Service Agreement
Terms & Conditions

Overview of Services

SpartanX provides an AI-powered cybersecurity platform designed to augment technical teams by automating vulnerability management throughout the entire security lifecycle. Our Services utilize a coordinated system of specialized AI agents that work together to discover, investigate, prioritize, and remediate security vulnerabilities while keeping human experts in control of critical decisions.

Core Service Components

Vulnerability Discovery and Assessment. Our AI agents continuously scan and analyze your systems, applications, and infrastructure to identify security vulnerabilities using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) techniques. These agents integrate with your existing development workflows, code repositories, and cloud environments to provide comprehensive coverage of your attack surface.

Intelligent Investigation and Validation. Our data enrichment and investigation agents automatically validate discovered vulnerabilities to eliminate false positives, enrich findings with relevant threat intelligence, and map potential attack paths. This process significantly reduces alert fatigue and ensures that your security team focuses on genuine threats that require attention.

Risk-Based Prioritization. Our prioritization agents analyze vulnerabilities in the context of your specific environment, business requirements, and threat landscape to provide intelligent risk scoring and prioritization recommendations. This helps you focus remediation efforts on the vulnerabilities that pose the greatest risk to your organization.

Automated Remediation and Response. Our research and fix generation agents collaborate to automate security responses, including generating secure code fixes, creating detailed remediation tickets in your project management systems, building compliance reports, and automating pull requests for code changes. This automation dramatically reduces the time from vulnerability discovery to resolution.

Integration and Workflow Automation. The Services integrate with your existing security tools, development platforms, cloud environments, and business systems to provide seamless workflow automation. Our agents can automatically create tickets in systems like Jira, generate pull requests in code repositories, and integrate with your existing security operations workflows.

Service Tiers and Features

Launch Tier. Designed for early-stage startups, this tier provides essential vulnerability management capabilities with basic AI agent functionality, limited integrations, and standard support.

Growth Tier. Tailored for growing small and medium businesses, this tier includes advanced AI agent capabilities, expanded integrations, priority support, and enhanced reporting features.

Scale Tier. Built for larger, scaling businesses, this tier offers comprehensive AI agent functionality, enterprise integrations, dedicated support, advanced analytics, and custom workflow automation.

Enterprise Tier. Designed for large, complex organizations, this tier provides full platform capabilities, unlimited integrations, dedicated customer success management, custom AI agent configurations, and enterprise-grade service level agreements.

Service Provider Tier. A specialized multi-tenant license for Managed Security Service Providers (MSSPs) and other service providers to manage multiple end-customers through a unified platform with appropriate isolation and access controls.

Technology Platform

AI Agent Architecture. Our Services are built on a foundation of specialized AI agents, each designed to perform specific cybersecurity functions. These agents include:

• Ingest Agents: Connect to and import data from various sources including code repositories, cloud environments, and existing security tools
• Vulnerability Discovery Agents: Identify security vulnerabilities using advanced scanning and analysis techniques
• Data Enrichment Agents: Validate findings and enrich them with contextual information and threat intelligence
• Prioritization Agents: Analyze and score vulnerabilities based on risk, impact, and environmental factors
• Research Agents: Investigate vulnerabilities and develop detailed remediation strategies
• Fix Generation Agents: Create secure code fixes and remediation recommendations
• Automation Agents: Execute automated responses and integrate with external systems
• Reporting Agents: Generate comprehensive reports and compliance documentation

Cloud Infrastructure. The Services are hosted on Google Cloud Platform, providing enterprise-grade security, scalability, and reliability. Our infrastructure is designed to meet the highest security standards and compliance requirements.

API and Integration Capabilities. The Services provide comprehensive APIs and integration capabilities to connect with your existing tools and workflows. We support integrations with major cloud platforms, development tools, security solutions, and business systems.

Service Limitations and Scope

Scope of Coverage. While our Services are designed to provide comprehensive vulnerability management, they may not identify all possible security vulnerabilities or threats. The effectiveness of our Services depends on various factors including the completeness and accuracy of the data provided, the configuration of your systems, and the evolving nature of cybersecurity threats.

Human Oversight Required. Our AI agents are designed to augment, not replace, human expertise. Critical security decisions should always involve appropriate human review and approval. You remain responsible for making final decisions about security policies, remediation priorities, and risk acceptance.

Third-Party Dependencies. Some features of our Services depend on third-party services and integrations. The availability and functionality of these features may be affected by changes to third-party services beyond our control.

Continuous Evolution. Our AI agents and Services are continuously improved and updated. New features may be added, and existing features may be modified or deprecated with appropriate notice to ensure the Services remain effective against evolving threats.

Account Creation and Requirements

Registration Information. To access the Services, you must create an account by providing accurate, current, and complete information, including your name, email address, company information, and other details as required by our registration process. You agree to maintain and promptly update this information to keep it accurate and complete.

Account Authority. If you are registering on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms and that the organization agrees to be bound by these Terms.

Age Requirements. You must be at least 18 years old to use the Services. The Services are not intended for use by individuals under 18 years of age.

Account Security. You are responsible for maintaining the confidentiality of your account credentials, including usernames and passwords. You agree to use strong, unique passwords for your account, enable multi-factor authentication when available, notify us immediately of any unauthorized use of your account, and take reasonable steps to prevent unauthorized access to your account.

User Management. You may authorize additional Users to access the Services under your account. You are responsible for managing User access and permissions appropriately, ensuring that all Users comply with these Terms, monitoring User activities and maintaining appropriate access controls, and promptly removing access for Users who no longer require it.

Account Responsibilities

Accurate Information. You agree to provide and maintain accurate, current, and complete information in your account profile and to promptly notify us of any changes to such information.

Compliance with Terms. You are responsible for ensuring that all Users associated with your account comply with these Terms and any applicable laws and regulations.

Security Monitoring. You agree to monitor your account for any suspicious or unauthorized activity and to report any security incidents to us promptly.

Permitted Uses

You may use the Services solely for legitimate cybersecurity purposes in accordance with these Terms, the Documentation, and applicable laws. Permitted uses include identifying and managing security vulnerabilities in systems you own or have authorization to test, integrating the Services with your existing security and development workflows, generating reports and analytics for internal security management purposes, and training your team on cybersecurity best practices using insights from the Services.

Prohibited Activities

You agree not to, and not to permit any User or third party to:

Unauthorized Access. Use the Services to scan, test, or analyze systems, networks, or applications that you do not own or for which you do not have explicit authorization.

Malicious Activities. Use the Services to develop, distribute, or deploy Malicious Code; conduct unauthorized penetration testing or security research; facilitate or enable cyberattacks, data breaches, or other malicious activities; or circumvent or disable security measures in any system.

Illegal Activities. Use the Services for any illegal purpose or in violation of any applicable laws, regulations, or third-party rights.

Service Interference. Attempt to reverse engineer, decompile, or disassemble any part of the Services; interfere with or disrupt the integrity or performance of the Services; gain unauthorized access to the Services or related systems; or remove, alter, or obscure any proprietary notices or labels.

Competitive Activities. Use the Services to develop competing products or services, benchmark the Services for competitive purposes, or copy features, functions, or interfaces of the Services.

Data Misuse. Use Customer Data or Vulnerability Data in ways that violate applicable privacy laws or regulations, compromise the security or privacy of individuals or organizations, or share sensitive information with unauthorized parties.

Compliance Requirements

Legal Compliance. You agree to use the Services in compliance with all applicable laws, regulations, and industry standards, including but not limited to data protection laws, cybersecurity regulations, and export control laws.

Industry Standards. You agree to follow applicable industry best practices and standards for cybersecurity, data protection, and responsible disclosure of security vulnerabilities.

Responsible Disclosure. If you discover security vulnerabilities in third-party systems through use of the Services, you agree to follow responsible disclosure practices and applicable legal requirements.

SpartanX Intellectual Property

Ownership. SpartanX and its licensors retain all right, title, and interest in and to the Services, including all Intellectual Property Rights therein. This includes but is not limited to the AI agents and underlying algorithms, software, applications, and platforms, documentation and training materials, trademarks, service marks, and branding, and trade secrets and proprietary methodologies.

License Grant. Subject to your compliance with these Terms, SpartanX grants you a limited, non-exclusive, non-transferable, non-sublicensable license during the Subscription Term to access and use the Services solely for your internal business purposes in accordance with these Terms and the Documentation.

Restrictions. Except as expressly permitted in these Terms, you may not copy, modify, or create derivative works of the Services; distribute, sell, lease, or sublicense the Services; use the Services to provide services to third parties; or access the Services to build similar or competitive products.

Customer Intellectual Property

Customer Ownership. You retain all right, title, and interest in and to your Customer Data and any Intellectual Property Rights therein. SpartanX does not claim ownership of your Customer Data.

License to SpartanX. You grant SpartanX a limited, non-exclusive license to use your Customer Data solely to provide the Services to you, including processing and analyzing Customer Data to identify vulnerabilities, generating reports and recommendations based on Customer Data, improving the Services through aggregated and anonymized data analysis, and providing customer support and technical assistance.

Data Protection. SpartanX will protect your Customer Data in accordance with our Privacy Policy and applicable data protection laws. We will not use your Customer Data for any purpose other than providing the Services unless you provide explicit consent.

Feedback and Improvements

Feedback License. If you provide feedback, suggestions, or ideas about the Services, you grant SpartanX a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such feedback into the Services without any obligation to you.

Service Improvements. SpartanX may use aggregated and anonymized data derived from the use of the Services to improve and enhance the Services, develop new features, and conduct research and development activities.

Third-Party Intellectual Property

Third-Party Components. The Services may include or integrate with third-party software, services, or content. Your use of such third-party components is subject to the applicable third-party terms and conditions.

Respect for Third-Party Rights. You agree to respect the Intellectual Property Rights of third parties and not to use the Services in any way that infringes or violates such rights.

Customer Data Responsibilities

Data Accuracy and Completeness. You are responsible for ensuring that all Customer Data provided to the Services is accurate, complete, and up-to-date. The effectiveness of our Services depends significantly on the quality and completeness of the data you provide.

Data Rights and Authorization. You represent and warrant that you have all necessary rights, permissions, and authorizations to provide Customer Data to SpartanX and to permit SpartanX to use such data as described in these Terms and our Privacy Policy.

Sensitive Data Handling. You acknowledge that the Services may process sensitive information including system configurations, vulnerability data, and security-related information. You agree to classify and handle such data appropriately according to your organization's data classification policies, implement appropriate access controls and security measures for sensitive data, and comply with applicable laws and regulations regarding the handling of sensitive information.

Data Processing and Use

Service Provision. SpartanX will process Customer Data solely for the purpose of providing the Services, including vulnerability analysis, risk assessment, remediation recommendations, and reporting.

Data Enhancement. SpartanX may enrich Customer Data with additional information from threat intelligence sources, vulnerability databases, and other security resources to improve the accuracy and effectiveness of our Services.

Aggregated Data. SpartanX may create aggregated and anonymized data from Customer Data for purposes of improving the Services, conducting research, and developing new features. Such aggregated data will not identify you or your organization.

Data Security and Protection

Security Measures. SpartanX implements appropriate technical and organizational measures to protect Customer Data against unauthorized access, alteration, disclosure, or destruction. These measures are described in detail in our Privacy Policy.

Data Backup and Recovery. SpartanX maintains regular backups of Customer Data and implements disaster recovery procedures to ensure data availability and business continuity.

Incident Response. In the event of a security incident affecting Customer Data, SpartanX will follow our incident response procedures and notify you in accordance with applicable laws and our Privacy Policy.

Subscription Fees

Fee Structure. The Services are provided on a subscription basis according to the pricing tiers and terms specified in your Order Form. Fees are based on the selected service tier, number of users, scope of coverage, and other factors as specified in your subscription.

Fee Changes. SpartanX may modify subscription fees for subsequent renewal terms by providing at least 30 days' written notice. Fee changes will not affect your current Subscription Term.

Payment Terms

Payment Processing. Payments are processed through our third-party payment processor, Stripe. By providing payment information, you authorize SpartanX and Stripe to charge the applicable fees to your designated payment method.

Payment Schedule. Unless otherwise specified in your Order Form, subscription fees are billed annually in advance. You agree to pay all fees when due.

Late Payments. If payment is not received when due, SpartanX may charge late fees of 1.5% per month on overdue amounts, suspend access to the Services after 30 days of non-payment, or terminate your subscription after 60 days of non-payment.

Taxes. You are responsible for all applicable taxes, duties, and governmental charges related to your use of the Services, except for taxes based on SpartanX's net income.

Refunds and Credits

No Refunds. Except as expressly provided in these Terms or required by applicable law, all fees are non-refundable.

Service Credits. SpartanX may provide service credits for service availability issues as specified in applicable Service Level Agreements.

Disputed Charges. If you dispute any charges, you must notify us within 30 days of the charge. We will investigate disputed charges in good faith and provide appropriate resolution.

Service Availability

Uptime Commitment. SpartanX strives to maintain high availability of the Services. Specific uptime commitments and service level agreements are detailed in separate Service Level Agreement documents that may apply to your subscription tier.

Scheduled Maintenance. SpartanX may perform scheduled maintenance on the Services. We will provide reasonable advance notice of scheduled maintenance that may affect service availability.

Emergency Maintenance. SpartanX may perform emergency maintenance without advance notice when necessary to address security issues, critical bugs, or other urgent matters.

Support Services

Support Channels. SpartanX provides customer support through various channels including email, online documentation, and knowledge base resources. Premium support options may be available for higher-tier subscriptions.

Support Scope. Our support services include assistance with account setup and configuration, guidance on using the Services and features, troubleshooting technical issues, and best practices recommendations for cybersecurity.

Support Limitations. Support services do not include custom development or integration work, training services beyond basic product orientation, support for third-party software or services, or consulting services for cybersecurity strategy or implementation.

Service Modifications

Feature Updates. SpartanX may add new features, modify existing features, or discontinue features of the Services. We will provide reasonable notice of material changes that may affect your use of the Services.

API Changes. SpartanX may modify APIs and integration interfaces. We will provide advance notice of breaking changes and maintain backward compatibility when reasonably possible.

Service Evolution. As cybersecurity threats and technologies evolve, SpartanX may need to modify the Services to maintain their effectiveness. We will communicate significant changes and provide migration assistance when necessary.

Service Disclaimers

“AS IS” BASIS. THE SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. SPARTANX MAKES NO WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE SERVICES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR UNINTERRUPTED OR ERROR-FREE OPERATION.

No Guarantee of Security. While SpartanX implements robust security measures and our Services are designed to identify and help remediate security vulnerabilities, we cannot guarantee that all vulnerabilities will be identified or prevented, the Services will detect all security threats or attacks, your systems will be completely secure from all threats, or third-party integrations will maintain security standards.

AI Limitations. You acknowledge that our AI agents, while sophisticated, have inherent limitations and may produce false positives or false negatives in vulnerability detection, make recommendations that require human judgment and validation, evolve and improve over time, potentially changing their behavior, and require ongoing training and refinement to maintain effectiveness.

Third-Party Disclaimers

Third-Party Services. SpartanX disclaims all warranties and representations regarding third-party services, integrations, or content accessed through or in connection with the Services. Your use of third-party services is subject to their respective terms and conditions.

Customer Environment. SpartanX makes no warranties regarding the security, configuration, or operation of your systems, networks, or applications. You are solely responsible for maintaining appropriate security measures in your environment.

Regulatory Compliance

Compliance Responsibility. While the Services may assist with compliance efforts, you are solely responsible for ensuring that your use of the Services and your cybersecurity practices comply with applicable laws, regulations, and industry standards.

No Legal Advice. The Services do not constitute legal, regulatory, or compliance advice. You should consult with qualified professionals regarding your specific compliance requirements.

Liability Limitations

EXCLUSION OF DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SPARTANX SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO loss of profits, revenue, or business opportunities; loss of data or information; business interruption or downtime; security breaches or cyberattacks; costs of procurement of substitute services; or any other commercial damages or losses.

MONETARY CAP. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SPARTANX'S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO SPARTANX DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

Exceptions to Limitations

The limitations in this section do not apply to SpartanX's indemnification obligations under these Terms, liability arising from gross negligence or willful misconduct, violations of Intellectual Property Rights, breaches of confidentiality obligations, or any liability that cannot be excluded or limited under applicable law.

Allocation of Risk

You acknowledge that the fees charged by SpartanX reflect the allocation of risk set forth in these Terms and that SpartanX would not enter into this Agreement without these limitations on its liability.

Customer Indemnification

You agree to indemnify, defend, and hold harmless SpartanX, its affiliates, officers, directors, employees, agents, and licensors from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to your use of the Services in violation of these Terms, applicable laws, or third-party rights; any claims that your Customer Data infringes or violates the rights of any third party or violates applicable laws; your failure to maintain appropriate security measures for your account or systems, resulting in unauthorized access or use; or claims by third parties arising from your use of the Services, including claims related to vulnerability testing or security assessments conducted without proper authorization.

SpartanX Indemnification

SpartanX agrees to indemnify, defend, and hold harmless you from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to claims that the Services, when used in accordance with these Terms, infringe any third-party patent, copyright, or trademark, or claims arising from SpartanX's violation of applicable data protection laws in its processing of Customer Data.

Indemnification Procedures

The indemnifying party's obligations are conditioned on the indemnified party promptly notifying the indemnifying party of any claim, granting the indemnifying party sole control of the defense and settlement, and providing reasonable cooperation in the defense of the claim.

Termination Rights

Termination for Convenience. Either party may terminate this Agreement at the end of the current Subscription Term by providing at least 30 days' written notice.

Termination for Cause. Either party may terminate this Agreement immediately upon written notice if the other party materially breaches these Terms and fails to cure such breach within 30 days of written notice, or the other party becomes insolvent, makes an assignment for the benefit of creditors, or files for bankruptcy.

Immediate Termination. SpartanX may immediately terminate or suspend your access to the Services if you violate the acceptable use provisions of these Terms, your account poses a security risk to the Services or other customers, or you fail to pay fees when due after appropriate notice.

Effects of Termination

Service Access. Upon termination, your right to access and use the Services will immediately cease.

Data Retrieval. You will have 30 days after termination to retrieve your Customer Data from the Services. After this period, SpartanX may delete your Customer Data in accordance with our data retention policies.

Survival. The following provisions will survive termination: intellectual property rights, payment obligations, confidentiality, disclaimers, limitation of liability, indemnification, and general provisions.

Refunds Upon Termination

Termination by Customer. If you terminate for convenience, you will not receive a refund of prepaid fees.

Termination by SpartanX. If SpartanX terminates for cause due to your breach, you will not receive a refund of prepaid fees. If SpartanX terminates without cause, you may receive a pro-rated refund of prepaid fees.

Informal Resolution

Before initiating formal dispute resolution proceedings, the parties agree to attempt to resolve any dispute through good faith negotiations. Either party may initiate this process by sending written notice of the dispute to the other party.

Binding Arbitration

Arbitration Requirement. Any dispute, claim, or controversy arising out of or relating to these Terms or the Services that cannot be resolved through informal negotiations shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules.

Arbitration Procedures. The arbitration shall be conducted by a single arbitrator selected in accordance with AAA rules, in Orlando, Florida, or another location agreed upon by the parties, in English language, and under the substantive laws specified in the Governing Law section.

Class Action Waiver. You agree that any arbitration shall be conducted on an individual basis and not as a class action, collective action, or representative proceeding.

Exceptions to Arbitration

The arbitration requirement does not apply to claims for injunctive or equitable relief, disputes related to Intellectual Property Rights, or small claims court proceedings within jurisdictional limits.