Legal

Terms of Service

These Terms govern your access to and use of the Zeroday IQ platform: our website, dashboard, scanners, AI agents, APIs, reports, and any related services (the "Service"). Read them before you sign up. If you sign up, you accept them.

Effective: 8 May 2026 Version: 1.0 Provider: Zeroday IQ Cyber Pte. Ltd., Singapore
At a glance

The short version

  • You may only run scans against assets you own or have explicit written permission to test. This is the most important rule.
  • You own your scan data. We hold it on your behalf and never use it to train external AI models.
  • Findings are advisory and evidence backed, but they are not a substitute for human judgement or for compliance certification.
  • Subscriptions auto renew. Liability is capped at 12 months of fees. Singapore law applies, with arbitration at SIAC.
  • If you breach the authorisation rule, we can suspend or terminate immediately.

1Acceptance of these Terms

These Terms of Service form a binding agreement between you and Zeroday IQ Cyber Pte. Ltd. ("Zeroday IQ", "we", "our", "us"). By signing up for an account, signing into the Service, clicking "I accept", or using any part of the Service, you agree to these Terms. If you do not agree, do not use the Service.

If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity, and "you" and "your" refer to that entity. If your organisation has signed a Master Service Agreement, an Order Form, or a Data Processing Addendum with us, that document controls to the extent of any conflict with these Terms.

2Definitions

  • "Authorised Target" means an asset that you own outright, or for which you can produce documented permission from the asset owner authorising you to perform security testing.
  • "Customer", "you", "your" means the individual or entity that has agreed to these Terms.
  • "Customer Data" means scan inputs, scan outputs, conversations, configurations, and any other information you submit to the Service, together with reports we generate for you.
  • "Findings" means vulnerabilities, weaknesses, observations, and supporting evidence identified through the Service.
  • "Service" means the products and capabilities provided by Zeroday IQ, including new features, releases, and updates.
  • "Subprocessor" means a third party engaged by Zeroday IQ to process data in connection with the Service.

3The Service

The Service runs offensive security tests on Authorised Targets you specify. It combines static and dynamic scanner modules, AI agents (including a coordinated red team and a Validator gate that drops findings without raw evidence), and a chat driven dashboard. Quick scans typically complete within minutes; deep scans run longer. The Service is delivered "as a service" over the internet and is offered subject to these Terms and any Order Form or addenda.

4Account, eligibility, and access

  • You must be at least 18 years old, capable of forming a binding contract, and not a person legally barred from receiving services under the laws of Singapore or your jurisdiction of residence.
  • You are responsible for maintaining the confidentiality of your credentials, for all activities that occur under your account, and for promptly notifying us of any unauthorised access.
  • You will keep account information accurate and up to date.
  • Some features require enrolment in MFA. We may require additional verification for sensitive actions, such as cross domain authorisation or internal scan agent registration.

5Authorisation to test (this clause matters)

The Service performs active security testing. You may only direct it at Authorised Targets. You represent and warrant that for every target you submit:

  • You own the asset, or you have the asset owner's written permission to test it, or the testing falls within a recognised authorised testing programme (such as a published bug bounty scope) that you are entitled to participate in.
  • You have authority to bind the asset owner to the limited grant of access required for the Service to perform the test.
  • The testing does not violate the terms of service of any third party operating the asset (cloud provider, hosting platform, content distribution network, and the like) where such terms apply.
  • The testing complies with the Computer Misuse Act of Singapore, the Computer Fraud and Abuse Act of the United States, the UK Computer Misuse Act, and any equivalent computer crime, telecommunications, anti spam, intellectual property, export, or sanctions law that applies to you.

You agree to indemnify Zeroday IQ for any third party claim arising from your breach of this section. We may suspend or terminate any scan or account immediately if we believe in good faith that this clause has been violated.

By default, an account is restricted to scanning the email domain of the registering user and its subdomains. We may grant cross domain authorisation upon written request and after verification.

6Acceptable use

You will not, and will not encourage or permit any third party to:

  • Use the Service to attack assets you do not have permission to test.
  • Use the Service to evade billing, rate limits, or quotas, or to share an account with users outside your organisation.
  • Use the Service to deliver malware, distribute denial of service traffic at volume, or perform mass exploitation in production environments.
  • Reverse engineer the Service, decompile our software, scrape model output to build a competing product, or attempt to extract our internal prompts, weights, or proprietary training material.
  • Interfere with the Service's integrity, security, or availability, or attempt to bypass authentication, authorisation, or rate limiting.
  • Use the Service in violation of any applicable export, sanctions, or anti corruption law.
  • Use the Service to test critical infrastructure, life safety systems, ICS or SCADA, or government systems unless we have agreed in writing in advance.

We monitor for abuse and may disable scans or accounts that violate this section.

7Customer Data and confidentiality

You retain all rights, title, and interest in Customer Data. You grant Zeroday IQ a worldwide, non exclusive, royalty free licence to host, store, transmit, and modify Customer Data only as necessary to render the Service, and to disclose Customer Data to subprocessors as needed to provide and secure the Service.

We will not use Customer Data to train external AI models or to improve products outside your account. We will not share Customer Data except as set out in our Privacy Notice.

We treat Customer Data as confidential. Each party will protect the other's confidential information using at least the same standard of care it uses for its own confidential information, and will not disclose confidential information except to its personnel and subprocessors who need to know it and are bound by equivalent obligations.

8Findings and reports

Findings are produced by automated scanner modules, AI analysis, and validation logic. The Validator agent is configured to drop any finding that does not include raw scanner evidence or a working PoC. Even so, you understand and agree that:

  • The Service is an assistive tool, not a substitute for human judgement on application security or for compliance certification.
  • No automated security tool can detect every vulnerability. Findings are provided "as is" and on a best effort basis.
  • You are responsible for triaging, validating in your own environment, and remediating findings.
  • Compliance mappings (SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, NIST CSF, OWASP) are advisory and do not constitute audit certification.

You may share reports internally and with your auditors, regulators, and contracted service providers. You may not republish reports as "Zeroday IQ certified" or as endorsements by us without our written consent.

9Subprocessors and AI providers

The Service relies on third party subprocessors as set out in our Privacy Notice, including AI inference providers. Where you select a specific AI model for analysis (for example, OpenAI GPT‑4o or Anthropic Claude Sonnet), Customer Data necessary to produce the response will be transmitted to that provider for the limited purpose of generating the response. Provider terms and data handling commitments are referenced in our Privacy Notice.

10Fees, billing, and taxes

  • Fees are set out in your Order Form or on our pricing page at the time of purchase.
  • Subscriptions auto renew at the end of each term unless cancelled before renewal. Cancellation takes effect at the end of the current paid term.
  • Fees are stated exclusive of taxes. You are responsible for taxes other than those on our net income.
  • Disputed invoices must be raised in writing within 30 days of the invoice date. Undisputed amounts are due net 30. Overdue amounts may bear interest at the lower of 1% per month or the maximum rate permitted by law.

11Free or trial access

We may offer free tiers, trial credits, or beta features. These are provided "as is", without warranty, and may be modified, throttled, or withdrawn at any time. We reserve the right to limit features, scan volume, or concurrency on free or trial usage.

12Term, termination, and suspension

  • These Terms commence when you first accept them and continue while you have an active account or paid subscription.
  • Either party may terminate for the other party's material breach with 30 days' written notice, where the breach has not been cured during that notice period.
  • We may suspend access immediately and without notice if continuing access poses a security, legal, or operational risk to us, our other customers, or the Service.
  • On termination we will allow you to export Customer Data for 30 days, after which we may permanently delete it. Termination does not relieve you of obligations accrued before termination, including payment of fees due. Sections that by their nature should survive termination (confidentiality, intellectual property, indemnities, limitation of liability, governing law) survive.

13Service levels and support

We target 99.9% monthly availability for the dashboard and the scan API. Scheduled maintenance is announced in advance through the dashboard. Production incidents are tracked in our status page and post mortems are available to enterprise customers on request. Support is provided in English by email and through the dashboard. Response times depend on plan.

14Intellectual property

  • We retain all rights, title, and interest in the Service, our software, models, prompts, scanner modules, agents, documentation, branding, and any improvements or feedback you provide. No rights are granted to you by implication, estoppel, or otherwise except those expressly stated in these Terms.
  • Subject to these Terms, we grant you a non exclusive, non transferable, revocable licence to access and use the Service during the subscription term.
  • If you provide feedback, suggestions, or feature requests, you grant us a worldwide, perpetual, royalty free licence to use them without obligation.

15Beta features

From time to time we may make pre release features available to you marked as "beta", "preview", or similar. Beta features are optional, may change or be withdrawn without notice, and are provided without warranty. Service levels and support commitments do not apply to beta features unless we say so in writing.

16Disclaimers

Except as expressly set out in these Terms, the Service is provided "as is" and "as available". To the maximum extent permitted by law, we disclaim all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, and non infringement. We do not warrant that the Service will be uninterrupted, error free, or that it will detect every vulnerability that exists in your assets.

17Limitation of liability

To the maximum extent permitted by applicable law:

  • Neither party will be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, revenue, goodwill, or anticipated savings, regardless of the theory of liability, even if advised of the possibility.
  • Each party's total aggregate liability arising out of or related to these Terms is limited to the fees paid by the Customer to Zeroday IQ in the 12 months preceding the event giving rise to the claim.
  • These limitations do not apply to a party's indemnification obligations, breach of confidentiality, infringement of the other party's intellectual property, or liabilities that cannot be limited under applicable law.

18Indemnification

You will defend, indemnify, and hold Zeroday IQ harmless against any third party claim, demand, loss, or damage (including reasonable legal fees) arising out of or related to: (a) your use of the Service in breach of these Terms; (b) your breach of section 5 (Authorisation to test) or section 6 (Acceptable use); (c) any Customer Data you submit; or (d) your violation of applicable law.

We will defend, indemnify, and hold you harmless against any third party claim that the Service, when used in accordance with these Terms, infringes the third party's intellectual property rights, subject to standard carve outs (claims arising from your use in combination with non Zeroday IQ products, modifications you make, or content you supply).

19Compliance and export

You will comply with all applicable laws in your use of the Service, including Singapore's Computer Misuse Act, the United States Computer Fraud and Abuse Act, the UK Computer Misuse Act, the European Union and United Kingdom data protection regimes, and applicable export controls and sanctions. You will not access or use the Service from a country embargoed by Singapore, the United States, the European Union, or the United Kingdom, and you will not allow any sanctioned person or government end user to use the Service.

20Governing law and dispute resolution

These Terms are governed by the laws of Singapore, without regard to conflict of laws principles.

Any dispute, controversy, or claim arising out of or in connection with these Terms (including its existence, validity, or termination) will be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre (SIAC) under the SIAC Rules in force at the time. The seat of arbitration will be Singapore. The tribunal will consist of one arbitrator. The language of the arbitration will be English. Either party may seek injunctive or equitable relief in any court of competent jurisdiction.

21Changes to these Terms

We may update these Terms from time to time. Where changes are material we will provide at least 30 days' advance notice through the dashboard or by email to your account contact. Continued use of the Service after the effective date of an update constitutes acceptance of the updated Terms. If you do not accept an update you may terminate by providing notice before the update takes effect.

22Miscellaneous

  • Entire agreement. These Terms, together with any Order Form, addenda, and the Privacy Notice, are the entire agreement between the parties on this subject.
  • Severability. If any provision is held unenforceable, the remaining provisions will continue in full force.
  • No waiver. Failure to enforce a provision is not a waiver.
  • Assignment. You may not assign these Terms without our prior written consent (which we will not unreasonably withhold for an assignment to an affiliate or in connection with a corporate transaction). We may assign freely.
  • Force majeure. Neither party is liable for delay or failure to perform due to events beyond its reasonable control.
  • Notices. Legal notices to us must be sent to the address in section 23 with a copy to the email shown there. Notices to you may be given through the dashboard or to the email associated with your account.

23Contact

Zeroday IQ Cyber Pte. Ltd.
9 Raffles Place, #29‑05, Republic Plaza, Singapore 048619.