Terms of Service

2.1 Core Functionality

The Service provides the following core functionality:

• Native Tool Aggregation: Reads security findings from AWS Security Hub, AWS Config, Amazon GuardDuty, IAM Access Analyzer, and AWS Inspector (Azure and GCP support coming soon)
• Security Posture Scoring: Calculates an overall security posture score based on active findings and severity
• Finding Dashboard: Interactive dashboard to view, filter, and search security findings
• AI-Powered Remediation: Generates explanations, impact analysis, and Infrastructure as Code (IaC) fix snippets using Azure OpenAI (available on Pro and Assessment tiers)
• Compliance Mapping: Maps findings to compliance frameworks (CIS, SOC 2, ISO 27001, HIPAA, PCI DSS)
• PDF Reports: Exportable compliance and security assessment reports (Pro and Assessment tiers)
• Email Notifications: Alerts for critical findings and scan completions

2.2 Service Limitations

The Service is subject to the following limitations:

• RemediGenius does not run its own security scans — it reads from your cloud provider's native security tools
• You are responsible for enabling and configuring native security tools (Security Hub, Config, GuardDuty) in your cloud accounts
• AI-generated remediation suggestions are advisory and not guaranteed to be correct or complete
• The Service operates on a read-only access model — we never modify your cloud resources
• Some features (AI remediation, PDF reports) are limited or unavailable on the Free tier

2.3 Beta Features

We may offer beta or experimental features marked as "Beta," "Alpha," or "Preview." These features are provided "as-is" without warranties and may change or be discontinued at any time.

3.1 Account Creation

To use the Service, you must:

• Provide accurate and complete registration information (email, company name)
• Be at least 18 years old or the age of majority in your jurisdiction
• Create a secure password and enable multi-factor authentication (MFA) when available
• Maintain the confidentiality of your account credentials

3.2 Account Responsibility

You are responsible for:

• All activity that occurs under your account
• Maintaining the security of your account credentials
• Notifying us immediately of any unauthorized access or security breach
• Ensuring your team members comply with these Terms

We are not liable for losses caused by unauthorized use of your account if you fail to protect your credentials.

3.3 One Account Per User

Each user must have their own account. Account sharing is prohibited. For team access, contact us about Enterprise plans with role-based access control (RBAC).

4.1 Free Tier

• Cost: $0/month (forever)
• Includes: 1 AWS account, 2 scans/month, up to 50 findings, 7-day data retention, 10 AI calls/month
• Trial: Includes a 14-day Pro trial to experience premium features
• Limitations: No AI remediation IaC snippets, no PDF compliance reports

4.2 Pro Tier

• Cost: $49/account/month (billed monthly) or $39/account/month (billed annually, save 20%)
• Includes: Up to 5 cloud accounts, daily automated scans, unlimited findings, 100 AI calls/month, AI-generated IaC fixes, PDF compliance reports, 1-year data retention
• Billing: Auto-renewal unless cancelled

4.3 Security Audit (One-Time Assessment)

• Cost: $997 one-time payment
• Includes: 1 cloud account comprehensive scan, 20-30 page PDF report, AI remediation for top 10 findings, prioritized action plan, 30-minute expert walkthrough with senior security architect
• Delivery: Within 48 hours of cloud account connection
• Data Retention: All data deleted immediately after report delivery (you retain the PDF)

4.4 Enterprise and Dedicated Plans

For organizations with 10+ cloud accounts, custom data retention requirements, or regulated industries requiring data sovereignty, we offer Enterprise and Dedicated plans with custom pricing. Contact security@remedigenius.com for details.

5.1 Payment Processing

All payments are processed through Stripe, our third-party payment processor. By providing payment information, you:

• Represent that you have the legal right to use the payment method provided
• Authorize us to charge your payment method for all fees incurred
• Agree to Stripe's Terms of Service

We do not store your credit card numbers or billing details — these are securely stored by Stripe.

5.2 Billing Cycles

• Monthly Plans: Billed on the same day each month based on your signup date
• Annual Plans: Billed once per year on your anniversary date
• One-Time Assessments: Billed immediately upon purchase

5.3 Auto-Renewal

Subscriptions automatically renew at the end of each billing period unless you cancel before the renewal date. You will be charged at the then-current rate (we will notify you of price changes at least 30 days in advance).

5.4 Price Changes

We may change our pricing from time to time. Price changes will:

• Not affect your current billing period
• Apply to the next renewal after 30 days' notice
• Be communicated via email and in-app notification

If you do not agree to a price increase, you may cancel your subscription before the renewal date.

5.5 Refund Policy

• Pro Subscriptions: No refunds for monthly or annual subscriptions (you may cancel to avoid future charges)
• Security Audit: Refundable within 24 hours of purchase if the scan has not yet started
• Free Trial: No payment required during the 14-day Pro trial — you will only be charged if you do not cancel before the trial ends

Exception: If we fail to deliver the Service as described (e.g., prolonged outage), we may issue a prorated credit or refund at our discretion.

5.6 Taxes

Prices do not include taxes. You are responsible for all applicable sales, use, VAT, and other taxes. We will charge applicable taxes based on your billing address.

5.7 Failed Payments

If a payment fails, we will:

• Attempt to retry the payment up to 3 times over 7 days
• Notify you via email
• Suspend your account if payment is not received within 14 days
• Delete your data after 30 days of non-payment (per our retention policy)

6.1 Read-Only Access Guarantee

RemediGenius operates on a read-only access model. We promise that:

• We will never create, modify, or delete resources in your cloud accounts
• We will never access your application data (database contents, file storage, secrets)
• We will only read security findings and resource metadata from your cloud provider's APIs
• All access is auditable via your cloud provider's logging (AWS CloudTrail, Azure Activity Log, GCP Audit Logs)

6.2 How Access Works

You grant us access by deploying a CloudFormation template (AWS) or equivalent (Azure/GCP) that creates:

• An IAM role with SecurityAudit and ViewOnlyAccess managed policies
• A trust relationship allowing our AWS account to assume the role
• An External ID for added security (prevents confused deputy attacks)

You control the connection at all times. You may:

• Disconnect your cloud account at any time via the dashboard
• Delete the IAM role to immediately revoke our access
• Monitor our access via CloudTrail logs in your own account

6.3 Your Responsibilities

You are responsible for:

• Enabling Native Security Tools: RemediGenius requires AWS Security Hub, Config, and optionally GuardDuty to be enabled in your account. You are responsible for enabling these services and paying AWS directly for their costs (typically $13-45/month per account).
• Maintaining Valid Access: Ensuring the IAM role remains active and properly configured
• Compliance: Ensuring your use of the Service complies with your organization's policies and any applicable regulations
• Remediation: Testing and validating all AI-generated remediation code before deploying to production

6.4 Service Availability and Native Tool Costs

Important: RemediGenius's pricing does not include the cost of your cloud provider's native security tools (Security Hub, Config, GuardDuty, etc.). These are billed directly by AWS/Azure/GCP. Typical costs are $13-45/month per AWS account. See our Pricing Page for estimates.

7.1 Your Data

You retain all ownership rights to your security findings, cloud account metadata, and any data you provide to the Service ("Customer Data"). We do not claim ownership of your data.

7.2 License to Use Your Data

You grant us a limited license to process your Customer Data solely to:

• Provide the Service (display findings, generate AI recommendations, create reports)
• Improve the Service (aggregate, anonymized analytics)
• Comply with legal obligations

This license ends when you delete your account or we delete your data per our retention policy.

7.3 We Do Not Sell Your Data

We will never sell, rent, or trade your Customer Data to third parties. We may share data with service providers (Supabase, AWS, Azure OpenAI, Stripe) solely to deliver the Service, as described in our Privacy Policy.

7.4 Aggregate Data

We may collect and use aggregate, anonymized data (e.g., "80% of users have S3 bucket misconfigurations") for:

• Platform analytics and benchmarking reports
• Security research and industry insights
• Marketing materials (e.g., "RemediGenius customers improved their posture score by 25% on average")

This data cannot be traced back to you or your organization.

7.5 Data Portability

You may export your data at any time:

• PDF Reports: Download compliance reports via the dashboard (Pro and Assessment tiers)
• JSON Export: Request a full data export at privacy@iacgenius.com

8.1 AI Suggestions Are Advisory

RemediGenius uses Azure OpenAI to generate:

• Plain-English explanations of security findings
• Impact analysis and root cause interpretations
• Infrastructure as Code (IaC) remediation snippets (Terraform, CloudFormation, Bicep)

Important: AI-generated content is advisory only and not guaranteed to be accurate, complete, or suitable for your specific environment. You are responsible for reviewing, testing, and validating all AI-generated code before deploying it to production.

8.2 No Warranties for AI Content

We do not warrant that AI-generated remediation code will:

• Be error-free or compatible with your infrastructure
• Fully remediate the security finding
• Comply with your organization's policies or compliance requirements
• Not introduce unintended side effects or break existing functionality

You use AI-generated code at your own risk. Always test in a non-production environment first.

8.3 Your Responsibility

You are solely responsible for:

• Reviewing all AI-generated recommendations for accuracy
• Testing IaC snippets in a development or staging environment
• Ensuring changes comply with your security policies and compliance obligations
• Any consequences of deploying AI-generated code (including data loss, downtime, or security incidents)

8.4 Ownership of AI-Generated Code

You own all AI-generated code and recommendations provided to you via the Service. You may use, modify, and deploy this code without attribution.

9.1 Prohibited Activities

• Violate Laws: Engage in any illegal activity or violate applicable laws and regulations
• Abuse the Service: Reverse engineer, decompile, or attempt to extract source code from the Service
• Overload Infrastructure: Use the Service in a manner that excessively burdens our infrastructure (e.g., scripted abuse, DDoS attacks)
• Circumvent Limits: Attempt to bypass usage limits (scan quotas, AI call limits) or payment requirements
• Resell the Service: Resell, sublicense, or white-label the Service without our written consent
• Interfere with Others: Access or use another customer's account or data without permission
• Harmful Content: Upload malicious code, malware, or content that violates intellectual property rights

9.2 Consequences of Violation

If you violate this Acceptable Use Policy, we may:

• Suspend or terminate your account immediately
• Remove offending content
• Report violations to law enforcement
• Pursue legal action for damages

9.3 Reporting Abuse

To report abuse or violations, contact support@remedigenius.com.

10.1 Uptime and Availability

We strive to provide reliable and continuous access to the Service. However:

• No SLA for Free Tier: The Free tier is provided on a "best effort" basis with no uptime guarantees
• Pro Tier: We target 99.5% uptime (excluding scheduled maintenance)
• Scheduled Maintenance: We may perform scheduled maintenance with 24 hours' notice (typically during low-traffic periods)
• Emergency Maintenance: Unscheduled maintenance may occur for critical security issues without prior notice

10.2 Service Modifications

We reserve the right to:

• Modify or discontinue features with 30 days' notice
• Update the Service to improve performance, security, or functionality
• Deprecate beta or experimental features at any time

10.3 Support

• Free Tier: Community support via email (best effort, no SLA)
• Pro Tier: Email support with 24-hour response time (business days)
• Security Audit: Includes a 30-minute expert walkthrough with a senior security architect
• Enterprise: Custom support SLAs available

11.1 Service "As-Is"

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

We do not warrant that:

• The Service will be uninterrupted, error-free, or secure
• All security findings will be detected or accurate
• AI-generated remediation code will work as intended
• The Service will meet your specific requirements

11.2 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IACGENIUS OÜ SHALL NOT BE LIABLE FOR:

• INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
• LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES
• DAMAGES RESULTING FROM UNAUTHORIZED ACCESS, DATA BREACHES, OR SERVICE INTERRUPTIONS
• DAMAGES CAUSED BY AI-GENERATED CODE OR REMEDIATION SUGGESTIONS
• DAMAGES RESULTING FROM YOUR FAILURE TO SECURE YOUR ACCOUNT OR CLOUD ENVIRONMENTS

OUR TOTAL LIABILITY FOR ALL CLAIMS ARISING FROM THE SERVICE SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE 12 MONTHS PRECEDING THE CLAIM (OR $100 IF YOU ARE ON THE FREE TIER).

11.3 Third-Party Services

We are not responsible for:

• Costs incurred from your cloud provider (AWS, Azure, GCP) for native security tools
• Outages or issues with third-party services (Stripe, Supabase, Azure OpenAI, Vercel)
• Changes or discontinuation of third-party APIs we rely on

11.4 Indemnification

You agree to indemnify and hold harmless IACGENIUS OÜ, its officers, employees, and contractors from any claims, damages, or expenses (including legal fees) arising from:

• Your use of the Service or violation of these Terms
• Deployment of AI-generated code or remediation suggestions
• Unauthorized access to your cloud accounts
• Your violation of applicable laws or third-party rights

12.1 Our IP

RemediGenius, including its software, design, branding, and documentation, is owned by IACGENIUS OÜ and protected by copyright, trademark, and other intellectual property laws.

You are granted a limited, non-exclusive, non-transferable license to access and use the Service for your internal business purposes. You may not:

• Copy, modify, or create derivative works of the Service
• Reverse engineer or decompile the Service
• Use our trademarks, logos, or branding without written permission

12.2 Your IP

You retain all rights to your Customer Data and any intellectual property you provide to the Service. By using the Service, you do not grant us any ownership rights to your IP.

12.3 Feedback

If you provide feedback, suggestions, or ideas for improving the Service, you grant us a perpetual, irrevocable, royalty-free license to use and incorporate such feedback without obligation to you.

13.1 Cancellation by You

You may cancel your subscription at any time:

• Free Tier: No cancellation required (delete your account to stop using the Service)
• Pro Tier (Monthly): Cancel anytime via dashboard settings — access continues until the end of your current billing period
• Pro Tier (Annual): Cancel before your renewal date to avoid the next annual charge

Upon cancellation, your data will be retained according to our Privacy Policy (7 days for Free tier, 1 year for Pro tier, then permanently deleted).

13.2 Termination by Us

We may suspend or terminate your account immediately if:

• You violate these Terms or our Acceptable Use Policy
• Your payment fails and remains unpaid for 30 days
• We are required to do so by law or legal process
• You engage in fraudulent, abusive, or harmful activity

We will provide notice of termination unless prohibited by law or if immediate termination is necessary to protect our rights or other customers.

13.3 Effect of Termination

Upon termination:

• Your access to the Service will be immediately revoked
• Your data will be deleted according to our retention policy
• You will remain responsible for all fees incurred prior to termination
• Sections of these Terms that should survive (Limitation of Liability, Indemnification, Governing Law) will remain in effect

14.1 Governing Law

These Terms are governed by the laws of Estonia and the European Union, without regard to conflict of law principles.

14.2 Dispute Resolution

If you have a dispute with us, you agree to:

1. First attempt to resolve the issue informally by contacting support@remedigenius.com
2. If informal resolution fails, submit the dispute to binding arbitration or mediation in Tallinn, Estonia
3. If arbitration is not feasible, submit the dispute to the courts of Tallinn, Estonia

14.3 EU Consumer Rights

If you are a consumer in the European Union, you retain all rights under EU consumer protection laws, including the right to bring disputes before your local consumer protection authority or courts.

15.1 Notification of Changes

When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send an email notification to all active users at least 30 days before the changes take effect
• Display a notice in the dashboard

15.2 Acceptance of Changes

Continued use of the Service after the effective date of updated Terms constitutes acceptance. If you do not agree with the updated Terms, you must cancel your subscription and stop using the Service before the effective date.

16.1 Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and IACGENIUS OÜ regarding the Service and supersede all prior agreements.

16.2 Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

16.3 Waiver

Our failure to enforce any provision of these Terms does not constitute a waiver of that provision or our right to enforce it in the future.

16.4 Assignment

You may not assign or transfer these Terms or your account without our written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets with notice to you.

16.5 Force Majeure

We are not liable for delays or failures in performance caused by circumstances beyond our reasonable control (natural disasters, war, strikes, pandemics, government actions, or third-party service outages).