Terms of Service

Welcome to ThreatKrew. These Terms of Service ("Terms") govern your access to and use of ThreatKrew's threat modeling platform, website, and related services (collectively, the "Services"). By accessing or using our Services, you agree to be bound by these Terms.

Please read these Terms carefully before using our Services. If you do not agree to these Terms, you may not access or use the Services.

1. Acceptance of Terms

By creating an account, accessing, or using the Services, you represent and warrant that:

• You have read, understood, and agree to be bound by these Terms
• You are at least 18 years of age and have the legal capacity to enter into these Terms
• You are not prohibited from using the Services under applicable law
• If registering on behalf of an organization, you have the authority to bind that organization to these Terms
• All registration information you submit is truthful and accurate

If you do not meet these requirements, you must not access or use the Services.

2. Description of Services

ThreatKrew provides a cloud-based threat modeling platform that enables security professionals and development teams to:

• Create and manage threat models for software systems and applications
• Identify potential security threats and vulnerabilities
• Generate security recommendations aligned with industry frameworks (including MITRE ATT&CK)
• Collaborate with team members on security assessments
• Export and share threat modeling reports

We reserve the right to modify, suspend, or discontinue any aspect of the Services at any time, with or without notice. We may also impose limits on certain features or restrict access to parts or all of the Services without liability.

3. Account Registration and Security

3.1 Account Creation

To access certain features of the Services, you must create an account. You agree to:

• Provide accurate, current, and complete information during registration
• Maintain and promptly update your account information
• Maintain the security of your account credentials
• Not share your account with others or allow others to access your account
• Immediately notify us of any unauthorized access or security breach

3.2 Account Responsibility

You are solely responsible for all activities that occur under your account. We are not liable for any loss or damage arising from your failure to maintain account security. You agree to indemnify us against any claims arising from unauthorized use of your account.

4. User Obligations and Conduct

4.1 Acceptable Use

You agree to use the Services only for lawful purposes and in accordance with these Terms. You agree NOT to:

• Violate any applicable laws, regulations, or third-party rights
• Use the Services to plan, facilitate, or engage in any illegal or harmful activities
• Attempt to gain unauthorized access to our systems, networks, or other users' accounts
• Interfere with or disrupt the Services or servers connected to the Services
• Upload viruses, malware, or any malicious code
• Reverse engineer, decompile, or attempt to extract source code from the Services
• Use automated systems (bots, scrapers) to access the Services without permission
• Resell, rent, lease, or sublicense access to the Services
• Remove or modify any proprietary notices or labels
• Impersonate any person or entity or falsely represent your affiliation

4.2 Content Standards

You are responsible for all data, information, and content you upload, submit, or transmit through the Services ("User Content"). You warrant that your User Content does not violate any laws, infringe intellectual property rights, or contain malicious code.

5. Intellectual Property Rights

5.1 Our Intellectual Property

The Services, including all software, technology, content, trademarks, and other materials, are owned by ThreatKrew or our licensors and are protected by intellectual property laws. These Terms do not grant you any ownership rights to the Services.

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your internal business or personal purposes.

5.2 Your Content

You retain all ownership rights to your User Content. By uploading User Content to the Services, you grant us a worldwide, non-exclusive, royalty-free license to:

• Host, store, and process your User Content to provide the Services
• Create backups and derivative works as necessary to operate the Services
• Use aggregated, anonymized data for analytics and service improvement

We will not access, use, or disclose your User Content except as necessary to provide the Services, comply with legal obligations, or as authorized by you.

5.3 Feedback

If you provide feedback, suggestions, or ideas about the Services, you grant us the right to use such feedback without compensation or attribution.

6. Payment and Subscription Terms

6.1 Pricing

Access to certain features requires a paid subscription. Current pricing is available on our website. We reserve the right to modify pricing with advance notice to existing subscribers.

6.2 Billing

For paid subscriptions:

• Fees are billed in advance on a recurring basis (monthly or annually, as selected)
• You authorize us to charge your payment method automatically at the start of each billing cycle
• All fees are non-refundable except as required by law or specified in these Terms
• You are responsible for all applicable taxes
• Failed payments may result in service suspension or termination

6.3 Cancellation and Refunds

You may cancel your subscription at any time. Cancellation takes effect at the end of your current billing period. No partial refunds are provided for unused time in your billing cycle, except as required by law or our refund policy.

7. Data and Privacy

Our collection, use, and protection of your personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference.

You acknowledge that we may process and store your data in various locations worldwide. You are responsible for ensuring that your use of the Services and upload of User Content complies with applicable data protection laws.

8. Service Availability and Support

8.1 Availability

We strive to maintain high availability of the Services but do not guarantee uninterrupted access. The Services may be unavailable due to maintenance, updates, or factors beyond our control. We are not liable for any unavailability or interruption.

8.2 Support

Support services are provided according to your subscription tier. Details of support availability and response times are available on our website or in your service agreement.

9. Warranties and Disclaimers

9.1 As-Is Service

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

• Warranties of merchantability, fitness for a particular purpose, or non-infringement
• Warranties regarding accuracy, reliability, or completeness of the Services
• Warranties that the Services will be uninterrupted, secure, or error-free
• Warranties regarding the results obtained from using the Services

9.2 Security Tool Disclaimer

ThreatKrew is a threat modeling tool designed to assist with security analysis. It is not a comprehensive security solution and does not guarantee identification of all threats or vulnerabilities. You are responsible for:

• Validating all threat model outputs and recommendations
• Implementing appropriate security measures based on your specific requirements
• Maintaining overall security of your systems and applications
• Conducting thorough security assessments beyond threat modeling

9.3 Third-Party Content

The Services may include or reference third-party content, frameworks (such as MITRE ATT&CK), or integrations. We do not endorse or assume responsibility for such third-party materials.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• THREATKREW SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
• THIS INCLUDES DAMAGES FOR LOST PROFITS, LOST DATA, SECURITY BREACHES, OR BUSINESS INTERRUPTION
• OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT YOU PAID TO US IN THE 12 MONTHS PRECEDING THE CLAIM
• THESE LIMITATIONS APPLY EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
• THESE LIMITATIONS APPLY TO ALL CLAIMS, WHETHER BASED ON CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE

Some jurisdictions do not allow limitation of implied warranties or limitation of liability for incidental or consequential damages. In such jurisdictions, our liability is limited to the maximum extent permitted by law.

11. Indemnification

You agree to indemnify, defend, and hold harmless ThreatKrew, its affiliates, officers, directors, employees, and agents from any claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising from:

• Your use or misuse of the Services
• Your violation of these Terms
• Your User Content or any content you submit
• Your violation of any rights of third parties
• Your violation of applicable laws or regulations

12. Termination

12.1 Termination by You

You may terminate your account at any time by contacting our support team or using the account closure features in the Services. Termination takes effect upon processing your request.

12.2 Termination by Us

We may suspend or terminate your access to the Services at any time, with or without notice, for any reason, including:

• Violation of these Terms
• Non-payment of fees
• Fraudulent or illegal activity
• Conduct that harms other users or our business
• Extended periods of inactivity

12.3 Effect of Termination

Upon termination, your right to access and use the Services immediately ceases. We may delete your User Content after a reasonable grace period. Provisions of these Terms that by their nature should survive termination shall survive, including intellectual property rights, disclaimers, limitations of liability, and dispute resolution provisions.

13. Dispute Resolution

13.1 Informal Resolution

Before filing a formal claim, you agree to contact us at hello@threatkrew.io to seek informal resolution. We will attempt to resolve the dispute through good faith negotiations.

13.2 Arbitration

[ARBITRATION CLAUSE TO BE DETERMINED - consult with legal counsel regarding arbitration requirements, opt-out provisions, class action waiver, and applicable arbitration rules]

13.3 Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of [JURISDICTION TO BE DETERMINED], without regard to its conflict of law provisions. Subject to the arbitration provisions above, you agree to submit to the exclusive jurisdiction of the courts located in [JURISDICTION TO BE DETERMINED].

14. General Provisions

14.1 Changes to Terms

We may modify these Terms at any time. We will provide notice of material changes through the Services or via email. Your continued use of the Services after changes become effective constitutes acceptance of the modified Terms.

14.2 Entire Agreement

These Terms, together with our Privacy Policy and any additional terms you agree to when using specific features, constitute the entire agreement between you and ThreatKrew regarding the Services.

14.3 Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

14.4 Waiver

Our failure to enforce any provision of these Terms does not constitute a waiver of that provision or our right to enforce it in the future.

14.5 Assignment

You may not assign or transfer these Terms or your account without our prior written consent. We may assign these Terms to any affiliate or in connection with a merger, acquisition, or sale of assets.

14.6 Force Majeure

We are not liable for any failure or delay in performance due to circumstances beyond our reasonable control, including acts of God, war, terrorism, pandemics, or internet service failures.

14.7 Export Compliance

The Services may be subject to export control laws. You agree to comply with all applicable export and import laws and regulations.

15. Contact Information

For questions, concerns, or notices regarding these Terms, please contact us: