Terms and Conditions of Service

Document ID: TK-TC-001 | Version: 2.0 | Effective Date: March 2026

1. Agreement to Terms

By accessing or using ThreatKrew (“the Service”), you agree to be bound by these Terms and Conditions. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation to these terms.

You must be at least 18 years old to use the Service. By using it, you confirm that you meet this requirement.

2. Definitions

• “Service” means the ThreatKrew threat-modelling intelligence platform, including all associated APIs, tools, and documentation.
• “User” means any individual who accesses or uses the Service.
• “Content” means any architecture documents, diagrams, descriptions, or other materials you upload to the Service.
• “Output” means threat models, findings, recommendations, reports, and any other analysis generated by the Service.
• “AI Model” means the large language models and other artificial intelligence systems used by the Service to generate Output.

3. Service Description

ThreatKrew is a threat-modelling intelligence platform that uses AI to generate STRIDE threat assessments, MITRE ATT&CK technique mappings, and NIST SP 800-53 remediation recommendations based on your architecture documents.

All Output is advisory in nature only and does not constitute professional security consulting, legal advice, or compliance certification of any kind.

4. Account Responsibilities

You are responsible for maintaining the security of your account, including any credentials and multi-factor authentication. You are liable for all activity that occurs under your account.

5. Acceptable Use

The Service is intended for defensive security assessment only. You may not use the Service for offensive security activities, to compromise or attack systems, to reverse-engineer the Service or its AI models, to conduct denial-of-service activities against the platform, or to resell access without written permission.

6. Intellectual Property

You retain all rights to your Content. ThreatKrew retains all rights to the Service, platform, and underlying technology. Output is licensed to you for your internal use; this licence survives termination.

7. AI-Specific Terms

All Output is generated by AI systems and may contain errors, including false positives, false negatives, hallucinated framework mappings, and incomplete threat coverage. We do not train AI models on your Content. The copyright status of AI-generated Output remains legally uncertain; you assume responsibility for how you use it. See our AI Disclaimer for detailed information.

8. Data Handling

Your data is processed in accordance with our Privacy Policy and, where applicable, our Data Processing Addendum. Upon termination or request, your data is deleted within 30 days.

9. Payment Terms

The Service is currently in development and is not commercially available. No pricing, subscription, or billing terms apply at this time. Pricing and payment terms will be published before the Service is offered commercially.

10. Service Availability

We target 99.5% monthly uptime. This is a target, not a guarantee, reflecting our pre-commercial stage. Contact us for custom SLA requirements.

11. Disclaimer of Warranties

To the maximum extent permitted by applicable law, the Service is provided “AS IS” and “AS AVAILABLE” without warranty of any kind. We do not warrant that the Service will identify all threats, that following recommendations will prevent security incidents, or that the Service will be uninterrupted or error-free.

Where Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) implies warranties that cannot be excluded, our liability is limited to re-supply of the Service or payment of the cost of re-supply.

12. Limitation of Liability

Our total aggregate liability is limited to fees paid in the preceding 12 months, or AUD $100, whichever is greater. We are not liable for indirect, incidental, special, consequential, or punitive damages, including loss of data, revenue, or business interruption.

These limitations do not apply to liability arising from gross negligence, wilful misconduct, indemnification obligations, or prohibited activities.

13. Indemnification

Mutual indemnification. ThreatKrew indemnifies you against third-party IP infringement claims arising from your authorised use of the Service. You indemnify ThreatKrew against claims arising from your misuse of the Service, reliance on Output without independent verification, or breach of these terms.

14. Termination

Either party may terminate with 14 days’ written notice. We may terminate immediately for platform abuse or violation of the Acceptable Use policy. Upon termination, your data is deleted within 30 days. Output licences survive termination.

15. Dispute Resolution

Disputes will be resolved through 30-day good-faith negotiation, then mediation under the rules of the Australian Disputes Centre, then the courts of New South Wales, Australia.

16. Governing Law

These terms are governed by the laws of New South Wales, Australia. Any disputes are subject to the exclusive jurisdiction of the courts of New South Wales, Australia.

17. United States — California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). These rights, including the right to know, delete, and opt out of the sale of personal information, are described in Section 9 of our Privacy Policy. ThreatKrew does not sell personal information. Nothing in these terms limits your rights under CCPA/CPRA or other applicable US state privacy laws.

18. Changes

We may update these terms. Material changes will be notified via email at least 30 days in advance. Continued use after changes take effect constitutes acceptance.

19. Severability

If any provision is held to be unenforceable, the remaining provisions continue in full force and effect.

20. Contact

Questions? legal@threatkrew.io