1. Service description & provider
Vezraa (the “Service”, “we”, “us”, or “our”) is a software-as-a-service platform that performs production-readiness audits on web applications. The Service includes automated security scanning, configuration and header checks, DNS and TLS analysis, supply-chain analysis, compliance heuristics, performance and observability checks, AI-assisted analysis, vulnerability reporting with remediation prompts, live attack-replay rendering, optional GitHub PR auto-fix, an API, an MCP server for IDE integrations, and related informational tools relating to publicly accessible websites and connected source-code repositories or backend projects.
Vezraa is operated from India. These Terms of Service (“Terms”) form a binding legal agreement between you (“you” or “Customer”) and Vezraa and govern your access to and use of the Service. These Terms incorporate by reference our Privacy Policy, which forms an integral part of these Terms.
The Service is informational. Vezraa does not constitute, and is not a substitute for, professional legal, regulatory, compliance, cybersecurity, penetration-testing, accounting, or any other professional advice. See Section 17 (Disclaimer of Warranties).
2. Eligibility, capacity & authority
The Service is offered only to persons who meet all of the following requirements. You represent and warrant on a continuing basis that:
- You are at least eighteen (18) years of age, or the higher minimum age of digital consent in your jurisdiction.
- You have the full legal right, power, and authority to enter into and perform these Terms.
- If you are accessing the Service on behalf of any company, organization, government body, or other legal entity, you have full authority to bind that entity, and references to “you” in these Terms refer to that entity.
- You are not a resident of, located in, or subject to the jurisdiction of any country, territory, or person to which the export of services is restricted by applicable sanctions or export-control laws (including without limitation OFAC, EU Council Regulations, UN Security Council resolutions, and applicable Indian export-control rules).
- You are not identified on any restricted or denied-party list maintained by any government.
- You have not previously been suspended, terminated, or banned from the Service by us.
- You will comply at all times with all applicable laws and regulations, including those of your country of residence, your country of access, and the country of any website or system you target with the Service.
3. Account registration & security
When you create an account with Vezraa, you agree to:
- Provide accurate, current, and complete registration information, and keep it up to date.
- Maintain the confidentiality and security of your account credentials, OAuth tokens, and API keys at all times.
- Use strong, unique passwords on linked OAuth providers and, where available, enable multi-factor authentication.
- Notify us promptly at udayakirantumma@gmail.com of any actual or suspected unauthorized access, credential compromise, or breach affecting your account or any token or key issued through your account.
- Accept full responsibility for all activity, scans, payments, and content generated under your account, whether or not authorized by you.
- Not share, transfer, lease, or assign your account or credentials to any third party.
- Use only your own email address; not impersonate any person; not register accounts using disposable, role-based, or programmatically generated email addresses except where expressly permitted.
We reserve the right, in our sole discretion, to refuse registration, suspend, restrict, or terminate any account at any time, with or without notice, and with or without cause, including for suspected security risk, fraud, or violation of these Terms. We may require identity verification before restoring access to a suspended account.
4. Authorization to scan; pre-scan warranties
You may use the Service only to scan or analyze websites, systems, repositories, or infrastructure that you own or for which you have obtained, prior to initiating any scan, all necessary express authorizations to perform automated security analysis. This is a material condition of these Terms. You represent and warrant on a continuing basis that for every scan you initiate:
- You are the owner of the targeted website or system, or you have obtained explicit, demonstrable authorization from the owner.
- You have authority to grant Vezraa and its subprocessors the right to send requests to, fetch responses from, and process responses received from the target.
- Your scanning activity does not violate the Information Technology Act, 2000 (India) including section 43 and section 66, the Computer Fraud and Abuse Act (18 U.S.C. § 1030) (USA), the Computer Misuse Act 1990 (UK), Article 143bis of the Swiss Criminal Code, Section 202a of the German Criminal Code (StGB), Article 323-1 et seq. of the French Penal Code, or any other applicable anti-hacking, computer-crime, telecommunications, or unauthorized-access law in any relevant jurisdiction.
- Your scanning does not breach the target's terms of service, acceptable use policies,
robots.txtdirectives where applicable, or any contractual or statutory restriction. - You have provided any notice or obtained any consent required from end-users, visitors, employees, or data subjects whose data may be observed or collected as a result of the scan.
- You will not use the Service to target government, military, critical-infrastructure (as defined by EU Directive 2022/2557 (NIS2) or U.S. PPD-21 or analogous Indian critical information infrastructure designations under the IT Act), election, healthcare, financial-services, or industrial-control systems without our prior written consent and a separately executed master services agreement.
You acknowledge that scanning a system without authorization may constitute a criminal offense in many jurisdictions, exposing you to civil and criminal liability. You assume sole and complete responsibility for verifying authorization, for any consequences arising from scans you initiate, and for any claim by the owner or operator of the target system. Vezraa has no obligation to verify your authority and does not do so.
5. Domain verification
Free standalone tools run with a lightweight read-only profile and may be initiated against any URL you submit subject to Section 4. For paid plans and for active-pentest probes, we may require you to verify ownership of the domain via a DNS TXT record or a file uploaded to a well-known path on the domain. The verification token, the chosen verification method, your IP address, and the verification timestamp are stored as evidence of authorization. Recently verified domains may skip re-verification on subsequent scans within the verification window.
You are responsible for keeping verification records valid. If a domain is transferred to a new owner, you must re-verify and you remain responsible for any scan you initiated before transfer.
6. Acceptable use
You agree to use the Service only for lawful purposes and in compliance with these Terms and all applicable laws. Without limiting the foregoing, you must not, and must not permit any third party to:
- Scan, probe, test, or analyze websites, systems, or services you do not own or have not been expressly authorized to scan.
- Use, share, or disseminate scan results to exploit vulnerabilities; to gain unauthorized access; to install malware; or to conduct any malicious, fraudulent, harmful, or illegal activity against any system, person, or organization.
- Circumvent, disable, or attempt to circumvent rate limits, usage quotas, paywalls, access controls, encryption, watermarking, or any other technical restriction or security measure of the Service.
- Use the Service to harass, threaten, defame, stalk, dox, discriminate against, or harm any individual or group.
- Reverse-engineer, decompile, disassemble, decrypt, modify, or attempt to derive the source code, ideas, algorithms, file formats, programming interfaces, or trade secrets of the Service or its underlying scanning engines, except to the extent expressly permitted by mandatory law that may not be waived by contract.
- Resell, sublicense, lease, rent, lend, redistribute, mirror, frame, repackage, white-label, or otherwise commercially exploit the Service, scan results, or any output without our prior written agreement.
- Use automated tools, scripts, bots, scrapers, headless browsers, or any non-human-operated client to access the Service except through our documented, supported APIs and in accordance with their rate limits.
- Rate limits & fair use: The Service enforces rate limits on API endpoints, scan submissions, and other usage. These limits are documented in our API reference and may be adjusted at any time. You must not circumvent or exceed these limits. Excessive or abusive usage that degrades Service performance for other users may result in rate-limiting, suspension, or termination. Free-tier scans are limited to one (1) concurrent scan; paid plans have higher limits as described on our pricing page. We reserve the right to throttle, limit, or block access if your usage, in our sole discretion, imposes an unreasonable load on our infrastructure.
- Use the Service to develop, train, fine-tune, evaluate, or benchmark any competing product, machine-learning model, or large-language model.
- Publicly publish performance benchmarks, comparative reviews, or competitive analyses of the Service without our prior written consent.
- Upload, submit, or transmit any content that is unlawful, infringing, harmful, deceptive, defamatory, obscene, hateful, or that contains malware, viruses, ransomware, or any malicious code.
- Use the Service in any way that imposes a disproportionate or unreasonable load on our infrastructure, that interferes with other users' access, or that endangers the security, integrity, or availability of the Service.
- Use the Service in violation of applicable export-control, sanctions, anti-bribery, anti-money-laundering, data-protection, or consumer-protection laws.
- Use the Service to develop, design, manufacture, or produce nuclear, chemical, biological, or missile weapons, or any other weapon of mass destruction.
- Misrepresent your affiliation with any person, organization, or government.
We reserve the right to investigate and take appropriate action against anyone who, in our sole discretion, violates this Section, including without limitation removing the offending content, suspending or terminating accounts, reporting to law-enforcement authorities, and pursuing all other available legal remedies. Violation of this Section is grounds for immediate termination without refund and may result in civil and criminal liability.
7. Subscriptions, fees & payment
7.1 Plans
Vezraa offers free and paid subscription plans (currently Starter, Pro, and Max, with monthly or annual billing). Plan features, scan quotas, retention periods, and pricing are described on our pricing page and may change at any time as set out below.
7.2 Free tools and free tier
Free standalone tools and any free-tier access are provided as a courtesy and offered “AS IS,” without any service-level agreement, support guarantee, or commitment of continued availability. We may modify, restrict, suspend, or discontinue any free tools or free tier at any time, without notice and without liability.
7.3 Fees, billing & automatic renewal
- All fees are quoted in the currency stated on the checkout page and are exclusive of any taxes, duties, levies, or fees imposed by any taxing authority. You are responsible for paying all such taxes (including GST in India, VAT, and withholding taxes), other than taxes on our net income.
- All payments are processed securely by Razorpay Software Private Limited (our third-party payment processor). We do not store your full payment-card number, CVC/CVV, bank-account number, or UPI handle on our servers. Your use of payment processing is governed by Razorpay's terms and privacy policy.
- Paid subscriptions automatically renew at the end of each billing cycle (monthly or annual) at the then-current price unless you cancel before the renewal date. By providing a payment method, you authorize us and our processor to charge that method on a recurring basis until cancellation.
- You are responsible for keeping your payment method current. If a payment fails, we may retry, suspend access, downgrade your plan to free, and ultimately terminate the subscription.
- You may cancel at any time through the Razorpay billing portal accessible from your dashboard. Cancellation takes effect at the end of the current billing period; you retain access until then. We do not provide pro-rated refunds for partial periods except as required by law.
- We may change our prices, fees, plan structure, included features, or quotas at any time. For paid subscribers, material price increases will be communicated by email at least thirty (30) days before they take effect on the next renewal. Continued use after the effective date constitutes acceptance. If you do not accept a price change, your sole remedy is to cancel before the next renewal.
- Promotional discounts, trials, and credits are non-transferable, may be limited per customer, and may be revoked at any time for abuse.
7.4 Currency, conversion & bank charges
Where your billing currency differs from the currency of your bank account or payment instrument, conversion is performed by your card issuer or bank at their prevailing rates and you are responsible for any foreign-exchange or cross-border fees.
8. Refund policy
Because the Service delivers scan results immediately upon execution and consumes computational, third-party API, and human-equivalent resources at that moment, all fees and subscription payments are final and non-refundable except as expressly set out below or as required by mandatory law that cannot be waived by contract. By initiating a scan, by enabling any paid feature, or by allowing a subscription to renew, you acknowledge that the Service has been fully performed for that billing period and that you waive any right to demand a refund except as set out in this Section.
- Failed scan: If a scan fails to complete due to a technical error on our end (and not because the target was unreachable, blocked our IP, or returned errors), and you contact udayakirantumma@gmail.com within fourteen (14) days, we will either re-run the scan at no charge or, at your option, refund the scan's prorated portion of that billing period.
- Goodwill refund (no scans run): If you have not run any scan and have not accessed any paid feature during the current billing period and you contact udayakirantumma@gmail.com within fourteen (14) days of the charge, we will, at our discretion, consider a goodwill refund. Goodwill refunds are not guaranteed and do not establish any obligation or course of dealing for future refunds.
- EEA / UK / Switzerland statutory withdrawal: Consumers in these jurisdictions have a statutory right of withdrawal within fourteen (14) days of subscribing. However, by initiating a scan or accessing any digital content before the end of that withdrawal period, you expressly request immediate performance and acknowledge that you lose your right of withdrawal as permitted by Article 16(m) of EU Directive 2011/83/EU and equivalent local law.
- Chargebacks: Filing a chargeback or payment dispute without first contacting us in good faith may result in immediate account termination, forfeiture of credits, and pursuit of recovery costs and reasonable legal fees.
- Termination for breach: No refunds will be issued for accounts suspended or terminated for breach of these Terms.
9. Trust badges
Vezraa issues a verifiable “trust badge” for scans that achieve an overall score of eighty (80) or higher with zero critical or high findings, on Pro and Max plans. Each badge has a unique token, an issue date, and an expiration date (currently ninety (90) days). You may embed the badge on your website using the snippet provided in your dashboard.
We may revoke, suspend, or invalidate a trust badge at any time if (a) the underlying security posture of the domain materially degrades on a subsequent scan; (b) the badge is embedded in a misleading way or on a domain other than the one it was issued for; (c) the underlying account is suspended for breach; or (d) we determine the badge is being used to mislead third parties. Revocation will cause the badge endpoint to render as “invalid”.
The badge is informational and does not constitute a warranty by Vezraa of the security, compliance, or fitness of any application. See Section 17.
10. Affiliate program
Vezraa operates an optional affiliate program. Each user is automatically issued a unique affiliate code on signup. When a referred customer makes a paying subscription via your code, you earn a commission of thirty percent (30%) of the net amount actually received by Vezraa (excluding taxes, refunds, fees, and chargebacks) for the first twelve (12) months of that subscription, unless we agree a different rate in writing.
- Affiliate balances are payable monthly when the cleared, refund-eligibility-expired balance exceeds USD fifty (50) (or the equivalent in your local currency).
- Self-referral, fake account creation, incentivized clicks, fraud, deceptive marketing, spam, and any practice that breaches these Terms or applicable law are prohibited and grounds for termination and forfeiture.
- We may terminate the affiliate program or modify its rules at any time on prior notice. Vested commissions for closed billing periods will be paid out subject to the threshold above.
11. Communications & notices
11.1 Transactional communications
By creating an account, you consent to receive transactional, security, and service-related electronic communications necessary for the operation of your account, including without limitation account confirmations, magic-link emails, security and breach notices, billing receipts, scan completion and threat-detection notifications, and updates to these Terms or our policies. These communications are essential to the Service and you cannot opt out of them while your account is active.
11.2 Marketing communications
Vezraa does not currently send unsolicited marketing emails. If we introduce optional promotional communications in future, they will be opt-in (or opt-out where permitted by local law), and you will be able to unsubscribe at any time using the link in each message. We will never sell, rent, or share your email address with any third party for that third party's own marketing purposes.
11.3 Notices to you
Notices we give you under these Terms will be sent to the email address associated with your account or posted in the dashboard or on our website. Notices are deemed delivered when sent by email or twenty-four (24) hours after posting, whichever is earlier. You are responsible for maintaining an accurate email address and for monitoring it.
11.4 Notices to us
Notices to us must be sent in English to udayakirantumma@gmail.com. Notices are deemed delivered when we acknowledge receipt or three (3) business days after sending, whichever is earlier.
12. Intellectual property
12.1 Our IP
The Service, including all software, scanning algorithms, detection rules, signatures, machine-learning models, user interfaces, documentation, look-and-feel, designs, graphics, text, logos, brand elements, trademarks, service marks, trade names, trade dress, and all other content provided by us or on our behalf (collectively, the “Vezraa IP”), is and remains the exclusive property of Vezraa or its licensors, and is protected by applicable copyright, trademark, patent, trade-secret, database, sui-generis, and other intellectual-property and proprietary-rights laws. “Vezraa”, the Vezraa shield logo, and related marks are trademarks of Vezraa and may not be used without our prior written consent.
Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service for your own internal business or personal use during the term of your subscription. No other rights are granted, expressly or by implication, estoppel, or otherwise. All rights not expressly granted are reserved.
12.2 Your content
You retain all ownership rights in the data, URLs, source code, configuration, credentials, and other content you submit, upload, connect, or otherwise make available to the Service (your “Customer Content”). You grant us and our subprocessors a worldwide, non-exclusive, royalty-free, fully paid-up license to host, store, copy, transmit, process, analyze, display, and modify your Customer Content solely to the extent necessary to provide, maintain, secure, support, and improve the Service for you, to comply with law, and to enforce these Terms. This license terminates when the relevant Customer Content is deleted, except as required for backups, audit, dispute resolution, or applicable law.
12.3 Feedback
If you submit any suggestion, idea, enhancement request, feedback, recommendation, testimonial, bug report, or other input regarding the Service (“Feedback”), you irrevocably assign to Vezraa all rights, title, and interest in and to that Feedback and grant us a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, sublicensable, transferable license to use, exploit, modify, and incorporate the Feedback into our products and services without obligation to you. Feedback is not confidential and we have no obligation to credit, compensate, or attribute you.
12.4 Usage data
We may collect, aggregate, anonymize, and analyze usage, performance, and telemetry data relating to your use of the Service. We may use such data in aggregated and de-identified form indefinitely for any lawful purpose, including improving the Service, security research, developing new features, statistical analysis, and benchmarking. Aggregated and de-identified data does not identify you or your Customer Content.
12.5 Customer reference
Unless you opt out by emailing udayakirantumma@gmail.com, you grant us a limited, non-exclusive, royalty-free, revocable license to reference your name, logo, and a factual description of your use of the Service on our website, in case studies, and in marketing materials. We will honor reasonable brand-usage guidelines you provide in writing. No confidential information, vulnerability details, or assessment results will be disclosed publicly without your explicit written consent.
13. Copyright infringement & DMCA
We respect the intellectual-property rights of others and expect users to do the same. In accordance with the United States Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 512, and applicable equivalent laws in other jurisdictions including the Copyright Act, 1957 and the Information Technology Act, 2000 (India), we will respond to notices of alleged copyright infringement that comply with the requirements below. To file a notice, send an email to udayakirantumma@gmail.com (subject line: “DMCA Notice”) containing:
- An identification of the copyrighted work you claim has been infringed.
- The URL or specific location of the allegedly infringing material on our Service.
- Your full name, postal address, telephone number, and email address.
- A statement that you have a good-faith belief that the use is not authorized by the copyright owner, its agent, or the law.
- A statement, under penalty of perjury, that the information in the notice is accurate and that you are the copyright owner or are authorized to act on the owner's behalf.
- Your physical or electronic signature.
We may forward the notice to the affected user. Repeat infringers will have their accounts terminated. If you believe content was removed in error, you may submit a counter-notice containing the analogous information required by 17 U.S.C. § 512(g)(3). Knowingly submitting a materially false notice or counter-notice may subject you to liability for damages.
14. Third-party services, data & links
The Service incorporates data, content, and APIs from third-party sources, including (without limitation) the OpenAI API, Anthropic API, Google PageSpeed Insights, GitHub, Razorpay, Resend, Supabase, Vercel, Neon, Upstash, Sentry, public certificate-transparency logs, DNS resolvers, public WHOIS registries, the National Vulnerability Database (NVD), Have I Been Pwned, and the websites you submit for scanning. The Service may also link to or embed third-party websites, products, or services. We do not control, endorse, warrant, guarantee, or assume responsibility for any third-party services, content, products, advice, statements, or other information provided by third parties. Your use of any third-party service is governed by the third party's own terms and privacy policies, and is at your sole risk.
When you connect a third-party integration (such as a GitHub repository), you authorize us to access and process data from that integration as necessary to provide the Service. You are responsible for ensuring you have the rights to grant such access. You may revoke that authorization at any time by disconnecting the integration.
15. Beta & experimental features
From time to time we may release pre-release, alpha, beta, preview, experimental, early-access, or evaluation features (collectively, “Beta Features”). Features marked “NEW” or “SOON” on the pricing page may be Beta Features. Beta Features are provided for testing and evaluation, may contain bugs, errors, defects, security vulnerabilities, or data-loss risks, may be modified or discontinued at any time without notice, are not subject to any service-level commitment, are excluded from any support or refund obligation, and are provided “AS IS” and “AS AVAILABLE” without warranties of any kind. We do not guarantee that any Beta Feature will become generally available. You use Beta Features entirely at your own risk and waive any claim arising from their use.
16. AI & automated analysis disclaimer
Portions of the Service rely on artificial-intelligence systems, large language models, heuristic rules, machine-learning classifiers, signature databases, and other automated analysis (collectively, “Automated Output”). Automated Output is generated by software, not by humans, and is provided for informational purposes only. Automated Output may be inaccurate, incomplete, out of date, biased, inconsistent, misleading, or harmful, and may contain false positives (flagging items that are not vulnerabilities) and false negatives (failing to flag items that are vulnerabilities). Automated Output does not constitute professional security, legal, regulatory, compliance, accounting, medical, financial, or other advice.
You are solely responsible for independently verifying, validating, and acting (or not acting) upon any Automated Output. You acknowledge that scan results, AI-generated explanations, risk scores, severity ratings, recommended remediations, compliance heuristics, and threat-intelligence data are estimates produced by software and must not be relied on as a definitive determination of any matter, including the security, vulnerability, compliance, legal, or operational status of any system or website. We do not warrant that any Automated Output is accurate, complete, current, useful, or fit for any purpose.
17. Disclaimer of warranties
THE SERVICE, INCLUDING ALL CONTENT, SCAN RESULTS, DATA, AUTOMATED OUTPUT, BETA FEATURES, AND ANY RELATED MATERIALS, IS PROVIDED ON AN “AS IS,” “AS AVAILABLE,” AND “WITH ALL FAULTS” BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.
To the maximum extent permitted by applicable law, Vezraa, its affiliates, officers, directors, employees, contractors, agents, licensors, and subprocessors expressly disclaim all warranties, conditions, and representations of any kind, including without limitation:
- Implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, accuracy, completeness, currency, system integration, quiet enjoyment, and title.
- Any warranty arising from course of dealing, course of performance, or trade usage.
- Any warranty that the Service will be uninterrupted, error-free, secure, free of viruses or other harmful components, or that defects will be corrected.
- Any warranty regarding the accuracy, reliability, completeness, timeliness, suitability, or availability of any scan result, automated output, threat data, vulnerability classification, severity rating, AI-generated explanation, recommended remediation, or any other information delivered by the Service.
- Any warranty that use of the Service will achieve any particular result, including any compliance, certification, audit, security, or business outcome.
No advice or information, whether oral or written, obtained from us or through the Service creates any warranty not expressly stated in these Terms. The Service is not designed, intended, or authorized for use in any application requiring fail-safe performance, including life-support systems, nuclear facilities, aircraft navigation or communication, air-traffic control, weapons systems, medical devices, or any application in which the failure of the Service could lead to death, personal injury, or severe physical, property, or environmental damage. You assume all risk if you use the Service in such applications.
Some jurisdictions do not allow the disclaimer of certain warranties, so some of the above disclaimers may not apply to you. In such jurisdictions, our liability is limited to the minimum extent permitted by law.
18. Limitation of liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
(a) Excluded damages. In no event shall Vezraa, its affiliates, officers, directors, employees, contractors, agents, licensors, or subprocessors be liable to you or to any third party for any indirect, incidental, special, consequential, exemplary, punitive, reliance, or enhanced damages of any kind, including damages for lost profits, lost revenue, lost savings, lost business opportunities, loss of goodwill, business interruption, lost or corrupted data, cost of substitute goods or services, reputational harm, cost of cover, or any other intangible loss, arising out of or related to these Terms, the Service, any scan, any scan result, any automated output, any beta feature, any unavailability of the Service, any security incident, or any third-party services, even if we have been advised of, knew of, or should have known of the possibility of such damages, and regardless of the legal or equitable theory (contract, tort, strict liability, statute, or otherwise) on which the claim is based.
(b) Aggregate cap. Our and our affiliates' total cumulative aggregate liability for any and all claims arising out of or related to these Terms or the Service shall not exceed the greater of (i) the total fees actually paid by you to us for the Service in the six (6) months immediately preceding the event giving rise to the first claim or (ii) one hundred US dollars (USD 100). This cap is cumulative across all causes of action and is not increased by the existence of multiple claims.
(c) Free tier / Free tools. If you have not paid any fees to Vezraa in the six (6) months preceding the claim, the aggregate cap is reduced to one hundred US dollars (USD 100) regardless of any damage actually suffered.
(d) Essential purpose. The parties agree that these limitations are an essential basis of the bargain between them and shall apply even if any limited remedy fails of its essential purpose.
(e) Time-bar. Any claim or cause of action you may have arising out of or relating to these Terms or the Service must be commenced within one (1) year after the cause of action accrues, otherwise it is permanently barred, except where a longer limitation period is mandatorily required by applicable law.
Nothing in these Terms excludes or limits any liability that cannot be excluded or limited under applicable law, including liability for death or personal injury caused by negligence, for fraud or fraudulent misrepresentation, or for any other liability that may not be limited under the mandatory law of your jurisdiction. Some jurisdictions do not allow the exclusion or limitation of certain damages, so some of the above may not apply to you. In those jurisdictions, our liability is limited to the minimum extent permitted by law.
19. Indemnification
To the maximum extent permitted by applicable law, you agree to defend, indemnify, and hold harmless Vezraa and its affiliates, officers, directors, employees, contractors, agents, licensors, and subprocessors (the “Indemnified Parties”) from and against any and all third-party claims, demands, actions, suits, proceedings, investigations, liabilities, damages, losses, judgments, fines, penalties, costs, and expenses (including reasonable attorneys' fees, expert fees, court costs, and the costs of any settlement) arising out of or related to:
- your access to or use of the Service;
- your Customer Content or any data, URL, or system you submit to the Service;
- your scanning of any website, system, repository, or service, including any claim by the owner or operator of a target system or by any visitor or data subject;
- your reliance on, action upon, or failure to act upon any scan result, automated output, or other information provided by the Service;
- your breach or alleged breach of these Terms, the Privacy Policy, or any representation, warranty, or covenant herein;
- your violation or alleged violation of any law, regulation, or third-party right (including any intellectual-property, privacy, publicity, or contract right);
- any actual or alleged infringement, misappropriation, or unauthorized use by you;
- your willful misconduct, gross negligence, or fraud.
We will promptly notify you of any claim subject to indemnification and reasonably cooperate at your expense. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which case you agree to cooperate fully. You may not settle any claim that imposes any obligation or admission on any Indemnified Party without our prior written consent.
20. Suspension & termination
20.1 By you
You may terminate your account at any time by cancelling your subscription from the billing portal and using the in-product account-deletion flow, or by emailing udayakirantumma@gmail.com.
20.2 By us
We may suspend, restrict, or terminate your access to the Service at any time, in whole or in part, with or without notice, and with or without liability, including:
- For actual or suspected violation of these Terms, the Privacy Policy, or any applicable law;
- For non-payment, payment dispute, chargeback, or repeated payment failure;
- For actual or suspected fraud, abuse, security risk, or threat to the Service or other users;
- If continued provision of the Service would expose us to legal, regulatory, or reputational risk;
- To comply with any law, regulation, court order, government request, or legal process;
- For account inactivity exceeding twelve (12) months on free or unpaid accounts;
- For convenience, with reasonable prior notice for paid subscriptions.
20.3 Effect of termination
Upon termination, your right to access and use the Service ceases immediately, and we may delete or disable access to your account, Customer Content, and scan history at any time in accordance with our Privacy Policy retention schedule, except where retention is required by law, dispute resolution, or our security needs. You are responsible for exporting any data you wish to retain before termination. We are not liable for any loss of data resulting from termination.
20.4 Survival
The following Sections survive termination or expiration: 4 (warranties given), 6 (continuing prohibitions), 8 (Refund obligations), 12 (Intellectual Property), 13 (DMCA), 14 (third-party disclaimers), 17 (Disclaimer of Warranties), 18 (Limitation of Liability), 19 (Indemnification), 20.3 and 20.4 (this Section), 21 (Dispute Resolution), 22 (Governing Law), 23 (General Provisions), and any other provision that by its nature should survive.
21. Dispute resolution; arbitration; class & jury waivers
21.1 Informal resolution (mandatory pre-suit)
Before initiating any formal proceeding, you and we agree to first attempt in good faith to resolve the dispute informally for at least sixty (60) days. To start informal resolution, you must send a written notice describing the nature and basis of the claim and the requested relief to udayakirantumma@gmail.com. The limitation period for the dispute is tolled while informal resolution is pending. No party may initiate arbitration or litigation unless this Section has been satisfied.
21.2 Binding arbitration (non-Indian customers)
If informal resolution fails and you are not resident in India, any dispute, claim, or controversy arising out of or relating to these Terms, the Service, our relationship with you, or any aspect thereof (including pre-contractual, statutory, common-law, tort, and equitable claims) shall be finally resolved by binding individual arbitration administered by the Mumbai Centre for International Arbitration (MCIA) in accordance with its Rules in force at the date of the notice of arbitration. The arbitration shall be conducted in Mumbai, India, by a single arbitrator, in the English language. The arbitrator's decision shall be final and binding on the parties. Judgment on the award may be entered in any court of competent jurisdiction.
21.3 Indian customers
If you are resident in India, the Arbitration and Conciliation Act, 1996 applies and arbitration will be seated in Mumbai before a sole arbitrator. Nothing in this Section deprives you of any non-waivable consumer rights you have under the Consumer Protection Act, 2019.
21.4 Class-action & collective-action waiver
To the fullest extent permitted by applicable law, you and we agree that disputes will be resolved only in an individual capacity, and not as a plaintiff or class member in any purported class, collective, consolidated, representative, mass, private-attorney-general, or other multi-party proceeding. The arbitrator may not consolidate any other person's claims with yours and may not preside over any form of representative or class proceeding. If a court or arbitrator decides that this waiver is unenforceable in a particular case, that case must be severed from any arbitration and brought in court, with all other cases remaining in arbitration.
21.5 Jury-trial waiver
To the fullest extent permitted by applicable law, you and we each irrevocably waive any right to a trial by jury in any proceeding arising out of or relating to these Terms or the Service.
21.6 Exceptions
Notwithstanding the foregoing, either party may bring an individual action in small-claims court for claims that qualify, and either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual-property rights, confidential information, or to prevent unauthorized use of the Service.
21.7 Opt-out
You may opt out of the arbitration and class-action-waiver provisions in this Section 21 by sending a signed written notice to udayakirantumma@gmail.com (subject: “Arbitration Opt-Out”) within thirty (30) days of first accepting these Terms. The notice must include your name, email address, and account identifier. If you opt out, disputes will be resolved in the courts identified in Section 22, but the rest of these Terms (including the class-action waiver, to the extent permitted by law) remains in effect.
21.8 Consumer rights
Nothing in this Section limits any mandatory right a consumer has under the law of their country of habitual residence, including the right to bring proceedings in the consumer's local courts where such right cannot be waived by contract.
22. Governing law & jurisdiction
These Terms, and any non-contractual obligations arising out of or in connection with them, are governed by and construed in accordance with the substantive laws of India, without regard to its conflict-of-laws principles and to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods (CISG). Subject to the arbitration provisions in Section 21, the courts of Mumbai, Maharashtra, India have exclusive jurisdiction over any dispute arising out of or relating to these Terms or the Service. Where you are a consumer with habitual residence in a jurisdiction whose mandatory rules afford additional protection, this Section does not deprive you of that protection.
23. General provisions
23.1 Entire agreement
These Terms (together with the documents incorporated by reference in Section 1) constitute the entire agreement between you and us regarding the Service and supersede any prior or contemporaneous agreements, communications, proposals, or representations, whether oral or written. Pre-printed terms on any purchase order or other document you submit are expressly rejected and of no effect.
23.2 Severability
If any provision of these Terms is found by a competent authority to be invalid, illegal, or unenforceable in any respect, that provision will be modified to the minimum extent necessary to make it valid and enforceable, or, if it cannot be modified, will be severed from these Terms, and the remaining provisions will continue in full force and effect.
23.3 Waiver
No failure or delay by either party in exercising any right under these Terms operates as a waiver of that right. A waiver is effective only if given in writing and signed by the waiving party, and applies only to the specific instance for which it is given.
23.4 Assignment
You may not assign, transfer, sub-contract, novate, or delegate any of your rights or obligations under these Terms without our prior written consent. Any purported assignment in breach of this Section is void. We may assign, transfer, sub-contract, novate, or delegate our rights and obligations under these Terms in whole or in part, without restriction, including in connection with a merger, acquisition, corporate reorganization, financing, or sale of all or substantially all of our assets or equity.
23.5 Force majeure
Neither party (other than for payment obligations) shall be liable for any failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, fire, flood, earthquake, epidemic, pandemic, public-health emergency, civil unrest, war, terrorism, sabotage, riot, embargo, sanctions, governmental or regulatory action, labor disputes, internet or telecommunications outages, denial-of-service attacks, third-party service interruptions, cloud-provider outages, energy shortages, or other force-majeure events.
23.6 Independent contractors; no agency
The parties are independent contractors. These Terms do not create any agency, partnership, joint venture, employment, franchise, or fiduciary relationship between the parties. Neither party has authority to bind the other.
23.7 No third-party beneficiaries
These Terms are for the benefit of, and enforceable by, only the parties and their permitted successors and assigns. They do not confer any rights on any third party.
23.8 Electronic communications & signatures
You consent to receive communications from us in electronic form and agree that all notices, agreements, disclosures, and other communications we provide electronically satisfy any legal requirement that such communications be in writing. Your electronic acceptance or other interactions with the Service (such as clicking “I agree” or initiating a scan) constitute a valid and binding electronic signature for all purposes, including under the Information Technology Act, 2000 of India and equivalent laws.
23.9 Headings; interpretation
Section headings are for convenience only and have no legal effect. Words such as “include,” “includes,” and “including” are deemed to be followed by “without limitation.” The English-language version of these Terms controls in the event of any conflict with a translation.
23.10 Export & sanctions compliance
You will comply with all applicable export-control, sanctions, and trade laws (including those of India, the European Union, the United Kingdom, and the United States) in connection with your use of the Service. You will not directly or indirectly export, re-export, transfer, or use the Service in any manner prohibited by such laws.
23.11 U.S. government users
If you are a U.S. federal-government entity or use the Service on behalf of one, the Service is a “commercial item,” “commercial computer software,” and “commercial computer software documentation” under FAR 12.212 and DFARS 227.7202. Use is subject only to the terms of this Agreement.
26. Data retention & deletion
26.1 Retention periods
We retain personal data, scan results, and other content only for as long as necessary to provide the Service and comply with legal obligations. Indicative retention periods are described in our Privacy Policy. By using the Service, you acknowledge and agree to these retention periods.
26.2 Deletion
You may request deletion of your account and associated data at any time via the account-deletion flow in your dashboard, by emailing udayakirantumma@gmail.com, or by using our data deletion API. Upon deletion:
- All scans initiated by your account will be permanently deleted, including findings, check results, logs, and raw scan data.
- API keys, notification configurations, and custom rules will be deleted.
- Your user account will be permanently deleted.
- Aggregated and anonymized data derived from your scans may be retained indefinitely as permitted by applicable law and our Privacy Policy.
- Payment records and tax-related accounting data will be retained as required by Indian tax law (currently up to eight years under section 44AA of the Income-tax Act, 1961).
Deletion is irreversible. You are responsible for exporting any data you wish to retain before initiating deletion.
26.3 Automated cleanup
We run automated cleanup jobs on a regular schedule to enforce the retention periods described in our Privacy Policy:
- Expired scans: Completed or failed scans older than ninety (90) days are automatically deleted.
- Anonymous scans: Scans submitted without a user account (anonymous scans) older than twenty-four (24) hours are automatically deleted.
- Transient data: Raw HTML, response headers, DNS records, and other transient scan inputs are purged after ninety (90) days.
- Attack-replay data: Request/response pairs captured during attack replay are retained for thirty (30) days on paid plans and are not stored for free scans.
26.4 Right to be forgotten
If you are a resident of the European Economic Area, the United Kingdom, Switzerland, India, California, or any other jurisdiction with applicable data-protection laws, you have the right to request erasure of your personal data. We will process such requests within the timeframe required by applicable law (generally thirty (30) days, extendable in certain circumstances). To exercise this right, please email udayakirantumma@gmail.com from the email address associated with your account. For more details, see our Privacy Policy.
27. Changes to these terms
We may modify these Terms at any time. The current version is always available at vezraa.com/terms with a “Last updated” date and version number. For material changes, we will provide reasonable notice (generally at least thirty (30) days before the changes take effect) by email and/or by posting a prominent notice in the Service. Material changes apply prospectively only and take effect on the date stated in the notice or, where no date is stated, thirty (30) days after notice. Non-material changes (such as clarifications, formatting, or correction of typographical errors) take effect immediately upon posting. Your continued use of the Service after changes take effect constitutes your acceptance of the updated Terms. If you do not accept the updated Terms, your sole remedy is to stop using the Service and cancel your subscription before the effective date.
28. Contact & legal notices
For questions, notices, or correspondence regarding these Terms, contact us:
- Operator: Vezraa, India
- Legal & arbitration notices: udayakirantumma@gmail.com
- General & support: udayakirantumma@gmail.com
- Billing: udayakirantumma@gmail.com
- Security: udayakirantumma@gmail.com
- Website: vezraa.com
See also: Privacy Policy.