Terms & Conditions

In these Terms and Conditions, the following definitions apply:

• "Software" means the Threat Reaction application, including all source code, CloudFormation templates, Lambda functions, frontend assets, documentation, and any updates or modifications thereto.
• "You" / "User" means the individual or organisation that deploys, installs, or uses the Software.
• "AWS Account" means the Amazon Web Services account into which You deploy the Software.
• "Deployment" means the act of provisioning the Software's infrastructure within Your AWS Account via the provided CloudFormation template or equivalent mechanism.
• "Security Data" means AWS GuardDuty findings, S3 access events, IAM activity, and any other security-related data processed by the Software.

Subject to these Terms, Threat Reaction grants You a non-exclusive, non-transferable, revocable licence to deploy and use the Software solely within Your own AWS Account for Your internal security operations.

You may not:

• Sublicense, sell, resell, transfer, assign, or otherwise commercially exploit the Software or make it available to any third party.
• Modify, adapt, or create derivative works based on the Software except as expressly permitted by the applicable open-source licence accompanying the Software.
• Use the Software to provide a managed security service or security-as-a-service offering to third parties without prior written consent from Threat Reaction.
• Remove or obscure any proprietary notices, labels, or marks within the Software.

The Software is designed to be deployed and operated entirely within Your AWS Account. You acknowledge and agree that:

• You are solely responsible for the Deployment, configuration, maintenance, and security of the Software within Your AWS Account.
• All Security Data remains within Your AWS Account and is never transmitted to Threat Reaction or any third party unless You explicitly configure such transmission.
• Threat Reaction has no access to Your Security Data, Your AWS Account, or any resources deployed as part of the Software.
• You are responsible for all AWS costs incurred by the Deployment, including Lambda invocations, DynamoDB storage, API Gateway requests, CloudFront distribution, and all other AWS services consumed by the Software.

You agree to:

• Comply with all applicable laws and regulations in connection with Your use of the Software, including data protection and cybersecurity laws in Your jurisdiction.
• Ensure that the AWS IAM roles and policies provisioned by the Software are appropriately secured and that access to the deployed dashboard is restricted to authorised personnel.
• Enable and enforce multi-factor authentication (MFA) for all users granted access to the dashboard. The Software enforces mandatory TOTP MFA by default; You must not disable or circumvent this control.
• Not use the Software to interfere with, disrupt, or gain unauthorised access to any system, network, or data.
• Promptly apply any security patches or updates to the Software made available by Threat Reaction.

The Software integrates with and relies upon Amazon Web Services (including but not limited to GuardDuty, EventBridge, Lambda, DynamoDB, S3, CloudFront, Cognito, API Gateway, SQS, and SNS). Your use of those services is governed by the AWS Customer Agreement and applicable AWS Service Terms. Threat Reaction is not responsible for any changes to AWS services, pricing, or availability that may affect the Software.

Threat Reaction retains all right, title, and interest in and to the Software, including all intellectual property rights therein. These Terms do not grant You any rights to trademarks, service marks, or trade names of Threat Reaction.

Any feedback, suggestions, or improvements You provide regarding the Software may be used by Threat Reaction without restriction or obligation to You.

THE SOFTWARE IS PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR SECURITY COMPLETENESS.

Threat Reaction does not warrant that the Software will detect all security threats, prevent all security incidents, or meet Your specific security requirements. The Software is a tool to assist Your security operations and is not a substitute for a comprehensive security programme.

Threat Reaction does not warrant that the Software will be uninterrupted, error-free, or free of vulnerabilities.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THREAT REACTION, ITS AFFILIATES, DIRECTORS, EMPLOYEES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, BUSINESS, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR YOUR USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT SHALL THREAT REACTION'S TOTAL LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS EXCEED THE GREATER OF (A) THE AMOUNT PAID BY YOU TO THREAT REACTION IN THE TWELVE MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED US DOLLARS (USD $100).

If You discover a security vulnerability in the Software, You agree to report it responsibly to security@threatreaction.com before public disclosure, providing us a reasonable period (no less than 90 days) to investigate and remediate the issue.

You agree to indemnify, defend, and hold harmless Threat Reaction and its affiliates, directors, and employees from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or in any way connected with: (a) Your use of the Software in violation of these Terms; (b) Your violation of any applicable law or regulation; or (c) any Security Data processed within Your Deployment.

These Terms are effective until terminated. Your rights under these Terms will terminate automatically without notice if You fail to comply with any provision. Upon termination, You must immediately cease all use of the Software and destroy all copies in Your possession.

Threat Reaction may terminate or suspend Your licence at any time for any reason with or without notice. Sections 6, 7, 8, 10, and 13 shall survive termination.

Threat Reaction reserves the right to modify these Terms at any time. We will notify You of material changes by updating the effective date at the top of this page and, where reasonably practicable, by posting a notice on our website. Your continued use of the Software following any changes constitutes Your acceptance of the revised Terms.

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which Threat Reaction operates, without regard to conflict of law principles. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the courts of that jurisdiction.

If You have any questions about these Terms, please contact us at:

legal@threatreaction.com