Terms of Service

These Terms of Service ("Terms") govern your access to and use of evalfa.st ("Service", "we", "us"). By accessing or using the Service, you agree to be bound by these Terms. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

evalfa.st is operated from within the European Union. These Terms are between you and the evalfa.st team.

1. Service Description

evalfa.st is an AI security scanning and compliance evidence platform. The Service sends adversarial test prompts to AI API endpoints you designate, analyzes responses for vulnerabilities across the OWASP LLM Top 10 categories, and generates compliance evidence mapped to frameworks including SOC 2, ISO 27001, DORA, NIS2, ISO 42001, and FINMA. The Service is currently in early access and available to paid pilot customers. Features, pricing, and availability may change.

2. Eligibility and Authorization

You must be at least 18 years old to use the Service. By submitting an endpoint for scanning, you represent and warrant that you own the endpoint or have obtained explicit written authorization from the endpoint owner to conduct security testing. Submitting endpoints you do not own or are not authorized to test is a material breach of these Terms and may violate applicable law.

3. Payment Terms

evalfa.st offers the following purchase options:

• One-time scan ($47 USD): A single OWASP LLM Top 10 assessment with report and 30-day trust badge. Payment is due before the scan is initiated. Because compute resources are consumed upon scan initiation, one-time scan purchases are non-refundable once the scan begins.
• Subscription plans: Billed monthly or annually at the rate quoted at purchase. You may cancel at any time; access continues through the end of the current billing period.

Subscription plan pricing may change. All prices are in USD and exclusive of applicable taxes.

4. Acceptable Use

You agree not to:

• Submit endpoints belonging to third parties without their written authorization
• Use scan results to facilitate attacks on any system
• Attempt to reverse-engineer, probe, or disrupt the evalfa.st scanning infrastructure
• Use automated scripts or bots to abuse the Service beyond normal usage patterns
• Resell or redistribute scan reports without our written permission
• Use the Service for any unlawful purpose or in violation of any applicable regulation

5. Data Handling

When you use the Service, we collect your endpoint URL, authentication headers, request format, and the AI responses generated during testing. Test prompt data and scan results are retained for 90 days and then automatically deleted. API keys and tokens you provide are used transiently to authenticate scan requests and are not stored after the scan completes. We do not collect your users' data, your application source code, or your system prompts unless you explicitly include them in the endpoint configuration. For full details, see our Privacy Policy.

6. Intellectual Property

evalfa.st and its licensors own all rights to the Service, including the platform software, scanning methodology, probe libraries, report templates, and documentation. These Terms do not grant you any rights to evalfa.st intellectual property except the limited right to use the Service as described herein. You retain ownership of your scan results, generated compliance evidence packs, and any data you upload.

7. Early Access Disclaimer

The Service is provided in early access. We do not guarantee uptime, scan completion times, or feature availability. We may modify or discontinue features at any time during the early access period. No SLA commitments apply during early access.

8. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE DO NOT WARRANT THAT THE SERVICE IS ERROR-FREE, THAT ALL VULNERABILITIES WILL BE DETECTED, OR THAT SCAN RESULTS ARE COMPLETE OR ACCURATE. SECURITY SCANNING IS INHERENTLY PROBABILISTIC. YOU REMAIN SOLELY RESPONSIBLE FOR THE SECURITY OF YOUR SYSTEMS REGARDLESS OF SCAN RESULTS.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EVALFA.ST'S TOTAL LIABILITY TO YOU FOR ANY CLAIMS ARISING UNDER THESE TERMS IS LIMITED TO THE AMOUNTS YOU PAID TO EVALFA.ST IN THE 12 MONTHS PRECEDING THE CLAIM. EVALFA.ST SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA BREACHES IN YOUR SYSTEMS, OR LOSS OF BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10. Indemnification

You agree to indemnify and hold harmless evalfa.st and its officers, directors, and employees from any claims, damages, or expenses (including reasonable legal fees) arising out of your use of the Service, your breach of these Terms, or your unauthorized scanning of endpoints.

11. Termination

We may suspend or terminate your access to the Service if you materially breach these Terms, without prior notice. On cancellation of a subscription, your access continues until the end of the paid billing period. You may request deletion of your scan data at any time by contacting us.

12. Governing Law

These Terms are governed by the laws of Poland. Any disputes arising from or relating to these Terms shall be submitted to the competent courts in Poland. Nothing in this section limits your rights under mandatory consumer protection laws of your country of residence.

13. Changes to Terms

We will notify you of material changes to these Terms by email at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms.

14. Contact

For questions about these Terms, contact us at hello@evalfa.st.