Terms of Service

1. Acceptance of terms

By accessing or using ScenarioX (the “Service”) you agree to be bound by these Terms of Service (“Terms”). If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation, and “you” refers to that organisation.

2. Service description

ScenarioX is a multi-tenant SaaS platform for designing, executing and reporting on cybersecurity tabletop exercises and operational resilience drills. Features include AI-assisted scenario generation, adaptive injects, a virtual facilitator, compliance mapping for frameworks such as DORA, NIS2, NIST CSF, ISO 27001, SOC 2 and HIPAA, and integrations with Slack and Microsoft Teams.

3. Account, subscription and billing

• You must provide accurate and complete information when creating an account and keep it up to date.
• You are responsible for all activity that occurs under your account and for safeguarding your credentials.
• Subscription fees, billing cycles and the included entitlements are described on our Pricing page and in your order form.
• Free trials end automatically; no charges are made unless you elect to subscribe.
• Fees are non-refundable except where required by law or expressly stated otherwise.

4. Acceptable use

You agree not to:

• Use the Service to violate any law or third-party right.
• Probe, scan or test the vulnerability of the Service except under our coordinated disclosure programme described on the Security page.
• Upload malware, conduct phishing or generate content that depicts real, identifiable individuals as targets of attack.
• Interfere with the integrity or performance of the Service or attempt to gain unauthorised access to other tenants’ data.
• Use AI features to generate content that is illegal under applicable law, including content that infringes intellectual property or violates export controls.
• Resell, sublicense or white-label the Service without a written agreement.

5. Customer data and privacy

You retain ownership of all data you upload or generate in your tenant (“Customer Data”). You grant us a limited licence to host, process and display Customer Data solely to provide the Service. We process Customer Data as described in our Privacy Policy and act as a data processor under GDPR for that data. A Data Processing Addendum (DPA) is available on request.

We do not use Customer Data to train AI models. Prompts sent to the AI provider are filtered through input safety controls and the AI provider is contractually prohibited from training on this content.

6. Intellectual property

The ScenarioX platform, including the software, the AI prompt designs, the scenario marketplace structure, and all content created by us, is owned by ScenarioX and protected by intellectual property laws. We grant you a limited, non-exclusive, non-transferable right to use the Service in accordance with these Terms during your subscription term.

Content you publish to the public Scenario Marketplace is shared anonymously with other ScenarioX customers under the marketplace terms shown at the time of publication.

7. Confidentiality

Each party agrees to protect the other party’s confidential information using at least the same degree of care it uses to protect its own confidential information, and never less than a reasonable standard of care. Customer Data is your confidential information.

8. Warranties and disclaimers

We warrant that we will provide the Service with reasonable skill and care and in compliance with the security measures described on our Security page. Except as expressly stated, the Service is provided “as is” without warranty of any kind, including implied warranties of merchantability, fitness for a particular purpose, or non-infringement, to the maximum extent permitted by law.

AI-generated content (scenarios, injects, recommendations, reports) is intended to assist your team and must be reviewed by a qualified human before being relied upon for operational or compliance decisions.

9. Limitation of liability

To the maximum extent permitted by applicable law, neither party will be liable for any indirect, incidental, special, consequential or punitive damages, or any loss of profits or revenue. Our total aggregate liability arising out of or relating to these Terms will not exceed the fees you paid to us for the Service during the 12 months preceding the event giving rise to the liability. Nothing in these Terms limits liability that cannot be limited by law (including death or personal injury caused by negligence and fraud).

10. Indemnification

You agree to indemnify and hold us harmless from claims arising out of your misuse of the Service, your violation of these Terms, or your infringement of any third-party right. We will indemnify you against third-party claims that the Service, as provided by us and used in accordance with these Terms, infringes that party’s intellectual-property rights, subject to standard indemnity procedures.

11. Term and termination

• These Terms apply for the duration of your subscription.
• You may cancel your subscription at any time from inside the application; cancellation takes effect at the end of the current billing period.
• We may suspend or terminate your account if you materially breach these Terms and fail to cure within 30 days of notice, or immediately if the breach cannot be cured (e.g. illegal use).
• On termination you may export your Customer Data for 30 days, after which it is deleted from active systems and from backups within the standard rotation window.

12. Changes to the service or these terms

We may modify the Service or these Terms from time to time. Material changes will be announced inside the application and, where relevant, by email at least 30 days before they take effect. If you do not agree with a change, your remedy is to terminate your subscription.

13. Governing law

These Terms are governed by the laws of England and Wales, without regard to its conflict-of-laws rules. The courts of London, England have exclusive jurisdiction over any dispute arising out of or relating to these Terms, subject to mandatory consumer-protection rules in your country of residence.

14. Contact

Questions about these Terms? Write to info@scenariox.io or visit our Contact page.