CyberGrid will perform automated security scanning services as set forth in the Customer's selected plan ("Services"). Services consist of: automated vulnerability scanning, TLS configuration analysis, network port and service discovery, asset enumeration, and report and attestation generation, as applicable to the selected plan.
Customer represents and warrants that it owns or has explicit written authorization from the owner of each target registered for scanning. Customer agrees to verify target ownership via the DNS-based verification mechanism provided by CyberGrid before any scan is executed.
Customer acknowledges:
CyberGrid's separate Penetration Testing service (methodology-based, per-engagement) is governed by an engagement-specific Statement of Work executed at kickoff and is outside the scope of this Service Agreement. See /penetration-testing.
CyberGrid's separate SOC 2 Readiness service (consulting engagement, 90-day program — see /soc2) is similarly governed by an engagement-specific Statement of Work executed at kickoff and is outside the scope of this Service Agreement. The SOC 2 audit itself is performed and the report issued by an independent licensed CPA firm engaged directly by the Customer; CyberGrid is not a CPA firm, performs no audit work, and issues no SOC 2 opinion. CPA audit fees and any third-party GRC platform license fees (e.g., Sprinto, Drata, Vanta, Secureframe) are paid directly by the Customer to those vendors and are not included in any CyberGrid fee.
CyberGrid will provide:
Customer pays the fees set forth in the Customer's selected plan, billed annually in advance via Stripe.
CyberGrid and Customer agree to keep confidential any non-public information shared in connection with the Services, including findings, internal documentation, and methodology specifics. This obligation survives termination.
Customer retains all rights to data submitted to the Service and to the findings generated by the Service. CyberGrid retains rights to the underlying methodology, software, and infrastructure.
EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES ARE PROVIDED "AS IS." CYBERGRID DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CYBERGRID MAKES NO WARRANTY AS TO THE COMPLETENESS, ACCURACY, OR USEFULNESS OF FINDINGS OR REPORTS.
CYBERGRID'S AGGREGATE LIABILITY ARISING FROM OR RELATED TO THIS AGREEMENT IS LIMITED TO THE AMOUNT PAID BY CUSTOMER IN THE TWELVE MONTHS PRECEDING THE CLAIM. NEITHER PARTY IS LIABLE FOR INDIRECT, CONSEQUENTIAL, OR PUNITIVE DAMAGES.
Either party may terminate this Agreement upon thirty (30) days' written notice. CyberGrid retains the right to immediate termination for material breach (unauthorized scanning, non-payment).
Sections 6 (Confidentiality), 7 (Data rights), 8 (Disclaimer), and 9 (Limitation of liability) survive termination.
This Service Agreement, together with the Terms of Service and Privacy Policy in effect at the time of signup, constitutes the entire agreement between the parties with respect to the Services.