Terms of Service

These Terms govern your use of Panotect’s Email Threat Intelligence Service (the “Service”), provided by Panotect Ltd (“Panotect”, “we”). By purchasing a subscription and clicking “I accept” before delivery of any assessment report, you agree to these Terms. If you do not agree, do not use the Service.

1. The Service

Panotect’s Email Threat Intelligence Service performs a non-intrusive assessment of an organisation’s email security posture across DNS configuration, authentication protocols, encryption in transit, and subdomain exposure, and delivers reports tailored to leadership and technical audiences ("Assessment Reports").

The Service is intended for organisations, MSSPs, and authorised partners. It is not intended for individuals acting in a personal capacity.

2. Eligibility

To use the Service you must be acting on behalf of a legal entity, have authority to bind that entity, and provide accurate registration information. You are responsible for the confidentiality of your credentials and for activity under your account.

3. Subscription, Renewals, and Refunds

The Service is provided on an annual subscription, and each subscription covers a single Domain (as defined in Section 6). Pricing is set out on our Pricing page. Each additional Domain requires a separate subscription. Payment is due at purchase; prices exclude applicable taxes. We use third-party processors and do not store full card details.

Renewals. Subscriptions auto-renew unless cancelled before the renewal date. We give at least 30 days’ written notice before renewal. To cancel, email cancellations@panotect.com.

Refunds. Refunds are payable only where (a) you terminate for our uncured material breach, or (b) we terminate for convenience or cease to provide the Service; in each case, pro-rata for the unused portion. Section 4 may also provide a refund for late delivery. No refund applies on your termination for convenience, on our termination for your breach, or on termination resulting from events outside either party’s reasonable control.

4. Delivery

We will use commercially reasonable efforts to deliver the initial Assessment Report within 10 business days of payment and submission of the Domain to be assessed. If delivery is delayed by more than 15 business days due to causes within our reasonable control, your sole remedy is, at your election, an extension of the Subscription Term equal to the delay or a pro-rata refund for the undelivered portion.

5. Acceptable Use

You must not:

• Assess domains or infrastructure you do not own or are not authorised to assess;
• Reverse engineer, decompile, or extract any part of our methodology, algorithms, or proprietary systems, except to the extent applicable law prohibits such restriction;
• Resell or sublicense Assessment Reports, except under an active partner agreement;
• Submit Assessment Reports, or substantial portions, into any third-party generative AI, LLM, or ML service, except (i) services operated by you or your contractor under written confidentiality and no-training obligations equivalent to these Terms, or (ii) with our prior written consent;
• Use any information we provide, including Assessment Reports, for the benefit of any party other than the entity for which the Report was prepared, including by posting any Report online or uploading any Report to a public AI model;
• Use Assessment Reports to harass, threaten, or harm any third party;
• Introduce malicious code, conduct denial-of-service attacks, or attempt to gain unauthorised access to our systems; or
• Use the Service in violation of applicable law.

We may suspend or terminate access immediately if we reasonably believe you are in breach.

6. Scope of Assessment

“Domain” means a primary apex domain used for email (e.g., @example.com) that is not a Multi-Tenant Domain, together with all its active subdomains that Panotect’s proprietary algorithms and data sets discover. “Multi-Tenant Domain” means a domain name that functions as a shared namespace under which two or more organisations, business units, or users may independently control, configure, or operate subdomains, hosted domains, infrastructure, or security policies.

Each subscription covers one Domain. You represent and warrant that you own, or have appropriate authorisation to assess, the Domain submitted.

If we determine that a submitted domain is a Multi-Tenant Domain, we will notify you and give you the choice of which corresponding subdomain you would like the Report run for. You may then submit additional related subdomains on an individual basis, each as a separate subscription.

7. Intellectual Property

All intellectual property rights in the Service, including the assessment methodology, software, reports, scoring models, and threat categories, are owned by or licensed to Panotect. Upon payment, you receive a limited, non-exclusive, non-transferable right to use the Assessment Reports delivered to you for your internal business purposes. This right does not extend to redistribution, resale, public disclosure, or use to develop competing products or services.

8. Confidentiality

Each party will protect the other’s confidential information with the same degree of care it uses for its own (and at least a reasonable standard of care) and will use it only to perform or receive the Service. Assessment Reports are confidential information of both parties.

You may disclose Assessment Reports to your employees, contractors, professional advisors, insurers, regulators, board members, and bona fide prospective acquirers, provided each recipient is bound by written obligations of confidentiality substantially equivalent to those in this section, or by statutory or professional duties of confidentiality applicable to that recipient. You remain responsible for any breach by such recipients as if it were your own.

These obligations do not apply to information that becomes public through no fault of the receiving party, was already known, is independently developed, or is received from a third party without restriction. Where disclosure is required by law or binding legal process, the receiving party will, where lawful, give prompt notice and reasonable cooperation to seek protective relief.

These obligations survive termination for five (5) years, except for trade secrets, which remain protected for as long as they qualify as such under applicable law.

9. Data Protection

Each party will comply with the data protection laws applicable to it in connection with the Service. Our processing of personal data is described in our Privacy Policy. Where we process personal data on your behalf, our Data Processing Addendum applies and is incorporated by reference. It governs international transfers, retention, subprocessors, and the parties’ controller and processor obligations.

10. Information Security

We maintain administrative, physical, and technical safeguards to protect customer information processed in connection with the Service. Details, including current certifications, are set out in our Information Security Statement. A current subprocessors list is published online.

In the event of a confirmed security incident affecting your confidential information or personal data, we will notify you without undue delay and in any event within 72 hours of becoming aware of it. We will not use your confidential information, your personal data, or the contents of any Assessment Report to train, fine-tune, or otherwise improve any generative AI or machine learning model, except where the model is operated solely for your benefit and your data is segregated from any model accessible to other customers or third parties.

11. Disclaimers

The Service is provided "as is" and "as available". To the fullest extent permitted by law, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that assessment findings are exhaustive, that all vulnerabilities will be identified, or that the Service will be uninterrupted or error-free. Email security evolves rapidly: findings reflect the state of your infrastructure at the time of assessment, and periodic reassessment is recommended.

12. Limitation of Liability

Nothing in these Terms excludes or limits either party’s liability for (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, or (c) any other liability that cannot be excluded by law.

Subject to the paragraph above and the paragraph below, neither party is liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, goodwill, or business interruption; and our total aggregate liability in any 12-month period will not exceed the fees paid by you to us in the 12 months immediately preceding the event giving rise to the claim.

The exclusions and cap in the paragraph above do not apply to: (i) your payment obligations; (ii) your obligations under Section 5 (Acceptable Use), Section 7 (Intellectual Property), or Section 8 (Confidentiality); or (iii) either party’s indemnification obligations under Section 13.

13. Indemnification

You will indemnify Panotect against claims, damages, or losses arising from your breach of these Terms, your unauthorised assessment of third-party domains, or your use of the Service in violation of applicable law.

14. Termination

We may suspend or terminate access for breach, non-payment, or use that risks harm. You may terminate in accordance with Section 3 (refunds are governed there). On termination, your right to access the Service ceases. Sections 7, 8, 9, 10, 12, and 13 survive.

15. Governing Law

These Terms are governed by the laws of England and Wales. Disputes will first be subject to good-faith negotiation for 30 days. Subject to that requirement, the parties submit to the non-exclusive jurisdiction of the courts of Singapore for the resolution of any dispute arising under or in connection with these Terms. You agree that any claim or dispute will be brought only on an individual basis and not as a plaintiff or class member in any class, collective, or representative action.

16. Changes

We may update these Terms from time to time. Material changes will be notified by email and take effect on the date stated in the notice. Continued use after that date constitutes acceptance.

17. General

These Terms, together with our Privacy Policy, DPA, and Information Security Statement, are the entire agreement between the parties regarding the Service. If any provision is unenforceable, the remainder continues in effect. Failure to enforce a right is not a waiver. You may not assign without our consent; we may assign to an affiliate or in connection with a merger, acquisition, or sale of substantially all our assets. No third-party rights arise under the Contracts (Rights of Third Parties) Act 1999.

18. Contact

Questions: please contact us here.

End of Terms