Terms of Service

These Terms of Service ("Terms") form a legally binding agreement between you and the entity you represent ("Customer," "you," or "your") and MailBreach ("we," "us," or "our") governing your access to and use of the MailBreach platform, including all associated software, features, and documentation (collectively, the "Service").

By creating an account, connecting an email provider, or otherwise accessing the Service, you confirm that (a) you have read and understood these Terms, (b) you have the authority to bind your organization to these Terms, and (c) you agree to be bound by them. If you do not agree, you must not use the Service.

MailBreach is a security monitoring service that connects to your organization's Microsoft 365 or Google Workspace environment to scan email configuration settings — including mailbox forwarding rules, inbox rules, and email filters — for patterns that may indicate unauthorized email exfiltration or security risks.

The Service provides:

• Detection of potentially unauthorized forwarding rules, inbox rules, and filter configurations
• Severity classification and findings reports
• Guided or automated remediation workflows, depending on your subscription plan
• Audit logs of actions taken within the platform

The Service reads email configuration metadata only. It does not access, read, store, or transmit the content of any email messages.

The Service is intended for use by organizations and their authorized administrators. It is not a consumer product and is not intended for personal use.

To use the Service, you represent and warrant that:

• You are at least 18 years of age
• You have the legal authority to bind the organization on whose behalf you are acting
• You have the administrative rights and organizational authority required to connect your email provider to the Service
• Your use of the Service complies with all applicable laws and regulations

You are responsible for ensuring that any connection of your email environment to the Service is authorized under your organization's internal policies and any applicable agreements with your email provider.

Access to the Service is granted at the organization level. You are responsible for all activity that occurs under your organization's account, including the actions of any administrators or members you invite.

You agree to:

• Keep your login credentials secure and confidential
• Promptly notify us of any unauthorized access to your account
• Ensure that invited members are authorized representatives of your organization
• Maintain accurate account and billing information

We are not liable for any loss or damage arising from your failure to maintain the security of your account credentials.

Access to the Service requires a paid subscription. Subscription fees are billed in advance on a recurring basis (monthly or annually, depending on your selected plan) through our third-party payment processor.

• All fees are stated in US dollars and are non-refundable except as required by applicable law or as expressly stated in these Terms
• We reserve the right to change subscription pricing with at least 30 days' advance notice
• If a payment fails, we may suspend your access to the Service until payment is resolved
• You may cancel your subscription at any time; cancellation takes effect at the end of the current billing period
• Downgrading your plan may result in the loss of access to features available on higher tiers

You are responsible for any applicable taxes. We will charge taxes where required by law.

You agree not to use the Service to:

• Connect email environments you do not have authorization to access
• Attempt to circumvent, disable, or interfere with any security features of the Service
• Reverse engineer, decompile, or disassemble any part of the Service
• Resell, sublicense, or otherwise make the Service available to third parties without our written consent
• Use the Service in any manner that violates applicable laws or regulations
• Introduce malicious code, viruses, or other harmful material into the Service
• Conduct load testing, scraping, or automated requests that exceed normal usage patterns

You retain ownership of all data you provide to the Service and all data derived from scanning your email environment ("Customer Data"). You grant us a limited license to process Customer Data solely to provide the Service.

We process only email configuration metadata (rule types, forwarding addresses, filter settings) — never the content of email messages. Our Privacy Policy describes in detail how we collect, store, and handle Customer Data.

We implement reasonable technical measures to protect Customer Data, including encryption in transit and at rest, and tenant isolation to prevent one customer's data from being accessible to another. However, no system is perfectly secure, and we cannot guarantee absolute protection against all threats.

The Service, including all software, algorithms, user interfaces, and documentation, is owned by MailBreach and protected by copyright, trademark, and other intellectual property laws. These Terms do not grant you any ownership rights in the Service.

We may use aggregated, anonymized data derived from use of the Service (with no information that identifies you or your organization) to improve and develop the Service.

We make reasonable efforts to keep the Service available and operational. However, we do not guarantee any specific level of uptime, availability, or performance. The Service may be temporarily unavailable due to scheduled maintenance, unplanned outages, or events outside our control.

We may modify, suspend, or discontinue features of the Service at any time. Where practicable, we will provide advance notice of significant changes.

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

WE DO NOT WARRANT THAT THE SERVICE WILL DETECT ALL SECURITY RISKS, UNAUTHORIZED CONFIGURATIONS, OR EMAIL THREATS IN YOUR ENVIRONMENT. THE SERVICE IS A DETECTION AND MONITORING TOOL AND IS NOT A GUARANTEE OF COMPLETE EMAIL SECURITY. YOU REMAIN RESPONSIBLE FOR YOUR ORGANIZATION'S OVERALL SECURITY POSTURE.

WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MAILBREACH, ITS OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, OR LOSS OF GOODWILL, ARISING FROM OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE.

OUR TOTAL CUMULATIVE LIABILITY TO YOU FOR ANY CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IN THOSE JURISDICTIONS, OUR LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

You agree to defend, indemnify, and hold harmless MailBreach and its officers, directors, employees, and agents from and against any claims, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the Service; (b) your violation of these Terms; (c) your violation of any third-party right, including any right of your email provider; or (d) any claim that your Customer Data infringes the rights of a third party.

Either party may terminate these Terms at any time. You may do so by canceling your subscription and ceasing use of the Service. We may terminate or suspend your access immediately, without prior notice, if we determine that you have violated these Terms or if required by law.

Upon termination, your right to access the Service ceases. We will retain your data for a reasonable period to allow you to export it, after which it will be deleted in accordance with our Privacy Policy. Sections 7 through 15 survive termination.

We may update these Terms from time to time. When we do, we will post the revised Terms and update the effective date above. For material changes, we will notify you via email or an in-app notice at least 14 days before the change takes effect.

Your continued use of the Service after a change becomes effective constitutes your acceptance of the revised Terms.

These Terms are governed by the laws of the jurisdiction in which MailBreach is incorporated, without regard to conflict of law principles. Any dispute arising from or relating to these Terms or the Service that cannot be resolved informally will be submitted to binding arbitration under commercially reasonable arbitration rules, except that either party may seek injunctive relief in a court of competent jurisdiction to protect its intellectual property rights.

Entire Agreement. These Terms, together with our Privacy Policy, constitute the entire agreement between you and MailBreach regarding the Service and supersede all prior agreements.

Severability. If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force.

No Waiver. Our failure to enforce any provision does not waive our right to do so in the future.

Assignment. You may not assign your rights or obligations under these Terms without our prior written consent. We may assign these Terms without restriction.

Contact. Questions about these Terms should be directed to [email protected].