Platform Advisory Insights Contact Check Demo
Home / Legal / Terms of Service

Master Terms of Service

Last updated: April 10, 2026 | Effective date: April 10, 2026

This Master Terms of Service ("Agreement") is a binding legal contract between SecValley Inc. ("SecValley," "we," or "us"), and the entity or individual who registers for or accesses the Solutions ("Customer"). By clicking "I Agree," executing an Order Form that references this Agreement, or accessing the Solutions, Customer accepts this Agreement on behalf of itself and its Authorized Users.

If Customer does not agree to this Agreement, Customer must not access or use the Solutions.

This Agreement, together with any Order Forms constitutes the entire agreement between SecValley and Customer regarding the Solutions and supersedes all prior negotiations, representations, and agreements relating to the same subject matter.

1. Definitions

1.1. "Affiliate" means, with respect to a Party, any entity that directly, or indirectly through one or more intermediaries, controls, is controlled by, or is under common control with that Party. For purposes of this definition, "control" means the ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest in an entity.

1.2. "Authorized User" means any individual employee, contractor, or agent of Customer or its Affiliates who is authorized by Customer to access and use the Solutions under Customer's account, subject to the user limits specified in the applicable Order Form.

1.3. "Confidential Information" means all non-public information disclosed by one Party ("Discloser") to the other Party ("Recipient"), whether orally, in writing, or electronically, that is designated as confidential or that, given the nature of the information or the circumstances of disclosure, a reasonable person would understand to be confidential. Confidential Information does not include information that: (I) Is or becomes publicly available without breach of this Agreement; (II) Was known to Recipient before disclosure; (III) Is received from a third party without restriction; or (IV) Is independently developed by Recipient without use of Discloser's Confidential Information.

1.4. "Current Release" means the most recent generally available version of the Solutions that SecValley makes available to subscribing customers, including all updates, patches, and maintenance releases.

1.5. "Customer" means the entity or individual identified in the applicable Order Form, or, where no Order Form exists, the entity or individual who registers for an account and accepts this Agreement.

1.6. "Customer Data" means any data, information, content, or materials that Customer or its Authorized Users upload to, transmit through, store within, or generate using the Solutions. Customer Data does not include System Data.

1.7. "Documentation" means the user guides, online help, release notes, training materials, and other technical documentation that SecValley makes generally available to its customers.

1.8. "Intellectual Property Rights" means all patents, copyrights, moral rights, trademarks, trade secrets, and any other form of intellectual property rights recognized in any jurisdiction.

1.9. "Fees" means the subscription fees, usage-based charges, professional services fees, and any other amounts payable by Customer to SecValley as set forth in the applicable Order Form.

1.10. "Order Form" means a written or electronic ordering document executed by both Parties that references this Agreement and specifies the Solutions, Subscription Term, Fees, user or asset limits, and other commercial terms.

1.11. "Party" means SecValley or Customer, as applicable. "Parties" means SecValley and Customer collectively.

1.12. "Preview Features" means any features, functionality, modules, or solutions designated by SecValley as "alpha", "beta", "preview", "evaluation", "early access", "labs", or similar terminology.

1.13. "Solutions" means SecValley's proprietary cloud security posture management (CSPM), security posture assessment, compliance dashboard, Kai insight tools, and related software-as-a-service applications, as specified in the applicable Order Form.

1.14. "Subscription Term" means the period during which Customer is authorized to access and use the Solutions, as specified in the applicable Order Form, including any renewal periods.

1.15. "System Data" means technical and operational data generated by or collected through the Solutions relating to performance, operation, and use of the Solutions. System Data does not include Customer Data.

1.16. "Partner" means an authorized SecValley partner, such as a reseller.

1.17. "Third-Party Products" means third-party products, applications, services, software, networks, or other systems that link to the Solutions through SecValley open API.

1.18. "Third-Party Service" means a third party that manages the installation, onboarding, operation of, or access to, the Solutions on Customer's behalf.

2. License and Use of Solutions

2.1. License Grant to Customer. Subject to Customer's compliance with this Agreement and payment of all applicable Fees, SecValley grants Customer a non-exclusive, non-transferable, non-sublicensable (except to Authorized Users), worldwide license to access and use the Solutions and Documentation during the Subscription Term, solely for Customer's internal business purposes and in accordance with the scope specified in the applicable Order Form.

2.2. License to Customer Data. Customer grants SecValley a non-exclusive, worldwide, royalty-free license to host, store, process, display, transmit, and use Customer Data solely as necessary to provide, maintain, and improve the Solutions. This license terminates upon the later of: (I) Expiration or termination of this Agreement; or (II) SecValley's completion of its data return and deletion obligations under Section 12.3.

2.3. System Data License. Customer agrees that SecValley may collect, use, and analyze System Data for purposes of operating, improving, and enhancing the Solutions, developing new products and features, and generating benchmarking and industry reports, provided that SecValley does not publicly disclose System Data in a manner that identifies Customer without Customer's prior written consent.

2.4. Authorized Users. Customer is responsible for ensuring that all Authorized Users comply with the terms of this Agreement. Customer shall not permit access to the Solutions by any individual who is not an Authorized User. Customer is responsible for all activities that occur under its account.

2.5. Use Restrictions. Customer shall not, and shall not permit any Authorized User or third party to:

  1. Copy, modify, adapt, translate, or create derivative works based on the Solutions, except as expressly permitted by this Agreement;
  2. Reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code, algorithms, or underlying structure of the Solutions;
  3. Sublicense, sell, resell, transfer, assign, rent, lease, lend, or otherwise distribute the Solutions to any third party;
  4. Remove, alter, or obscure any proprietary notices, labels, or marks on the Solutions or Documentation;
  5. Use the Solutions to develop a competing product or service, or to perform competitive analysis or benchmarking;
  6. Interfere with or disrupt the integrity, performance, or availability of the Solutions;
  7. Access the Solutions in order to build a similar or competitive product or service;
  8. Use the Solutions to store or transmit any malicious code, viruses, or harmful data;
  9. Exceed the scope, user limits, or asset limits specified in the applicable Order Form; or
  10. Use the Solutions in violation of applicable law or in a manner that infringes the rights of any third party.

2.6. Acceptable Use Policy.

3. Evaluations, Preview Features

3.1. Evaluation Access. SecValley may make certain Solutions available on a free trial, proof-of-concept, or evaluation basis ("Evaluation"). Evaluations shall not be used for production purposes unless expressly authorized.

3.2. Evaluation Term. Unless otherwise agreed, each Evaluation shall be limited to thirty (30) days. SecValley may extend the Evaluation Period at its discretion or terminate any Evaluation at any time.

3.3. Evaluation "As-Is." ALL EVALUATIONS ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTY OF ANY KIND. SECVALLEY DISCLAIMS ALL WARRANTIES WITH RESPECT TO EVALUATIONS.

3.4. Evaluation Liability Cap. SECVALLEY'S TOTAL AGGREGATE LIABILITY FOR ANY CLAIMS ARISING OUT OF AN EVALUATION SHALL NOT EXCEED ONE HUNDRED U.S. DOLLARS ($100.00).

3.5. Feedback. If Customer provides Feedback, Customer hereby assigns to SecValley all right, title, and interest in such Feedback. SecValley may use, incorporate, and commercialize Feedback without restriction or compensation.

3.6. Preview Features. Preview Features are provided for evaluation and testing purposes only. SecValley may modify, suspend, or discontinue any Preview Feature at any time without notice or liability.

4. Ownership and Reservation of Rights

4.1. SecValley Ownership. SecValley retains all right, title, and interest in and to the Solutions, Documentation, System Data, and all related technology and intellectual property ("SecValley IP"). No rights are granted to Customer except as expressly set forth in this Agreement.

4.2. Customer Ownership. Customer retains all right, title, and interest in and to Customer Data and all intellectual property rights therein.

4.3. System Data. SecValley owns all right, title, and interest in System Data. SecValley may use System Data in accordance with Section 2.3.

4.4. No Implied Licenses. Except for the express licenses granted in this Agreement, neither Party grants the other any license or interest in its intellectual property.

5. Subscription and Billing

5.1. Fees and Payment. Customer shall pay all Fees specified in the applicable Order Form. Unless otherwise stated, Fees are invoiced annually in advance and are due within thirty (30) calendar days. All Fees are stated in U.S. dollars and are exclusive of taxes.

5.2. Late Payment. Undisputed amounts not paid when due shall accrue interest at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law.

5.3. Non-Refundable Fees. Except as expressly provided in Sections 7.2, 9.4, 11.1, or 12.2, all Fees are non-refundable once paid.

5.4. Suspension for Non-Payment. If undisputed Fees remain unpaid for more than fifteen (15) calendar days after their due date, SecValley may suspend Customer's access upon written notice.

5.5. Subscription Term and Renewal. Unless either Party provides written notice of non-renewal at least sixty (60) calendar days before the end of the then-current Subscription Term, the subscription shall automatically renew for successive periods.

5.6. Price Changes at Renewal. SecValley shall provide at least ninety (90) calendar days' written notice before any increase in Fees. Fee increases shall not exceed five percent (5%) per year unless otherwise agreed.

5.7. Modifications to this Agreement.

5.8. True-Up. If Customer's actual usage exceeds the limits specified in the Order Form, SecValley shall invoice Customer for the overage at the applicable rates.

6. Confidentiality

6.1. Obligations. Each Party shall: (I) Hold the other Party's Confidential Information in strict confidence; (II) Not disclose Confidential Information to any third party except as expressly permitted; and (III) Use Confidential Information only for purposes of performing obligations under this Agreement.

6.2. Permitted Disclosures. A Party may disclose Confidential Information to its employees, contractors, Affiliates, advisors, and legal counsel who have a need to know, provided they are bound by confidentiality obligations. A Party may also disclose to the extent required by applicable law, provided it gives the other Party prompt written notice.

6.3. Injunctive Relief. Each Party acknowledges that unauthorized disclosure may cause irreparable harm. Either Party may seek injunctive or other equitable relief without the obligation to post a bond.

6.4. Duration. Confidentiality obligations survive expiration or termination for two (2) years, except that obligations with respect to trade secrets continue for as long as such information retains trade secret status.

7. Representations, Warranties and Remedies

7.1. SecValley Warranties. SecValley represents and warrants that: (I) The Solutions in their Current Release will perform materially in conformity with the Documentation; (II) SecValley has the legal authority to enter into this Agreement; (III) SecValley will comply with applicable laws; and (IV) SecValley will use commercially reasonable efforts to ensure the Solutions do not contain malicious code.

7.2. Warranty Remedies. If Customer notifies SecValley of a reproducible breach of the warranty in Section 7.1(I) within thirty (30) days, SecValley shall, at its option: (I) Correct the non-conformity; (II) Provide a reasonable workaround; (III) Replace the non-conforming component; or (IV) If unable to remedy within ninety (90) days, either Party may terminate and SecValley shall refund pro-rata prepaid Fees.

7.3. Security Product Disclaimer.

CUSTOMER ACKNOWLEDGES THAT NO SECURITY PRODUCT, INCLUDING THE SOLUTIONS, CAN GUARANTEE THE DETECTION OF ALL VULNERABILITIES, THREATS, MISCONFIGURATIONS, OR COMPLIANCE VIOLATIONS. THE SOLUTIONS ARE DESIGNED TO ASSIST CUSTOMER IN IDENTIFYING AND MANAGING SECURITY RISKS, BUT THEY DO NOT ELIMINATE SUCH RISKS. CUSTOMER REMAINS SOLELY RESPONSIBLE FOR ITS OWN SECURITY POSTURE AND COMPLIANCE OBLIGATIONS.

CUSTOMER ACKNOWLEDGES THAT SECURITY SCANNING INHERENTLY INVOLVES THE POSSIBILITY OF BOTH FALSE POSITIVES AND FALSE NEGATIVES. CUSTOMER SHALL INDEPENDENTLY VERIFY ALL FINDINGS BEFORE TAKING ACTION. SECVALLEY SHALL NOT BE LIABLE FOR ANY LOSS ARISING FROM RELIANCE ON SCAN RESULTS WITHOUT INDEPENDENT VERIFICATION.

ANY GUIDANCE, RECOMMENDATIONS, OR INSIGHTS PROVIDED THROUGH THE SOLUTIONS (INCLUDING KAI FEATURES) ARE INFORMATIONAL ONLY AND DO NOT CONSTITUTE PROFESSIONAL SECURITY CONSULTING, LEGAL ADVICE, OR REGULATORY COMPLIANCE CERTIFICATION.

7.4. General Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN SECTION 7.1, THE SOLUTIONS AND DOCUMENTATION ARE PROVIDED "AS IS" AND "AS AVAILABLE." SECVALLEY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, AVAILABILITY, OR QUIET ENJOYMENT.

7.5. Customer Representations. Customer represents and warrants that: (I) Customer has legal authority to enter into this Agreement; (II) Customer owns or has the necessary rights to provide Customer Data; (III) Customer's use will comply with applicable laws; and (IV) Customer has obtained all authorizations necessary to scan designated target systems.

8. Security and Data Protection

8.1. Security Program. SecValley shall maintain an information security program including: (I) Encryption of Customer Data in transit and at rest using industry-standard encryption protocols and algorithms; (II) Access controls with least-privilege principles and multi-factor authentication for administrative access; (III) Regular security assessments and audits; (IV) Network security measures including segmentation and threat detection; (V) Logging and monitoring of access to systems containing Customer Data; (VI) Business continuity and disaster recovery procedures; and (VII) Secure software development lifecycle practices. SecValley's current security practices are described in detail in the Technical and Organizational Measures annex to the Data Processing Agreement.

8.2. Compliance Verification. Upon Customer's written request (no more than once per twelve months), SecValley shall provide evidence of its adherence to the security program.

8.3. Security Incident Notification. SecValley shall notify Customer without unreasonable delay, and in no event later than seventy-two (72) hours after becoming aware, of any Security Incident.

8.4. SecValley Obligation. SecValley shall not process Customer Data other than to provide the Solutions in accordance with this Agreement and applicable law.

8.5. Customer Obligation. Customer shall instruct SecValley to process Customer Data to provide the Solutions in accordance with this Agreement and warrant that the relevant controller has provided all notices and obtained all consents required by applicable law.

8.6. Data Location. SecValley shall process and store Customer Data within the geographic region specified in the Order Form or, if none specified, within the United States.

8.7. Return and Deletion of Customer Data. SecValley retains Customer Data as follows:

9. Service Levels and Availability

9.1. Uptime Commitment. SecValley shall use commercially reasonable efforts to maintain availability of at least ninety-nine and nine-tenths percent (99.9%) during each calendar month.

9.2. Exclusions. The Uptime Commitment does not apply to: scheduled maintenance (with 48 hours notice), Force Majeure Events, third-party failures, Customer breach, Customer environment issues, Customer-requested changes, or outages of Microsoft Azure infrastructure services or other third-party cloud platforms on which the Solutions depend.

9.3. Service Credits.

Service Credits must be requested within thirty (30) calendar days. Maximum total Service Credits per month: fifteen percent (15%) of monthly Fees.

9.4. Chronic Failure. If SecValley fails to meet the Uptime Commitment for three (3) or more calendar months during any consecutive six (6) month period, Customer may terminate and receive a pro-rata refund.

10. Limitation of Liability

10.1. Exclusion of Certain Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, BUSINESS OPPORTUNITIES, GOODWILL, DATA, OR USE.

10.2. General Liability Cap. EXCEPT FOR EXCLUDED CLAIMS, EACH PARTY'S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

10.3. Elevated Cap for Data Protection. FOR CLAIMS ARISING FROM BREACH OF CONFIDENTIALITY (SECTION 6) OR SECURITY AND DATA PROTECTION (SECTION 8), THE AGGREGATE LIABILITY CAP IS TWENTY-FOUR (24) MONTHS OF FEES.

10.4. Exclusions from Caps. The limitations do not apply to: (I) Indemnification obligations; (II) Fraud, willful misconduct, or gross negligence; (III) Customer's payment obligations; (IV) Customer's breach of Use Restrictions or Acceptable Use; (V) IP infringement or misappropriation; or (VI) Liability that cannot be limited under applicable law.

10.5. Basis of the Bargain. THE LIMITATIONS IN THIS SECTION REFLECT A REASONABLE ALLOCATION OF RISK AND ARE AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES.

10.6. Statute of Limitations. ANY CLAIM MUST BE COMMENCED WITHIN EIGHTEEN (18) MONTHS AFTER THE CLAIMING PARTY FIRST KNEW OR REASONABLY SHOULD HAVE KNOWN OF THE FACTS GIVING RISE TO THE CLAIM.

11. Indemnification

11.1. SecValley Indemnification. SecValley shall defend, indemnify, and hold harmless Customer against any third-party claim alleging that the Solutions infringe a valid United States patent, copyright, trademark, or trade secret ("IP Claim").

11.2. Exclusions. SecValley's indemnification obligation does not apply to claims arising from: Customer modifications, combination with third-party products, unauthorized use, continued use after a non-infringing replacement is available, or use of a non-current version.

11.3. Remediation. If the Solutions become subject to an IP Claim, SecValley may: (I) Procure the right to continue using; (II) Modify to make non-infringing; or (III) Replace with a functionally equivalent alternative. If none are commercially practicable, SecValley may terminate and refund pro-rata prepaid Fees.

11.4. Customer Indemnification. Customer shall defend and indemnify SecValley against third-party claims arising from: (I) Customer Data; (II) Material breach of Use Restrictions or Acceptable Use; or (III) Customer's violation of applicable law.

11.5. Indemnification Procedures. The indemnified Party must: (I) Provide prompt written notice; (II) Grant sole control of defense and settlement; and (III) Provide reasonable cooperation at the indemnifying Party's expense.

11.6. Sole Remedy. THIS SECTION STATES EACH PARTY'S SOLE AND EXCLUSIVE OBLIGATIONS AND REMEDIES WITH RESPECT TO THE CLAIMS DESCRIBED HEREIN.

12. Term, Termination, and Effects

12.1. Term. This Agreement commences on the Effective Date and continues until all Subscription Terms have expired or been terminated.

12.2. Termination.

12.3. Data Return and Deletion.

12.4. Effects of Termination. Upon termination: (I) All licenses terminate; (II) Customer shall cease use; (III) Customer shall revoke or delete the service principal and any App Registration created for SecValley within fourteen (14) days; (IV) Each Party shall return or destroy Confidential Information; (V) Customer shall pay all accrued Fees. Sections 1, 4, 5.2, 5.3, 6, 7.3, 7.4, 10, 11, 12.3, 12.4, and 13 survive termination.

13. General Provisions

13.1. Governing Law. This Agreement shall be governed by the laws of the State of Delaware, without regard to conflict of law principles.

13.2. Dispute Resolution. The Parties shall first attempt good-faith negotiation for thirty (30) days. If unresolved, the Parties may submit to non-binding mediation in Wilmington, Delaware. If still unresolved after sixty (60) days, either Party may pursue litigation in the courts specified in Section 13.3.

13.3. Venue and Jurisdiction. Each Party submits to the exclusive jurisdiction of the state and federal courts located in New Castle County, Delaware.

13.4. Publicity. Customer grants SecValley permission to use Customer's name and logo on marketing materials, subject to Customer's right to opt out at any time. SecValley shall not issue press releases or case studies without Customer's prior written consent.

13.5. Assignment. Neither Party may assign this Agreement without the other's prior written consent, except to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets.

13.6. Notices. All notices shall be in writing and deemed given upon delivery if delivered personally, upon confirmed receipt if sent by email, one (1) business day after overnight courier deposit, or three (3) business days after certified mail deposit.

13.7. Severability. If any provision is held invalid, it shall be modified to the minimum extent necessary to be enforceable, or severed if modification is not possible.

13.8. Waiver. No failure or delay in exercising any right shall operate as a waiver. A waiver of any breach shall not constitute a waiver of any subsequent breach.

13.9. Entire Agreement. This Agreement, together with all Order Forms and expressly referenced exhibits, constitutes the entire agreement. Pre-printed terms on any purchase order are expressly rejected.

13.10. Force Majeure. Neither Party shall be liable for delay or failure due to causes beyond reasonable control (Force Majeure Events). Cyber events qualify only if they exploit unknown vulnerabilities, are industry-wide in scale, and SecValley maintained practices consistent with Section 8.1. If a Force Majeure Event continues for more than sixty (60) days, either Party may terminate and SecValley shall refund pro-rata prepaid Fees.

13.11. Independent Contractors. The Parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, or employment relationship.

13.12. Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

13.13. Export Compliance. Customer shall comply with all applicable export control and sanctions laws and regulations.

13.14. Anti-Corruption. Each Party represents it has not and will not offer any bribe, kickback, or improper payment in connection with this Agreement.

13.15. Insurance. SecValley shall maintain, at its own expense, commercially reasonable insurance coverage, including commercial general liability, professional liability (errors and omissions), and cyber liability insurance. Upon Customer's written request, SecValley shall provide a certificate of insurance evidencing current coverage.

13.16. Counterparts and Electronic Execution. Order Forms may be executed in counterparts. Electronic signatures shall have the same legal effect as original signatures.

13.17. Headings. Section headings are for convenience only.

13.18. Construction. This Agreement shall be construed fairly without regard to any presumption against the drafting Party. "Including" means "including but not limited to."

14. Contact

SecValley Inc.