Terms of service

As part of its innovative service providing a search engine collecting data from open sources, we allow researchers to access different information (synscan httpscan deep-protocol-scan). We provide to researchers a portal allowing them to structure and communicate their research to recipients for the purpose of identifying, communicating and resolving vulnerabilities and exposures.

These terms and conditions apply to any usage of the platform, the vulnerabilities and exposures data and reports.

Any connection or use whatsoever of the platform are considered as an unreserved acceptance of the present terms and conditions. If you have any reservation regarding these terms and conditions, you must leave the platform and stop using it altogether.

Any person connecting to and making use of the platform recognizes and guarantees LeakIX:

  • To have read the present terms and conditions;
  • To have kept them on a durable medium;
  • If applicable, to be authorized and empowered by their employer to use this platform;
  • To have all the rights allowing him or her to access the platform from his or her place of connection;
  • To have the necessary professional expertise in order to be able to use the platform independently.
1. Definitions

  • “Authority” - Any competent national cybersecurity agency, including, as the case may be, CSIRT and CERT.
  • “LeakIX”, “we”, “our”, “us” - Company organized and existing under the laws of Belgium, having its registered office at Chaussée de Renaix 329, 7862 Ogy, Belgium, registered with the Crossroads Bank for Enterprises under company number 1000.644.872.
  • “Client” - Person having subscribed to a commercial plan on the Platform.
  • “Intellectual Property Rights”, or “IPR” (i) Copyrights, rights in software, patents, database rights and rights in trademarks, trade names, trade secrets, patents, domain names and designs, certification marks, trade dress, corporate names, (in each case whether registered or unregistered); (ii) applications for registration, and the right to apply for registration, for any of these rights; and (iii) all other intellectual property rights and equivalent or similar forms of protection existing anywhere in the world.
  • “Platform” - The LeakIX platform, accessible on https://leakix.net/.
  • “Recipient” - Person receiving a report from a Researcher, pertaining to identified vulnerabilities and exposures.
  • “Researcher” - Person utilising the Platform to identify vulnerabilities and exposures and report them to Recipients.
  • “User” - Person utilising the platform, including Clients and Researchers.

2. Description of and permissible use of Platform

Prior to using the Platform, Users must create an account. In this context, Users warrant that all information provided is complete and accurate. Users are allowed to carry out queries of their own choosing (keywords) in complete autonomy and under their sole responsibility. The Platform allows Users to:

  • use under their sole and unique responsibility and in complete autonomy the service for querying open source information according to the categories accessible and according to the subscription chosen;
  • access and analyse information flows concerning their needs;
  • manage their space consisting of their:
    • personal information;
    • authentication credentials;
    • monitored resources.

Connection, access and complete use of the Platform require the creation of an account as well as a dedicated API key. This connection allows Users:

  • to have access to information flows through the Platform;
  • to choose the different channels and categories of information offered by LeakIX.

Users agree to comply with the technical prerequisites, in particular the fact that the number of requests for a given IP address is limited to sixty (60) requests per minute.

By using the Platform, Users agree not to and warrant that their employees, staff or subcontractors will not:

  • use the Platform in a way that may violate applicable laws and regulations, or that may harm third parties, including the security of their ICT systems, their IPR and privacy rights;
  • use the Platform and the data contained therein to penetrate into, disturb or harm the ICT systems of third-parties;
  • process personal data, electronic communications data or data protected by IPR, unless (1) it is strictly necessary for the purpose of identifying, communicating to Recipients and resolving vulnerabilities and exposures, and (2) they have informed LeakIX of such data and obtained its prior written authorisation to further process them;
  • use the Platform and the vulnerability and exposure data for a purpose other than the resolution of vulnerabilities and exposures;
  • perform any action that could harm us or violate our rights, including our IPR;
  • post, publish, distribute or disseminate material, data or information obtained on or via the use of the Platform (in particular reports available on the Platform or data on vulnerabilities and exposures) without our prior explicit written approval;
  • fraudulently introduce any data in the Platform or through the Platform; harm, hinder, or distort the good operation of the Platform;
  • unless explicitly authorised via the present terms and conditions or in writing by LeakIX, perform any action and/or use any method allowing, directly or indirectly, the extraction of data, in particular any action of automatic reading of data, data extraction, migration and/or duplication, targeting the Platform, our servers and databases;
  • test the vulnerability, performance and functionality of the Platform for any reason other than those necessary for the use of the Platform or responsible reporting to us, as explicitly authorised under the present terms and conditions;
  • attempt to bypass the security measures of the Platform, our servers and ICT systems in general;
  • attempt to use any means allowing to bypass the authentication methods necessary to connect to the Platform;
  • access and remain without authorization in areas normally accessible through identification;
  • use the Platform and its reporting system for extortion purposes;
  • use the Platform to send junk email, spam, chain letters, pyramid schemes or any other unsolicited messages, commercial or otherwise.

The above confidentiality commitment will not apply to information:

  • which is in the public domain;
  • of which the User was aware prior to entering into the present terms and conditions and using the Platform, and;
  • which would be the subject of a communication requirement by a law enforcement authority (including an Authority) or by virtue of a law, decree, regulation or a court decision, it being understood that the User will inform us without any delay of this requirement and, if authorised by law, prior to complying with such requirement.

Users are not allowed to use the Platform and the vulnerability and exposure data for external or commercial purposes without our explicit and prior written agreement. Notwithstanding that, Clients that have subscribed to a Trusted Account may use the Platform, as well as the vulnerability and exposure data, for commercial uses.

Users must continuously implement the necessary actions to prevent third-parties from accessing their account. Thus, Users must in particular check that their password is sufficiently secure and disconnect from their session when they leave the Platform. Users are solely responsible for accessing their account, the API and / or any other means available in order to connect to the Platform. Any connection to their account by a third-party is made at their own risks. We cannot be held responsible for any communication of data due to the express or implied authorization that Users have granted to a third-party.

3. Specific terms applicable to Researchers

Notwithstanding the confidentiality requirement stipulated under Article 2, Researchers may create, adapt and distribute to third-parties, under their sole responsibility, and within the parameters explicitly allowed by the Platform, reports in order to:

  • responsibly disclose any vulnerability and exposure issue;
  • exchange with those third-parties for the purpose of mediating and resolving such issues.

4. Specific terms applicable to Clients

Clients that use the Platform, and/or the vulnerability and exposure data, as well as the reports for commercial purposes recognise and warrant that, to the extent legally permissible, they shall impose on their clients, employees, staff or subcontractors all applicable obligations stipulated under these terms and conditions, in particular the obligations to confidentiality, compliance with applicable law, as well as the ultimate purpose of the data and reports, which is to identity and solve vulnerabilities and exposures.

To the extent permissible by law, and except for claims caused by our wilful misconduct (but including claims caused by our gross negligence), Clients hold us harmless from any claims, liabilities, damages, losses, costs and expenses arising from their commercial use of the Platform, data and reports.

5. Price

The applicable prices are the ones shown on the Platform at the moment the Client places the order. Prices stated on the Platform are expressed in euros and without VAT. The price including VAT is specified during the purchasing process. We reserve the right to modify the prices at any time, although the subscription purchased will be invoiced at the price stated in the confirmatory e-mail, which is the price that was applied at the time of purchase. The Client will receive a confirmation of the order, as well as the corresponding invoice, on an electronic and durable medium.

6. Intellectual property

The Platform contains information, data, logos, code and other materials protected by IPR. LeakIX is and remains at all times the exclusive owner of such IPR. By using the Platform, and without prejudice to any explicit derogation in writing, we grant Users a personal licence to use:

  • the Platform, its updates and evolutions,
  • the vulnerability and exposure data, and
  • the reports created via the Platform
in accordance with these terms and conditions, and which is non-transferable, non-sub-licensable, non-exclusive, and for the duration of the contractual relationship allowing Users to benefit from the various functionalities made available to them by LeakIX through the Platform. Accordingly, Users acknowledge that the Platform, the vulnerability and exposure data as well as the reports are not sold to them and they do not have any ownership rights over them.

Unless explicitly allowed in writing by LeakIX, the licence does not give Users the right to (a) adapt, copy, sell, lend, give, lease, grant, negotiate, publish the IPR protected material or make it available to third parties in any other way, (b) (attempt) to assemble, compile or reverse engineer the scanning software, or reproduce the software.

7. Absence of warranty & liability

Researchers use the Platform at their own risk. To the extent allowed by applicable law, the Platform, vulnerability and exposure data, as well as the reports, are provided to the Users “AS IS” and “AS AVAILABLE”, without any representation or endorsement made and without warranty of any kind whether express or implied, including but not limited to the implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement, compatibility, security and accuracy. The Platform may be modified and updated from time to time. We cannot guarantee the sustainability of the functionalities available on the Platform.

Unless otherwise required by law, we cannot be held liable (even in case of gross misconduct) for any damages whatsoever, including any direct, incidental, consequential, indirect or special damages, or any other losses, costs or expenses of any kind (including legal fees, expert fees, or other disbursements) which may arise, directly or indirectly, regardless of whether or not such liability or damages arise in contract, tort, negligence, equity, statutorily, or otherwise, in any connection with the access to, the use of, or browsing of the Platform or in connection with any content, information, data, promotions, activities, associated with the Platform, or in connection with Users’ downloading of any materials, text, data, images, video or audio from the Platform, including but not limited to anything caused by any transmission defects, viruses, bugs, human action or inaction of any computer system, phone line, hardware, software or program malfunctions, or any other errors, failures or delays in computer transmissions or network connections.

Nothing in these terms and conditions shall be construed so as to exclude or limit the liability of LeakIX for death or personal injury as a result of our negligence.

Users agree to indemnify and hold us harmless from and against any claim, liabilities, damages, losses, costs and expenses arising from their breach of these terms and conditions and/or applicable law in the content of their use of the Platform, the vulnerability and exposure data, or the reports created via the Platform.

8. Amendments to the terms of service

We reserve the right to modify at any time, all or part of these terms and conditions. Users undertake to regularly consult all the aforementioned terms and conditions. Any access to and/or use of the Platform implies acceptance by the User of the content of all the terms and conditions in force at the time of access and/or use.

9. Personal data

In the context of our activity consisting in the scanning and reporting of vulnerabilities and exposures, we do not aim at processing personal data in the sense of the GDPR (Regulation 2016/679).

If we were to process such data involuntarily, we will delete such data without any delay once we discover them, unless such data is strictly necessary for the purpose of identifying, communicating to Recipients and resolving vulnerabilities and exposures. In case of such strict necessity, we shall inform the data subjects in accordance with the GDPR requirements.

Notwithstanding the above, we process the personal data of Users in order to give them access to the Platform. This personal data processing activity is governed by our Privacy Policy.

Please also note that, when Users consult the Platform, cookies might be stored by their browser on a dedicated space in their device. To know more about our use of cookies, please see our Cookie Policy.

10. Relationship

These terms and conditions do not create an employer-employee relationship between the Researchers and LeakIX. Users acknowledge and agree to act as independent contractors, with no authority to bind or act as agents for LeakIX.

11. General
Severance

If any term or provision of these terms and conditions is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality or unenforceability shall not affect any other term or provision of these terms and conditions or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon a determination that any term or provision is invalid, illegal or unenforceable, the court may modify these terms and conditions to effect the original intent of the parties as closely as possible.

Termination

At the end of their subscription, Users’ access to the Platform will be deleted. We have the right to terminate the contract as well as Users’ access to any or all of the Platform at any time, without prior notice, without prior recourse to a court, and without prejudice to any other remedy that we may have against Users, and without owing any damages, for any reason, including without limitation, any breach of these terms and conditions. We shall not be liable to Users or any third party for any termination of their access to the Platform. Upon termination or expiration of the contract for whatever reason, the provisions or obligations, which by nature, survive the end of the contract, shall survive it, including the following provisions or obligations:

  • Confidentiality obligations;
  • Indemnification obligations;
  • Governing law and jurisdiction;
  • IPR provisions;
  • Warranty disclaimers and limitations of liability.

Non-waiver

Any failure or delay by LeakIX to enforce any provision of these terms and conditions or to exercise any right or remedy shall not constitute a waiver of that provision, right, or remedy. The waiver of any breach or default shall not be deemed a waiver of any subsequent breach or default. No waiver shall be valid unless it is explicitly stipulated in writing and signed by a valid representative of LeakIX.

Applicable law and jurisdiction

These terms and conditions shall be governed by and construed in accordance with the law of Belgium and Users hereby submit to the exclusive jurisdiction of the courts of Belgium (Brussels). If Users use the Platform from another country, they are responsible for compliance with any and all applicable local laws. We make no representation that the materials contained on the Platform are appropriate for countries outside Belgium.

12. Language

In case of inconsistencies between different language versions of the terms and conditions, the English version prevails.