Terms of Service

Last Updated: January 2025

This Agreement governs your access to and use of the Threatrix Service (hereinafter referred to as "the Services"). By accessing or using the Services, you agree to comply with and be bound by the terms outlined in this Agreement. If you register for a free trial, evaluation, or use any free Services provided by Threatrix, the applicable provisions of this Agreement will also govern your access to and use of such Services.

Acceptance of Terms

You agree to the terms of this Agreement by accessing any part of the platform or by using the Services. We periodically update the terms of this Agreement. If you have an active Threatrix account, we will notify you of updates via email or a notification on the Threatrix platform. Unless stated otherwise in the notice, the updated terms will become effective and binding on the next business day after they are posted.

“You” refers to the person accepting these Terms of Service, either on behalf of an entity or individually. You accept these terms on behalf of your employer or another entity, you represent and warrant that you have full legal authority to bind your employer or such entity to these Terms of Service. If you do not have such authority, are under 18 years of age, or do not agree to the terms set forth in this Agreement, you must not use the Services or platform. By continuing to use the Platform, you consent to any changes. You should not use the Platform if you do not agree to the new or different terms.

“Threatrix," "we," "us," or “our” refers to the applicable Threatrix contracting entity as specified in the ‘Threatrix Entity and Law and Jurisdiction’ section below.

Prohibited Use by Competitors

Direct competitors of Threatrix are prohibited from accessing or using the Services. Additionally, the Services may not be accessed for purposes of monitoring their availability, performance, or functionality, or for any other benchmarking or competitive purposes.

Effective Date

This Agreement is effective as of the date on which you accept it, either by executing an Order Form or by utilizing the Services.

1. Definitions

In addition to the terms defined herein, the following terms shall be defined as follows:

Added Option

Any optional product, service, feature, or functionality which Threatrix makes available to you is subject to the agreement of additional terms.

Confidential Information

all non-public information disclosed by a party to the other party after the date of this agreement, including but not limited to any information that would be regarded as confidential;

Developer

any individual, whether an employee, agent, or independent contractor, who is actively involved or has previously been involved in the development of the Protected Asset, including but not limited to activities such as modifying, programming, and testing, with contributions evaluated over a continuous sixty (60) day period;

Documentation

the materials or documents is provided by Threatrix online at https://docs.threatrix.io/ or any other web address as notified by Threatrix from time to time, which outlines the description of the Services and the user instructions for using the Services;

Intellectual Property

Rights

patents, invention rights, copyrights and related rights, trademarks, business names and domain names, trade dress, goodwill, and the right to sue for passing off or unfair competition; design rights; rights in computer software and databases; rights to use and protect the confidentiality of confidential information (including know-how and trade secrets); and all other intellectual property rights;

Issue

any security misconfiguration, vulnerability, or other issue identified by the Services that could negatively impact the integrity, security, or functionality of any Protected Asset;

Order Form

the process of ordering online, which outlines the Services to be delivered under this Agreement, is established between you and Threatrix, along with your Subscription Allocation;

Personal Data

any data that pertains to a specific or identifiable individual or person;

Protected Asset

any configuration files, container images, software code, or other elements related to your software projects, all of which you use with the Services during the term of this Agreement;

Quote

A formal document provided by Threatrix outlining the specific Services, Service Data, Documentation, pricing, and terms of subscription being offered to you. The Quote serves as a binding offer upon acceptance and is incorporated into this Agreement by reference, detailing the agreed-upon financial and service-related terms between you and Threatrix

Service Data

data and information made available by Threatrix to you in connection with the Services;

Services

The Software and services offered by Threatrix to you under this Agreement, as further detailed in the Order Form, or Quote, and Documentation;

Software

the software applications delivered by Threatrix as part of the Services;

Subscription Allocation

the usage limitations of the Services included in your subscription (or, if applicable, your free plan), as specified in an Order Form, and Quote including any restrictions on the number of Developers contributing to the Protected Asset;

Virus

Any device or thing (including any code, software, file, or program) that may impair, prevent, or otherwise negatively affect the operation of any hardware, computer software, or network, any telecommunications equipment, service, or network, or any other service or device; impair, prevent, or otherwise negatively affect access to or the operation of any data or program, including the reliability of any data or program (whether by altering, rearranging, or erasing the data or program in whole or in part); or negatively affect the user experience, including viruses, worms, Trojan horses, and other similar devices or things;

Your Data

The data entered by you, or by Threatrix on your behalf, to facilitate your use of the Services or for the purpose of utilizing the Services.

Provision of Services

  1. Subject to your compliance with the terms of this Agreement, we will provide you with access to the Documentation, Service Data, and the Services during the Term. This access is solely for your internal business operations and must be in accordance with your Subscription Allocation.
  2. Term solely in accordance with your Subscription Allocation for your internal business operations.
  3. This Agreement shall remain in effect for the initial period stated on the Order Form or Quote and will then automatically renew for additional twelve (12) month periods unless terminated by either you or us with notice of termination given before the end of the Term (all such periods collectively referred to as the “Term”). For free plan users, “the Term” begins upon your acceptance of these Terms of Service and ends when either party terminates this Agreement as detailed in the Termination section below.
  4. This Agreement will also govern any new services, functionalities or features, that we may introduce from time to time. However, if these are classified as Added Options, they may be subject to additional terms that you agree to and additional fees that you are required to pay before you will have access and be permitted to use.
  5. The Schedule below outlines the Service-Specific Terms, which emphasize key aspects of using particular features and functions of certain individual Services. If your Order Form or Quote includes any of those Services in your subscription, the corresponding additional Service-Specific Terms are incorporated into these Terms of Service and apply to your use of, and our provision of, those Services.

3. Your Order and Subscription Allocation

For those with a paid subscription, your Order Form or Quote specifies the number of Developer subscriptions or licenses you have agreed to purchase. You must ensure that the number of Developers does not exceed your Subscription Allocation. Additional Developer subscriptions can be purchased in increments of 10 by either notifying us or using the self-service function in your account, along with payment of the associated fees. We reserve the right to track the number of Developers to ensure compliance with the Subscription Allocation and to invoice you for any additional fees incurred.

4. Payment

  1. By choosing a paid subscription plan, you agree to pay the fees in accordance with the applicable pricing plan within 30 days of receipt by you of the applicable invoice and quote.
  2. Depending on the pricing plan you select, our third-party payment processor is authorized to charge your payment card for the applicable fees in advance, either on the date you subscribe to a paid plan and subsequently each month or on the anniversary of your subscription, until either party terminates the agreement. The fees are non-cancellable and non-refundable, except as explicitly stated otherwise in these Terms of Service.
  3. You will pay fees in full, without any set-off, counterclaim, deduction, or withholding of any kind, except where required by law. If any deduction or withholding is legally required, you must pay an additional amount so that we receive the same total amount we would have received if no deduction or withholding had been necessary.
  4. If you upgrade to a higher tier of a paid plan, the change will take effect immediately, and you will be charged for the additional fees associated with the new plan on a pro-rata basis. Conversely, if you downgrade to a lower tier of a paid plan, the fee change will take effect in the next billing cycle. You acknowledge that no refund will be provided for the current billing cycle if you downgrade to a lower tier of a paid plan or switch to a non-payment subscription plan.
  5. We reserve the right to withhold the provision of Services until the full and cleared payment of the relevant fee has been received.
  6. We reserve the right to modify our fees or payment plans at any time. If you do not agree to the change, you must request the deletion of your account by emailing Threatrix Support and cease using the Services within 30 days of the effective date of the new fee or payment plan. In such a case, this Agreement will be considered terminated by you, and you will only be charged based on the previous fee or payment plan for the period prior to termination. If you continue to use the Services after the new fee or payment plan becomes effective, you will be deemed to have accepted the change, and your next bill will reflect the new fees on a pro-rata basis.

5. Your Use of the Services

  1. You agree not to access, store, distribute, or transmit any Viruses, or any material during your use of the Services, Platform, Service Data, or Documentation that infringes any other person's Intellectual Property Rights and/or advocates, promotes, or assists any unlawful act or illegal activity. Threatrix reserves the right, without liability or prejudice to its other rights against you, to disable access to any material that breaches this clause.
  2. You shall prevent unauthorized access to or use of the Services, Service Data, and Documentation, and notify us immediately in case of a breach. You are responsible for all use of our Services with your account details, including user passwords for each Authorized User, and must protect these details from unauthorized use. You are also responsible for the security of any computer, laptop, phone or all such devices used to access your account and must keep your Threatrix account credentials confidential. You will maintain an up-to-date written list of current Developers and users, and provide it or source control logs to us within 5 business days upon request. You must ensure that all use of the Services, Service Data, Platform, and Documentation complies with this Agreement (including the Acceptable Use Policy) and all applicable laws. You are liable for any breach of this Agreement by anyone using your Threatrix account credentials.
  3. Except as expressly permitted under this Agreement, you may not: (i) copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute any part of the Software, Service Data, Platform, or Documentation; (ii) reverse compile, disassemble, reverse engineer, or otherwise reduce the Software to a human-readable form; (iii) use the Services, Service Data, Platform, or Documentation to provide services to third parties; (iv) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or commercially exploit the Services, Service Data, Platform, or Documentation, or make them available to any third party; (v) access the Services to build a competing product or service; or (vi) access, interfere with, manipulate, damage, or disrupt any part of the Services or any third-party equipment or network, or assist others in doing so.

6. Your Data and Privacy

You may need to create an account in order to use the Platform (an "Account"). The information you provide when setting up an Account must be accurate and complete. As part of opening an Account, we will need to know your name, e-mail address, and, in some cases, your country location and/or company. For the purposes of providing the Services, Threatrix collects, stores, and processes certain data concerning your users and Developers, including Personal Data. To the extent that Threatrix processes Personal Data on your behalf as a data processor while performing its obligations under this Agreement, it will adhere to the relevant data protection laws and regulations.

7. Our Responsibilities to You                                                                

Threatrix will make commercially reasonable efforts to ensure the Services substantially comply with the Documentation. However, we are not obligated to address non-conformance caused by use contrary to our instructions or modifications made by anyone other than Threatrix or its authorized contractors or agents. If the Services do not conform, our sole obligation and your sole remedy will be for us to use reasonable commercial efforts to promptly correct the non-conformance at our expense, or to provide an alternative means to achieve the desired performance.

By using the Platform and Services, you agree:

  1. Threatrix is not liable for delays, delivery failures, or any loss or damage from data transfer over communications networks, including the Internet. The Services may face limitations, delays, and other issues inherent in such networks.
  2. Threatrix does not guarantee uninterrupted or error-free use of the Services, nor that the Services or information obtained will meet your requirements.
  3. Threatrix is not obligated to modify the Software to support your use of the Services. You acknowledge that the accuracy and completeness of the Services depend on factors outside our control, such as the design, implementation, and use of the Protected Asset, erroneous dependency or Issue data, and changes to the environment in which the Protected Asset operates.
  4. Despite our efforts to update and expand our vulnerability and license database, the Services do not constitute professional advice (including legal advice) regarding the Protected Asset, and we do not guarantee that it is a complete or relevant source of all Issues for the Protected Asset or your software projects.
  5. The Services will detect and monitor all Issues related to or used by the Protected Asset or your applications containing it.
  6. We will be not be able to provide remediation for all Issues discovered through the Services.
  1. Remediations are provided for general informational purposes only and are not tailored to your specific requirements. Therefore, they should not be relied upon solely as advice.
  2. You are solely responsible for any conclusions drawn from such use.
  3. It is your responsibility to assess the impact of a recommended remediation before applying it, as we do not guarantee that the remediation will not break your code's functionality or introduce new Issues.
  1. Any operation or transaction with a third-party application or service is solely between you and the third party, not Threatrix. Threatrix recommends reviewing the third party's terms and privacy policy before use. Our provision of features for interoperation with third-party applications or services does not imply endorsement or approval.
  2. Threatrix may offer Beta Services at no charge from time to time. You may choose to try these Beta Services at your sole discretion. Beta Services are provided "AS IS," and Threatrix shall not be liable for any harm or damage arising out of or in connection with their use. Threatrix reserves the right to discontinue Beta Services at any time at its sole discretion and may never make them generally available.

8. Intellectual Property Rights

  1. All Intellectual Property Rights in the Services, Service Data, Software, Platform, and Documentation are owned by Threatrix and/or its licensors. Except as expressly stated in this Agreement, no rights to such Intellectual Property are granted to you. If you create any derivative works or developments based on Threatrix's Intellectual Property, you agree to assign all ownership rights and titles to Threatrix.
  2. Threatrix claims no Intellectual Property Rights in your applications, software, Protected Asset, or any material you transmit to Threatrix via the Platform. However, to provide the Services, you acknowledge and agree that we will inspect, use, transmit to Threatrix servers, display, and store: (i) the Protected Asset; (ii) information related to the Protected Asset, such as project name, security settings, metadata, dependency information (including open source and proprietary), Threatrix-related files, environmental information, and applicable license information (collectively, "Project Information"); (iii) Dependency Information for each dependency of the Protected Asset; and (iv) any of Your Data.
  3. Additionally, you acknowledge and agree that Threatrix may use the Project Information, Dependency Information, and any of Your Data for analytical purposes, such as determining the project's stage at deletion and to improve the Services. Threatrix may continue such use indefinitely, even after termination of this Agreement or deletion of the project on the Platform, until you provide written notice to cease such use via email at support@Threatrix.io.

9. Indemnification

9.1 Threatrix Indemnification Obligations. We will indemnify, defend, and hold you and your officers, directors, agents, and employees harmless from any damages, losses, expenses, and fines (including reasonable attorneys' fees, costs, and expenses) ("Damages") awarded by a court or paid in settlement (subject to Section 9.3) related to a third-party claim that the Platform, when used in accordance with these Terms, infringes any copyright, patent, trade secret, or other intellectual property rights. This indemnification does not cover claims based on: (i) unauthorized modifications or use of the Platform by a third party; (ii) combination of the Platform with other software or data not supplied by Threatrix; or (iii) use of any version of the Platform, not the latest available. If infringement claims arise, Threatrix may, at its option, (a) obtain the right for you to continue using the Platform, (b) modify the Platform to be non-infringing, or (c) terminate these Terms and refund any prepaid fees on a pro-rata basis. This indemnification is our entire liability and your exclusive remedy for infringement.

9.2 Your Indemnification Obligations. You agree to indemnify, defend, and hold Threatrix, along with its officers, directors, agents, and employees, harmless from any damages arising from a third-party claim that (i) Your Data, application, software, or code, when used by Threatrix in accordance with these Terms or by you via our Platform and Services, infringes or misappropriates any intellectual property or privacy rights; or (ii) results from your unauthorized use of the Platform, except where such use is expressly permitted in writing.

9.3 Indemnification Process. The party seeking indemnification ("Indemnified Party") must promptly notify the other party ("Indemnifying Party") in writing and allow the Indemnifying Party to manage the defense of the claim, with legal counsel acceptable to the Indemnified Party. The Indemnified Party must assist in the defense at the Indemnifying Party’s cost and may also choose to participate in the defense at its own expense. Any settlement or resolution of the claim requires prior written approval from both parties, which shall not be unreasonably withheld or delayed.

10. Confidentiality        

                                                                        

  1. Each party shall not disclose the other’s Confidential Information to any third party or use it for any purpose other than implementing this Agreement, unless required by law. Each party shall take all reasonable steps to ensure that their employees or agents do not disclose or distribute the other party's Confidential Information in violation of this Agreement.
  2. Both parties may receive Confidential Information from the other to fulfill their obligations under this Agreement. Confidential Information excludes information that: (i) becomes public other than through the receiving party's actions or omissions; (ii) was in the receiving party's lawful possession prior to disclosure; (iii) is disclosed lawfully by a third party without restriction; (iv) is independently developed by the receiving party, as evidenced in writing; or (v) must be disclosed by law, court order, or regulatory body. Details of the Services, Service Data, Documentation, and performance test results are considered Threatrix’s Confidential Information.
  3. Each party shall keep the other’s Confidential Information confidential and, unless required by law, shall not disclose it to any third party or use it for any purpose other than implementing this Agreement.

11. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, THREATRIX WILL NOT BE LIABLE FOR FAILING TO FIND, FIX, OR MONITOR ISSUES, ANY FALSE POSITIVES IDENTIFIED BY THE SERVICES, OR ANY DAMAGE OR LOSS RESULTING FROM RECOMMENDED REMEDIATIONS. ADDITIONALLY, THREATRIX IS NOT RESPONSIBLE FOR ANY DAMAGE CAUSED BY ERRORS OR OMISSIONS IN CONTENT, INFORMATION, SCRIPTS, OR INSTRUCTIONS YOU PROVIDE OR BY ACTIONS TAKEN AT YOUR DIRECTION. (II) NEITHER PARTY SHALL BE LIABLE, WHETHER IN CONTRACT, MISREPRESENTATION, TORT, RESTITUTION, OR OTHERWISE, FOR ANY LOSS OF PROFITS, BUSINESS, GOODWILL, OR SIMILAR LOSSES; LOSS OR CORRUPTION OF DATA OR INFORMATION; PURE ECONOMIC LOSS; OR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL LOSS, DAMAGES, COSTS, CHARGES, OR EXPENSES ARISING IN ANY WAY UNDER THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. THIS LIMITATION APPLIES TO DAMAGES ARISING FROM (A) YOUR USE OR INABILITY TO USE OUR PLATFORM; (B) COST OF PROCUREMENT OF SUBSTITUTE SERVICES RESULTING FROM ANY SERVICES PURCHASED THROUGH OR FROM OUR PLATFORM; (C) THIRD PARTY CONTENT MADE AVAILABLE TO YOU THROUGH THE PLATFORM; OR (D) ANY OTHER MATTER RELATING TO THE PLATFORM. SOME JURISDICTIONS MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF INCIDENTAL, CONSEQUENTIAL, OR OTHER TYPES OF DAMAGES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY. (III) EXCEPT FOR YOUR LIABILITY UNDER THE INDEMNIFICATION SECTION (WHICH IS NOT SUBJECT TO ANY LIMIT), THE TOTAL AGGREGATE LIABILITY OF EITHER PARTY ARISING FROM THIS AGREEMENT IS LIMITED TO THE GREATER OF USD $100 OR THE TOTAL FEES PAID BY YOU FOR THE SERVICE IN THE 12 MONTHS PRECEDING THE CLAIM. (IV) TO THE FULLEST EXTENT PERMITTED BY LAW, ALL OTHER CONDITIONS, REPRESENTATIONS, WARRANTIES, OR TERMS IMPLIED BY STATUTE OR COMMON LAW REGARDING THE SERVICES, DOCUMENTATION, SERVICE DATA, AND PLATFORM ARE EXCLUDED.

NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, NEITHER PARTY’S LIABILITY AND THE LIABILITY OF EACH OF ITS OFFICERS, DIRECTORS, INVESTORS, EMPLOYEES, AGENTS, ADVERTISERS, LICENSORS, SUPPLIERS, SERVICE PROVIDERS, AND OTHER CONTRACTORS TO THE OTHER PARTY OR ANY THIRD PARTIES UNDER ANY CIRCUMSTANCE SHALL EXCEED THE HIGHER OF (I) THE AMOUNT OF FEES ACTUALLY PAID BY YOU TO US IN CONNECTION WITH THE TWELVE (12) MONTHS PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (II) $100.

12. Termination

  1. If you do not have a paid subscription, we may suspend, limit, or terminate the Services and this Agreement at any time without notice. You may also terminate this Agreement at any time by deleting your account through the Service or by emailing support@Threatrix.io. If you have a paid subscription, either party may terminate by providing thirty (30) days' notice before the end of the current Term via email to support@Threatrix.io.
  2. Without affecting any other available rights or remedies, we may terminate this Agreement immediately by providing written notice if you commit a material or persistent breach of these terms.
  3. Upon termination of this Agreement: (i) your rights under this Agreement will immediately cease; (ii) you must pay all outstanding fees, cease using, and delete all copies of Service Data; and (iii) you must uninstall and remove from all devices, and either destroy or return to Threatrix, all software used in providing the Services.
  4. Any provision of this Agreement that is expressly stated or implied to take effect upon or continue after termination shall remain in full force and effect.

13. Waiver  

No delay or failure by either party in utilizing any right under this Agreement shall be deemed a waiver of that right.

14. Legal Notices

To contact us for technical issues or legal issues please email support@Threatrix.io.  A notice sent by email shall be deemed received at the time of transmission.

15. Severance

If any provision of this Agreement, Order Form, or Quote is found to be invalid or unenforceable, the remaining provisions will remain in effect. If a court determines that a provision is invalid or unenforceable but could be limited to make it valid or enforceable, it shall be construed, written and enforced as so limited.

16. Entire Agreement

This Agreement, the Documentation, and each Order Form or Quote constitute the entire agreement between the parties regarding the specified Services. There are no other promises or conditions in any other agreements, whether oral or written. This Agreement supersedes all prior agreements related to these Services. Any terms in a purchase order or other order documentation provided by you are void. In case of conflict, the order of precedence is: (a) the applicable Order Form or Quote, (b) this Agreement, and (c) the Documentation. Section titles and headings are for convenience only and do not affect the interpretation of this Agreement.

17. Assignment

You may not assign or transfer this Agreement or any rights or obligations without our prior written consent. However, no consent is required to assign your rights and obligations to an Affiliate or a successor through merger, reorganization, acquisition, or consolidation, provided you notify us of the assignment. Any attempted assignment in violation of this provision is null and void. No assignment will relieve the assigning party of its obligations. This Agreement is binding upon and benefits the parties and their respective successors and permitted assigns.

18. Third Party Beneficiaries

This Agreement does not confer any rights or benefits to third parties.

19. No Partnership or Joint Venture                                                

This Agreement does not establish a partnership, franchise, joint venture, agency, fiduciary, or employment relationship. Each party is solely responsible for paying its employees and all related employment taxes. This Agreement does not confer any rights or benefits to third parties.

20. Threatrix Entity and Law and Jurisdiction                             

If your physical address is in the United States or outside the United States, then: (i) you are contracting with Threatrix, Inc.; (ii) any dispute or claim arising out of or in connection with this Agreement shall be governed by and construed in accordance with the law of the state of Texas; and (iii) the state and federal courts located in Lewisville, Texas shall have exclusive jurisdiction to adjudicate any dispute arising out of or related to this Agreement.

Additional Terms for License Compliance Management

These Services allow you to create rule sets applicable to the License Information of the Protected Asset. "License Information" refers to the license data identified by the Services as associated with any dependency or content of the Protected Asset by Threatrix License Compliance Management.

You agree that:

  1. License Information is acquired by Threatrix from the licensor of the relevant software reviewed using Threatrix License Compliance Management or from the code repository where the software is made available.;
  2. Threatrix makes no warranty or representation regarding the accuracy or completeness of License Information nor the availability of License Information for any Protected Asset. License Information is provided "as is" and at your own risk.;
  3. You are responsible for assessing the legal or commercial risks associated with any license types, including risks from 'copyleft' or reciprocity requirements, and for configuring the Threatrix License Compliance Management accordingly and;
  4. You are solely responsible for setting your own severities and permissions using Threatrix License Compliance Management. Any sample or default license policy provided by Threatrix is for informational purposes only and is not intended as legal advice or advice applicable to your specific circumstances and risk assessments.

Additional terms apply to the use of the Application Programming Interface (API)

The “API” is the application program interface provided by Threatrix as an optional part of the Services, allowing you to connect your Threatrix account with other systems you control. You may use the API during the Term solely for your internal business operations. No warranty is made regarding the API’s continued availability or compatibility with any software or technical standards.

The API serves as an interface between the Platform and an external application or repository you operate. Threatrix may limit or restrict API use to prevent abuse, security issues, or excessive use at its discretion. While Threatrix will attempt to provide a descriptive error message when such restrictions are applied, it may not always be practical.