Terms of Service

1. Acceptance of These Terms

These Terms of Service (“Terms”) govern your access to and use of the Triage Security website(s), applications, and platform, including any vulnerability intake, coordination, triage, disclosure, and management features (collectively, the “Service”).

By creating an account, clicking to accept, or otherwise accessing or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.

If you use the Service on behalf of an organization, you represent and warrant that you have authority to bind that organization, and “you” includes that organization.

These Terms incorporate by reference:

the Triage Security Privacy Policy;
any program brief, scope, disclosure policy, bounty/payout policy, rules of engagement, or other program-specific terms presented in the Service (each, a “Program Policy”); and
any additional guidelines or policies we post in the Service (collectively, “Policies”).

2.2 Order of Precedence

If there is a conflict, the following order controls:

a mutually signed customer agreement, order form, or master services agreement (if any),
the applicable Program Policy,
these Terms, then
the remaining Policies.

3. Description of the Service

Triage provides a platform for receiving, validating, managing, and coordinating vulnerability reports and related security findings. We may modify, suspend, or discontinue any part of the Service at any time.

4. Eligibility

You must be legally able to form a binding contract to use the Service. The Service is not intended for children under 13. If you are under the age of majority where you live, you may use the Service only with a parent/guardian’s consent.

We may restrict access to comply with law, including applicable sanctions and export controls.

5. Accounts and Security

You are responsible for all activity under your account and for maintaining credential confidentiality. You agree to provide accurate information and promptly update it. Notify us immediately of unauthorized access to or use of your account.

We may suspend or terminate accounts that are inactive for an extended period, violate these Terms/Policies, or create risk for the Service or others.

6. Acceptable Use

You agree not to:

violate any law or third-party rights;
interfere with or disrupt the Service (including probing, scanning, or testing the Service itself except as explicitly authorized);
access the Service to build a competing product or reverse engineer except where prohibited by law;
introduce malware, exploit vulnerabilities, or attempt unauthorized access;
misuse reporting channels (spam, fraud, or knowingly false reports);
circumvent access controls, rate limits, or security mechanisms.

We may investigate suspected violations and take appropriate action, including suspension, termination, or referral to law enforcement where required/permitted.

7. Researcher Conduct; Security Testing Rules (Baseline)

If you submit vulnerabilities or security findings (“Submissions”), you must comply with the applicable Program Policy and, at minimum:

test only targets explicitly designated in-scope; anything else is out-of-scope;
do not perform actions that materially impact availability or integrity (including DoS/DDoS) and stop immediately if you observe degradation;
minimize access to and retention of data; avoid viewing, modifying, deleting, or exfiltrating data beyond what is necessary to demonstrate impact;
submit through the Service (or designated channel) to be eligible for any recognition or reward;
keep communications in the Service (or approved channels) during triage and disclosure;
maintain confidentiality for private or invitation-only programs and non-public details as required by Program Policy;
comply with all applicable laws, including computer misuse, privacy, and export control laws.

We may deem Submissions ineligible, close reports, or take enforcement action for violations.

8. Submissions; Intellectual Property; Licenses

8.1 Your Content

As between you and Triage, you retain ownership of your Submissions and other content you provide (“User Content”), except as otherwise agreed in writing.

8.2 License to Triage

You grant Triage a worldwide, non-exclusive, royalty-free, sublicensable license to host, use, reproduce, modify (for formatting/normalization), display, perform, and distribute your User Content as necessary to:

operate, secure, and provide the Service;
validate, triage, and coordinate Submissions;
share Submissions and related materials with the relevant organization(s) through the Service;
generate derivative artifacts such as evidence bundles, summaries, severity scoring, and remediation guidance; and
improve the Service (including reliability, safety, and security).

8.3 License to Organizations

To the extent your Submission is delivered to a customer/organization through the Service, you grant that organization a worldwide, non-exclusive, royalty-free license to use, reproduce, modify, and distribute your Submission for vulnerability verification, remediation, security operations, compliance, and related internal purposes. The organization may share your Submission with its service providers and contractors solely to support those purposes.

8.4 Feedback

If you provide suggestions, ideas, or feedback, you grant us a perpetual, irrevocable, worldwide right to use it without restriction or compensation.

8.5 No Obligation to Publish

We have no obligation to post, publish, or maintain any User Content, and may remove it at any time consistent with these Terms and applicable law.

9. Confidentiality

9.1 Confidential Information

“Confidential Information” includes non-public information disclosed through the Service, including private program existence/details, non-public vulnerability information, and organization data, except information that:

is or becomes publicly available without breach,
was independently developed without use of Confidential Information, or
was rightfully obtained from a third party without confidentiality obligation.

9.2 Obligations

You will use Confidential Information only for purposes permitted by the Service and the applicable Program Policy, and will not disclose it except as authorized by the applicable Program Policy or required by law.

9.3 Aggregated/De-Identified Data

We may use aggregated or de-identified information derived from Service usage to operate and improve the Service, including analytics, benchmarking, and research, so long as it does not identify you or disclose Confidential Information.

10. Rewards, Payouts, and Taxes (If Applicable)

Rewards and eligibility (if any) are governed by the applicable Program Policy and payout policy. You are responsible for taxes and for providing information required by payment processors. We do not guarantee that any Submission will be eligible for any payment or reward.

11. Fees (Organizations)

If your organization purchases a subscription or paid features, fees, billing terms, and refund terms will be as set forth in the applicable order form or customer agreement. If none exists, additional paid terms may be presented at purchase time and will apply to that purchase.

12. Third-Party Services and Links

The Service may integrate with or link to third-party services. We are not responsible for third-party services, and your use of them is subject to their terms and privacy practices.

13. Messaging & Communication

By opting in to SMS messages from Triage Security, you agree to receive text messages for customer support, service updates, and other communications related to your account.

You can cancel the SMS service at any time. Just text STOP. After you send the SMS message "STOP" to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time and we will start sending SMS messages to you again.
If you are experiencing issues with the messaging program, you can reply with the keyword HELP for more assistance.
Carriers are not liable for delayed or undelivered messages.
As always, message and data rates may apply for any messages sent to you from us and to us from you. Message frequency varies. If you have any questions about your text plan or data plan, it is best to contact your wireless provider.

14. Suspension and Termination

We may suspend or terminate access to the Service (in whole or part) at any time if we reasonably believe:

you violated these Terms/Policies;
your use poses a security, legal, or operational risk; or
suspension or termination is required to comply with law.

You may stop using the Service at any time. Upon termination, Sections intended to survive (including licenses, confidentiality, disclaimers, limitations, indemnification, and dispute terms) will survive.

15. Disclaimers

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, TRIAGE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE, OR THAT ANY RESULTS OR OUTPUTS WILL BE ACCURATE OR COMPLETE. YOU ASSUME THE ENTIRE RISK ARISING OUT OF YOUR USE OF THE SERVICE.

16. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

TRIAGE WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, USE, OR GOODWILL.
TRIAGE’S TOTAL LIABILITY FOR ALL CLAIMS RELATING TO THE SERVICE WILL NOT EXCEED:

FOR PAID ORGANIZATIONS: THE FEES PAID (OR PAYABLE) TO TRIAGE FOR THE SERVICE IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM; AND
FOR ALL OTHER USERS: USD $1,000.

THE LIMITATIONS IN THIS SECTION APPLY WHETHER THE CLAIM IS BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND EVEN IF TRIAGE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Some jurisdictions do not allow certain exclusions or limitations. In those jurisdictions, liability will be limited to the maximum extent permitted by law.

17. Indemnification

You will defend, indemnify, and hold harmless Triage and its affiliates, officers, directors, employees, and agents from and against any claims, damages, liabilities, losses, and expenses (including reasonable attorneys’ fees) arising from or related to:

your use of the Service;
your User Content/Submissions;
your violation of these Terms/Policies; or
your violation of law or third-party rights.

18. Governing Law; Venue; Class Action Waiver

18.1 Governing Law

These Terms are governed by the laws of the State of Delaware, excluding conflict-of-law rules.

18.2 Exclusive Venue

Except where prohibited by law, any dispute arising from these Terms or the Service will be brought exclusively in the state or federal courts located in Delaware, and you consent to personal jurisdiction and venue there.

18.3 Class Action Waiver

YOU AND TRIAGE AGREE THAT CLAIMS MAY BE BROUGHT ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING.

19. Changes to Terms

We may update these Terms from time to time. If we make a material change, we will provide reasonable notice (for example, by email or within the Service) before the change takes effect. Continued use after the effective date means you accept the updated Terms. If you do not agree, you must stop using the Service.

20. Miscellaneous

Entire Agreement. These Terms and incorporated Policies are the entire agreement about the Service unless superseded by a signed customer agreement.
Severability. If any provision is unenforceable, the remainder remains in effect.
Assignment. You may not assign these Terms without our consent. We may assign these Terms as part of a merger, acquisition, reorganization, or sale of assets.
No Waiver. Failure to enforce any provision is not a waiver.
Headings. Headings are for convenience only and do not affect interpretation.

21. Contact

Questions about these Terms:

Email: [email protected]