Terms of Service

1.1. Acceptance, Eligibility, and Authority to Bind

By registering for, accessing, or using the Service, you accept these Terms and agree to comply with them. If you do not agree, you must not access or use the Service.

The Service is intended solely for business and professional use. It is not offered to, and may not be used by, consumers for personal, household, or family purposes.

• You represent that you are at least 18 years old and have the legal capacity to enter into a binding contract.
• You represent that you are using the Service on behalf of a business, organization, or other legal entity (the "Customer Entity").
• The individual accepting these Terms represents and warrants that they are duly authorized to bind the Customer Entity to these Terms, and that the Customer Entity accepts these Terms and is responsible for compliance with them.
• You represent that you are not barred from receiving the Service under the laws of any applicable jurisdiction, including export-control and sanctions laws.

Where these Terms refer to "you" or "Customer", they refer jointly to the Customer Entity and the individual accepting on its behalf.

2.2. Description of the Service

NotifyBreach is a business-to-business breach-intelligence software-as-a-service platform. The Service allows Customers to register internet domains and receive intelligence and exposure information associated with those domains.

Subject to your plan and these Terms, the Service may provide the following capabilities:

• Domain monitoring: detection and surfacing of breached or leaked employee credentials (including URLs, usernames or email addresses, and passwords) found within third-party breach datasets and malware-infection (stealer) logs, matched to domains you have registered and verified.
• Employee exposure profiles: aggregated employee records and exposure information for your registered domains, including data obtained through third-party enrichment providers such as ContactOut.
• Ransomware-group intelligence: information regarding ransomware groups, their reported activity, victims, and related indicators.
• Customer API: a read-only application programming interface enabling programmatic retrieval of intelligence associated with your account and registered domains.

Breach, leak, and malware-log data made available through the Service originates from third-party sources and is not collected by NotifyBreach directly from the individuals to whom it relates. The Service aggregates, organizes, and presents such data; it does not create or independently verify the underlying breaches.

We may modify, enhance, add, or remove features and functionality of the Service from time to time. We will not materially reduce the core functionality of a paid plan during a paid term without notice as described in these Terms.

3.3. Account Registration and Security

To use the Service you must register an account and provide accurate, current, and complete information, including a valid business email address, your name, company name, and the domains you wish to monitor. You agree to keep this information up to date.

• You are responsible for maintaining the confidentiality of your account credentials, including passwords and any authentication factors (such as two-factor authentication), and for all activity that occurs under your account.
• You must use commercially reasonable measures to secure your credentials and must not share them with unauthorized persons.
• You must promptly notify us at [email protected] of any actual or suspected unauthorized access to or use of your account.
• You are responsible for the acts and omissions of all users you permit to access the Service under your account, and such users' use is deemed your use.

We strongly recommend enabling available account-security features, including two-factor authentication. We are not liable for any loss or damage arising from your failure to safeguard your credentials or from unauthorized use of your account that is not caused by our breach of these Terms.

4.4. Acceptable Use

Your access to breach-intelligence data carries significant responsibility. The following restrictions are material terms of this agreement, and any violation is grounds for immediate suspension or termination.

4.1 Domain Authorization

• You may register, monitor, and obtain intelligence only for domains that you own or that you are explicitly and lawfully authorized to monitor on behalf of their owner.
• You represent and warrant that, for each domain you register, you have the necessary ownership, control, or written authorization to monitor it and to receive associated exposure data.
• We may require verification of domain ownership or control before enabling monitoring, and we may decline, suspend, or remove any domain at our discretion.
• You must promptly remove or cease monitoring any domain for which your ownership or authorization lapses.

4.2 Lawful and Defensive Use Only

• You may use the Service and any data obtained through it solely for lawful, legitimate business security purposes, such as identifying, assessing, and remediating exposure affecting your own organization or organizations you are authorized to protect.
• You must not use the Service or any data obtained through it to access, attempt to access, compromise, or authenticate into any account, system, or service, including by using breached credentials.
• You must not use credentials, passwords, personal data, or other information obtained through the Service to harass, stalk, intimidate, defraud, extort, discriminate against, harm, or otherwise injure any individual or entity, including any data subject whose information appears in breach data.
• You must not use the Service to facilitate identity theft, credential stuffing, social engineering, phishing, doxxing, or any other unlawful or malicious activity.
• You must comply with all applicable laws, regulations, and third-party rights in your use of the Service, including data protection, privacy, computer-misuse, and anti-spam laws.

4.3 Platform Integrity

• You must not resell, sublicense, rent, lease, distribute, or otherwise make the Service or its data available to any third party except as expressly permitted in writing by us.
• You must not scrape, crawl, harvest, or use automated means to extract data from the Service other than through the Customer API in accordance with these Terms and applicable rate limits.
• You must not reverse engineer, decompile, disassemble, or attempt to derive the source code, structure, or underlying data sources of the Service, except to the extent this restriction is prohibited by applicable law.
• You must not circumvent, disable, or interfere with security features, rate limits, usage metering, or access controls of the Service.
• You must not introduce malware, conduct denial-of-service attacks, probe, scan, or test the vulnerability of the Service without our prior written authorization, or otherwise interfere with the integrity or performance of the Service.
• You must not use the Service to build, train, or improve a competing product or service, or to compile a competing database of breach or exposure data.

We reserve the right (but have no obligation) to monitor use of the Service for compliance with this Section and to investigate suspected violations.

5.5. Customer Responsibilities and Lawful Basis for Processing Employee Data

Through the Service you may receive personal data relating to your employees, personnel, and other individuals associated with your domains (collectively, "Employee Data"). As between you and NotifyBreach, you act as the controller (or equivalent) of Employee Data you receive and use, and NotifyBreach acts as a provider of intelligence and, where applicable, a processor acting on your instructions as set out in these Terms and any applicable data processing terms.

• You are solely responsible for ensuring you have a valid lawful basis (such as legitimate interests in protecting your organization's information security) and have satisfied all applicable transparency, notice, and other obligations under applicable data protection laws for the receipt, use, retention, and onward handling of Employee Data and any other personal data obtained through the Service.
• You are responsible for conducting any legitimate-interests assessment, balancing test, data protection impact assessment, or similar analysis that applicable law requires in connection with your use of the Service.
• You must handle, store, and dispose of personal data obtained through the Service securely and in accordance with applicable law, and must restrict access to personnel with a legitimate need.
• You must not combine data from the Service with other data in any manner prohibited by law or that would unfairly or unlawfully affect any individual.
• You are responsible for responding to data-subject requests and complaints relating to your use of data obtained through the Service, and for honoring any individual's rights to the extent required by law.

You acknowledge that breach and malware-log data is inherently sensitive. You agree to use it only as necessary to assess and remediate exposure, to minimize the personal data you extract and retain, and to delete it when no longer needed for that purpose.

Our processing of personal data, and the respective data-protection roles of the parties, are further described in our Privacy Policy and any data processing addendum that may apply. Privacy inquiries may be directed to [email protected], and where applicable to our data protection officer or representative, our Grievance Officer at [email protected].

6.6. Customer API Usage and Rate Limits

The Customer API is a read-only interface provided to enable programmatic retrieval of intelligence associated with your account and registered domains. Your use of the Customer API is subject to these Terms, including the Acceptable Use provisions.

• API access is authenticated using API tokens issued to your account. You are responsible for keeping tokens confidential, for all activity performed using your tokens, and for rotating or revoking tokens that may be compromised.
• You must not share API tokens with, or use them to provide Service data to, any unauthorized third party.
• API usage is subject to rate limits, quotas, and usage metering that we may set and adjust based on your plan or to protect the stability and security of the Service. We may meter and record your API usage for billing, monitoring, and abuse-prevention purposes.
• You must not exceed, circumvent, or attempt to circumvent applicable rate limits or quotas, and you must implement reasonable handling of throttling responses (such as HTTP 429) and back-off behavior.
• We may throttle, suspend, or revoke API access that we reasonably believe is abusive, excessive, insecure, or in violation of these Terms.

We may modify, deprecate, or discontinue API endpoints or versions. We will use commercially reasonable efforts to provide advance notice of material breaking changes where practicable.

7.7. Third-Party Data, Sources, and Accuracy Limitations

The intelligence provided through the Service is derived from third-party sources, including publicly and non-publicly available breach datasets, malware-infection (stealer) logs, ransomware-group disclosures, and third-party enrichment providers such as ContactOut. NotifyBreach does not generate the underlying breaches or events and does not collect the underlying data directly from the individuals to whom it relates.

• Data obtained from third-party sources may be incomplete, inaccurate, outdated, duplicated, mislabeled, fabricated by malicious actors, or attributed to the wrong individual or organization. NotifyBreach does not warrant the accuracy, completeness, currency, authenticity, or fitness for any particular purpose of any data made available through the Service.
• The presence of a credential, record, or other item in the Service is not confirmation that any account is currently compromised, that a password is currently valid, or that any individual is responsible for any activity. The absence of an item does not confirm that no exposure exists.
• You are responsible for independently verifying and corroborating any data before relying on it, and for exercising professional judgment in how you act on it.
• Third-party enrichment and source data may be subject to the providers' own terms, and your use of such data must comply with any restrictions communicated to you.

The Service is an informational and decision-support tool. It is not a substitute for your own security program, professional advice, legal compliance, or due diligence, and must not be used as the sole basis for any adverse decision about any individual.

8.8. Intellectual Property

As between the parties, NotifyBreach and its licensors own all right, title, and interest in and to the Service, including all software, user interfaces, APIs, documentation, designs, compilations, analytics, aggregated datasets, and all related intellectual property rights. No rights are granted to you except as expressly set out in these Terms.

• Subject to your compliance with these Terms and payment of applicable fees, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service for your internal business security purposes during the term.
• You may use intelligence outputs obtained through the Service for your internal security and remediation purposes, subject to the Acceptable Use restrictions, including the prohibitions on resale and on building competing products or databases.
• "NotifyBreach", associated logos, and other marks are trademarks of NotifyBreach. You may not use them without our prior written consent.
• If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use and incorporate them without restriction or obligation to you.

We may collect and use aggregated, de-identified usage and operational data to operate, secure, analyze, and improve the Service, provided such data does not identify you or any individual.

9.9. Fees, Billing, and Plans

Access to the Service may be offered under one or more subscription plans or tiers, each with its own features, usage allowances, and pricing. Applicable fees, billing frequency, and plan limits will be presented to you at the time of purchase or as set out in an applicable order.

• Unless otherwise stated, fees are quoted exclusive of taxes, and you are responsible for all applicable taxes, duties, and similar charges, other than taxes based on our net income.
• Subscription fees are billed in advance on a recurring basis for the applicable billing cycle and, unless otherwise stated, are non-refundable except where required by law.
• Unless you cancel before the end of the then-current term, subscriptions may automatically renew for successive terms at the then-current rates, and you authorize us to charge your designated payment method.
• We may change pricing or plan features for future terms upon reasonable notice; changes do not affect the term you have already paid for unless otherwise agreed.
• If any payment is overdue, we may suspend access to the Service after providing notice, and you remain responsible for amounts due.

Where the Service is offered to you at no charge, on a trial, or evaluation basis, we may modify or discontinue such access at any time, and the warranty disclaimers and liability limitations in these Terms apply with full force.

10.10. Confidentiality

"Confidential Information" means non-public information disclosed by one party to the other that is designated as confidential or that should reasonably be understood to be confidential given its nature and the circumstances of disclosure, including the non-public features of the Service, security findings, pricing, and your account and exposure data.

• Each party agrees to use the other's Confidential Information only as necessary to exercise its rights and perform its obligations under these Terms, and to protect it using at least reasonable care.
• Neither party will disclose the other's Confidential Information to third parties except to its personnel, advisors, and contractors who need it and are bound by confidentiality obligations at least as protective as these.
• Confidential Information does not include information that is or becomes public through no fault of the receiving party, was rightfully known without obligation of confidentiality, is independently developed without use of the disclosing party's information, or is rightfully obtained from a third party.
• A party may disclose Confidential Information if required by law or legal process, provided it gives reasonable prior notice where lawful and cooperates in seeking protective treatment.

You acknowledge that intelligence and exposure data are highly sensitive, and you agree to treat all such data as Confidential Information and to restrict access to authorized personnel with a need to know.

11.11. Term, Termination, and Suspension

These Terms apply from the date you first accept them or first use the Service and continue until terminated as set out below or, for paid plans, until the end of your subscription term and any renewals.

• You may terminate by closing your account and ceasing use of the Service, subject to any minimum commitment in your plan. Termination does not entitle you to a refund of prepaid fees except where required by law.
• We may terminate or suspend your access, in whole or in part, immediately and without prior notice if you materially breach these Terms (including the Acceptable Use provisions), if required by law, or if your use poses a security, legal, or reputational risk to us, our other customers, or any third party.
• We may suspend access where reasonably necessary to investigate suspected violations, to address security incidents, for non-payment, or to comply with legal obligations or third-party source requirements.
• Either party may terminate for convenience at the end of the then-current subscription term by providing notice as required by the applicable plan, or at any time if no subscription term applies.

Upon termination, your right to access the Service ends, and we may deactivate your account and delete or de-identify your data in accordance with our retention practices and applicable law, except where retention is required by law. Provisions that by their nature should survive termination, including those on intellectual property, confidentiality, disclaimers, limitation of liability, indemnification, and governing law, survive.

12.12. Disclaimers of Warranties

To the maximum extent permitted by applicable law, the Service and all data, intelligence, and outputs are provided "as is" and "as available", with all faults and without warranties of any kind, whether express, implied, statutory, or otherwise.

• We expressly disclaim all implied warranties, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, accuracy, and any warranties arising from course of dealing or trade usage.
• We do not warrant that the Service will be uninterrupted, secure, error-free, or free of harmful components, or that it will detect all exposures, breaches, credentials, or threats relevant to you.
• We do not warrant the accuracy, completeness, reliability, authenticity, or currency of any third-party-sourced data, and we are not responsible for decisions or actions you take based on such data.
• No advice or information obtained from us or through the Service creates any warranty not expressly stated in these Terms.

Some jurisdictions do not allow the exclusion of certain warranties; in such cases, the exclusions apply to the fullest extent permitted by applicable law.

13.13. Limitation of Liability

To the maximum extent permitted by applicable law, in no event will NotifyBreach or its affiliates, officers, employees, agents, suppliers, or licensors be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, goodwill, data, or business opportunity, arising out of or relating to the Service or these Terms, whether based on contract, tort (including negligence), strict liability, or any other theory, even if advised of the possibility of such damages.

To the maximum extent permitted by applicable law, the total aggregate liability of NotifyBreach arising out of or relating to the Service or these Terms will not exceed the total fees paid or payable by you to NotifyBreach for the Service in the twelve (12) months immediately preceding the event giving rise to the liability or, where you use the Service free of charge, one hundred U.S. dollars (USD 100).

Nothing in these Terms excludes or limits liability that cannot be excluded or limited under applicable law, including liability for fraud, willful misconduct, or death or personal injury caused by negligence. The limitations in this Section reflect the allocation of risk between the parties and apply notwithstanding the failure of any limited remedy.

14.14. Indemnification

You agree to defend, indemnify, and hold harmless NotifyBreach and its affiliates, officers, directors, employees, agents, suppliers, and licensors from and against any claims, demands, actions, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or relating to:

• Your access to or use of the Service, including any data you obtain through it and any actions you take based on such data.
• Your breach of these Terms, including the Acceptable Use provisions and your representations regarding domain ownership or authorization.
• Your violation of any applicable law or regulation, including data protection, privacy, and computer-misuse laws.
• Your collection, use, retention, disclosure, or other processing of personal data, including Employee Data and breach data, including any claim by a data subject, regulator, or third party.
• Your infringement or misappropriation of any third-party intellectual property, privacy, or other right.

We will provide you with reasonable notice of any claim subject to indemnification and reasonable cooperation at your expense. You may not settle any claim in a manner that imposes any obligation or admission on NotifyBreach without our prior written consent.

15.15. Changes to These Terms

We may update or modify these Terms from time to time to reflect changes in the Service, our practices, or applicable law. When we make material changes, we will provide reasonable notice, such as by posting the updated Terms with a revised effective date or by notifying you through the Service or by email.

Changes become effective on the date stated in the updated Terms. Your continued access to or use of the Service after the effective date constitutes your acceptance of the updated Terms. If you do not agree to the updated Terms, you must stop using the Service and may terminate your account in accordance with these Terms.

16.16. Governing Law, Dispute Resolution, and Venue

These Terms and any dispute or claim arising out of or in connection with them, the Service, or their subject matter or formation (including non-contractual disputes or claims) are governed by and construed in accordance with the laws of India, without regard to its conflict-of-laws principles.

The parties will attempt in good faith to resolve any dispute informally before initiating formal proceedings. Either party may initiate this process by sending written notice describing the dispute to the other party.

Subject to any mandatory requirements of applicable law, the parties irrevocably submit to the exclusive jurisdiction of the courts located in Churu, Rajasthan, India for the resolution of any dispute that is not resolved informally, and each party waives any objection to venue in such courts. Nothing in this Section prevents either party from seeking injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property or Confidential Information.

17.17. General Provisions

• Entire Agreement: These Terms, together with any plan, order, Privacy Policy, and data processing terms referenced here, constitute the entire agreement between the parties regarding the Service and supersede all prior agreements on that subject.
• Assignment: You may not assign or transfer these Terms without our prior written consent. We may assign these Terms to an affiliate or in connection with a merger, acquisition, or sale of assets.
• Severability: If any provision is held unenforceable, it will be modified to the minimum extent necessary or severed, and the remaining provisions will remain in full force.
• No Waiver: Failure to enforce any provision is not a waiver of our right to enforce it later.
• Force Majeure: Neither party is liable for delay or failure to perform due to causes beyond its reasonable control.
• Notices: We may provide notices to you via the Service or your registered email; you must send notices to us at the contact details below.
• Relationship: The parties are independent contractors, and these Terms create no agency, partnership, or joint venture.
• Export and Sanctions: You agree to comply with all applicable export-control and sanctions laws in your use of the Service.

18.18. Contact

If you have questions about these Terms or the Service, please contact us:

• Operator: NotifyBreach, operated by InfoHash Private Limited
• Registered address: LADUN ROAD, CHUNGI NAKA KE PAAS SUJANGAD, CHURU, RAJASTHAN-331507, India
• General and support inquiries: [email protected]
• Privacy inquiries: [email protected]
• Data protection officer / representative: our Grievance Officer at [email protected]