LEGAL

Terms of Service

Effective date: 1 February 2025

These Terms of Service govern your use of ExposureIndex, a security testing platform operated by Evolve Unlimited AB ("we", "us", or "our"). By accessing or using the service you agree to these terms.

1. Service Description

ExposureIndex provides automated security assessment services including phishing simulations, domain crawling, and web application vulnerability scanning (DAST). The service is provided "as is" for authorized security testing purposes only, and is operated in accordance with ISO 27001, SOC 2, and NIST SP 800-53 security standards.

2. Authorized Use

By submitting an order you confirm that you are an authorized representative of the organization under test and that you have obtained all necessary internal approvals to conduct security testing. You must not use the service to test systems you do not own or have explicit written authorization to test.

3. Account Responsibilities

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must notify us immediately at exposureindex@evolvecybersec.se if you suspect unauthorized access.

4. Intellectual Property

All platform software, reports, and associated content are the intellectual property of Evolve Unlimited AB. Reports generated for your organization remain confidential and are licensed to you for internal use only. You may not redistribute or resell reports.

5. Data Processing

We process personal data as described in our Privacy Policy, in accordance with the GDPR and applicable Swedish data protection law. A Data Processing Agreement (DPA) is available upon request.

6. Payment and Refunds

All fees are charged in advance via Stripe. One-time health-check scans are non-refundable once the scan has been initiated. Monthly subscription plans may be cancelled at any time; access continues until the end of the current billing period.

7. Limitation of Liability

To the fullest extent permitted by law, Evolve Unlimited AB's liability is limited to the amount paid for the service in the three months preceding the claim. We are not liable for indirect, consequential, or incidental damages. Security testing carries inherent risk; you accept responsibility for any unintended impact on your own systems.

8. Confidentiality

All scan results and reports are treated as confidential information. We will not share your results with third parties except as required by law or as described in our Privacy Policy.

9. Service Availability

We strive for high availability but do not guarantee uninterrupted service. Scheduled maintenance will be communicated in advance where possible. We follow NIST SP 800-53 controls to protect platform availability and integrity.

10. Termination

Either party may terminate the agreement with 30 days' written notice. We reserve the right to suspend accounts immediately for violations of these terms or applicable law.

11. Governing Law

These terms are governed by Swedish law. Any disputes shall be resolved in the courts of Sweden, with Stockholm District Court as the court of first instance.

12. Changes to Terms

We may update these terms from time to time. Material changes will be communicated via email at least 30 days before they take effect. Continued use of the service after that date constitutes acceptance.