Jan 27, 2026
This Agreement (together with any supplemental terms, Privacy Policy, or other guidelines, rules, or instructions posted on our Website, including any amendments) constitutes a legally binding contract between UprootSecurity ("Us", "We", or "Our") and You ("Customer" or "End User") and supersedes all prior agreements, representations, warranties, or understandings related to the subject matter herein.
If You are entering into this Agreement on behalf of a company or other legal entity, You represent and warrant that You have the authority to bind such entity and its affiliates to these Terms. In such case, "You" or "Your" shall refer to that entity and its affiliates.
If You do not have such authority, or do not agree to these Terms, You must not accept this Agreement and may not use Our Services or platform. By using Our Services or platform, You represent and warrant that You are 18 years of age or older.
BY ACCESSING OR USING OUR SERVICES OR PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT AGREE, YOU MUST NOT USE OUR SERVICES OR PLATFORM.
If You are accessing or using the Platform or Services on behalf of a company or other legal entity, You represent and warrant that You have the authority to bind such entity to this Agreement, and in such case, "You", "Your", or "Customer" shall refer to such entity.
UprootSecurity agrees to provide the Services to the Customer in accordance with the terms of this Agreement and the applicable Service Order Form. The Services may include, without limitation, access to the Platform, security testing programs, vulnerability assessment programs, researcher engagement, analytics and reporting services, and related documentation, as specified in the relevant Service Order Form.
The specific scope, duration, deliverables, and fees for the Services shall be as set forth in the applicable Service Order Form agreed upon by the parties from time to time. UprootSecurity reserves the right to modify, enhance, or discontinue any aspect of the Services or the Platform, provided that such changes do not materially reduce the core functionality of the Services purchased by the Customer.
The Customer acknowledges and agrees that the Services are provided for the purpose of identifying potential security vulnerabilities and risks and do not guarantee that the Platform, systems, or applications tested will be free from all security threats or vulnerabilities.
UprootSecurity shall perform the Services in a commercially reasonable manner and in accordance with generally accepted industry standards.
To avail the Services, access, and use the Platform, the user shall be required to maintain a security account by signing up and registering with Uproot using login credentials which can be used by You or each of Your employees and consultants who are authorized by You to use the Services on Your behalf.
You are solely responsible for all actions and activities conducted under your User Account and Password. You agree to promptly notify UprootSecurity of any unauthorized access to or use of your User Account or Password, as well as any other security breaches. Additionally, you agree to log out of your User Account at the conclusion of each session. You acknowledge that you are liable for any losses or damages resulting from the unauthorized use of your User Account.
Your Content and information you submit on the Platform, along with other data collected during your use of the Platform (excluding credit card details and other sensitive financial or personal information), may be transmitted across different networks without encryption and may undergo modifications to meet the technical requirements of connecting networks or devices.
You acknowledge and agree that access to the Platform is influenced by various external factors, including your internet service provider, location, and bandwidth, and that UprootSecurity cannot guarantee uninterrupted access to the Platform at all times. In addition to the disclaimers and conditions outlined in the Terms of Service, UprootSecurity shall not be held liable for any damages resulting from your inability to log into your account or access the Services on the Platform at any given time.
3.1 Eligibility: By accessing and using our platform you affirm that you are not:
Our Platform is not designed for use by individuals under the age of 13. If you are under the legal age of majority in your place of residence and citizenship, you must obtain permission from your parent or legal guardian before using our Platform.
The Customer shall not, and shall not permit its Users to:
(a) attempt to gain unauthorized access to the Platform, any accounts, systems, networks, or data associated with the Platform, including through hacking, password mining, or any other means;
(b) interfere with, disrupt, degrade, or attempt to interfere with or disrupt the integrity, performance, or security of the Platform or any data contained therein, including by introducing excessive load, denial-of-service attacks, or otherwise overburdening the Platform's infrastructure;
(c) use the Platform or Services to develop, benchmark, test, or support any product or service that competes with UprootSecurity, or for purposes of competitive analysis without UprootSecurity's prior written consent;
(d) upload, transmit, introduce, or otherwise make available any viruses, worms, trojan horses, malware, ransomware, spyware, or other harmful or malicious code or components;
(e) exceed, circumvent, or attempt to circumvent any usage limits, technical restrictions, or access controls specified in the applicable Service Order Form or implemented by UprootSecurity, including limits on users, scans, targets, storage, or bandwidth;
(f) use the Platform or Services for any unlawful purpose or in violation of any applicable laws, regulations, or industry standards, including data protection, cybersecurity, and export control laws;
(g) submit, upload, or process any Content for which the Customer does not have lawful authority, including Content that infringes or misappropriates any intellectual property rights, privacy rights, or other third-party rights;
(h) attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code, algorithms, or underlying structure of the Platform, except to the extent expressly permitted by applicable law;
(i) access or use the Platform through automated means such as bots, scrapers, crawlers, or scripts, except as expressly permitted by UprootSecurity;
(j) share login credentials, grant unauthorized access, or permit third parties to access the Platform or Services without UprootSecurity's prior written authorization;
(k) use the Platform to store or transmit sensitive personal data or regulated data (including payment card data, health data, or government-issued identifiers) unless expressly authorized in writing by UprootSecurity;
(l) engage in any activity that could reasonably be expected to expose UprootSecurity to legal liability, regulatory enforcement, reputational harm, or technical risk.
UprootSecurity reserves the right to suspend or terminate access to the Platform or Services immediately if it reasonably believes that the Customer has violated this section or poses a risk to the Platform, other customers, or UprootSecurity.
By agreeing to this Agreement, you agree not to use any of the Services for unlawful or unauthorized purposes. Users are strictly prohibited from engaging in any of the following activities while utilizing Our Services:
You shall be solely responsible for all activities undertaken through Your User Account, whether or not You have authorized such activities or actions, and shall, at all times, keep UprootSecurity indemnified in this regard.
UprootSecurity shall implement and maintain reasonable and appropriate administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of Customer Content against unauthorized access, use, disclosure, alteration, or destruction. Such safeguards shall be consistent with generally accepted industry standards applicable to organizations providing similar services.
Each party ("Receiving Party") agrees to keep confidential all non-public, proprietary, or confidential information disclosed by the other party ("Disclosing Party") in connection with this Agreement or the Services, whether disclosed orally, electronically, or in writing ("Confidential Information"). Confidential Information shall be used solely for the purpose of performing obligations or exercising rights under this Agreement and shall not be disclosed to any third party except as expressly permitted under this Agreement or as required by applicable law.
The Receiving Party shall restrict access to Confidential Infordmation to its employees, contractors, and agents who have a legitimate need to know such information for purposes of performing under this Agreement and who are bound by confidentiality obligations no less protective than those set forth herein.
Confidential Information shall not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was lawfully known to the Receiving Party prior to disclosure by the Disclosing Party; (c) is lawfully received from a third party without breach of any obligation of confidentiality; or (d) is independently developed by the Receiving Party without reference to the Confidential Information.
UprootSecurity grants you a non-exclusive, non-transferable, revocable license to access and use our product and services strictly in accordance with this Agreement. This license is limited to the purpose of enabling you to use and enjoy the benefits of the Services provided by UprootSecurity, subject to the restrictions outlined in this Agreement.
You are expressly prohibited from:
You agree to pay all fees and charges specified in the Service Order Form or as otherwise agreed between you and UprootSecurity for the Services provided. Fees are due and payable in accordance with the payment terms outlined in the Service Order Form or as specified by UprootSecurity.
In the event of non-payment or late payment, UprootSecurity reserves the right to suspend or terminate your access to the Services without notice. You agree that you are responsible for any costs or expenses (including attorneys' fees) incurred by UprootSecurity in collecting any overdue amounts.
UprootSecurity may, at its sole discretion, offer refunds or credits for unused Services, subject to any applicable terms and conditions.
UprootSecurity does not warrant or guarantee that the Platform or the Services will be available at all times or that access will be uninterrupted, timely, secure, or error-free. The Customer acknowledges that the availability and performance of the Platform and Services may be subject to interruptions, delays, or limitations due to maintenance, upgrades, system failures, security incidents, internet or telecommunications disruptions, or other factors beyond UprootSecurity's reasonable control.
UprootSecurity may perform scheduled or unscheduled maintenance that may temporarily suspend or limit access to the Platform or Services and shall not be liable for any unavailability resulting therefrom.
UprootSecurity makes no service level commitments, uptime guarantees, response time guarantees, or performance warranties of any kind unless expressly set forth in a written Service Order Form signed by both parties. Any such service level commitments shall apply solely as specified in the applicable Service Order Form and shall not be implied from this Agreement or from any course of dealing.
To the maximum extent permitted by applicable law, UprootSecurity shall not be liable for any loss, damage, or costs arising from or related to any interruption, delay, or failure of the Platform or Services, including loss of data, loss of business, or loss of profits.
The Customer acknowledges and agrees that the Platform and Services are designed to assist in identifying potential security vulnerabilities and risks but do not and cannot guarantee the detection, prevention, or elimination of all security vulnerabilities, threats, or attacks. The Customer understands that no system, network, software, or security measure can be completely secure or immune from compromise.
UprootSecurity does not warrant or represent that the Platform, Services, or any security testing, vulnerability assessments, or reports generated therefrom will identify all vulnerabilities, security flaws, or attack vectors, or that the Customer's systems, applications, or data will not be subject to breaches, intrusions, or other security incidents.
The Customer remains solely responsible for the security, configuration, operation, and maintenance of its own systems, networks, and data, including implementing appropriate safeguards, patches, and remediation measures based on the results of the Services.
UprootSecurity shall not be liable for any damages, losses, or claims arising from or related to any security incident, data breach, system compromise, or unauthorized access to the Customer's systems or data, even if the Services were used in connection with such systems.
The Platform and Services may interoperate with, depend upon, or make use of third-party products, services, software, infrastructure, or APIs, including but not limited to cloud hosting providers, collaboration tools, development platforms, and communication services such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Google Workspace, GitHub, Bitbucket, Slack, Jira, Linear, and similar third-party providers ("Third-Party Services").
The Customer acknowledges and agrees that such Third-Party Services are not controlled by UprootSecurity and are subject to their own terms of service, privacy policies, and security practices. UprootSecurity does not warrant or guarantee the availability, performance, security, or reliability of any Third-Party Services and shall not be responsible or liable for any interruption, delay, data loss, security incident, or failure caused by or attributable to any Third-Party Services.
Any exchange of data or interaction between the Customer and a Third-Party Service is solely between the Customer and the applicable third-party provider. UprootSecurity does not endorse, sponsor, or assume responsibility for any Third-Party Services and disclaims all liability arising from the Customer's use of or reliance on such Third-Party Services.
UprootSecurity may, from time to time, modify, replace, or discontinue integrations with Third-Party Services at its discretion and shall not be liable for any impact on the Customer's use of the Platform or Services resulting from changes made by or to such Third-Party Services.
To the maximum extent permitted by applicable law, UprootSecurity shall not be liable for any damages, losses, or claims arising out of or related to the availability, performance, security, or functionality of any Third-Party Services, including without limitation outages, API changes, data breaches, or service discontinuation by such providers.
The Customer acknowledges that the Platform, Services, and related technology may be subject to United States export control and economic sanctions laws and regulations, including but not limited to the Export Administration Regulations (EAR), regulations administered by the U.S. Department of Commerce, and sanctions administered by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), as well as applicable export and import laws of other jurisdictions.
The Customer represents and warrants that it is not located in, under the control of, or a national or resident of any country or region subject to comprehensive U.S. government embargoes or sanctions, and that it is not listed on, or owned or controlled by any person or entity listed on, any U.S. government restricted party list, including the Specially Designated Nationals (SDN) List, Denied Persons List, or Entity List.
The Customer agrees that it shall not, directly or indirectly, export, re-export, transfer, or provide access to the Platform or Services, or any related technical data or technology, to any prohibited country, entity, or individual, or for any prohibited end use, including but not limited to military, surveillance, or nuclear-related purposes, except as authorized by applicable law and with all required government approvals.
The Customer shall be solely responsible for ensuring its use of the Platform and Services complies with all applicable export control, sanctions, and trade laws and shall not use the Platform or Services in any manner that would cause UprootSecurity to violate such laws or regulations.
UprootSecurity reserves the right to suspend or terminate access to the Platform or Services immediately if it reasonably believes that the Customer has violated or may violate this section or any applicable export control or sanctions laws.
The Customer retains all right, title, and interest in and to its Content. The Customer represents and warrants that it owns or has obtained all necessary rights, licenses, consents, and permissions to submit, upload, transmit, and process such Content through the Platform and to grant the rights granted herein.
The Customer further represents and warrants that: (a) the Content does not and will not infringe, misappropriate, or otherwise violate any intellectual property rights, privacy rights, or other rights of any third party; (b) the Content does not contain any unlawful, defamatory, obscene, or otherwise objectionable material; and (c) the submission and use of the Content in connection with the Services complies with all applicable laws, regulations, and industry standards.
The Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Content submitted to the Platform and for ensuring that the Content does not contain any viruses, malicious code, or other harmful components.
UprootSecurity shall have no obligation to monitor, validate, or verify the Content submitted by the Customer and shall not be responsible or liable for any loss, damage, or claims arising from or related to such Content.
The Customer grants UprootSecurity a limited, non-exclusive, worldwide, royalty-free license to host, store, reproduce, transmit, process, and display the Content solely for the purpose of providing the Services in accordance with this Agreement.
UprootSecurity reserves the right, in its sole discretion, to remove or restrict access to any Content that it reasonably believes violates this Agreement, applicable law, or the rights of any third party, without prior notice to the Customer.
The Customer agrees to indemnify and hold harmless UprootSecurity from and against any claims, damages, liabilities, penalties, fines, losses, or expenses (including reasonable attorneys' fees) arising out of or relating to the Customer's Content, including any claim that the Content infringes or violates the rights of any third party or applicable law.
UprootSecurity reserves the right to monitor, audit, and review the Customer's and its Users' access to and use of the Platform and Services for the purposes of ensuring compliance with this Agreement, maintaining the security and integrity of the Platform, preventing fraud, abuse, or misuse, and complying with applicable legal and regulatory obligations.
Such monitoring may include the collection and analysis of usage data, access logs, system activity, and technical information related to the Customer's use of the Platform and Services. The Customer acknowledges and agrees that UprootSecurity may use automated tools and manual review processes for such purposes.
UprootSecurity shall have the right to investigate any suspected violation of this Agreement or any security incident affecting the Platform or Services. The Customer agrees to reasonably cooperate with any such investigation, including by providing relevant information, logs, or access as may be necessary to determine compliance or resolve the incident.
Nothing in this Agreement shall be construed as obligating UprootSecurity to monitor the Customer's Content or activities, and UprootSecurity shall not be liable for any failure to detect any misuse or violation of this Agreement.
UprootSecurity may suspend or restrict access to the Platform or Services, in whole or in part, without prior notice, if it reasonably determines that the Customer's use poses a security risk, violates this Agreement, or may expose UprootSecurity to legal or regulatory liability.
All monitoring and auditing activities shall be conducted in a manner consistent with UprootSecurity's Privacy Policy and applicable data protection laws.
We reserve the right to terminate or suspend your Account and access to the Platform at any time, without prior notice or liability, for any reason, including but not limited to a breach of these Terms.
Upon termination, your right to use the Platform and Services will cease immediately. If you wish to terminate your Account, you may do so by discontinuing your use of the Platform and Services. Upon termination or expiration of this Agreement, UprootSecurity may delete Customer Content after a commercially reasonable period unless retention is required by law. The Customer is responsible for exporting its Content prior to termination of the Services.
All provisions of this Agreement that by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity, and limitations of liability.
THE PLATFORM AND SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE PLATFORM OR SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.
YOU ACKNOWLEDGE AND AGREE THAT YOUR USE OF THE PLATFORM AND SERVICES IS AT YOUR OWN RISK, AND UPROOTSECURITY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE PLATFORM OR SERVICES, INCLUDING, WITHOUT LIMITATION, THE ACCURACY, COMPLETENESS, RELIABILITY, SECURITY, AVAILABILITY, OR SUITABILITY OF ANY FUNCTIONALITY, REPORTS, ANALYTICS, DELIVERABLES, DATA, INTEGRATIONS, OR THIRD-PARTY SERVICES ACCESSED OR PROVIDED IN CONNECTION WITH THE PLATFORM.
To the maximum extent permitted by applicable law, UprootSecurity shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, loss of data, loss of goodwill, or business interruption, arising out of or in connection with your use of or inability to use the Platform or Services, even if UprootSecurity has been advised of the possibility of such damages.
In no event shall UprootSecurity's total liability to you for all claims, damages, or causes of action arising out of or in connection with these Terms or your use of the Platform or Services exceed the amount paid by you to UprootSecurity in the twelve (12) months preceding the event giving rise to the claim.
You agree to indemnify, defend, and hold harmless UprootSecurity, its affiliates, officers, directors, employees, agents, and licensors from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or in connection with your use of the Platform or Services, your violation of these Terms, or your violation of any rights of another person or entity.
You may, from time to time, provide UprootSecurity with comments, suggestions, ideas, or other feedback, whether related to the Platform, Services, features, functionality, security testing programs, or any other aspect of UprootSecurity's business (collectively, "Feedback"). You acknowledge and agree that:
Ownership: All Feedback provided by You shall be considered non-confidential and non-proprietary. You hereby irrevocably assign and transfer to UprootSecurity all right, title, and interest in and to any Feedback, including all intellectual property rights therein, without any obligation of compensation, credit, or attribution.
License to Use: To the extent that You retain any intellectual property rights in Feedback, You grant UprootSecurity a perpetual, worldwide, royalty-free, transferable, sublicensable, irrevocable license to use, reproduce, modify, adapt, distribute, display, and otherwise exploit such Feedback in any manner and for any purpose, including but not limited to developing, enhancing, or commercializing the Platform, Services, or any other UprootSecurity products.
No Obligation: UprootSecurity shall have no obligation to use, implement, or act upon any Feedback. You acknowledge that UprootSecurity may independently develop features, products, or services that are similar or identical to Feedback provided by You, and that You shall have no claim against UprootSecurity in connection with such development.
No Confidentiality: You agree that any Feedback you provide shall not be subject to any confidentiality obligations, and that UprootSecurity may freely use such Feedback without restriction or notification.
Representations: You represent and warrant that any Feedback you provide does not infringe or misappropriate the intellectual property or other rights of any third party, and that You have the right to provide such Feedback to UprootSecurity under this Agreement.
Neither party shall be liable for any failure or delay in the performance of its obligations under this Agreement (other than payment obligations) to the extent such failure or delay is caused by events beyond its reasonable control, including but not limited to acts of God, natural disasters, fires, floods, earthquakes, pandemics or epidemics, war, terrorism, riots, civil unrest, labor disputes or strikes, governmental actions, changes in law or regulation, court orders, power failures, internet or telecommunications failures, cyberattacks, failures of cloud service providers or other third-party service providers, or any other events that could not reasonably have been anticipated or prevented ("Force Majeure Event").
The affected party shall use commercially reasonable efforts to mitigate the effects of the Force Majeure Event and resume performance as soon as practicable. The affected party shall promptly notify the other party of the occurrence of the Force Majeure Event and the expected duration of such non-performance.
If a Force Majeure Event continues for a period exceeding thirty (30) consecutive days and materially prevents the performance of the affected party's obligations under this Agreement, either party may terminate the affected Service Order Form or this Agreement upon written notice, without further liability, except for obligations accrued prior to the Force Majeure Event.
UprootSecurity reserves the right, at its sole discretion, to modify or replace these Terms at any time. If a revision is material, we will provide at least thirty (30) days' notice before any new terms take effect. What constitutes a material change will be determined at our sole discretion.
By continuing to access or use our Platform and Services after any revisions become effective, you agree to be bound by the revised Terms. If you do not agree to the new terms, you must stop using the Platform and Services.
These Terms and any dispute or claim arising out of or in connection with them (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the jurisdiction where UprootSecurity is headquartered, without regard to its conflict of law provisions.
Any dispute or claim arising out of or in connection with these Terms or the Platform and Services shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association (AAA). The arbitration shall take place in the jurisdiction where UprootSecurity is headquartered, and the language of the arbitration shall be English.
If any provision of these Terms is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall remain in full force and effect. The failure of UprootSecurity to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.
These Terms constitute the entire agreement between you and UprootSecurity regarding your use of the Platform and Services, superseding any prior agreements between you and UprootSecurity (including, but not limited to, any prior versions of these Terms).
If you have any questions or concerns about these Terms or the Services provided by UprootSecurity, please contact us at [email protected]