Terms of Service

Last updated: February 2026

Agreement

By using ThreatKrew, you agree to these terms. If you don’t agree, don’t use our services.

Your Account

  • You must provide accurate information
  • You’re responsible for your account security
  • You must be 18+ or have parental consent
  • One account per person/organization

Acceptable Use

You may not:

  • Upload malicious content
  • Attempt to compromise our systems
  • Use the service for illegal purposes
  • Reverse engineer our systems
  • Resell access without permission

Your Content

  • You own your architecture documents and input
  • You grant us license to process it for service delivery
  • We don’t claim ownership of your content
  • We don’t use your content to train AI models

Our Service

ThreatKrew uses artificial intelligence, including large language models (LLMs), to generate security analysis of your architecture documents. You acknowledge and agree that:

  • AI-generated output. All threat models, findings, recommendations, and reports produced by ThreatKrew are generated by AI systems. The output constitutes advisory information only and does not constitute professional security consulting, legal advice, or certification of any kind.
  • Inherent limitations. AI systems have inherent limitations, including but not limited to: hallucination (generating plausible but incorrect information), false positives, false negatives, incomplete coverage of threats or vulnerabilities, and potential inaccuracies in STRIDE categorisation, MITRE ATT&CK mappings, or NIST SP 800-53 control recommendations.
  • No guarantee of completeness. ThreatKrew cannot and does not guarantee identification of all threats, vulnerabilities, attack vectors, or security weaknesses in your architecture.
  • Not a substitute for professional review. ThreatKrew is not a substitute for manual security review, penetration testing, code audit, security architecture review, or professional security consulting. You should use ThreatKrew as one input among many in your security program.
  • Independent verification required. You must independently verify all findings and recommendations before acting on them. You should not rely on ThreatKrew as your sole security measure.
  • Your responsibility. You are solely responsible for your security decisions, implementations, and the adequacy of your overall security program. ThreatKrew does not assume any responsibility for your security posture or outcomes.
  • No compliance representation. We make no representation that ThreatKrew’s analysis meets any specific compliance, regulatory, certification, or industry standard requirements. If you use ThreatKrew output in a compliance context, you do so at your own risk and should seek independent professional verification.

Disclaimer of Warranties

To the maximum extent permitted by applicable law:

  • The service is provided “AS IS” and “AS AVAILABLE” without warranty of any kind, express or implied.
  • We expressly disclaim all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, accuracy, completeness, reliability, and non-infringement.
  • We do not warrant that the service will identify all security threats, vulnerabilities, or attack vectors applicable to your architecture.
  • We do not warrant that following ThreatKrew’s recommendations will prevent security incidents, data breaches, or other adverse events.
  • We do not warrant that the service will be uninterrupted, error-free, or free of harmful components.

Where Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) or other applicable consumer protection legislation implies warranties or conditions that cannot be excluded, our liability for breach of any such non-excludable warranty or condition is limited, at our option, to the re-supply of the service or the payment of the cost of having the service re-supplied.

Payment (when applicable)

  • Prices are in USD unless stated otherwise
  • Subscriptions renew automatically
  • You can cancel anytime
  • Refunds at our discretion

Limitation of Liability

To the maximum extent permitted by applicable law:

  • Liability cap. Our total aggregate liability to you for all claims arising out of or relating to these terms or the service is limited to the total fees you paid to us in the 12 months immediately preceding the event giving rise to the claim, or AUD $100, whichever is greater.
  • Excluded damages. We are not liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including but not limited to: loss of data, loss of profit or revenue, security breaches or incidents, regulatory fines or penalties, business interruption, reputational damage, loss of goodwill, costs of procuring substitute services, and costs of investigation or remediation following a security incident.
  • Applies regardless of theory. These limitations apply regardless of the theory of liability, whether in contract, tort (including negligence), strict liability, statutory liability, or otherwise, and even if we have been advised of the possibility of such damages.
  • Assumption of risk. You acknowledge that ThreatKrew’s AI-generated analysis may contain errors, omissions, or inaccuracies, and you assume all risk associated with your use of and reliance on the service output.

To the extent that applicable law (including Australian Consumer Law for consumer contracts) does not permit the exclusion or limitation of certain liabilities, our liability is limited to the maximum extent permitted by that law. If any part of this limitation is found to be unenforceable, the remaining limitations continue to apply.

Indemnification

You agree to indemnify, defend, and hold harmless ThreatKrew and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:

  • Your reliance on AI-generated analysis without independent verification
  • Your failure to independently verify findings, recommendations, or threat assessments before acting on them
  • Your breach of these terms
  • Your use of the service output in any regulated, compliance, or certification context without independent professional verification
  • Any third-party claim arising from your use of the service or the decisions you make based on its output

Termination

  • You can delete your account anytime
  • We can terminate for Terms violations
  • We’ll provide reasonable notice when possible

Changes

We may update these terms. Material changes will be notified via email.

Governing Law

These terms are governed by the laws of Australia. Any disputes arising under or in connection with these terms shall be subject to the exclusive jurisdiction of the courts of New South Wales, Australia.

Severability

If any provision of these terms is held to be unenforceable, the remaining provisions continue in full force and effect.

Contact

Questions? legal@threatkrew.io