Terms of Service

You must be at least 18 years of age and legally authorised to bind the entity you represent. Accounts must be registered with accurate organisational information. Each set of credentials is for a single Authorised User; sharing credentials is prohibited. You are responsible for all activity that occurs under your account and must notify us immediately at security@alastorinfosec.com if you suspect unauthorised access. We reserve the right to suspend accounts pending investigation of a suspected security incident.

Subject to your compliance with this Agreement and timely payment of applicable fees, Alastor grants you a limited, non-exclusive, non-transferable, non-sublicensable licence to access and use the Services solely for your internal security operations during the Subscription Term.

This licence does not include the right to: (a) copy, modify, or create derivative works of the Services or underlying software; (b) reverse-engineer, decompile, or disassemble the Services; (c) remove or alter any proprietary notices; (d) resell, sublicense, or otherwise commercialise access to the Services; or (e) use the Services to build a competing product or benchmark against a competitor without our prior written consent.

You agree not to use the Services to:

• Conduct or facilitate unauthorised intrusions, scanning, or attacks against any system not explicitly within your authorised engagement scope.
• Upload malware, ransomware payloads, or any code designed to cause harm.
• Circumvent authentication, access controls, or rate-limiting mechanisms of the Services.
• Harvest or scrape data beyond what is necessary for your authorised use case.
• Violate any applicable law, regulation, or industry standard (including PCI DSS, ISO 27001, SOC 2, or CERT-In requirements).
• Disclose Alastor's proprietary vulnerability research, assessment methodologies, or tool signatures without prior written authorisation.

Alastor reserves the right to suspend or terminate access, without prior notice, if it reasonably determines that your use poses a security risk to the Services, to other customers, or to third parties.

You are responsible for maintaining the security of your access credentials and your organisational environment. Specifically, you agree to:

• Enforce multi-factor authentication for all Authorised User accounts where technically supported.
• Restrict access on a least-privilege basis and promptly revoke access for departed personnel.
• Ensure that Customer Data submitted to the Services does not include data for which you lack the necessary rights or authorisations.
• Notify Alastor within 48 hours of discovering any breach or suspected compromise of credentials used to access the Services.
• Comply with all applicable data protection laws governing the transfer of personal data to Alastor's infrastructure.

As between the parties, Customer retains all ownership and rights in Customer Data. You grant Alastor a limited, non-exclusive licence to process Customer Data solely to provide and improve the Services. Alastor will not sell, rent, or share Customer Data with third parties except as required to deliver the Services or as required by law.

Alastor's collection and use of personal data is governed by the Privacy Policy incorporated herein by reference. Where Alastor processes personal data on Customer's behalf, the parties agree to execute a Data Processing Agreement upon request.

Each party agrees to hold the other's Confidential Information in strict confidence and to use it solely to exercise rights or fulfil obligations under this Agreement. Neither party shall disclose Confidential Information to any third party without prior written consent, except to employees, contractors, or advisors who have a need to know and are bound by confidentiality obligations at least as protective as those herein.

Security assessment findings, vulnerability details, and engagement reports constitute the Confidential Information of Customer. Alastor will treat all such information with security controls commensurate with its sensitivity. These obligations survive termination of this Agreement for a period of five (5) years.

Alastor and its licensors own all right, title, and interest in the Services, including all underlying software, methodologies, vulnerability databases, analytics models, and documentation. Nothing in this Agreement transfers any ownership of Alastor's Intellectual Property Rights to you. All feedback you provide regarding the Services may be freely used by Alastor without obligation or restriction.

Alastor warrants that the Services will perform materially in accordance with the applicable documentation during the Subscription Term. Alastor will use commercially reasonable efforts to maintain 99.5% uptime for the platform, excluding scheduled maintenance.

EXCEPT AS EXPRESSLY SET OUT ABOVE, THE SERVICES ARE PROVIDED "AS IS". TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ALASTOR DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. ALASTOR DOES NOT WARRANT THAT THE SERVICES WILL DETECT ALL SECURITY VULNERABILITIES OR THAT FINDINGS WILL BE FREE FROM ERROR.

Security assessments and automated scans are point-in-time analyses. Customers are solely responsible for remediation decisions and for any actions taken based on findings generated by the Services.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITY, OR GOODWILL) ARISING OUT OF OR RELATED TO THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

ALASTOR'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY CUSTOMER IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM. THE FOREGOING LIMITATIONS SHALL NOT APPLY TO LIABILITY ARISING FROM FRAUD, WILFUL MISCONDUCT, DEATH OR PERSONAL INJURY, OR AS PROHIBITED BY APPLICABLE LAW.

Customer agrees to indemnify, defend, and hold harmless Alastor and its officers, directors, employees, and agents from and against any claims, liabilities, damages, or expenses (including reasonable legal fees) arising out of: (a) Customer's use of the Services in violation of this Agreement; (b) Customer Data infringing any third-party rights; or (c) Customer's breach of applicable law.

Alastor agrees to indemnify Customer against third-party claims alleging that the Services, as provided and used in accordance with this Agreement, infringe any third-party Intellectual Property Right.

This Agreement commences on the date you first access the Services and continues for the Subscription Term specified in the applicable Order Form, automatically renewing for successive equal periods unless either party provides thirty (30) days' written notice of non-renewal.

Either party may terminate this Agreement immediately for cause if the other party: (a) materially breaches this Agreement and fails to cure within fourteen (14) days of written notice; or (b) becomes insolvent, is dissolved, or makes an assignment for the benefit of creditors.

Upon termination, your licence to use the Services immediately revokes. Alastor will make Customer Data available for export for thirty (30) days following termination, after which it will be securely deleted in accordance with Alastor's data retention policy.

This Agreement is governed by and construed in accordance with the laws of India, without regard to its conflict of law principles. Any dispute arising out of or in connection with this Agreement that cannot be resolved by good-faith negotiation within thirty (30) days shall be referred to binding arbitration in Bengaluru, Karnataka, under the Arbitration and Conciliation Act, 1996. The arbitration shall be conducted in English by a sole arbitrator mutually agreed by the parties. The award shall be final and binding.

Notwithstanding the foregoing, either party may seek interim injunctive or equitable relief from a competent court of jurisdiction.

Alastor may update these Terms from time to time. Material changes will be communicated by email or in-product notice at least fourteen (14) days before the effective date. Continued use of the Services after the effective date constitutes acceptance of the revised Terms. If you object to any modification, you may terminate this Agreement by providing written notice before the revised Terms take effect.