Master Terms of Service, Privacy Policy, and Data Processing Agreements.
Effective Date: March 19, 2026
This Master Subscription Agreement ("Agreement") is entered into by and between Quanty.io ("Provider," "we," "us," or "our") and the entity or person placing an order for or accessing our Services ("Customer," "you," or "your"). This Agreement consists of the terms and conditions set forth below, any exhibits or addenda attached hereto, and any Order Forms. By clicking "I Agree," executing an Order Form, or accessing the Command Center, you represent that you have the authority to bind your organization to these terms.
Quanty.io provides an automated cryptographic posture assessment platform (the "Platform"). Subject to the terms of this Agreement and payment of applicable fees, Quanty.io grants Customer a non-exclusive, non-transferable, worldwide right to access and use the Platform for internal cybersecurity auditing purposes.
Quanty.io retains all rights, title, and interest in and to the Platform, including all heuristic risk engines, deterministic hashing algorithms, source code, aggregated data models, and the proprietary methodology used to calculate regulatory penalty exposure. Customer retains all rights to their domain names and internal organizational data.
Customer shall pay all fees specified in the Order Form or Pricing Page. Payment obligations are non-cancelable, and fees paid are non-refundable. Quanty.io utilizes Stripe, Inc. as its merchant of record. Late payments are subject to a late fee of 1.5% per month or the maximum permitted by law. If a payment is declined, Quanty.io reserves the right to suspend API and Command Center access immediately.
The Quanty Platform physically interacts with public-facing web servers via TLS/SSL socket connections. As a condition of your use of the Services, you strictly warrant and represent the following:
Quanty.io logs all IP addresses and domain queries. We reserve the right to instantly terminate accounts, without refund, that engage in unauthorized scanning of third-party domains (e.g., competitors, unauthorized government infrastructure).
CRITICAL DISCLAIMER: The financial liability estimates, GDPR penalty projections, and NIS2/DORA exposure metrics provided by the Quanty Scanner and PDF Reports are algorithmic heuristic estimates intended for educational, budget-justification, and internal risk-modeling purposes only. They DO NOT constitute formal legal, financial, or compliance advice.
3.1 No Warranties: The Service is provided "AS IS" and "AS AVAILABLE." Quanty.io explicitly disclaims all warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, and non-infringement. Quanty.io makes no warranty that implementing our remediation playbooks will guarantee exemption from European Union or federal regulatory fines.
3.2 Indemnification: You agree to indemnify, defend, and hold harmless Quanty.io, its officers, and engineers against any claims, damages, or legal actions arising from your unauthorized scanning of domains you do not own or possess legal authority to audit.
3.3 Liability Cap: IN NO EVENT SHALL QUANTY.IO BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA BREACHES, OR REGULATORY FINES INCURRED BY YOUR ORGANIZATION. OUR MAXIMUM AGGREGATE LIABILITY UNDER THIS AGREEMENT IS STRICTLY LIMITED TO THE TOTAL AMOUNT PAID BY YOU FOR THE PLATFORM SUBSCRIPTION IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
At Quanty.io, we prioritize the confidentiality of your infrastructure intelligence. This Privacy Policy outlines how we collect, use, and protect your data.
We use your data exclusively to operate the Platform, deliver customized PDF reports, process subscription payments, and prevent abuse of the scanning engine. We DO NOT sell your corporate data to third-party brokers or advertisers.
We rely on strictly vetted Enterprise infrastructure partners to provide the Service. These include Render (Cloud Hosting), Stripe (Payment Processing), and Resend (Transactional Email). Payment processing is handled entirely by Stripe; Quanty.io never stores, processes, or transmits raw credit card data on our servers.
This section applies if Customer data includes Personal Data subject to the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
Under the GDPR, Customer acts as the Data Controller, and Quanty.io acts as the Data Processor. We will process Personal Data solely in accordance with your documented instructions (i.e., operating the Platform).
Quanty.io employs enterprise-grade security controls, including AES-256 encryption for data at rest, TLS 1.3 for data in transit, role-based access controls (RBAC), and hashed password verification via bcrypt. In the event of a confirmed data breach impacting Customer data, Quanty.io will notify the Customer's designated CISO or Admin within 72 hours of discovery.
Customers maintain full data sovereignty. You have the right to request a complete, unrecoverable purge of your corporate account, payment profiles, and associated domain audit logs from our databases by submitting a formal request to compliance@quantyio.com.
For accounts currently subscribed to the "CISO / Enterprise" tier, Quanty guarantees a 99.9% monthly uptime percentage for the core cryptographic scanning API. Uptime is measured over a calendar month.
Scheduled maintenance windows will be communicated to the registered administrative email address at least 48 hours in advance and are excluded from downtime calculations. In the event Quanty.io fails to meet the 99.9% SLA, the Customer’s sole and exclusive remedy shall be a prorated subscription credit for the impacted month.
