEN YOU AND VIBESEC. VIBESEC IS NOT YOUR SECURITY CONSULTANT, ADVISOR, OR AUDITOR BY VIRTUE OF YOUR SUBSCRIPTION. THE SERVICE PROVIDES AUTOMATED, INFORMATIONAL SECURITY ASSESSMENTS ONLY.

7.6 AI Disclaimer

THE SERVICE USES ARTIFICIAL INTELLIGENCE AGENTS TO PERFORM ASSESSMENTS. AI-GENERATED FINDINGS, SCORES, AND REMEDIATION RECOMMENDATIONS REFLECT AUTOMATED ANALYSIS AND MAY NOT ACCOUNT FOR ALL FACTORS RELEVANT TO YOUR SECURITY POSTURE. AI TECHNOLOGY HAS INHERENT LIMITATIONS INCLUDING BUT NOT LIMITED TO HALLUCINATION, PATTERN MISIDENTIFICATION, AND INABILITY TO UNDERSTAND FULL BUSINESS CONTEXT.

7.7 Jurisdictional Limitations

Some jurisdictions do not allow the exclusion of implied warranties. In such jurisdictions, the above exclusions apply to the maximum extent permitted by applicable law.

8.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL VIBESEC, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

• DAMAGES FOR LOSS OF PROFITS, REVENUE, OR BUSINESS OPPORTUNITY;
• DAMAGES FOR LOSS OF DATA OR DATA BREACHES;
• DAMAGES FOR BUSINESS INTERRUPTION OR DOWNTIME;
• DAMAGES FOR SECURITY BREACHES, UNAUTHORIZED ACCESS, OR CYBERATTACKS THAT OCCUR DESPITE, OR ARE NOT IDENTIFIED BY, THE SERVICE;
• DAMAGES FOR REGULATORY FINES, PENALTIES, OR COMPLIANCE COSTS;
• COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
• DAMAGES FOR LOSS OF GOODWILL OR REPUTATION;
• THIRD-PARTY CLAIMS ARISING FROM YOUR USE OF THE SERVICE OR RELIANCE ON ASSESSMENT REPORTS;

ARISING OUT OF OR RELATED TO THE USE OF, INABILITY TO USE, OR RELIANCE UPON THE SERVICE OR ANY ASSESSMENT REPORT, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY (WHETHER IN CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE, OR OTHERWISE), EVEN IF VIBESEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.2 Aggregate Liability Cap

VIBESEC'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY YOU TO VIBESEC IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

8.3 Essential Purpose

The limitations in this Section 8 shall apply even if any limited remedy provided herein fails of its essential purpose.

8.4 Jurisdictional Limitations

Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages. In such jurisdictions, VibeSec's liability shall be limited to the maximum extent permitted by applicable law.

8.5 Basis of the Bargain

YOU ACKNOWLEDGE THAT VIBESEC HAS OFFERED THE SERVICE AND ENTERED INTO THESE TERMS IN RELIANCE UPON THE WARRANTY DISCLAIMERS AND LIMITATIONS OF LIABILITY SET FORTH HEREIN. THESE DISCLAIMERS AND LIMITATIONS REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN THE PARTIES AND FORM AN ESSENTIAL BASIS OF THE BARGAIN. VIBESEC WOULD NOT BE ABLE TO OFFER THE SERVICE AT THE CURRENT PRICE WITHOUT THESE LIMITATIONS.

9.1 Your Indemnification Obligation

You agree to defend, indemnify, and hold harmless VibeSec, its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Your use of the Service in violation of these Terms;
• Your scanning of any Domain without proper authorization, ownership, or legal right;
• Your violation of any applicable law, regulation, or third-party right in connection with your use of the Service;
• Any claim by a third party (including the actual owner of a Domain) arising from Scans you initiated through the Service;
• Your failure to maintain accurate domain verification or authorization;
• Your sharing of Assessment Reports in a manner that causes harm to a third party;
• Any claim that your use of the Service constituted unauthorized access to a computer system under the CFAA or equivalent law, where such claim arises from your failure to have proper authorization.

9.2 VibeSec Indemnification Obligation

VibeSec will defend, indemnify, and hold harmless you from and against any third-party claim that the Service itself (excluding your scan data and domain configurations) infringes or misappropriates a valid United States patent, copyright, or trade secret, provided that you give VibeSec prompt notice, reasonable cooperation, and sole control of the defense. If the Service becomes subject to an infringement claim, VibeSec may, at its option: (a) modify the Service to be non-infringing, (b) obtain a license for your continued use, or (c) terminate your Subscription and refund prepaid fees for the unused portion.

9.3 Indemnification Procedure

The party seeking indemnification must provide prompt written notice of any claim, cooperate with the indemnifying party's defense, and not settle any claim without the indemnifying party's prior written consent if the settlement imposes obligations on the indemnifying party.

10.1 Scan Data Retention

Assessment results and scan history are retained for sixty (60) days from the date of each Scan. After 60 days, scan data is automatically deleted from VibeSec's systems.

10.2 Account Data

Your Account data (email address, domain list, subscription status, and user settings) is retained for as long as your Account is active and for thirty (30) days after Account deletion.

10.3 Billing Data

Payment and billing records are maintained by Stripe in accordance with Stripe's data retention policies and applicable tax and financial reporting requirements.

10.4 Data Deletion on Cancellation

When you cancel your Subscription:

• You retain access to the Service through the end of your current billing period;
• After your Subscription expires, your Account enters a "read-only" state for thirty (30) days, during which you may view and export existing Reports;
• After the 30-day read-only period, your scan data is deleted in accordance with our standard 60-day retention schedule (i.e., scan data expires 60 days from the date of each Scan, not from cancellation);
• You may request immediate deletion of all your data at any time by contacting [email protected].

10.5 Data Export

You may export your Assessment Reports in PDF format from the Dashboard at any time while your Account is active or during the post-cancellation read-only period.

10.6 Deletion Requests

You may request deletion of your Account and all associated data by contacting [email protected]. VibeSec will process deletion requests within thirty (30) days. Some data may be retained as required by law (e.g., financial records for tax compliance).

11.1 No SLA

VibeSec does not guarantee any specific level of uptime, availability, or performance. While VibeSec will use commercially reasonable efforts to maintain the Service, scheduled and unscheduled downtime may occur.

11.2 Service Modifications

VibeSec may modify, update, or discontinue features of the Service at any time. Material changes that significantly reduce the functionality available under your Subscription tier will be communicated via email at least thirty (30) days in advance. If you do not agree with a material change, your remedy is to cancel your Subscription.

11.3 Maintenance

VibeSec may perform scheduled maintenance that temporarily limits or disrupts the Service. VibeSec will provide reasonable advance notice of planned maintenance when possible.

12.1 Termination by You

You may cancel your Subscription and close your Account at any time from your Dashboard or by contacting [email protected].

12.2 Termination by VibeSec

VibeSec may suspend or terminate your Account and access to the Service immediately and without prior notice if:

• You breach any provision of these Terms, including the Acceptable Use Policy (Section 5.3);
• You scan Domains without proper authorization;
• VibeSec receives a credible report that you are using the Service to scan Domains you do not own or control;
• Your payment method fails and you do not resolve the issue within ten (10) days of notice;
• VibeSec is required to do so by law, regulation, or court order;
• VibeSec determines, in its reasonable discretion, that your use of the Service poses a risk to VibeSec, other customers, or third parties.

12.3 Effect of Termination

Upon termination:

• Your access to the Service and Dashboard ceases;
• Any pending Scans are cancelled;
• Your data is handled in accordance with Section 10;
• Sections 6.1 (VibeSec IP), 7 (Disclaimer of Warranties), 8 (Limitation of Liability), 9 (Indemnification), 10 (Data Retention and Deletion), 14 (Governing Law), and 15 (General Provisions) survive termination.

12.4 No Refund for Cause

If VibeSec terminates your Account for breach of these Terms, no refund is issued for any remaining prepaid Subscription period.

13.1 Sanctions Compliance

By using the Service, you represent and warrant that:

• You are not located in, under the control of, or a national or resident of any country subject to United States economic sanctions, including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine;
• You are not on any United States government restricted party list, including the SDN list (OFAC), the Entity List (BIS), or any similar list;
• You will not use the Service in violation of any applicable export control laws or regulations.

13.2 VibeSec's Rights

VibeSec reserves the right to refuse service, suspend Accounts, or terminate Subscriptions if VibeSec determines that providing the Service would violate applicable export control or sanctions laws.

14.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of laws principles.

14.2 Dispute Resolution — Binding Arbitration

Any dispute, claim, or controversy arising out of or relating to these Terms or the Service shall be resolved through final and binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

14.3 Class Action Waiver

YOU AND VIBESEC AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT PRESIDE OVER ANY FORM OF CLASS OR REPRESENTATIVE PROCEEDING.

14.4 Exceptions

Either party may seek injunctive or equitable relief in any court of competent jurisdiction to prevent infringement or violation of intellectual property rights.

14.5 Small Claims

Either party may bring an individual action in small claims court for disputes within the court's jurisdictional limits.

15.1 Entire Agreement

These Terms, together with the Privacy Policy and any applicable SOW for Custom Pentest engagements, constitute the entire agreement between you and VibeSec regarding the Service.

15.2 Modification

VibeSec may update these Terms at any time by posting revised Terms at vibesecadvisory.com/terms with a new "Last Updated" date. Material changes will be communicated via email at least thirty (30) days before taking effect. Your continued use of the Service after the effective date of any modification constitutes acceptance of the modified Terms.

15.3 Severability

If any provision of these Terms is held invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, shall be severed. The remaining provisions continue in full force and effect.

15.4 Waiver

The failure of VibeSec to enforce any provision of these Terms shall not constitute a waiver of that provision. A waiver is effective only if in writing and signed by VibeSec.

15.5 Assignment

You may not assign or transfer these Terms or your Account without VibeSec's prior written consent. VibeSec may assign these Terms in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets.

15.6 Force Majeure

VibeSec shall not be liable for any delay or failure to perform resulting from causes outside its reasonable control, including acts of God, natural disasters, pandemic, war, terrorism, labor disputes, government actions, internet or infrastructure failures, or third-party service outages.

15.7 Notices

Notices to VibeSec must be sent to [email protected]. Notices to you will be sent to the email address on your Account. Email notices are deemed received upon transmission.

15.8 Headings

Section headings are for convenience only and do not affect the interpretation of these Terms.

15.9 No Third-Party Beneficiaries

These Terms are between you and VibeSec only. No third party has any rights under these Terms.

15.10 Survival

Sections 5.3 (Acceptable Use), 6 (IP), 7 (Disclaimers), 8 (Limitation of Liability), 9 (Indemnification), 10 (Data Retention), 13 (Export), 14 (Governing Law), and this Section 15 survive termination.