Terms of Use

1. Definitions

For the purposes of these Terms of Use, the following definitions apply:

• "Platform" or "Service": The Defenzor software-as-a-service (SaaS) solution provided by Gila Security, including all features, APIs, and related services.
• "User": Any natural or legal person who registers and uses the Platform.
• "Domain": Any internet domain (e.g., example.com) registered by the User on the Platform for monitoring purposes.
• "Target": Any specific URL, subdomain, IP address, or endpoint associated with a registered Domain that will be subject to security analysis.
• "Passive Scan": Non-intrusive security analysis that collects publicly available information without sending potentially harmful requests to the Target.
• "Active Scan": Security analysis that involves direct interaction with the Target, including but not limited to header analysis, SSL/TLS verification, DNS record inspection, and configuration assessment.
• "DNS Verification Token": A unique cryptographic identifier that must be added to the Domain's DNS records to prove ownership and authorize scanning.
• "Audit Log": Immutable records of all actions performed on the Platform, maintained in compliance with SOC 2 and ISO 27001 controls.

2. Acceptance of Terms - Clickwrap Agreement

2.1 Nature of this Agreement

THIS IS A CLICKWRAP AGREEMENT. By clicking "I Accept", "I Agree", "Create Account", "Register Domain", or similar affirmative buttons, or by checking acceptance boxes presented during registration, domain registration, or use of the Service, you are electronically signing and entering into a legally binding contract with Gila Security.

This clickwrap mechanism constitutes your express, informed, and unambiguous consent to these Terms. Your affirmative action (clicking or checking) has the same legal force and effect as a handwritten signature under applicable Brazilian law (Law 14.063/2020 - Digital Signatures), the Brazilian Civil Code (Article 107), and international electronic signature laws including the US E-SIGN Act and EU eIDAS Regulation.

2.2 Record of Acceptance

Each time you accept these Terms or consent to specific actions (such as domain registration), the Platform records:

• The exact date and time (UTC) of your acceptance
• Your IP address at the time of acceptance
• The version of the Terms you accepted
• The specific action or button you clicked
• Your user agent (browser/device information)
• A unique transaction identifier

These records are stored in our immutable audit logs and may be used as evidence of your consent in any legal proceedings.

2.3 Binding Effect

By accessing, registering for, or using the Defenzor Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms of Use, our Privacy Policy, and any additional terms that may apply to specific features of the Service.

If you are accepting these Terms on behalf of a company, organization, or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms. In such case, "you" and "User" shall refer to such entity.

IF YOU DO NOT AGREE TO THESE TERMS, DO NOT CLICK "ACCEPT" AND DO NOT USE THE SERVICE. Your affirmative action and continued use of the Service constitutes your acceptance of these Terms and any updates thereto.

3. Service Description - Application Security Posture Management (ASPM)

Defenzor is an Application Security Posture Management (ASPM) platform that provides continuous security monitoring and assessment services. The Platform performs the following types of analysis:

3.1 Passive Analysis

Collection and analysis of publicly available information about your Domain, including DNS records, WHOIS data, certificate transparency logs, and other publicly accessible sources. The Platform may also receive and process external security signals configured by the User.

3.2 Active Analysis

Direct interaction with your Targets to assess security posture, including but not limited to: HTTP/HTTPS requests, SSL/TLS verification, availability monitoring, port scanning, asset discovery, and security configuration assessment.

4. Domain Registration and Ownership Verification

4.1 Registration Process

When you register a Domain on the Platform, you must:

• Provide accurate information about the Domain and its intended use
• Accept responsibility for all Targets associated with the Domain
• Acknowledge and consent to the scanning activities described in these Terms
• Complete the DNS verification process before active scanning begins

4.2 DNS Verification Requirement

MANDATORY OWNERSHIP VERIFICATION: Before any active scanning is performed on your Domain, you must prove ownership by adding a unique DNS TXT record provided by the Platform. This verification serves as:

• Proof of Ownership: Evidence that you have administrative control over the Domain's DNS configuration
• Express Authorization: Your explicit consent for Gila Security to perform security scans on the Domain and its associated Targets
• Legal Protection: Documentation that scanning activities were authorized by the Domain owner
• Audit Trail: A verifiable record of authorization maintained in our immutable audit logs

4.3 Consent Declaration

By completing DNS verification, you expressly declare and warrant that:

• You are the legal owner of the Domain, or you have been authorized by the legal owner to register it for security monitoring
• You have full authority to authorize security scans on the Domain and all associated Targets
• The security testing conducted by Defenzor does not violate any agreements you have with third parties (hosting providers, CDN services, etc.)
• You will notify relevant parties (IT team, hosting provider, security team) about the monitoring activities to prevent false-positive security alerts
• You assume full responsibility for any consequences arising from the security analysis

4.4 Re-verification

The Platform may periodically re-verify Domain ownership. If the DNS verification token is removed or the verification fails, active scanning will be suspended until ownership is re-confirmed.

5. Authorization and Scope of Security Testing

5.1 Express Authorization

By registering a Domain and completing DNS verification, you provide Gila Security with express, written authorization to:

• Access and analyze publicly available information about your Domain
• Send HTTP/HTTPS requests to your Targets for security assessment
• Verify SSL/TLS certificates and their configuration
• Query DNS servers for record information
• Perform email authentication protocol tests (SPF, DKIM, DMARC)
• Monitor uptime and availability through periodic requests
• Collect and analyze security headers and server responses
• Generate reports based on the collected security data

5.2 Scope Limitations

The Platform's security testing is limited to:

• Non-destructive analysis that does not modify, delete, or corrupt data
• Legitimate security assessment techniques that do not exploit vulnerabilities
• Requests that simulate normal user or client behavior
• Analysis of publicly exposed services and configurations

5.3 Exclusions

The Platform does NOT perform:

• Penetration testing or exploitation of vulnerabilities
• Denial of service (DoS) or distributed denial of service (DDoS) attacks
• Brute force password attacks or credential stuffing
• SQL injection, XSS, or other attack vector exploitation
• Unauthorized access to systems, networks, or data
• Social engineering or phishing attempts
• Any activity that could damage or disrupt Target systems

6. Audit System and Compliance

6.1 Immutable Audit Logs

The Platform maintains comprehensive, immutable audit logs in compliance with SOC 2 Type II and ISO 27001 controls. These logs record:

• User registration and authentication events
• Domain registration and DNS verification timestamps
• Consent acceptance records with IP address and user agent
• All scanning activities with timestamps and results
• Configuration changes and access to sensitive data
• API access and third-party integrations

6.2 Log Immutability

Audit logs are protected against modification or deletion through:

• Write-once storage mechanisms
• Cryptographic integrity verification
• Segregated access controls
• Regular integrity audits

6.3 Evidence for Legal Proceedings

Audit logs may be used as evidence in legal proceedings to demonstrate:

• User authorization for scanning activities
• Scope and nature of security tests performed
• Compliance with applicable laws and regulations
• Chain of custody for security findings

7. User Responsibilities and Warranties

7.1 User Warranties

By using the Service, you represent and warrant that:

• You are at least 18 years of age and have the legal capacity to enter into binding agreements
• You have the legal right and authority to submit each Domain for security monitoring
• Your use of the Service will not violate any applicable laws, regulations, or third-party rights
• You will not use the Service to circumvent security controls or for malicious purposes
• All information you provide is accurate, current, and complete
• You will maintain the confidentiality of your account credentials

7.2 Prohibited Uses

You agree NOT to:

• Register Domains you do not own or are not authorized to monitor
• Use the Platform to scan or attack third-party systems without authorization
• Attempt to bypass the DNS verification requirement
• Forge, manipulate, or falsify authorization records
• Use the Platform for competitive intelligence against unauthorized targets
• Share, sell, or transfer your account or authorization tokens
• Interfere with the Platform's security controls or audit mechanisms
• Use automated tools to create multiple accounts or bypass rate limits

8. Legal Compliance

8.1 Brazilian Law Compliance

The Platform operates in compliance with Brazilian laws, including but not limited to:

• Marco Civil da Internet (Law 12.965/2014): Respecting internet freedom, privacy, and security principles
• LGPD (Law 13.709/2018): General Data Protection Law compliance for personal data processing
• Brazilian Penal Code (Article 154-A): Authorization-based security testing to avoid "computer invasion" characterization
• Consumer Defense Code: Clear disclosure of services and consumer rights

8.2 International Compliance

For Users in other jurisdictions, the Platform is designed to comply with:

• GDPR (EU): European data protection requirements
• CFAA (US): Computer Fraud and Abuse Act - authorized access principles
• Computer Misuse Act (UK): Authorized security testing framework
• Cybercrime Convention (Budapest Convention): International cybersecurity standards

8.3 User's Legal Responsibility

You are solely responsible for ensuring that your use of the Service complies with all applicable laws in your jurisdiction. This includes:

• Obtaining any necessary consents from third parties affected by the monitoring
• Ensuring compliance with your organization's security policies
• Notifying relevant parties (hosting providers, CDN services) about security monitoring
• Complying with industry-specific regulations (HIPAA, PCI-DSS, etc.)

9. Limitation of Liability

9.1 Service Disclaimer

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. GILA SECURITY DOES NOT WARRANT THAT:

• The Service will meet your specific security requirements
• The Service will identify all vulnerabilities or security issues
• The Service will discover all assets, subdomains, or exposed services
• Security reports are complete, accurate, or error-free
• The Service will prevent security breaches or attacks
• All data breaches or credential leaks affecting your organization will be detected

9.2 Asset Discovery Disclaimer

You acknowledge and agree that:

• Asset discovery is performed on a best-effort basis using publicly available information
• Shadow IT, undocumented assets, or assets behind network restrictions may not be discovered
• The Platform cannot detect assets that are not publicly exposed or resolvable via DNS
• Port scanning may be limited by firewalls, rate limiting, or network configurations
• The User maintains ultimate responsibility for their complete asset inventory

9.3 Limitation of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, GILA SECURITY SHALL NOT BE LIABLE FOR:

• Any indirect, incidental, special, consequential, or punitive damages
• Loss of profits, data, business opportunities, or goodwill
• Damages arising from reliance on security reports or recommendations
• Third-party claims arising from your use of the Service
• Security breaches or vulnerabilities not detected by the Service
• Compromised assets that were not discovered or monitored by the Platform
• Data breaches or credential leaks not identified through our monitoring
• Service interruptions, delays, or errors

9.3 Maximum Liability

In no event shall Gila Security's total liability exceed the greater of: (a) the amount paid by you for the Service in the 12 months preceding the claim, or (b) R$ 1.000,00 (one thousand Brazilian Reais).

9.4 Essential Purpose

You acknowledge that the limitations set forth in this section reflect a reasonable allocation of risk and are a fundamental element of the basis of the bargain between you and Gila Security.

10. Indemnification

You agree to defend, indemnify, and hold harmless Gila Security, its officers, directors, employees, agents, licensors, and suppliers from and against any claims, actions, demands, liabilities, damages, costs, and expenses (including reasonable attorneys' fees) arising from or related to:

• Your use of the Service
• Your violation of these Terms
• Your violation of any third-party rights
• Registration of Domains without proper authorization
• False representations regarding Domain ownership
• Claims by third parties affected by your use of the Service
• Any security incidents resulting from your actions or omissions

This indemnification obligation shall survive the termination of your account and these Terms.

11. Data Protection and Privacy

Your use of the Service is also governed by our Privacy Policy, which describes how we collect, use, and protect your personal data. By using the Service, you consent to the data practices described in the Privacy Policy.

Security scan results and Domain data are processed and stored in accordance with LGPD (Brazil) and GDPR (EU) requirements, including:

• Data minimization and purpose limitation
• Encryption at rest and in transit
• Access controls and authentication
• Data retention policies and secure deletion
• User rights (access, rectification, deletion, portability)

12. Intellectual Property

All intellectual property rights in the Service, including but not limited to software, algorithms, user interface, documentation, trademarks, and trade secrets, are owned by Gila Security or its licensors.

You are granted a limited, non-exclusive, non-transferable license to use the Service in accordance with these Terms. This license does not include the right to:

• Copy, modify, or distribute the Service or its components
• Reverse engineer, decompile, or disassemble the Service
• Create derivative works based on the Service
• Remove or alter any proprietary notices
• Use the Service for competitive analysis

13. Term and Termination

13.1 Term

These Terms are effective from the date you first access the Service and remain in effect until terminated by either party.

13.2 Termination by User

You may terminate your account at any time by contacting us or using the account settings. Upon termination, your right to use the Service will immediately cease.

13.3 Termination by Gila Security

We may suspend or terminate your access to the Service immediately, without prior notice, if:

• You breach any provision of these Terms
• We receive a valid legal order or request from law enforcement
• We reasonably believe your use of the Service is fraudulent or illegal
• You fail to pay applicable fees
• Your continued use poses a security risk to the Platform or other users

13.4 Effect of Termination

Upon termination, the following provisions shall survive: Definitions, Limitation of Liability, Indemnification, Intellectual Property, Governing Law, and any provisions that by their nature should survive.

14. Governing Law and Dispute Resolution

14.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Federative Republic of Brazil, without regard to its conflict of law provisions.

14.2 Jurisdiction

Any dispute arising from or relating to these Terms shall be subject to the exclusive jurisdiction of the courts of the city of Florianópolis, State of Santa Catarina, Brazil. You waive any objection based on lack of personal jurisdiction, place of residence, improper venue, or forum non conveniens.

14.3 Alternative Dispute Resolution

Before initiating any legal proceedings, you agree to first attempt to resolve disputes through good-faith negotiation for a period of at least 30 days from the date of written notice of the dispute.

15. Modifications to Terms

We reserve the right to modify these Terms at any time. If we make material changes, we will notify you by:

• Posting the updated Terms on the Platform with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on the Platform

Material changes will become effective 30 days after notification, unless otherwise specified. Your continued use of the Service after the effective date constitutes acceptance of the modified Terms.

16. General Provisions

• Entire Agreement: These Terms, together with the Privacy Policy, constitute the entire agreement between you and Gila Security regarding the Service.
• Severability: If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
• Waiver: Failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision.
• Assignment: You may not assign or transfer these Terms without our prior written consent. We may assign these Terms without restriction.
• Force Majeure: Neither party shall be liable for delays or failures due to circumstances beyond their reasonable control.
• Notices: Notices to you may be sent to the email address associated with your account. Notices to us should be sent to [email protected].
• Language: These Terms are provided in English and Portuguese. In case of conflict, the Portuguese version shall prevail for Users in Brazil.

17. Contact Information

If you have questions about these Terms of Use, please contact us: