Terms & Conditions

Terms and Conditions

1. Service Definition

DarkInvader is engaged by the Client to perform continuous monitoring and intelligence-gathering activities across the internet, including the dark web, to identify data that could pose potential threats to the Client’s business systems, brand, or employees. As part of this service, the Client will receive access to DarkInvader’s EASM platform, which highlights publicly visible exposures and associated risks that may require mitigation.

Where a risk is identified, DarkInvader will provide relevant context to help the Client understand the nature and potential impact of the threat. Where feasible, DarkInvader will also offer recommendations for risk remediation. For the avoidance of doubt, DarkInvader does not guarantee the identification of all risks associated with the Client’s external attack surface, employees, domains, or brand assets.

Additionally, the Client may utilise DarkInvader’s automated scanning technology to map and monitor its public-facing attack surface. The Client acknowledges and accepts the following conditions when using this technology:

• Potential Impact on Systems: Automated scans may, in certain circumstances, affect the performance or availability of systems or applications. The Client accepts full responsibility for using the service with this understanding.
• Authorisation of Scanning Activities: The Client confirms that it will only use the scanning technology on digital assets that it owns or for which it has obtained explicit legal authorisation to scan. The Client acknowledges that scanning unauthorised digital assets may constitute a criminal offence under applicable laws.
• Sensitive Nature of Collected Data: The Client understands that the intelligence gathered through DarkInvader’s services may include highly sensitive information, including personal data. The Client agrees to handle such information responsibly and in compliance with all applicable data protection laws and regulations.

2. Limitation of Liability

2.1 Exclusion of Liability

DarkInvader shall not be liable for any losses, damages, or claims suffered by the Client arising from actions, omissions, misrepresentations, or errors made by the Client or by third parties acting on the Client’s behalf.

2.2 Limitation of Financial Liability

This Agreement defines the maximum extent of DarkInvader’s financial liability to the Client, including liability for the acts or omissions of its employees, agents, and subcontractors. This limitation applies to any claims arising from:

• The provision of services or software, in whole or in part;
• The use of such services and/or software by the Client;
• Any breach of contract, misrepresentation, negligent act, or omission (including breach of statutory duty) arising under or in connection with this Agreement.

2.3 Warranties and Conditions

Except as expressly set out in this Agreement, all implied warranties, conditions, representations, and other terms are excluded to the fullest extent permitted by law. Nothing in this Agreement limits or excludes DarkInvader’s liability for:

• Death or personal injury caused by its negligence;
• Fraud or fraudulent misrepresentation;
• Any other liability which cannot be limited or excluded under applicable law.

2.4 Service-Related Liabilities

DarkInvader shall not be liable for any loss, damage, or disruption caused by:

• System Performance Issues: Loss of performance, availability, or functionality of the Client’s systems, networks, or applications resulting from the use of DarkInvader’s services;
• Network/System Impact: Issues triggered in the Client’s networks, systems, or applications, unless such issues are directly caused by DarkInvader’s proven negligence.

2.5 Excluded Losses

DarkInvader shall not be liable, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any:

• Loss of profits, revenue, business, contracts, or anticipated savings;
• Loss of goodwill, reputation, or business opportunity;
• Loss or corruption of data or information;
• Any indirect, incidental, special, punitive, exemplary, or consequential loss or damage, including purely economic loss, costs, damages, charges, or expenses, even if foreseeable.

2.6 Total Aggregate Liability

The total aggregate liability of DarkInvader to the Client, whether in contract, tort (including negligence or breach of statutory duty), misrepresentation, or otherwise, shall be limited to the lesser of:

• The total fees paid or payable by the Client to DarkInvader under this Agreement in the 12 months immediately preceding the event giving rise to the claim; or
• £50,000 (fifty thousand pounds).

2.7 Notification and Mitigation

The Client shall:

• Promptly notify DarkInvader in writing of any claim or issue arising from the use of the services that could give rise to a liability claim;
• Take all reasonable steps to mitigate any losses, damages, or costs incurred, including following any reasonable instructions provided by DarkInvader to limit the impact of such events.

2.8 Amendment of Terms

DarkInvader reserves the right to amend this Limitation of Liability clause. Any changes will be communicated to the Client in writing, with such amendments taking effect from the date of notification unless otherwise specified.

2.9 Governing Law

This Agreement and any disputes or claims (including non-contractual disputes or claims) arising out of or in connection with it, its subject matter, or its formation shall be governed by and construed in accordance with the laws of England and Wales.

2.10 Dispute Resolution

In the event of a dispute, the parties agree to make reasonable efforts to resolve the matter through good-faith negotiations. If a resolution cannot be reached, the dispute will be referred to mediation before pursuing legal proceedings. If mediation fails, the parties agree to submit to the exclusive jurisdiction of the courts of England and Wales for the resolution of any disputes arising under this Agreement.

3. Client Warranty

3.1 Authorisation Warranty

The Client warrants and represents that it has full legal authority, rights, and permissions to test, monitor, and conduct research on the systems, applications, domains, networks, personnel, and brands covered by the services provided under this Agreement. The Client further warrants that it is fully entitled to engage DarkInvader to perform these services and that such activities will not violate or infringe upon the rights of any third party, including intellectual property rights, data protection rights, contractual obligations, or applicable laws and regulations.

3.2 Indemnification

The Client agrees to indemnify, defend, and hold harmless DarkInvader, its affiliates, officers, directors, employees, agents, and subcontractors from and against any and all claims, demands, actions, proceedings, damages, liabilities, losses, costs, and expenses (including reasonable legal fees) arising out of or relating to:

• Any breach of the warranties provided in this Client Warranty section;
• Any unauthorised or unlawful use of the services by the Client;
• Any claims from third parties alleging that DarkInvader’s performance of the services, as instructed by the Client, infringes upon their rights.

3.3 Notification and Defence of Claims

In the event that DarkInvader becomes aware of any claim that may give rise to indemnification under this section, it shall:

• Promptly notify the Client in writing of the claim, providing reasonable details;
• Allow the Client, at its own expense, to assume the defence and, if applicable, the settlement of such claim, provided that the settlement fully releases DarkInvader from any liability without imposing any obligations on DarkInvader;
• Reasonably cooperate with the Client in the defence of the claim, at the Client’s expense, including providing relevant information, documentation, and assistance as required.

DarkInvader reserves the right to participate in the defence of any claim, at its own expense, through counsel of its choosing.

4. Intellectual Property

4.1 Ownership of Intellectual Property

As between the parties, all Intellectual Property Rights (including, but not limited to, copyrights, trademarks, patents, trade secrets, database rights, and any other proprietary rights), whether existing now or created in the future, in and to the Services and the associated Services Data are and shall remain the sole property of DarkInvader and/or its licensors. The Client acknowledges and agrees that it acquires no ownership interest, title, or claim of any kind in relation to such Intellectual Property Rights.

4.2 Limited Licence to the Client

Subject to the terms of this Agreement, DarkInvader grants the Client a non-exclusive, non-transferable, and non-sublicensable licence to:

• Access the DarkInvader Portal; and
• Use the Services Data solely for the Client’s internal business purposes during the term of this Agreement.

This licence is granted strictly for the duration of the Agreement and for purposes directly related to the Client’s security operations. Any use of the Services or Services Data beyond the scope of this licence is strictly prohibited without DarkInvader’s prior written consent.

4.3 Restrictions on Use

The Client shall not, and shall not permit any third party to:

• Copy, modify, distribute, sell, lease, sublicense, or create derivative works based on the Services or Services Data;
• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or underlying structure of any part of the Services, except where such restriction is expressly prohibited by applicable law;
• Use the Services or Services Data for any purpose other than as expressly authorised under this Agreement.

4.4 Reservation of Rights

Except for the limited rights expressly granted to the Client in this section, DarkInvader reserves all rights, title, and interest in and to the Services and Services Data, including all Intellectual Property Rights therein. No rights are granted to the Client other than those explicitly set out in this Agreement.

4.5 Feedback

If the Client provides DarkInvader with any feedback, suggestions, or recommendations regarding the Services (“Feedback”), DarkInvader shall be free to use such Feedback without restriction or obligation. The Client agrees that any Feedback provided does not confer upon it any rights in the Services or Services Data.

5. Our Warranty

5.1 Performance Warranty

DarkInvader undertakes to perform the services in a responsible, diligent, and professional manner, in accordance with industry best practices. However, DarkInvader does not warrant or guarantee that its services will identify all security risks related to the Client’s external attack surface, brand, systems, or key personnel. The Client acknowledges that no security service can provide absolute assurance against all potential threats, vulnerabilities, or risks.

5.2 Confidentiality Warranty

DarkInvader warrants that it will:

• Maintain the confidentiality of the Client’s identity, the results of the services, and any data accessed during the performance of the services;
• Use such data solely for the purposes of fulfilling its obligations under this Agreement;
• Not disclose any confidential information to third parties without the Client’s prior written consent, except as required by law or regulatory authorities;
• Return or securely delete all Client data upon the Client’s written request or upon termination of this Agreement, in accordance with applicable data protection and security standards.

5.3 Exclusion of Other Warranties

The warranties expressly set out in this section are the only warranties provided by DarkInvader under this Agreement. To the fullest extent permitted by law, all other warranties, conditions, and terms—whether statutory, express, or implied—are excluded, including, without limitation:

• Implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, and non-infringement;
• Any warranties arising from the course of dealing, usage, or trade practice.

5.4 Limitation of Warranty

DarkInvader’s warranties do not apply to any issues arising from:

• The Client’s failure to follow recommendations or security practices provided by DarkInvader;
• Unauthorised modifications or misuse of the services by the Client or third parties;
• Circumstances beyond DarkInvader’s reasonable control, including external cyber-attacks, force majeure events, or third-party system failures.

6. Username and Password

6.1 Client Responsibility

The Client is solely responsible for:

• Maintaining the confidentiality of all usernames, passwords, and other access credentials associated with DarkInvader’s services;
• Changing default passwords upon initial access and implementing strong, secure passwords in line with best security practices;
• Ensuring that access credentials are not shared, disclosed, or made available to unauthorised individuals.

6.2 Accountability for Account Activity

The Client acknowledges and agrees that it is fully responsible for:

• All activities that occur under its accounts, including any actions performed using its usernames and passwords, whether authorised by the Client or not;
• All charges and liabilities incurred through the use of its credentials, except where such activities result directly from DarkInvader’s negligence or security breach.

6.3 Indemnification

The Client agrees to indemnify, defend, and hold harmless DarkInvader, its affiliates, employees, officers, and agents from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or related to:

• Any unauthorised use of the Client’s usernames, passwords, or accounts;
• Any breach of security related to the Client’s failure to maintain the confidentiality of its credentials;
• Any actions taken by individuals who have gained access to the Client’s accounts due to the Client’s negligence or failure to secure its credentials.

6.4 Security Breach Notification

The Client agrees to promptly notify DarkInvader in writing of any suspected or actual unauthorised access, use, or disclosure of its usernames, passwords, or accounts. Upon such notification, DarkInvader may take reasonable actions to protect the security of the services, including suspending access where necessary.

7. Charges Invoicing & Payment

In consideration for the provision of the Services and the license of the Equipment the Client shall pay DarkInvader or its nominated representative the Charges. Apart from any Charges which are specified in writing to be payable within an agreed time scale, all Charges will be invoiced in advance of Service.

8. Confidentiality

8.1 Obligation of Confidentiality

Each party (the “Receiving Party”) undertakes that it shall not, at any time during the term of this Agreement and for a period of two (2) years following its termination or expiry, disclose to any third party any Confidential Information concerning the business, affairs, customers, clients, suppliers, or operations of the other party (the “Disclosing Party”) or any member of the Disclosing Party’s group of companies, except as permitted under Clause 8.2.

8.2 Permitted Disclosures

A party may disclose the other party’s Confidential Information:

• To its employees, officers, representatives, contractors, subcontractors, or professional advisers who need to know such information strictly for the purpose of exercising the party’s rights or performing its obligations under this Agreement. The Receiving Party shall ensure that such individuals are subject to confidentiality obligations no less restrictive than those set out in this Agreement;
• As required by law, regulation, court order, or any governmental or regulatory authority of competent jurisdiction. Where legally permissible, the Receiving Party shall provide the Disclosing Party with prior written notice of such disclosure to allow the Disclosing Party to seek protective measures.

8.3 Restrictions on Use

No party shall use the other party’s Confidential Information for any purpose other than for the proper performance of its obligations and the exercise of its rights under or in connection with this Agreement. The Confidential Information shall not be used for any commercial advantage, personal benefit, or to the detriment of the Disclosing Party.

8.4 Protection of Confidential Information

The Receiving Party agrees to:

• Take all reasonable steps to protect the confidentiality of the Confidential Information, including implementing appropriate technical and organisational measures to prevent unauthorised access, use, or disclosure;
• Promptly notify the Disclosing Party in the event of any actual or suspected unauthorised access, disclosure, or loss of Confidential Information.

8.5 Exclusions

The obligations of confidentiality under this clause shall not apply to any information that the Receiving Party can demonstrate:

• Is or becomes publicly available through no breach of this Agreement by the Receiving Party;
• Was lawfully known to the Receiving Party before disclosure by the Disclosing Party;
• Is lawfully received from a third party without restriction on disclosure;
• Is independently developed by the Receiving Party without reference to or use of the Disclosing Party’s Confidential Information.

9. Service Availability

9.1 Uptime Commitment

DarkInvader will use commercially reasonable efforts to maintain a minimum service uptime of 99%, measured on a monthly basis. This uptime calculation excludes periods of planned downtime, emergency maintenance, and circumstances beyond DarkInvader’s reasonable control (e.g., force majeure events).

9.2 Unplanned Downtime

In the event of any unscheduled downtime:

• DarkInvader will notify the Client within two (2) business hours of becoming aware of the issue;
• DarkInvader will provide regular status updates to the Client until the service is fully restored;
• The Client will receive a confirmation notification once normal service operations have been restored.

9.3 Planned Downtime

Planned downtime will:

• Not exceed eight (8) hours per month, unless otherwise agreed in writing with the Client;
• Be scheduled during off-peak periods to minimise disruption to the Client’s operations;
• Be communicated to the Client at least [insert notice period, e.g., 48 hours] in advance, including details of the expected duration and nature of the maintenance.

9.4 Exclusions from Uptime Calculation

The following will be excluded from the monthly uptime calculation:

• Planned downtime as described in Clause 9.3;
• Downtime caused by factors outside DarkInvader’s reasonable control, including but not limited to internet service provider failures, third-party software issues, or force majeure events;
• Downtime resulting from the Client’s own actions, including configuration changes, unauthorised access, or failure to comply with agreed operational procedures.

9.5 Continuous Improvement

DarkInvader is committed to continuously improving service reliability and will proactively monitor infrastructure performance to identify and address potential issues before they affect service availability.

10. Termination, Assignment, and Miscellaneous Provisions

10.1 Termination for Cause

Without prejudice to any other rights or remedies available, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:

• The other party commits a material breach of any term of this Agreement and, where the breach is capable of being remedied, fails to remedy it within thirty (30) days of receiving written notice specifying the breach and requiring it to be remedied to the reasonable satisfaction of the non-breaching party;
• The other party becomes insolvent or is unable to pay its debts as they fall due within the meaning of Section 123 of the Insolvency Act 1986; or if any step is taken towards:
  • The appointment of an administrator, administrative receiver, receiver, or manager;
  • The commencement of winding-up proceedings (other than for the purposes of a solvent reconstruction or amalgamation previously approved in writing by the other party);
  • The entry into any arrangement, compromise, or composition with creditors, or the taking of steps to obtain a moratorium or protection from creditors;
  • The levy of distress, execution, or other legal processes against the whole or any part of its assets.

10.2 Termination for Discovery of Unlawful Activity

Without prejudice to any other rights or remedies available, DarkInvader may terminate this Agreement at any time by providing written notice to the Client if it discovers, in its absolute discretion, any Services Data that it reasonably believes may constitute evidence of unlawful, criminal, or fraudulent activity.

10.3 Assignment and Subcontracting

Neither party may assign, transfer, charge, subcontract, or otherwise deal with any of its rights or obligations under this Agreement without the prior written consent of the other party, such consent not to be unreasonably withheld or delayed.

10.4 Entire Agreement

This Agreement constitutes the entire agreement between the parties concerning its subject matter and supersedes all prior agreements, understandings, negotiations, and discussions, whether oral or written.

10.5 Amendments

No modification or amendment to this Agreement shall be valid unless made in writing and signed by duly authorised representatives of both parties.

10.6 Waiver

No failure or delay by either party in exercising any right, power, or remedy under this Agreement shall operate as a waiver of that or any other right, power, or remedy. A waiver of any breach or default must be in writing and shall not be deemed a waiver of any subsequent breach or default.

10.7 Severability

If any provision of this Agreement is found to be invalid, unlawful, or unenforceable, such provision shall be deemed severed from the Agreement, and the remaining provisions shall continue in full force and effect to the maximum extent permitted by law.

10.8 Force Majeure

Neither party shall be liable for any delay or failure in performance (except for payment obligations) caused by circumstances beyond its reasonable control, including but not limited to acts of God, governmental actions, war, terrorism, civil unrest, labour disputes, power failures, or other force majeure events.

10.9 No Reliance on Non-Contractual Representations

Each party acknowledges that, in entering into this Agreement, it does not rely on any representation, warranty, or other assurance except as expressly set out in this Agreement. Each party irrevocably and unconditionally waives any right it may have to claim damages or seek rescission for any misrepresentation not contained in this Agreement, unless such misrepresentation was made fraudulently.

10.10 Headings

The headings in this Agreement are for convenience only and shall not affect the interpretation or construction of any provision.

11. Data Protection

11.1 Compliance with Data Protection Law

DarkInvader shall comply with all applicable Data Protection Laws in the performance of its obligations under this Agreement, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other relevant data protection legislation.

In providing the Services, DarkInvader shall adhere to its Privacy and Security Policy, which may be updated from time to time at DarkInvader’s sole discretion. The most recent version of the policy will be made available to the Client upon request.

11.2 Roles of the Parties

The parties acknowledge and agree that, for the purposes of Data Protection Law:

• The Client shall act as the Data Controller, determining the purposes and means of processing Personal Data;
• DarkInvader shall act as the Data Processor, processing Personal Data on behalf of the Client strictly in accordance with the terms of this Agreement and the Client’s lawful instructions.

11.3 Data Processing Agreement (DPA)

The processing of Personal Data by DarkInvader on behalf of the Client shall be governed by a separate Data Processing Agreement (DPA), which sets out the specific terms and conditions relating to data protection, including the scope, nature, and purpose of processing. The DPA shall form an integral part of this Agreement and is available at the following link:

https://api-new.darkinvader.io/docs/general/data-processing-agreement-dpa

11.4 Processing of Personal Data

DarkInvader shall:

• Process Personal Data only in accordance with the Client’s lawful written instructions, unless otherwise required by applicable Data Protection Law. Where processing is required by law, DarkInvader shall (to the extent legally permitted) notify the Client before undertaking such processing;
• Ensure that all employees, contractors, or agents with access to Personal Data are subject to appropriate confidentiality obligations and have received relevant data protection training;
• Take reasonable steps to ensure the reliability of all personnel who have access to Personal Data.

11.5 Security Measures

DarkInvader shall implement and maintain, at its own cost, appropriate technical and organisational measures to protect Personal Data against:

• Unauthorised or unlawful processing;
• Accidental loss, destruction, or damage.

These measures shall ensure a level of security appropriate to the risks presented by the processing, taking into account:

• The potential harm that might result from unauthorised or unlawful processing or accidental loss, destruction, or damage;
• The sensitivity and nature of the Personal Data being processed.

11.6 Client Responsibilities

The Client warrants that it has a lawful basis for the collection, use, and transfer of Personal Data to DarkInvader for the purposes of providing the Services under this Agreement. The Client shall ensure that:

Data subjects (i.e., the individuals whose Personal Data is processed) have been properly notified of such processing, or that an alternative lawful basis for processing exists as required under Data Protection Law;

The transfer of Personal Data to DarkInvader is lawful and does not infringe the rights of any third party.

11.7 Indemnity

The Client agrees to indemnify, defend, and hold harmless DarkInvader from and against any and all losses, damages, claims, liabilities, costs, and expenses (including reasonable legal fees) incurred by DarkInvader arising out of or in connection with:

• The Client’s failure to comply with its obligations under applicable Data Protection Law;
• Any processing of Personal Data carried out by DarkInvader in accordance with the Client’s instructions, where such instructions are unlawful or in breach of Data Protection Law;
• Any breach of confidentiality obligations by the Client, its employees, agents, or subcontractors.

11.8 Data Subject Rights and Assistance

Where applicable, DarkInvader shall assist the Client, at the Client’s reasonable expense, in fulfilling its obligations to respond to data subject requests under Data Protection Law, including requests for access, rectification, erasure, restriction, portability, or objections to processing.

12. UK Law Governance

12.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of England and Wales, without regard to any conflict of law principles that might otherwise apply.

12.2 Jurisdiction

The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute, controversy, or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement, its subject matter, or its formation.

12.3 Rights of Third Parties

A person who is not a party to this Agreement shall have no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement. This clause does not affect any rights or remedies available to a third party that exist independently of this Act.

Contact Information

DarkInvader (13636918), Calls Wharf, 2 The Calls, Leeds, LS2 7JU [email protected] [email protected]

---

Contact Information

DarkInvader (13636918), Calls Wharf, 2 The Calls, Leeds, LS2 7JU
[email protected]    [email protected]