Terms of Service

Last updated: April 4, 2026

These Terms of Service ("Terms") govern your use of secureless.ai and related services ("Service") operated by ebats solutions UG (haftungsbeschränkt), Viechtacher Str. 16, 10318 Berlin, Germany, registered at Amtsgericht Charlottenburg (Berlin) HRB 243939 B ("Secureless," "we," "us").

By creating an account or using the Service, you agree to these Terms. If you are using the Service on behalf of a company or other legal entity, you represent that you have authority to bind that entity to these Terms.

1. Service description

Secureless provides automated external security and compliance assessments of publicly accessible web domains. The Service analyzes publicly available information including DNS records, HTTP headers, SSL/TLS configurations, JavaScript resources, cookie behavior, and compliance indicators.

The Service is not a penetration test, a compliance audit, or legal advice. All assessments are based on externally observable data. No authentication is used, no access controls are bypassed, and no systems are exploited. The Service performs only actions equivalent to those of a standard web browser visiting publicly accessible pages.

Assessment reports identify externally observable findings and potential gaps. They do not constitute a SOC 2 examination, an ISO 27001 certification audit, a GDPR compliance assessment, or any form of professional legal or compliance opinion.

2. Account registration

You must provide accurate and complete information when creating an account. You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account. You must notify us immediately of any unauthorized access.

You must be at least 18 years old and have the legal capacity to enter into binding agreements. The Service is intended for business use. Consumer protection provisions (Verbraucherschutzrecht) do not apply to the extent that you are acting in your professional or commercial capacity.

3. Plans, billing, and cancellation

3.1 Plans

The Service is offered under various subscription plans as described on our pricing page. Free scans and one-time deep scans are also available as described on the website.

3.2 Billing

Paid subscriptions are billed monthly or annually in advance via Stripe. All prices are listed in Euros and are exclusive of applicable VAT (Umsatzsteuer), which will be added where required by law.

3.3 Monthly subscriptions

Monthly subscriptions renew automatically on each billing date. You may cancel a monthly subscription at any time. Cancellation takes effect at the end of the current billing period. No pro-rata refunds are provided for partial months.

3.4 Annual subscriptions

Annual subscriptions are billed for the full year in advance. You may cancel an annual subscription at any time, but cancellation takes effect at the end of the current annual billing period. No pro-rata refunds are provided for the remaining term. This reflects the discounted annual pricing.

3.5 Plan changes

You may upgrade your plan at any time. The price difference will be prorated for the remainder of your billing period. Downgrades take effect at the start of the next billing period.

3.6 Failed payments

If a payment fails, we will attempt to collect payment for up to 14 days. If payment remains unsuccessful, your account may be suspended. Suspended accounts cannot run new scans but retain access to historical scan data for 30 days after suspension.

3.7 Money-back guarantee

New subscriptions are eligible for a full refund within 14 days of the initial subscription purchase if you are not satisfied with the Service. This applies to the first subscription payment only and must be requested via email to info@secureless.ai.

4. Acceptable use

4.1 Permitted use

You may use the Service to:

  • Assess domains you own or are authorized to assess (vendor side).
  • Assess domains of your vendors, suppliers, or partners for the purpose of third-party risk management (company side).
  • Generate reports for internal use, compliance documentation, vendor evaluation, or sharing with the assessed vendor.

4.2 Prohibited use

You may not use the Service to:

  • Harass, threaten, or extort any third party based on assessment results.
  • Publicly disclose detailed assessment results (beyond the security grade) of domains you do not own without the consent of the domain owner.
  • Resell, redistribute, or white-label the Service or its output without prior written agreement.
  • Interfere with the operation of the Service, circumvent rate limits, or attempt to gain unauthorized access to any part of the Service.
  • Submit domains for scanning for the purpose of facilitating attacks against those domains.
  • Use the Service in any manner that violates applicable law.

4.3 Enforcement

We reserve the right to suspend or terminate your account if we determine, at our reasonable discretion, that you have violated these acceptable use provisions. Where possible, we will notify you and provide an opportunity to remedy the violation before suspension.

5. Domain verification (vendor side)

To use vendor-side features (continuous monitoring, trust badge, verification rescans), you must verify ownership or control of the domain. Verification methods include DNS TXT record, HTML file upload, or email verification to standard administrative addresses.

We may re-verify domain ownership periodically. If verification fails, scanning for that domain will be paused until ownership is re-confirmed.

6. Third-party domain scanning (company side)

The Service allows you to scan domains you do not own for the purpose of third-party risk management. By using this feature, you acknowledge that:

  • All data collected is publicly accessible and equivalent to what any web browser would observe.
  • You are responsible for your use of assessment results in accordance with Section 4.
  • Secureless is not liable for any claims arising from a third party's objection to being scanned, provided the scan was conducted within the scope of the Service.

If a domain owner requests removal from monitoring, we may, at our discretion, remove that domain from the Service and notify affected customers.

7. Intellectual property

7.1 Our intellectual property

The Service, including its software, methodology, scoring algorithms, detection logic, and documentation, is the intellectual property of ebats solutions UG. Nothing in these Terms grants you any rights to our intellectual property beyond the limited license to use the Service as described.

7.2 Assessment reports

Assessment reports generated for your account are licensed to you for your internal business use, including sharing with the assessed vendor, auditors, and compliance stakeholders. You retain no ownership of the underlying methodology, scoring logic, or detection techniques.

7.3 Your data

You retain ownership of all data you provide to the Service (account information, domain lists, configuration preferences). We use this data solely to operate the Service as described in our Privacy Policy.

8. Disclaimers

8.1 No guarantee of completeness

The Service identifies externally observable findings. It does not guarantee the detection of all security vulnerabilities, compliance gaps, or risks. A clean assessment does not mean a domain is secure or compliant.

8.2 Not professional advice

Assessment reports are informational. They do not constitute legal advice, compliance certification, professional security consulting, or any form of professional opinion. You should not rely solely on the Service for compliance decisions, and we recommend consulting qualified professionals for formal audits, legal opinions, and certification processes.

8.3 Accuracy

While we strive for accuracy, assessment results may contain false positives (issues reported that are not actually present) or false negatives (issues present that are not detected). We provide mechanisms to dispute findings, and we will correct confirmed inaccuracies.

8.4 Third-party data

Some assessment data is sourced from third-party services (certificate transparency logs, passive reconnaissance databases, breach databases). We do not guarantee the accuracy or completeness of third-party data.

8.5 Service availability

We aim to maintain high availability but do not guarantee uninterrupted access. Scheduled maintenance will be communicated in advance where possible. Scan processing times may vary based on target complexity and system load.

9. Limitation of liability

9.1 Liability cap

To the maximum extent permitted by law, the total aggregate liability of ebats solutions UG arising out of or related to these Terms or the Service shall not exceed the total amount paid by you to Secureless in the twelve (12) months preceding the event giving rise to the claim.

9.2 Exclusion of consequential damages

To the maximum extent permitted by law, ebats solutions UG shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, or business opportunities, regardless of whether such damages were foreseeable.

9.3 Mandatory liability

Nothing in these Terms excludes or limits liability for damages arising from intent (Vorsatz), gross negligence (grobe Fahrlässigkeit), injury to life, body, or health, or any other liability that cannot be excluded under German law.

9.4 Assessment-related liability

Secureless is not liable for any decisions made or actions taken by you based on assessment results, including vendor selection, contract decisions, compliance certifications, or security remediation.

10. Indemnification

You agree to indemnify and hold harmless ebats solutions UG from any claims, damages, losses, or expenses (including reasonable legal fees) arising from your use of the Service in violation of these Terms, including any claims from third parties whose domains you scanned.

11. Data protection

We process personal data in accordance with our Privacy Policy. By using the Service, you acknowledge that you have read and understood the Privacy Policy.

12. Term and termination

12.1 Term

These Terms are effective from the date you create an account or first use the Service and remain in effect until terminated.

12.2 Termination by you

You may terminate your account at any time by canceling your subscription and requesting account deletion via email to info@secureless.ai. Cancellation of billing follows the rules in Section 3.

12.3 Termination by us

We may terminate or suspend your account immediately if you materially breach these Terms. Where the breach is remediable, we will provide 14 days' notice and an opportunity to cure before termination.

12.4 Effect of termination

Upon termination, your access to the Service will be revoked. We will retain your scan data for 30 days after termination, during which you may request an export. After 30 days, scan data will be deleted. Account data will be retained as required by applicable law (including German commercial and tax retention requirements).

13. Changes to these Terms

We may update these Terms from time to time. We will notify you of material changes via email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms. If you do not agree, you may terminate your account before the changes take effect.

14. Governing law and jurisdiction

These Terms are governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG) and conflict of law provisions.

The exclusive place of jurisdiction for all disputes arising from or in connection with these Terms is Berlin, Germany, to the extent permitted by law.

15. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions shall remain in full force and effect. The unenforceable provision shall be replaced by a valid provision that most closely reflects the original intent.

16. Entire agreement

These Terms, together with the Privacy Policy, constitute the entire agreement between you and ebats solutions UG regarding the Service and supersede all prior agreements and understandings.

17. Contact

ebats solutions UG (haftungsbeschränkt)
Viechtacher Str. 16
10318 Berlin, Germany
E-Mail: info@secureless.ai