Terms of Service

1. Introduction and Acceptance

These Terms of Service ("Terms") constitute a legally binding agreement between you (whether as an individual or on behalf of the entity you represent) and BreachLine Labs Limited, a company registered in England and Wales ("BreachLine", "we", "us", or "our"). These Terms govern your access to and use of the Nebula platform and all related services, APIs, documentation, and tools provided by BreachLine.

By creating an account, accessing the Platform, or using any part of the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms in their entirety. If you are entering into these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms. If you do not have such authority, or if you do not agree with these Terms, you must not access or use the Service.

These Terms are governed by and construed in accordance with the laws of England and Wales. Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales, subject to the provisions set out in Section 16 below.

Nothing in these Terms affects any statutory rights that you may have as a consumer under the Consumer Rights Act 2015 or other applicable United Kingdom consumer protection legislation that cannot be excluded or limited by contract.

2. Definitions

In these Terms, the following words and expressions shall have the meanings set out below unless the context requires otherwise:

• "Service" means the Nebula autonomous penetration testing platform, including all software, APIs, integrations, documentation, reports, and related services provided by BreachLine.
• "Platform" means the web application, command-line tools, and any other interfaces through which the Service is accessed and operated.
• "Nebula" means BreachLine's proprietary AI-powered offensive security engine that performs automated penetration testing, vulnerability assessment, reconnaissance, exploitation testing, and reporting.
• "User" means any individual who accesses or uses the Service, whether as an account holder or as an authorised user under a Customer account.
• "Customer" means the individual or legal entity that has entered into a subscription agreement with BreachLine for use of the Service.
• "Scan" means any automated or semi-automated security assessment initiated through the Platform against a specified Target, including but not limited to quick scans, reconnaissance scans, full penetration tests, deep assessments, red team engagements, API security tests, web application tests, and network security assessments.
• "Target" means any system, network, application, API endpoint, domain, IP address, or other digital asset designated by the User for security testing through the Service.
• "Findings" means the vulnerabilities, security issues, misconfigurations, risk assessments, and other results identified during a Scan, including all associated reports, evidence, and remediation guidance.
• "Authorisation Evidence" means written documentation demonstrating that the User has lawful permission to conduct security testing on a Target, including but not limited to signed authorisation letters, scope agreements, or proof of asset ownership.
• "Subscription" means the paid plan under which the Customer accesses the Service, as set out in the applicable order form or online subscription agreement.
• "Personal Data" has the meaning given in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
• "Intellectual Property Rights" means all patents, copyrights, database rights, design rights, trade marks, trade secrets, know-how, and all other intellectual property rights, whether registered or unregistered, anywhere in the world.

3. Description of Service

Nebula is an AI-powered autonomous penetration testing platform designed to identify security vulnerabilities in systems, applications, and networks. The Service provides the following core capabilities:

• Automated Reconnaissance: Systematic discovery and enumeration of Target assets, including subdomains, open ports, running services, technology stacks, and publicly exposed information.
• Vulnerability Assessment: Identification and classification of security vulnerabilities across web applications, APIs, network infrastructure, and cloud configurations, with severity ratings aligned to industry standards (CVSS).
• Exploitation Testing: Controlled, safe exploitation of identified vulnerabilities to verify their exploitability and assess real-world impact, performed within sandboxed environments to minimise risk to Target systems.
• AI-Driven Analysis: Autonomous decision-making powered by artificial intelligence to determine testing strategies, prioritise attack vectors, chain vulnerabilities, and adapt testing approaches based on discovered information.
• Comprehensive Reporting: Detailed security reports including executive summaries, technical findings with proof-of-concept evidence, risk ratings, and actionable remediation guidance.
• Continuous Monitoring: Scheduled and recurring assessments to track security posture changes over time, detect new vulnerabilities, and verify that previously identified issues have been remediated.

The Service is provided on an "as is" and "as available" basis. Whilst BreachLine endeavours to deliver comprehensive and accurate security assessments, the Service does not guarantee the identification of all vulnerabilities present in a Target. Security testing is inherently probabilistic, and the absence of Findings does not certify that a Target is free from vulnerabilities. The Service is intended to supplement, not replace, a comprehensive information security programme.

4. Account Registration and Security

To access the Service, you must register for an account by providing accurate, current, and complete information as prompted by the registration process. You agree to maintain and promptly update your account information to keep it accurate, current, and complete at all times.

You are responsible for safeguarding the credentials used to access the Service, including passwords, API keys, and authentication tokens. You must not share your credentials with any third party. You agree to implement appropriate security measures, including the use of strong passwords and multi-factor authentication where available.

You are fully responsible for all activities that occur under your account, whether or not authorised by you. You must notify BreachLine immediately at legal@breachline.io upon becoming aware of any unauthorised use of your account or any other breach of security.

For enterprise and team accounts, the Customer is responsible for managing authorised Users, assigning appropriate roles and permissions, and ensuring that all Users under their account comply with these Terms. The Customer shall promptly remove access for any User who is no longer authorised to use the Service.

BreachLine reserves the right to disable any account, username, or password if, in our reasonable opinion, you have failed to comply with any provision of these Terms or if we reasonably suspect that account credentials have been compromised.

5. Authorised Use Only

Before initiating any Scan, you represent and warrant that:

• You are the lawful owner of the Target, or you have obtained explicit, written authorisation from the lawful owner to perform security testing on the Target.
• Your authorisation is current, has not been revoked, and covers the specific type and scope of testing you intend to conduct.
• The scope of your authorisation expressly permits the use of automated penetration testing tools, including AI-powered exploitation testing.
• You have verified that your testing will not violate any applicable laws, regulations, or contractual obligations, including but not limited to the Computer Misuse Act 1990, the Police and Justice Act 2006, and any applicable data protection legislation.
• You have taken reasonable steps to ensure that your testing will not adversely affect systems or services outside the agreed scope, including shared infrastructure, third-party services, or other tenants in multi-tenant environments.
• Where the Target is hosted by a third-party provider (e.g., cloud infrastructure), you have complied with that provider's acceptable use policies and penetration testing policies, and have obtained any required approvals.

BreachLine reserves the right to request Authorisation Evidence at any time and to suspend or terminate your account if satisfactory evidence is not provided within a reasonable timeframe. You must retain all Authorisation Evidence for a minimum of three (3) years following the completion of any Scan and make it available to BreachLine upon request.

You acknowledge and agree that BreachLine bears no responsibility whatsoever for determining whether your use of the Service is authorised. The sole and entire responsibility for ensuring lawful authorisation rests with you.

6. Acceptable Use Policy

You agree not to use the Service for any purpose that is unlawful, harmful, or otherwise objectionable, or in any manner that could damage, disable, overburden, or impair the Service. Without limiting the foregoing, you specifically agree not to:

• Conduct security testing on any system, network, or application without proper authorisation as set out in Section 5.
• Use the Service to launch denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against any Target or third-party system.
• Exfiltrate, copy, download, or retain any data from a Target beyond what is strictly necessary to demonstrate a vulnerability, unless expressly authorised in your scope agreement.
• Use the Service to distribute malware, ransomware, viruses, worms, or any other malicious software outside of the controlled testing environment.
• Attempt to gain unauthorised access to any part of the Platform, BreachLine's internal systems, other Users' accounts, or any systems not designated as a Target.
• Reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, algorithms, or underlying architecture of the Platform or Nebula engine, except to the extent that such activity is expressly permitted by applicable law (including the Copyright, Designs and Patents Act 1988).
• Resell, sublicense, redistribute, or make the Service available to any third party, except as expressly permitted under your Subscription terms.
• Use the Service, or any data derived from it, to build, train, or improve a competing product or service, whether directly or indirectly.
• Circumvent, disable, or interfere with any security, rate-limiting, or access-control features of the Platform.
• Use the Service in any manner that could bring BreachLine into disrepute or that could reasonably be expected to cause harm to any third party.
• Use the Service to test critical infrastructure systems (including healthcare, utilities, financial, or government systems) without appropriate regulatory approvals and risk mitigation measures in place.
• Automate access to the Service or use any robot, spider, scraper, or other automated means to access the Platform for any purpose, except through APIs expressly provided by BreachLine for that purpose.

BreachLine reserves the right to investigate and take appropriate action against any User who, in BreachLine's sole discretion, violates this Acceptable Use Policy, including removing content, suspending or terminating the User's account, and reporting the User to relevant law enforcement authorities.

7. User Responsibilities

As a User of the Service, you accept the following responsibilities:

• Authorisation Records: You must obtain, maintain, and securely store all Authorisation Evidence for every Target you test through the Service. Authorisation Evidence must be retained for a minimum of three (3) years and produced to BreachLine upon reasonable request.
• Legal Compliance: You must comply with all applicable laws and regulations, including but not limited to the Computer Misuse Act 1990, the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the Regulation of Investigatory Powers Act 2000, the Investigatory Powers Act 2016, the Police and Justice Act 2006, and any other applicable national or international legislation.
• Scope Management: You must clearly define and adhere to the agreed testing scope. If during a Scan you discover that testing may extend beyond the authorised scope (for example, by discovering interconnected systems owned by third parties), you must immediately halt the Scan and reassess your authorisation.
• Responsible Disclosure: If you discover vulnerabilities in BreachLine's own Platform or systems during your use of the Service, you must report them promptly and confidentially to legal@breachline.io. You must not publicly disclose, exploit, or share such vulnerabilities with any third party.
• Findings Security: You must treat all Findings as confidential information and implement appropriate technical and organisational measures to protect them from unauthorised access, disclosure, or loss. You must not share Findings with any party not authorised to receive them.
• Incident Notification: You must promptly notify BreachLine if you become aware of any security incident, data breach, or unauthorised access involving the Service or your account.
• Accurate Information: You must provide accurate and truthful information when configuring Scans, defining Targets, and specifying scope parameters. Misrepresentation of Target ownership or authorisation scope constitutes a material breach of these Terms.

8. Subscription and Payment

Access to the Service requires an active Subscription. The features, scan limits, and capabilities available to you depend on your chosen Subscription plan, as detailed on our pricing page or in your order form.

Billing Cycles: Subscriptions are available on monthly or annual billing cycles. Monthly Subscriptions are billed in advance on the same date each month. Annual Subscriptions are billed in advance for the full twelve-month period.

Auto-Renewal: All Subscriptions automatically renew at the end of each billing cycle unless you cancel before the renewal date. We will notify you by email at least fourteen (14) days before each annual renewal. Monthly Subscriptions renew without additional notice.

Cancellation: You may cancel your Subscription at any time through your account settings or by contacting us at legal@breachline.io. Cancellation takes effect at the end of the current billing cycle. You will retain access to the Service until the end of the period for which you have already paid.

Refund Policy: Monthly Subscriptions are non-refundable. For annual Subscriptions, if you cancel within the first thirty (30) days of the initial Subscription term, you are entitled to a full refund. After thirty (30) days, cancellation of an annual Subscription will result in a pro-rata refund for any full, unused months remaining in the Subscription term, less a reasonable administration fee. Refunds are not available where the account has been terminated for breach of these Terms.

Price Changes: BreachLine reserves the right to change Subscription prices. Any price increase will take effect at the start of your next billing cycle, and we will provide you with at least thirty (30) days' written notice before any price change. Your continued use of the Service after a price change constitutes acceptance of the new price.

VAT and Taxes: All prices are exclusive of Value Added Tax (VAT) and any other applicable taxes unless otherwise stated. If BreachLine is required to collect VAT or other taxes, these will be added to your invoice. Customers responsible for self-assessing VAT under the reverse charge mechanism must provide a valid VAT registration number.

Late Payment: If any payment is not received by the due date, BreachLine reserves the right to charge interest on the overdue amount at the rate of 4% per annum above the Bank of England base rate, in accordance with the Late Payment of Commercial Debts (Interest) Act 1998. BreachLine may also suspend access to the Service until all outstanding amounts are paid in full.

9. Intellectual Property

BreachLine's Intellectual Property: The Platform, Nebula engine, all associated software, algorithms, machine learning models, user interfaces, documentation, trade marks, logos, and all other materials provided by BreachLine are and shall remain the exclusive property of BreachLine Labs Limited or its licensors. These materials are protected by copyright, patent, trade mark, trade secret, and other Intellectual Property Rights under the laws of England and Wales, the United Kingdom, and international treaties.

Licence Grant to You: Subject to your compliance with these Terms and payment of applicable Subscription fees, BreachLine grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to access and use the Service solely for your internal business purposes during the term of your Subscription. This licence does not convey any ownership interest in the Service or any BreachLine Intellectual Property.

Your Data and Findings: You retain all ownership rights in the data you submit to the Service (including Target configurations and scope definitions) and in the Findings generated from your Scans. BreachLine claims no ownership over your scan data or Findings.

Licence Grant to BreachLine: You grant BreachLine a limited, non-exclusive, worldwide licence to process, store, and transmit your data solely as necessary to provide the Service to you. You further grant BreachLine the right to use anonymised and aggregated data derived from your use of the Service (which does not identify you, your organisation, or your Targets) for the purposes of improving the Service, training machine learning models, conducting research, and generating industry benchmarks. This aggregated data licence survives termination of these Terms.

Feedback: If you provide BreachLine with any feedback, suggestions, or ideas regarding the Service ("Feedback"), you assign to BreachLine all right, title, and interest in such Feedback. BreachLine is free to use, reproduce, modify, and distribute such Feedback without restriction or compensation to you.

10. Data Protection

BreachLine is committed to protecting your privacy and handling Personal Data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our processing of your Personal Data is governed by our Privacy Policy, which forms part of these Terms.

Data Controller and Processor: BreachLine acts as a data controller with respect to account information and usage data. Where the Service processes Personal Data contained within Targets or Findings on your behalf, BreachLine acts as a data processor and you act as the data controller.

Data Processing Agreement: Enterprise Customers who require BreachLine to process Personal Data on their behalf may enter into a separate Data Processing Agreement (DPA) that sets out the subject-matter and duration of processing, the nature and purpose of processing, the types of Personal Data processed, and the categories of data subjects. To request a DPA, please contact legal@breachline.io.

Data Security: BreachLine implements appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Article 32 of the UK GDPR. Details of our security measures are available upon request.

International Transfers: Where Personal Data is transferred outside the United Kingdom, BreachLine ensures that appropriate safeguards are in place, including the use of standard contractual clauses approved by the Information Commissioner's Office (ICO) or reliance on an adequacy decision, in accordance with Chapter V of the UK GDPR.

Your Rights: Under the UK GDPR, you have the right to access, rectify, erase, restrict processing of, and port your Personal Data, as well as the right to object to processing and the right not to be subject to automated decision-making. To exercise any of these rights, contact us at legal@breachline.io. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Your Obligations: Where your use of the Service involves the processing of Personal Data belonging to third parties (for example, Personal Data discovered during a Scan), you are solely responsible for ensuring that such processing is lawful, including obtaining any necessary consents and complying with all applicable data protection legislation.

11. Service Availability and SLA

Uptime Target: BreachLine targets 99.9% availability for the Platform, measured on a calendar month basis, excluding scheduled maintenance windows. This target represents a commercially reasonable endeavour and does not constitute a guarantee or warranty of uninterrupted availability.

Scheduled Maintenance: BreachLine may perform scheduled maintenance that requires temporary suspension of the Service. Where reasonably practicable, we will provide at least seventy-two (72) hours' advance notice of scheduled maintenance via email or in-platform notification, and will endeavour to schedule such maintenance during off-peak hours (between 02:00 and 06:00 GMT).

Emergency Maintenance: BreachLine may perform emergency maintenance without prior notice where necessary to address critical security vulnerabilities, prevent data loss, or maintain the integrity of the Service. We will notify affected Users as soon as reasonably practicable.

Service Credits: If the Platform availability falls below 99.9% in any calendar month (excluding scheduled maintenance and force majeure events), Customers on annual Subscription plans may request a service credit equal to 5% of their monthly Subscription fee for each full 0.1% of downtime below the 99.9% target, up to a maximum of 30% of the monthly Subscription fee. Service credit requests must be submitted in writing within thirty (30) days of the end of the affected calendar month. Service credits are your sole and exclusive remedy for any failure to meet the uptime target.

Force Majeure: BreachLine shall not be liable for any failure or delay in providing the Service caused by circumstances beyond our reasonable control, including but not limited to acts of God, natural disasters, pandemics, epidemics, war, terrorism, civil unrest, government actions, sanctions, embargoes, power failures, internet or telecommunications failures, cyberattacks on BreachLine's infrastructure, and failures of third-party service providers. If a force majeure event continues for more than ninety (90) days, either party may terminate the affected Subscription by written notice.

12. Limitation of Liability

Cap on Liability: Subject to the exclusions below, BreachLine's total aggregate liability to you under or in connection with these Terms (whether in contract, tort including negligence, breach of statutory duty, or otherwise) shall not exceed the total fees paid by you to BreachLine in the twelve (12) months immediately preceding the event giving rise to the claim.

Exclusion of Indirect Losses: To the maximum extent permitted by law, BreachLine shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to: loss of profits, revenue, or business; loss of data or data corruption; loss of goodwill or reputation; loss of anticipated savings; costs of procurement of substitute goods or services; business interruption; or any other indirect or consequential loss, howsoever arising and whether or not BreachLine has been advised of the possibility of such damages.

No Liability for Scan Outcomes: BreachLine shall not be liable for any damage, disruption, data loss, or adverse effect caused to any Target system as a result of security testing conducted through the Service, provided the Service was functioning materially as described. You acknowledge that penetration testing inherently carries risks and you accept full responsibility for any consequences of Scans you initiate.

No Liability for Completeness: BreachLine does not warrant that the Service will identify all vulnerabilities present in a Target. BreachLine shall not be liable for any loss or damage arising from vulnerabilities that the Service fails to detect, or from reliance on Findings as a complete assessment of a Target's security posture.

Exceptions: Nothing in these Terms shall exclude or limit BreachLine's liability for: (a) death or personal injury caused by our negligence; (b) fraud or fraudulent misrepresentation; (c) any breach of the terms implied by Section 12 of the Sale of Goods Act 1979 or Section 2 of the Supply of Goods and Services Act 1982; or (d) any other matter for which liability cannot lawfully be excluded or limited under English law.

Consumer Rights: If you are a consumer within the meaning of the Consumer Rights Act 2015, nothing in these Terms affects your statutory rights. Where the Service is provided to consumers, any limitation or exclusion of liability in these Terms applies only to the extent permitted by the Consumer Rights Act 2015 and other applicable consumer protection legislation.

13. Indemnification

You agree to indemnify, defend, and hold harmless BreachLine Labs Limited, its directors, officers, employees, agents, and affiliates from and against any and all claims, demands, actions, proceedings, losses, damages, costs, and expenses (including reasonable legal fees and disbursements) arising out of or in connection with:

• Your use of the Service to test any system without proper authorisation, including any claims brought by third parties whose systems were tested without their consent.
• Any breach by you of these Terms, including any violation of the Acceptable Use Policy or the Authorised Use requirements.
• Any violation by you of applicable law, including but not limited to the Computer Misuse Act 1990, the Data Protection Act 2018, and the UK GDPR.
• Any claim that your use of the Service infringes the Intellectual Property Rights or other rights of any third party.
• Any damage caused to a Target or any third-party system as a result of Scans initiated by you.
• Any data breach, security incident, or regulatory action arising from your failure to adequately protect Findings or other data obtained through the Service.

This indemnification obligation shall survive the termination or expiry of these Terms and your Subscription. BreachLine will provide you with prompt notice of any claim subject to indemnification and will cooperate with you, at your expense, in the defence of such claim. BreachLine reserves the right to assume the exclusive defence and control of any matter subject to indemnification, in which case you agree to cooperate with BreachLine in asserting any available defences.

14. Suspension and Termination

Suspension by BreachLine: BreachLine may suspend your access to the Service immediately and without prior notice if: (a) we reasonably suspect that your use of the Service violates these Terms, applicable law, or any third party's rights; (b) your account is being used for unauthorised security testing; (c) your use of the Service poses a security risk to the Platform or other Users; (d) suspension is required to comply with a court order, law enforcement request, or regulatory requirement; or (e) your account has overdue payments exceeding thirty (30) days. We will notify you of the suspension and the reasons for it as soon as reasonably practicable, unless prohibited by law.

Termination by BreachLine: BreachLine may terminate your account and these Terms: (a) immediately, by written notice, if you commit a material breach of these Terms that is incapable of remedy; (b) upon thirty (30) days' written notice if you commit a material breach of these Terms that is capable of remedy but which you fail to remedy within that thirty-day period; or (c) immediately if you become insolvent, enter administration, are wound up, or enter any analogous proceedings.

Termination by You: You may terminate your account and these Terms at any time by cancelling your Subscription through your account settings and providing written notice to BreachLine. Termination takes effect at the end of the current billing cycle.

Effect of Termination: Upon termination or expiry of these Terms: (a) your licence to use the Service immediately ceases; (b) you must cease all use of the Service; (c) BreachLine will make your Findings and scan data available for export for a period of thirty (30) days following termination, after which we may delete all your data from our systems; and (d) any provision of these Terms that expressly or by implication is intended to survive termination (including Sections 5, 9, 10, 12, 13, and 16) shall continue in full force and effect.

Data Export: During the thirty (30) day post-termination period, you may export your Findings, reports, and scan data through the Platform's export functionality or by requesting a data export from legal@breachline.io. BreachLine will provide data in a commonly used, machine-readable format. After the thirty-day period, BreachLine shall have no obligation to retain your data and may delete it in accordance with our data retention policies, subject to any legal or regulatory requirements to retain certain data.

15. Changes to Terms

BreachLine reserves the right to modify these Terms at any time. We will provide you with at least thirty (30) days' written notice of any material changes by email to the address associated with your account and by posting the updated Terms on the Platform with a revised "Last updated" date.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the modified Terms. If you do not agree to the modified Terms, you must stop using the Service and cancel your Subscription before the changes take effect. In such case, you may be entitled to a pro-rata refund for any unused portion of a pre-paid annual Subscription.

Changes that are purely clarificatory, correct typographical errors, or are required by law may be made with shorter notice or with immediate effect, and will be clearly identified as such.

16. Governing Law and Jurisdiction

These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.

The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or their subject matter or formation (including non-contractual disputes or claims).

Alternative Dispute Resolution: Before commencing court proceedings (except where injunctive or other urgent relief is sought), the parties agree to attempt to resolve any dispute through good faith negotiation for a period of not less than thirty (30) days. If the dispute is not resolved through negotiation, either party may refer the dispute to mediation administered by the Centre for Effective Dispute Resolution (CEDR) in accordance with CEDR's model mediation procedure. The mediation shall take place in London, England. If the dispute is not settled within sixty (60) days of referral to mediation (or such further period as the parties may agree in writing), either party may commence court proceedings.

Consumer Exception: If you are a consumer habitually resident in the United Kingdom, you may bring proceedings in the courts of the country in which you are domiciled, and nothing in this Section shall affect your right to do so.

17. Severability and Waiver

Severability: If any provision of these Terms is found by any court or competent authority to be invalid, unlawful, or unenforceable, that provision shall be deemed modified to the minimum extent necessary to make it valid, lawful, and enforceable. If such modification is not possible, the relevant provision shall be deemed deleted. Any modification to or deletion of a provision under this Section shall not affect the validity and enforceability of the remaining provisions of these Terms.

Waiver: No failure or delay by BreachLine in exercising any right, power, or remedy under these Terms shall operate as a waiver of that right, power, or remedy, nor shall any single or partial exercise of any right, power, or remedy preclude any other or further exercise of that or any other right, power, or remedy. A waiver of any right, power, or remedy under these Terms is only effective if given in writing and signed by an authorised representative of BreachLine, and shall not be deemed a waiver of any subsequent breach or default.

Entire Agreement: These Terms, together with our Privacy Policy and any applicable order form or Data Processing Agreement, constitute the entire agreement between you and BreachLine with respect to the subject matter hereof and supersede all prior agreements, representations, warranties, and understandings, whether written or oral.

Third Party Rights: These Terms do not confer any rights on any person or party (other than the parties to these Terms) pursuant to the Contracts (Rights of Third Parties) Act 1999.

Assignment: You may not assign, transfer, or sub-contract any of your rights or obligations under these Terms without BreachLine's prior written consent. BreachLine may assign or transfer its rights and obligations under these Terms to any affiliate or in connection with a merger, acquisition, corporate reorganisation, or sale of all or substantially all of its assets, provided that such assignment does not materially diminish the protections afforded to you under these Terms.

Notices: All notices under these Terms must be in writing and shall be deemed duly given when sent by email (with confirmation of receipt) or when delivered by a nationally recognised overnight courier service. Notices to BreachLine should be sent to legal@breachline.io. Notices to you will be sent to the email address associated with your account.

18. Contact

If you have any questions, concerns, or complaints about these Terms of Service or the Service, please contact us:

For data protection enquiries or to exercise your rights under the UK GDPR, please contact our Data Protection Officer at legal@breachline.io.

For security vulnerability reports relating to the BreachLine Platform itself, please email legal@breachline.io with the subject line "Security Vulnerability Report".