Terms of Service

1. Acceptance of Terms

By accessing or using the Service, you confirm that you are at least 18 years of age and have the legal authority to enter into these Terms. If you are using the Service on behalf of an organization, you represent and warrant that you have authority to bind that organization to these Terms, and references to “you” include that organization.

Your continued use of the Service after any changes to these Terms constitutes acceptance of the updated Terms, subject to the notice requirements in Section 12.

2. Service Description

ScriptPatrol provides an external security monitoring platform that continuously scans web pages to detect unauthorized changes to JavaScript code and HTTP security headers. The Service is designed to help e-commerce businesses and web application operators identify potential supply chain attacks, web skimming threats, and security regressions.

The Service includes, but is not limited to:

• Automated scanning and monitoring of specified web pages
• Script change detection and alerting
• Security header monitoring
• Risk assessment and severity classification
• Compliance reporting and evidence generation for PCI DSS 4.0
• Dashboard, analytics, and export capabilities

The Service monitors web pages externally, in the same manner a regular visitor would access them. ScriptPatrol does not access your servers, databases, source code repositories, or internal infrastructure.

3. Account Registration

To use the Service, you must create an account by providing a valid email address and a secure password. You agree to:

• Provide accurate, current, and complete information during registration
• Verify your email address when prompted
• Maintain the confidentiality of your account credentials and not share them with third parties
• Notify us immediately at [email protected] if you suspect unauthorized access to your account
• Keep your account information up to date

You are solely responsible for all activity that occurs under your account. We reserve the right to suspend or terminate accounts that contain false or misleading information.

4. Subscription and Billing

4.1 Plans and Pricing

The Service is offered under multiple subscription tiers, including a free Starter plan and paid plans (Professional and Enterprise). Current pricing and plan details are available on our website. We reserve the right to modify pricing with at least 30 days prior notice before the start of your next billing cycle.

4.2 Payment Processing

All payments are processed by Stripe, Inc., our third-party payment processor. By subscribing to a paid plan, you agree to Stripe’s terms of service. We do not store your full payment card details on our servers.

4.3 Billing Cycle and Auto-Renewal

Paid subscriptions are billed on a recurring basis (monthly or annually, depending on the plan you select). Your subscription will automatically renew at the end of each billing period unless you cancel before the renewal date.

4.4 Cancellation

You may cancel your subscription at any time from your account settings. Upon cancellation, you will retain access to your paid plan features until the end of the current billing period. No partial refunds are issued for unused time remaining in a monthly billing cycle.

4.5 Refunds

Annual subscriptions are eligible for a prorated refund for the unused portion of the term if canceled within the first 30 days. Monthly subscriptions are non-refundable. Refund requests should be directed to [email protected].

5. Acceptable Use

You agree to use the Service only for lawful purposes and in accordance with these Terms. Specifically, you agree that you will:

• Only monitor websites and web pages that you own or for which you have explicit, documented authorization to monitor
• Comply with all applicable laws and regulations, including data protection and privacy laws
• Not use the Service to perform denial-of-service attacks, load testing, or any activity designed to disrupt third-party services

You agree that you will not:

• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service
• Resell, sublicense, or redistribute access to the Service without our prior written consent
• Use the Service to scan websites for the purpose of exploiting discovered vulnerabilities
• Attempt to bypass rate limits, access controls, or other security mechanisms of the Service
• Use automated tools to scrape, crawl, or extract data from the Service beyond the provided APIs
• Interfere with or disrupt the integrity or performance of the Service or its underlying infrastructure

We reserve the right to suspend or terminate your account immediately if we determine, at our sole discretion, that you have violated these acceptable use requirements.

6. Intellectual Property

The Service, including its scanning technology, risk assessment algorithms, user interface, documentation, reports, compliance evidence formats, and all related intellectual property, is and remains the exclusive property of ScriptPatrol and its licensors.

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Service for your internal business purposes during the term of your subscription.

This license does not grant you any ownership rights in the Service. All rights not expressly granted herein are reserved.

7. Your Data and Privacy

7.1 Data Ownership

You retain full ownership of all data you provide to the Service, including your site configurations, scan results, and reports (“Customer Data”). We do not claim any ownership rights over Customer Data.

7.2 Data Usage

We access and process Customer Data solely to provide, maintain, and improve the Service. We may use aggregated, anonymized data that does not identify you or your sites for analytical purposes, such as improving threat detection and security benchmarking.

7.3 Data Portability

You may export your scan data, reports, and compliance evidence at any time through the Service’s built-in export functionality. We are committed to ensuring you are never locked in.

7.4 Privacy Policy

Our collection and use of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the Service, you consent to the practices described in the Privacy Policy.

8. Service Availability

8.1 Uptime

We use commercially reasonable efforts to maintain high Service availability measured on a monthly basis, excluding scheduled maintenance and circumstances beyond our reasonable control. This is a service goal, not a guarantee, unless a separate Service Level Agreement (SLA) has been executed with your organization.

8.2 Scheduled Maintenance

We will provide at least 24 hours advance notice of scheduled maintenance that may affect Service availability. Whenever possible, maintenance will be performed during off-peak hours.

8.3 Force Majeure

We will not be liable for any failure or delay in performing our obligations under these Terms caused by events beyond our reasonable control, including but not limited to natural disasters, acts of government, internet service disruptions, third-party service outages, cyberattacks, or infrastructure failures.

9. Limitation of Liability

The Service is a monitoring and detection tool. While we strive to provide accurate and timely alerts, we do not guarantee that the Service will detect all security threats or prevent all data breaches. The Service is not a substitute for a comprehensive security program.

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, the limitations above shall apply to the maximum extent permitted by law.

10. Indemnification

You agree to indemnify, defend, and hold harmless ScriptPatrol and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or related to:

• Your use of the Service in violation of these Terms
• Your monitoring of websites you do not own or are not authorized to monitor
• Your violation of any applicable law or regulation
• Any third-party claim arising from your use of reports, data, or evidence generated by the Service

11. Termination

11.1 Termination by You

You may terminate your account at any time by canceling your subscription and deleting your account through the Service settings, or by contacting us at [email protected].

11.2 Termination by Us

We may suspend or terminate your account and access to the Service at any time if you breach these Terms, if required by law, or if we discontinue the Service. Where practicable, we will provide advance notice before termination.

11.3 Effect of Termination

Upon termination, your right to use the Service ceases immediately. We will retain your Customer Data for 30 days following termination to allow you to export it. After this 30-day period, we will delete your Customer Data from our active systems. Some data may persist in encrypted backups for a limited period in accordance with our data retention policies.

12. Changes to These Terms

We may update these Terms from time to time to reflect changes in our Service, legal requirements, or business practices. When we make material changes, we will:

• Provide at least 30 days advance notice via email to the address associated with your account
• Update the “Last updated” date at the top of this page
• Post the revised Terms on our website before they take effect

Your continued use of the Service after the effective date of the revised Terms constitutes acceptance of the changes. If you do not agree with the revised Terms, you must stop using the Service and cancel your account before the changes take effect.

13. Governing Law and Disputes

These Terms shall be governed by and construed in accordance with applicable law, without regard to conflict of law principles.

In the event of a dispute arising out of or relating to these Terms, the parties agree to first attempt to resolve the dispute through good-faith negotiation. If the dispute cannot be resolved through negotiation within 30 days, either party may pursue resolution through the appropriate courts or alternative dispute resolution mechanisms.

Nothing in this section shall prevent either party from seeking injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or confidential information.

14. General Provisions

14.1 Entire Agreement

These Terms, together with our Privacy Policy and any applicable order forms or SLAs, constitute the entire agreement between you and ScriptPatrol regarding the Service and supersede all prior agreements and understandings.

14.2 Severability

If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.

14.3 Waiver

Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision. Any waiver must be in writing and signed by an authorized representative of ScriptPatrol.

14.4 Assignment

You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations under these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets.

14.5 No Third-Party Beneficiaries

These Terms do not create any rights for any third party. Only you and ScriptPatrol are parties to these Terms.

15. Contact Information

If you have questions about these Terms of Service, please contact us: