Terms of Service

Last updated: February 10, 2023.

Thank you for using our threat modeling solution! We continuously develop and improve our threat modeling solution to help secure your products. We want to be transparent regarding what you can expect from us. Our promise to you has been described in this Terms of Service.

When we say “Company”, “we”, “our”, or “us” in this document, we are referring to threat-modeling.com.

When we say “Services”, we mean our websites, including threat-modeling.com and app.threat-modeling.com, whether delivered within a web browser, desktop application, mobile application, or another format.

When we say “You” or “your”, we are referring to the people or organizations that own an account with our threat modeling solution.

We may update these Terms of Service (“Terms”) in the future. Typically these changes have been to clarify some of these terms by linking to an expanded related policy. Whenever we make a significant change to our policies, we will refresh the date at the top of this page and take any other appropriate steps to notify account holders.

When you use our Services, now or in the future, you are agreeing to the latest Terms. There may be times where we do not exercise or enforce a right or provision of the Terms; however, that does not mean we are waiving that right or provision. These Terms do contain a limitation of our liability.

If you violate any of the Terms, we may terminate your account. That’s a broad statement and it means you need to place a lot of trust in us. We do our best to deserve that trust by being open about who we are, and how we work, and keeping an open door to your feedback.

Account Terms

1. You are responsible for maintaining the security of your account and password and for ensuring that any of your users do the same. The Company cannot and will not be liable for any loss or damage from your failure to comply with this security obligation. We recommend all users set up two-factor authentication for added security.
2. You are responsible for all content posted to and activity that occurs under your account, including content posted by and activity of any users in your account.
3. You must be a human. Accounts registered by “bots” or other automated methods are not permitted.

Cancellation and Termination

1. You are solely responsible for properly canceling your account. You can do so in the threat modeling solution, under the ‘Profile’ feature.
2. All of your content will be inaccessible from the threat modeling solution immediately upon account cancellation. All data will be deleted. Backup data will remain within the backup window.
3. We have the right to suspend or terminate your account and refuse any and all current or future use of our Services for any reason at any time. Suspension means you and any other users on your account will not be able to access the account or any content in the account. Termination will furthermore result in the deletion of your account or your access to your account, and the forfeiture and relinquishment of all content in your account. We also reserve the right to refuse the use of the Services to anyone for any reason at any time. We have this clause in case a user is doing something nefarious. There are some things we staunchly stand against and this clause is how we exercise that stance.
4. Verbal, physical, written or other abuse (including threats of abuse or retribution) of a Company employee or officer will result in immediate account termination.

Modifications to the Service

1. We make a promise to our customers to support our Services for as long as we can. That means when it comes to security, privacy, and customer support, we will continue to maintain any legacy Services. Sometimes it becomes technically impossible to continue a feature or we redesign a part of our Services because we think it could be better or we decide to close new signups of a product. We reserve the right at any time to modify or discontinue, temporarily or permanently, any part of our Services with or without notice.
2. We may change the pricing structure for our threat modeling solution. In that case, we will post a notice about changes on our website.

Security and Privacy

1. Your use of the Services is at your sole risk. We provide these Services on an “as is” and “as available” basis. We do not offer service-level agreements for our threat modeling solution.
2. We reserve the right to temporarily disable your account if your usage significantly exceeds the average usage of other customers of the solution. Of course, we’ll reach out to the account owner before taking any action except in rare cases where the level of use may negatively impact the performance of the solution for other users.
3. We take many measures to protect and secure your data through backups, redundancies, and encryption. We enforce encryption for data transmission from the public Internet. There are some edge cases where we may send your data through our network unencrypted.
4. When you use our threat modeling solution, you entrust us with your data. We take that trust to heart. You agree that threat-modeling.com may process your data as described in our Privacy Policy and for no other purpose. We as humans can access your data for the following reasons:

• To help you with support requests you make. We’ll ask for express consent before accessing your account.
• On the rare occasions when an error occurs that stops an automated process partway through. We get automated alerts when such errors occur. When we can fix the issue and restart automated processing without looking at any personal data, we do. In rare cases, we have to look at a minimum amount of personal data to fix the issue. In these rare cases, we aim to fix the root cause to prevent the errors from recurring.
• To safeguard threat-modeling.com. We’ll look at logs and metadata as part of our work to ensure the security of your data and the Services as a whole. If necessary, we may also access accounts as part of an abuse report investigation.
• To the extent required by applicable law. We are subject to the law and will respond to legal requests. We only preserve or share customer data if compelled by a legal authority.

5. We use third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the threat modeling solution.

Copyright and Content Ownership

1. All content posted on the threat modeling solution must comply with U.S. & EU copyright law.
2. You give us a limited license to use the content posted by you and your users in order to provide the Services to you, but we claim no ownership rights over those materials. All materials you submit to the Services remain yours.
3. We do not pre-screen content, but we reserve the right (but not the obligation) in our sole discretion to refuse or remove any content that is available via the Service.
4. The Company or its licensors own all rights, title, and interest in and to the Services, including all intellectual property rights therein, and you obtain no ownership rights in the Services as a result of your use. You may not duplicate, copy, or reuse any portion of the HTML, CSS, JavaScript, or visual design elements without express written permission from us. You must request permission to use the Company’s logos or any Service logos for promotional purposes. We reserve the right to rescind any permissions if you violate these Terms.
5. You agree not to reproduce, duplicate, copy, sell, resell, or exploit any portion of the Services, use the Services, or access the Services without our express written permission.

Features and Bugs

We design our Services with care, based on our own experience and the experiences of customers who share their time and feedback. However, there is no such thing as a service that pleases everybody. We make no guarantees that our Services will meet your specific requirements or expectations.

We also test all of our features extensively before shipping them. As with any software, our Services inevitably have some bugs. We track the bugs reported to us and work through priority ones, especially any related to security or privacy. Not all reported bugs will get fixed and we don’t guarantee completely error-free Services.

Liability

We mention liability throughout these Terms but to put it all in one section:

You expressly understand and agree that threat-modeling.com shall not be liable, in law or in equity, to you or to any third party for any direct, indirect, incidental, lost profits, special, consequential, punitive or exemplary damages, including, but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if threat-modeling.com has been advised of the possibility of such damages), resulting from: (i) the use or the inability to use the Services; (ii) the cost of procurement of substitute goods and services resulting from any goods, data, information or services purchased or obtained or messages received or transactions entered into through or from the Services; (iii) unauthorized access to or alteration of your transmissions or data; (iv) statements or conduct of any third party on the service; (v) or any other matter relating to these Terms or the Services, whether as a breach of contract, tort (including negligence whether active or passive), or any other theory of liability.

In other words: choosing to use our Services does mean you are making a bet on us. If the bet does not work out, that’s on you, not us. We do our best to be as safe a bet as possible through careful management of the business; investments in security, infrastructure, and talent; and in general ‘caring’. If you choose to use our Services, thank you for betting on us.

If you have a question about any of these Terms, please use the Contact Us page.

Adapted from the Basecamp open-source policies.