Legal Centre

1.1 Eligibility

You must be at least 18 years of age and have the legal capacity to enter into binding contracts in your jurisdiction. If you are using the Services on behalf of an organisation, you represent and warrant that you have authority to bind that organisation to these Terms.

1.2 Platform Purpose and Tool-Only Scope

AquilaX provides automated security scanning tools. The platform and its outputs — including identified findings, severity ratings, suggested fixes, compliance reports, and any other generated content — are provided solely as informational tools to assist users in their own security activities. AquilaX does not:

• Guarantee that all vulnerabilities in any codebase will be identified;
• Guarantee the absence of false positives or false negatives;
• Provide advice, recommendations, or assurances that use of the platform makes any system secure or compliant;
• Assume responsibility for the security posture of any user's systems, applications, or infrastructure;
• Verify that users have legal authority over the code, repositories, or systems being scanned.

Users bear sole and full responsibility for validating, interpreting, and acting upon any findings or outputs produced by AquilaX.

1.3 No Warranty

THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, AQUILAX EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

• Implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement;
• Any warranty that the Services will be uninterrupted, error-free, or free from harmful components;
• Any warranty that results obtained from use of the Services will be accurate, complete, reliable, or current;
• Any warranty that defects will be corrected.

Any use of the Services or reliance on any output is entirely at your own risk.

1.4 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• AQUILAX, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS, AND LICENSORS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, GOODWILL, BUSINESS OPPORTUNITY, OR SECURITY INCIDENTS;
• AQUILAX'S AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES, REGARDLESS OF THE THEORY OF LIABILITY, SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO AQUILAX IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR £100 GBP IF NO FEES HAVE BEEN PAID;
• THE FOREGOING LIMITATIONS APPLY EVEN IF AQUILAX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Some jurisdictions do not allow exclusion of certain warranties or limitation of liability for consequential damages — in such cases the above limitations apply to the fullest extent permitted by law.

1.5 Indemnification

You agree to indemnify, defend, and hold harmless AquilaX LTD and its directors, officers, employees, contractors, and affiliates from and against any claims, liabilities, damages, judgments, awards, losses, costs, and expenses (including reasonable legal fees) arising out of or relating to:

• Your use of or access to the Services;
• Your breach of these Terms;
• Your violation of any applicable law, regulation, or third-party rights;
• Any content, code, or data you submit to the platform;
• Actions you take — or fail to take — based on the platform's findings or outputs;
• Any claim that your use of the Services caused harm to a third party.

1.6 User Responsibilities

By using the Services you represent, warrant, and agree that you:

• Have all necessary legal rights, licences, and permissions to submit any code, repository, or system to AquilaX for scanning;
• Will not use the Services to scan systems you do not own or have explicit written authorisation to test;
• Will validate and independently verify all scan results before taking any action;
• Are solely responsible for remediation decisions and their consequences;
• Will use the Services in compliance with all applicable laws and regulations;
• Will not attempt to reverse-engineer, circumvent, or interfere with the Services.

1.7 Subscription, Billing & Cancellation

Subscriptions activate upon purchase confirmation and remain active until the end of the paid billing period. Cancellations take effect at the end of the current paid period — no refunds are issued for partial periods unless required by applicable consumer law. AquilaX reserves the right to modify pricing with at least 30 days' advance notice to active subscribers.

1.8 Suspension and Termination

AquilaX reserves the right to suspend or terminate your access to the Services immediately and without notice if you breach these Terms, engage in unlawful conduct, abuse the platform, or if we are required to do so by law. Upon termination you must cease all use of the Services. Termination does not limit any other rights or remedies AquilaX may have.

1.9 Modifications to Terms

AquilaX may update these Terms at any time. Material changes will be communicated by email or a notice on the website at least 7 days before they take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised Terms.

1.10 Governing Law & Dispute Resolution

These Terms are governed by and construed in accordance with the laws of England and Wales. Any dispute arising from or relating to these Terms or the Services shall be subject to the exclusive jurisdiction of the courts of England and Wales. You waive any objection to venue or jurisdiction in those courts.

2.1 Data We Collect

We collect only the minimum personal data necessary to provide the Services:

We do not sell personal data to third parties. We do not collect source code as personal data — code submitted for scanning is processed transiently and is not retained beyond the period required to deliver scan results, unless you explicitly save it.

2.2 Legal Basis for Processing

• Contract performance: Processing necessary to deliver the Services you have subscribed to.
• Legitimate interests: Analytics, security monitoring, fraud prevention, and platform improvement.
• Consent: Marketing communications — you may withdraw consent at any time.
• Legal obligation: Compliance with applicable laws and regulatory requirements.

2.3 Data Retention

Personal data is retained for as long as your account is active plus a 12-month period thereafter to comply with legal obligations. Scan result data is retained for the duration of your subscription plus 90 days. You may request deletion of your account and associated data at any time.

2.4 Data Security

We implement industry-standard administrative, technical, and physical safeguards — including encryption at rest and in transit, access controls, and security monitoring. Notwithstanding these measures, AquilaX cannot guarantee absolute security. No internet transmission or electronic storage is completely secure. You accept this residual risk by using our Services.

2.5 Third-Party Processors

We use vetted third-party processors who handle data on our behalf under data processing agreements, including:

• Stripe — Payment processing (PCI DSS compliant)
• Simple Analytics — Privacy-friendly website analytics (no personal data stored)
• LinkedIn, Google — Targeted advertising (via cookies, with your consent)
• Cloud infrastructure providers — Hosting and data storage (EU/UK regions where possible)

2.6 International Transfers

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as UK International Data Transfer Agreements (IDTAs), Standard Contractual Clauses (SCCs), or adequacy decisions.

2.7 Your Rights

Under UK/EU GDPR you have the right to:

• Access — request a copy of personal data we hold about you;
• Rectification — correct inaccurate or incomplete data;
• Erasure — request deletion subject to legal retention obligations;
• Restriction — restrict processing in certain circumstances;
• Portability — receive your data in a machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdraw consent — at any time where processing is consent-based.

Submit requests to admin[@]aquilax.ai. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

3.1 What Are Cookies?

Cookies are small text files placed on your device by a website. They allow websites to recognise your device, maintain session state, and collect information about your browsing behaviour. Similar technologies include local storage, session storage, and pixel tags.

3.2 Cookies We Use

3.3 Third-Party Cookies

Third parties such as LinkedIn and Google may set their own cookies when you interact with embedded content or advertising. AquilaX does not control these cookies. Refer to the respective third-party privacy policies for details.

3.4 Managing Cookies

You may refuse or delete non-essential cookies at any time by:

• Adjusting your browser settings (see your browser's help documentation);
• Using our cookie consent banner to withdraw consent;
• Installing a browser plugin such as uBlock Origin.

Note that disabling certain cookies may affect the functionality of the Services.

3.5 Cookie Retention

Session cookies are deleted when you close your browser. Persistent cookies expire within 12 months unless refreshed. Marketing cookies may persist for up to 180 days as set by the respective third-party platform.

4.1 Grant of Licence

Subject to payment of applicable fees and compliance with this EULA, AquilaX grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to access and use the Services solely for your internal security operations and in accordance with your subscription tier.

4.2 Restrictions

You must not:

• Copy, modify, adapt, translate, or create derivative works of the platform or its underlying software;
• Reverse-engineer, decompile, disassemble, or attempt to derive the source code of the platform;
• Sublicense, resell, rent, lease, transfer, or share access to the Services with unauthorised third parties;
• Remove or alter any proprietary notices, labels, or marks;
• Use the Services to build a competing product or service;
• Exceed usage limits associated with your subscription plan;
• Use the Services to scan systems for which you lack explicit authorisation.

4.3 Intellectual Property

All rights, title, and interest in and to the Services — including all software, algorithms, models, trademarks, trade dress, and documentation — remain exclusively with AquilaX LTD. This EULA does not transfer any ownership rights to you. You retain ownership of your own code and data submitted to the platform.

4.4 Scan Results Ownership

Scan reports and findings generated by the platform based on your submitted code are yours. AquilaX may use anonymised, aggregated statistical data derived from platform usage (without identifying you or your code) to improve its models and services.

4.5 No Liability for Scan Outcomes

Scan results are produced by automated systems and may contain inaccuracies. AquilaX expressly disclaims all liability for:

• False positive findings that cause unnecessary remediation effort or cost;
• False negative findings that result in a vulnerability remaining undetected;
• Damage, loss, or harm arising from actions taken or not taken based on scan results;
• Regulatory fines, penalties, or enforcement actions even where a scan was conducted;
• Any claim by a third party arising from use of your software regardless of scan results.

4.6 Licence Termination

This EULA terminates automatically upon expiry or cancellation of your subscription, or immediately upon your breach of any provision. Upon termination you must cease all use of the Services and destroy any locally cached data associated with the platform. Sections 4.2, 4.3, 4.5, and all liability limitations survive termination.

4.7 Open-Source Components

The Services may incorporate open-source software components. Such components are governed by their respective open-source licences, copies of which are available upon written request to admin[@]aquilax.ai.

5.1 Prohibited Activities

You may not use the Services to:

• Scan or test systems, applications, APIs, or networks without the explicit written authorisation of the system owner;
• Conduct offensive security operations, active exploitation, or penetration testing of third-party systems;
• Develop, distribute, or enhance malicious software, ransomware, spyware, or any tool designed to harm third parties;
• Circumvent, disable, or interfere with security features of any system;
• Violate any applicable law, regulation, or the rights of any person or entity;
• Infringe intellectual property rights of any third party;
• Introduce malicious code, vulnerabilities, or exploits into the platform or any connected system;
• Share your account credentials or allow unauthorised persons to access the platform under your account.

5.2 Authorised Use Only

AquilaX is designed exclusively for defensive security purposes — to help owners and operators of software systems identify and remediate vulnerabilities in systems they own or have explicit permission to test. Any use outside this scope is a material breach of these Terms and may constitute a criminal offence under the Computer Misuse Act 1990 (UK) or equivalent legislation in your jurisdiction.

5.3 No Liability for Misuse

AquilaX accepts no responsibility or liability for any harm caused by misuse of the platform, including unauthorised scanning, offensive use, or use in violation of applicable law. You agree to fully indemnify AquilaX for any claims, losses, or costs resulting from your prohibited or unlawful use of the Services.

6.1 Regulatory Complaints

If you believe your personal data has been processed in breach of applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority:

• UK: Information Commissioner's Office (ICO) — ico.org.uk
• EU: Your local Data Protection Authority (DPA)

We encourage you to contact us first so we can resolve any concerns directly.

6.2 Document Revision History