Terms & conditions of sale

Last Updated: December 2025

These Terms and Conditions (“Terms”) govern the supply of services by Vulnz (“we”, “us”, “our”) to you (“Customer”, “Subscriber”, “you”).

By creating an account, installing the Vulnz plugin, or purchasing a subscription, you agree to be bound by these Terms.

1. Definitions

  • “Service”: The vulnerability monitoring platform, API, dashboard, and reporting tools provided via vulnz.net.
  • “Agent”: The WordPress plugin (vulnz-agent) installed on client websites to facilitate data transmission.
  • “Monitored Site”: A single WordPress installation connected to the Service via the Agent.

2. The Service

2.1 Scope of Service Vulnz is a reporting and monitoring tool. It is designed to identify installed software components (plugins, themes, core) and cross-reference them against databases of known vulnerabilities.

2.2 Limitations (Crucial)

  • Not a Firewall: The Service is passive. It does not block attacks, clean malware, or fix vulnerabilities.
  • Not Exhaustive: We rely on public and third-party vulnerability databases. We cannot guarantee that every vulnerability will be detected, particularly “Zero-Day” exploits or custom code vulnerabilities.
  • No Guarantee of Security: Use of the Service does not guarantee that your website (or your clients’ websites) is secure or hack-proof.

3. Account Security

3.1 Credentials You are responsible for maintaining the confidentiality of your account credentials. You accept full responsibility for all activities that occur under your account.

3.2 Liability for Breach Vulnz accepts no liability for data leaks or damages resulting from compromised user accounts caused by weak passwords or poor credential hygiene on the part of the Subscriber.

4. Subscriptions and Billing

4.1 Payment Methods We use Stripe as our payment processor. We do not store your full card details. By subscribing, you authorise us to store a secure token (vaulted credential) with Stripe to facilitate recurring payments.

4.2 Automatic Renewal Subscriptions are billed in advance on a monthly rolling basis. Your payment method will be automatically charged on the same day each month (“Renewal Date”).

4.3 Cancellation You may cancel your subscription at any time via your dashboard.

  • Effect of Cancellation: Your Service will continue until the end of the current paid billing period.
  • No Pro-Rata Refunds: We do not offer refunds for partial months unused.

4.4 Failed Payments If a renewal payment fails, we will attempt to retry the transaction. If payment cannot be secured, we reserve the right to suspend your access to the API and Dashboard until the arrears are cleared.

5. Intellectual Property

5.1 The Plugin (Agent) The vulnz-agent WordPress plugin is distributed under the GNU General Public License (GPL) to comply with WordPress community standards.

5.2 The Service (API & Dashboard) The Vulnz API, Dashboard, reporting algorithms, and branding are proprietary. You are granted a limited, non-exclusive, revocable licence to access these systems solely for the purpose of monitoring your designated websites. You may not reverse-engineer the API or resell the Service (except as part of a managed maintenance service provided to your own clients).

6. Acceptable Use

You agree not to:

  • Use the Service to monitor websites you do not own or do not have explicit permission to manage.
  • Attempt to flood or DDoS the API.
  • Use the Service for any illegal purpose.

We reserve the right to terminate accounts found to be in breach of these rules without refund.

7. Limitation of Liability

7.1 Service Provided “As Is” The Service is provided on an “as is” and “as available” basis. We make no warranties regarding uptime, accuracy of vulnerability data, or email deliverability.

7.2 Exclusion of Damages To the fullest extent permitted by law, Vulnz shall not be liable for:

  • Any indirect, incidental, or consequential damages.
  • Loss of data, business, profits, or reputation.
  • Damages resulting from a security breach on a Monitored Site, regardless of whether the Service failed to alert you to the vulnerability.

7.3 Liability Cap Our total liability to you for any claim arising out of or relating to these Terms or the Service shall not exceed the total amount paid by you to us in the three (3) months preceding the event giving rise to the claim.

8. Indemnification

You agree to indemnify and hold harmless Vulnz and its operators from any claims, damages, or expenses arising from your use of the Service, or your violation of these Terms, particularly in relation to monitoring websites without the owner’s consent.

9. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify you of significant changes via email or a dashboard notification. Continued use of the Service after changes constitutes acceptance.

10. Governing Law

These Terms are governed by and construed in accordance with the laws of England and Wales. You agree to submit to the exclusive jurisdiction of the courts of England and Wales.

Implementation Notes:

  1. Liability Cap: I included a standard “3-month cap”. This is industry standard for SaaS. It means if someone sues you because they got hacked and you missed it, the most they can usually get back is the last £15 or £45 they paid you.
  2. GPL vs Proprietary: I made a specific distinction between the Plugin (GPL) and the Service (Proprietary). This protects your API business model while respecting WordPress rules.
  3. B2B Language: The “Indemnification” clause is important here. If an agency installs your plugin on a client site without permission, and the client sues you, the agency has to pay your legal bills.