Terms and Conditions

By creating an account, accessing, or using ScanShield (the "Service") provided by Tristack Technologies LLP ("Company", "we", "us", "our"), you ("User", "you") acknowledge that you have read, understood, and agree to be legally bound by these Terms and Conditions ("Terms") and our Privacy Policy. If you do not agree with any part of these Terms, you must not use the Service.

These Terms constitute a legally binding agreement between you and Tristack Technologies LLP, a limited liability partnership registered in India. Use of the Service by or on behalf of a company or organisation constitutes acceptance of these Terms on behalf of that entity, and the person accepting represents they have authority to bind that entity.

ScanShield is a cloud-based, automated security assessment platform that enables users to perform vulnerability scans, penetration tests, and security analysis on internet-facing systems they own or are explicitly authorised to test. The Service includes domain verification, a credit-based scanning system, automated report generation, and supporting infrastructure.

The Service is provided "as is" for legitimate security testing and research purposes only. It is not intended as a replacement for manual penetration testing by qualified security professionals, nor does it guarantee the discovery of all vulnerabilities present in a target system.

You must be at least 18 years of age and legally capable of entering a binding contract to use the Service. By registering, you confirm you meet these requirements. Use by or on behalf of persons under 18 is not permitted.

You are solely responsible for maintaining the confidentiality of your account credentials, for all activity that occurs under your account, and for ensuring that access to your account is restricted to authorised individuals. You must notify us immediately at hello@tristack.tech if you suspect unauthorised access. We will not be liable for any loss arising from your failure to safeguard your credentials.

You agree to provide accurate, current, and complete registration information and to update it as necessary. Accounts created with false information may be suspended without notice.

By adding a domain and initiating a scan, you expressly represent and warrant that:

• You are the registered owner of the domain, or
• You hold a current, written authorisation from the domain owner to conduct security testing, and
• The scope of your scan is limited to systems covered by that authorisation.

The Company's domain DNS verification requirement is a technical safeguard but does not relieve you of the legal obligation to have proper authorisation. You agree to indemnify and hold harmless the Company from any claim, liability, or expense arising from your unauthorised or unlawful use of the Service.

You agree not to, and not to assist others to:

• Scan, probe, or test systems without explicit authorisation
• Use the Service for illegal purposes or in violation of any applicable law
• Attempt to circumvent rate limits, credit controls, or security measures
• Reverse-engineer, decompile, or attempt to extract the source code of the platform
• Share, sell, or sublicense your account or API access to third parties
• Introduce malware, exploits, or disruptive content into the platform
• Conduct denial-of-service attacks or any activity that degrades Service performance
• Use automated means to create multiple accounts or circumvent credit requirements
• Misrepresent your identity or affiliation when registering or using the Service
• Use scan findings to extort, blackmail, or otherwise harm third parties

Violation may result in immediate account suspension, permanent termination, forfeiture of unused credits, and referral to law enforcement.

Access to scanning features is governed by a prepaid credit system. Credits are purchased via Razorpay and are non-transferable between accounts. Credit prices are displayed at the time of purchase and are inclusive of applicable taxes unless stated otherwise.

Credits are deducted when a scan is initiated, not when it completes. If a scan fails due to a platform error (as opposed to user configuration or target inaccessibility), credits are automatically refunded to your account within the same transaction. Manual refund requests are governed by our Refund Policy.

We reserve the right to adjust credit pricing and scan credit costs upon 14 days' notice to registered users via email. Continued use after the effective date constitutes acceptance of the revised pricing. Credits purchased prior to a price change retain their value and are not subject to retroactive adjustment.

Purchased credits do not expire. However, credits in accounts that have been inactive for more than 24 consecutive months may be forfeited at our discretion with 30 days' prior email notice.

Automated security scanning is inherently limited. ScanShield's results represent the output of automated tools at a specific point in time and may include:

• False positives — reported findings that are not actual vulnerabilities
• False negatives — real vulnerabilities not detected by the scan
• Findings that require manual validation before remediation action is taken
• Incomplete results if the target blocks automated scanners, uses WAF/IPS, or requires authentication

All findings should be reviewed and validated by a qualified security professional before remediation. The Company disclaims all liability for decisions taken based solely on automated scan results without independent professional validation.

We strive to maintain high availability but do not guarantee uninterrupted, error-free access to the Service. The Service may be temporarily unavailable due to scheduled maintenance, infrastructure failures, security incidents, or force majeure events. We will make reasonable efforts to provide advance notice of planned maintenance via email or dashboard notification.

No service level agreement (SLA) is offered under the standard credit-based plan unless separately agreed in writing. We are not liable for losses arising from Service unavailability.

ScanShield, its software, algorithms, interfaces, branding, trade marks, and documentation are the exclusive property of Tristack Technologies LLP or its licensors, protected under applicable intellectual property law. Nothing in these Terms grants you any ownership rights in the Service.

You retain ownership of the domain data you submit and the scan reports generated for your account. By using the Service, you grant us a limited, non-exclusive, royalty-free licence to process your data solely to operate and improve the Service. We do not use your scan data for purposes other than providing the Service to you, except as described in the Privacy Policy.

You agree to defend, indemnify, and hold harmless Tristack Technologies LLP, its partners, employees, contractors, and affiliates from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from:

• Your use of the Service in violation of these Terms
• Scanning systems without proper authorisation
• Your violation of any applicable law or regulation
• Your infringement of any third-party rights
• Any claim by a third party relating to a scan you initiated

This indemnification obligation will survive termination of these Terms and your use of the Service.

To the maximum extent permitted by applicable law, the Service is provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, or accuracy.

In no event shall Tristack Technologies LLP be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, goodwill, or business interruption, arising from your use of or inability to use the Service, even if we have been advised of the possibility of such damages.

Our aggregate liability to you for any claim arising under or in connection with these Terms shall not exceed the total amount paid by you to us in the three months immediately preceding the event giving rise to the claim.

Some jurisdictions do not allow the exclusion of certain warranties or the limitation of liability for consequential damages. In such jurisdictions our liability is limited to the greatest extent permitted by law.

We may suspend or permanently terminate your account, with or without prior notice, if we reasonably believe you have violated these Terms, engaged in fraudulent activity, or pose a risk to other users or third parties. Upon termination for cause, unused credits are forfeited and no refund is owed.

You may close your account at any time via account settings or by contacting us. Upon voluntary closure, unused credits are governed by our Refund Policy. We may retain certain data after account deletion as required by law or for legitimate security and audit purposes as described in the Privacy Policy.

These Terms are governed by and construed in accordance with the laws of India. Any dispute arising out of or relating to these Terms or the Service shall first be attempted to be resolved through good-faith negotiation between the parties.

If not resolved within 30 days, disputes shall be submitted to binding arbitration in accordance with the Arbitration and Conciliation Act, 1996 (India), with the seat of arbitration in Bengaluru, Karnataka. The language of arbitration shall be English. The arbitrator's award shall be final and binding. Nothing in this clause prevents either party from seeking urgent injunctive or equitable relief in a court of competent jurisdiction.

Subject to the arbitration clause above, you consent to the exclusive jurisdiction of the courts located in Bengaluru, Karnataka for any matter not subject to arbitration.

We may modify these Terms at any time by posting the updated version on this page with a revised "Last updated" date. For material changes, we will provide at least 14 days' notice by email to your registered address or via a prominent in-app notice. Your continued use of the Service after the effective date constitutes acceptance of the revised Terms.

If you do not agree to the updated Terms, you must stop using the Service and close your account before the effective date of the change.

For questions, concerns, or notices regarding these Terms, contact: