Terms of Use
Effective July 15, 2026
These Terms of Use ("Terms") govern your access to and use of the complyeah external penetration-testing service (the "Service"). By creating an account or using the Service, you agree to these Terms. If you are using the Service on behalf of an organization, you represent that you are authorized to bind it.
The Service
complyeah performs AI-driven, external, non-invasive penetration testing of internet-facing assets you own, and produces reports and shareable certificates mapped to common compliance frameworks. The Service is external-only and does not require access to your source code or internal networks.
Accounts
You must provide an accurate email address and keep your account secure. Sign-in is passwordless via single-use magic links; you are responsible for activity conducted through your account.
Authorization to test - you may only scan what you control
This is the core rule of the Service. You represent and warrant that, for every domain or asset you submit, you are the owner or are expressly authorized by the owner to have it tested. You must:
- complete our ownership verification (DNS or HTTP proof) before any scan runs;
- record a scan authorization defining scope and rules of engagement; and
- never use the Service against any system you do not own or are not authorized to test.
Unauthorized scanning of third-party systems is prohibited and may violate law (including computer-misuse and unauthorized-access statutes). You are solely responsible for ensuring you have authorization, and you agree to indemnify us against claims arising from assets you submit without proper authorization.
Acceptable use
- Do not attempt to disrupt, overload, or circumvent the Service or its safeguards.
- Do not use the Service to violate the rights of others or any applicable law.
- Do not resell or misrepresent reports or certificates.
Credits and fees
A comprehensive penetration test is paid for with a pre-paid scan credit, purchased at the price shown before checkout. Payments are processed by our merchant of record, Creem, which handles billing and applicable taxes. Each credit entitles you to one comprehensive scan of one verified domain and is valid for 365 days (12 months) from purchase, after which it expires. Expiry dates are shown in your account, and we send reminder emails before a credit expires. Credits are one-time purchases, not a subscription. A scan that fails on our side does not consume a credit: we automatically restore it to your balance and email you. We may change our fees; any change applies only to future purchases, and we will give reasonable advance notice of a price increase. Credits you have already bought keep the terms in effect when you bought them.
Right of withdrawal and refunds
You may withdraw from a purchase and receive a refund for any credit you have not used, within 14 days of purchase. Refunds are per-credit, at the price you actually paid, returned to your original payment method via Creem, and are self-serve from your billing page. Because a comprehensive scan is a digital service performed on request, starting a scan with a credit constitutes your express request to begin performance and your acknowledgement that you thereby lose the right of withdrawal for that credit. After 14 days, unused credits are non-refundable but remain valid until their 12-month expiry. A credit that has been spent on a scan, or that has expired, is not refundable, except for the automatic restoration of a credit when a scan fails on our side. Nothing in this policy limits rights you may have under applicable law.
Reports and no guarantee of security
Reports reflect findings from automated external testing at a point in time. Security testing is inherently limited and cannot identify every vulnerability. A report or certificate is not a warranty or guarantee that an asset is secure or compliant, and it is not legal or audit advice.
Intellectual property
We retain all rights in the Service and its software. You retain rights in your data and the reports generated for your assets, and you may use and share them for your own compliance and security purposes.
Disclaimers and limitation of liability
The Service is provided "as is" without warranties of any kind, to the fullest extent permitted by law. To the maximum extent permitted by law, complyeah will not be liable for indirect, incidental, or consequential damages, and our total liability arising from the Service will not exceed the amount you paid us in the twelve months before the claim.
Termination
You may stop using the Service at any time. We may suspend or terminate access for breach of these Terms - in particular, for scanning assets you are not authorized to test.
Changes, governing law, and contact
These Terms are versioned by their effective date, shown at the top of this page. When you authorize a scan, we record your acceptance of the Terms in force at that time, together with the version and a timestamp. We may update these Terms; continued use after changes take effect constitutes acceptance. Questions: support@complyeah.com.