Terms of Service

These Terms of Service ("Terms") govern your access to and use of LeakyCreds ("Service," "Platform," or "we"), a credential exposure monitoring platform operated by LeakyCreds. By accessing or using the Service, you agree to be bound by these Terms.

IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SERVICE.

1. Acceptance of Terms

By creating an account, accessing the dashboard, using the public scanner, or interacting with any part of the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy.

If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms, and your acceptance of these Terms will be treated as acceptance by that organization.

2. Description of Service

LeakyCreds provides credential exposure monitoring and threat intelligence services, including:

• Public Scanner: Free domain and email scanning for credential exposure detection
• Continuous Monitoring: Real-time monitoring of credential exposure across stealer logs, breach databases, paste sites, and underground forums
• Incident Management: Detection, tracking, and reporting of credential exposure incidents affecting monitored domains
• Alert System: Email and webhook notifications for detected credential exposures
• API Access: Programmatic credential checking and incident retrieval via authenticated API endpoints
• Analytics Dashboard: Security analytics, trend analysis, and reporting for organizations
• Data Export: Export of incident data, scan results, and reports in multiple formats

The Service aggregates credential exposure data from publicly accessible sources to help organizations identify and respond to credential compromises before they result in account takeover or data breaches.

3. Eligibility

You must be at least 18 years old to use the Service. By using the Service, you represent and warrant that you meet this age requirement and have the legal capacity to enter into these Terms. The Service is intended for businesses, organizations, and security professionals conducting legitimate security monitoring activities.

4. Account Registration and Security

4.1 Account Creation

To access certain features of the Service, you must create an account by providing accurate and complete information, including your name, email address, organization name, and password. You agree to:

• Provide accurate, current, and complete information during registration
• Maintain and promptly update your account information
• Maintain the security and confidentiality of your account credentials
• Notify us immediately of any unauthorized use of your account
• Accept responsibility for all activities that occur under your account

4.2 User Roles and Access

The Service supports the following user roles, each with distinct permissions:

• Super Admin: Full system access, data upload, and platform configuration
• MSP Admin: Multi-organization management, incident oversight, user management, API access, and full dashboard features
• Organization Viewer: Read-only access to organization-specific incidents, analytics, and search capabilities

Account creation may require admin approval depending on the requested role and organization association.

4.3 API Keys and Webhook Secrets

If you use our API or webhook features, you are responsible for securing your API keys and webhook secrets. Do not share these credentials publicly or with unauthorized parties. You are responsible for all API usage under your credentials.

5. Acceptable Use Policy

5.1 Permitted Uses

You may use the Service solely for legitimate security purposes, including:

• Monitoring credential exposure for domains you own or manage
• Detecting compromised employee accounts
• Investigating security incidents and potential account takeover events
• Conducting security assessments authorized by the domain owner
• Integrating exposure intelligence into security operations workflows

5.2 Prohibited Uses

You agree NOT to use the Service for any of the following purposes:

• Unauthorized Access: Attempting to access accounts, systems, or data without authorization
• Malicious Activities: Using detected credentials for hacking, account takeover, identity theft, fraud, or any illegal activity
• Credential Redistribution: Selling, sharing, trading, or redistributing compromised credentials obtained through the Service
• Harassment or Stalking: Using the Service to monitor individuals without legitimate business or security purposes
• Competitive Intelligence: Monitoring competitor domains for business intelligence rather than security purposes
• Service Abuse: Automated scraping, excessive API requests, rate limit circumvention, or denial-of-service attacks
• Reverse Engineering: Attempting to reverse engineer, decompile, or extract the underlying credential database or detection algorithms
• Spam or Abuse: Submitting excessive scan requests, fake domains, or otherwise abusing the public scanner
• Illegal Activities: Any activity that violates applicable laws, regulations, or third-party rights

5.3 Scanning Authorization

By scanning a domain, you represent and warrant that you either own the domain, have explicit authorization from the domain owner to conduct security monitoring, or are checking your personal email address. Scanning domains without authorization may violate applicable laws and these Terms.

6. Data Collection and Monitoring

You acknowledge and agree that:

• LeakyCreds aggregates credential exposure data from publicly accessible sources including breach databases, stealer malware logs, paste sites, underground forums, and Telegram channels.
• We do not hack, breach, or steal credentials. We monitor publicly available leak sources.
• The Service is designed to detect existing credential exposures, not to create new ones.
• Credential exposure data includes email addresses, usernames, passwords, domains, breach sources, and leak dates.
• Data provided by the Service is sourced from third-party leaks and breaches over which we have no control.
• We make reasonable efforts to verify data accuracy, but we do not guarantee the completeness or accuracy of exposure data.

7. Intellectual Property Rights

7.1 Our Intellectual Property

The Service, including its design, features, functionality, source code, algorithms, trademarks, logos, and content, is owned by LeakyCreds and protected by intellectual property laws. You are granted a limited, non-exclusive, non-transferable, revocable license to access and use the Service in accordance with these Terms.

7.2 Your Data

You retain all rights to the data you input into the Service (monitored domains, organization configurations, etc.). By using the Service, you grant us a limited license to process, store, and analyze this data solely for the purpose of providing the Service and improving our detection capabilities.

8. Service Availability and Modifications

8.1 Service Level

We strive to provide reliable and continuous service, but we do not guarantee uninterrupted access. The Service may be unavailable due to:

• Scheduled maintenance and updates
• Technical issues, server outages, or infrastructure failures
• Third-party service provider disruptions
• Security incidents or emergency maintenance
• Force majeure events beyond our reasonable control

8.2 Service Modifications

We reserve the right to modify, suspend, or discontinue any aspect of the Service at any time without prior notice. We may also impose limits on certain features or restrict access to parts of the Service without liability.

9. Payment and Subscription Terms

9.1 Free Services

The public scanner is provided free of charge with reasonable rate limits to prevent abuse.

9.2 Paid Services

Access to the full dashboard, continuous monitoring, API access, and advanced features requires a paid subscription. Payment terms, pricing, and subscription details are provided during the onboarding process or upon request.

• Billing: Subscriptions are billed according to the selected plan (monthly, annually, or custom terms).
• Payment Method: You agree to provide valid payment information and authorize us to charge your payment method for all fees incurred.
• Price Changes: We reserve the right to modify pricing with at least 30 days' notice to existing subscribers.
• Refunds: Fees are generally non-refundable except as required by law or at our discretion.

9.3 Termination for Non-Payment

We may suspend or terminate your access to paid features if payment is not received within the specified timeframe. Suspended accounts may be permanently deleted after 60 days of non-payment.

10. Data Accuracy and Limitations

While we make reasonable efforts to provide accurate and timely credential exposure intelligence, you acknowledge that:

• No Guarantee of Completeness: The Service may not detect all credential exposures. Absence of detection does not guarantee that credentials have not been compromised.
• False Positives/Negatives: Detection algorithms may produce false positives (incorrectly flagging safe credentials) or false negatives (missing compromised credentials).
• Data Source Limitations: We rely on third-party breach databases, stealer logs, and public leak sources. If a breach or leak is not publicly disclosed or accessible, it cannot be detected by our Service.
• Time Delays: There may be delays between when credentials are exposed and when they appear in our monitoring feeds.
• Data Quality Variability: The quality, format, and accuracy of credential data varies across different breach sources.

The Service is intended as one component of a comprehensive security program and should not be relied upon as the sole method of detecting credential compromise.

11. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

• Warranties of merchantability, fitness for a particular purpose, or non-infringement
• Warranties regarding the accuracy, completeness, reliability, or timeliness of data
• Warranties that the Service will be uninterrupted, secure, or error-free
• Warranties that defects will be corrected or that the Service is free of viruses or harmful components

YOU USE THE SERVICE AT YOUR OWN RISK. WE DO NOT WARRANT THAT THE SERVICE WILL PREVENT SECURITY BREACHES, ACCOUNT TAKEOVERS, OR CREDENTIAL COMPROMISE.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, LEAKYCREDS SHALL NOT BE LIABLE FOR:

• Indirect, incidental, special, consequential, or punitive damages
• Loss of profits, revenue, data, goodwill, or business opportunities
• Service interruptions, data loss, or security breaches
• Account takeover, identity theft, or fraud resulting from credential exposure
• Damages arising from reliance on data provided by the Service
• Third-party conduct, including use of webhooks or API integrations

IN NO EVENT SHALL OUR TOTAL LIABILITY EXCEED THE AMOUNT YOU PAID TO US IN THE 12 MONTHS PRECEDING THE CLAIM, OR $100 IF NO FEES WERE PAID.

13. Indemnification

You agree to indemnify, defend, and hold harmless LeakyCreds, its affiliates, officers, directors, employees, and agents from any claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising from:

• Your use or misuse of the Service
• Your violation of these Terms
• Your violation of any third-party rights, including intellectual property or privacy rights
• Unauthorized scanning of domains you do not own or control
• Misuse of credential data obtained through the Service

14. Termination

14.1 Termination by You

You may terminate your account at any time by contacting us at [email protected] or using the account deletion feature in your profile settings.

14.2 Termination by Us

We may suspend or terminate your account immediately, without prior notice or liability, for any reason, including:

• Violation of these Terms or our Acceptable Use Policy
• Fraudulent, abusive, or illegal activity
• Non-payment of subscription fees
• Suspected security breach or compromise of your account
• Request by law enforcement or regulatory authorities

14.3 Effect of Termination

Upon termination, your right to use the Service will immediately cease. We may delete your account data within 30 days of termination, subject to our data retention policies and legal obligations. Public scan results are automatically deleted after 24 hours.

15. Third-Party Services and Links

The Service integrates with third-party services including:

• Google Analytics for usage analytics
• Google reCAPTCHA for spam prevention
• Webhook endpoints you configure (Slack, PagerDuty, custom URLs)

These third-party services are governed by their own terms and privacy policies. We are not responsible for the practices, availability, or security of third-party services. Links to external websites are provided for convenience and do not constitute endorsement.

16. Export Controls and Legal Compliance

The Service may be subject to export control and economic sanctions laws. You agree not to use the Service in violation of any applicable export controls, trade sanctions, or embargoes. You represent that you are not located in, under the control of, or a national or resident of any restricted country or on any government prohibited party list.

17. Governing Law and Dispute Resolution

17.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which LeakyCreds is registered, without regard to conflict of law principles.

17.2 Dispute Resolution

In the event of any dispute arising out of or relating to these Terms or the Service:

• Informal Resolution: You agree to first contact us at [email protected] to attempt to resolve the dispute informally.
• Arbitration: If informal resolution fails, disputes shall be resolved through binding arbitration rather than in court, except where prohibited by law.
• Class Action Waiver: You agree to resolve disputes on an individual basis and waive any right to participate in class actions or representative proceedings.

17.3 Jurisdiction

For disputes not subject to arbitration, you consent to the exclusive jurisdiction and venue of courts located in the jurisdiction where LeakyCreds is registered.

18. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify you of material changes by posting the updated Terms on this page and updating the "Last Updated" date. For significant changes, we may provide additional notice via email or dashboard notification. Your continued use of the Service after changes become effective constitutes acceptance of the revised Terms. If you do not agree to the changes, you must stop using the Service and terminate your account.

19. Severability

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, it shall be severed from these Terms. The remaining provisions shall continue in full force and effect.

20. Entire Agreement

These Terms, together with our Privacy Policy and any additional terms you agree to when using specific features of the Service, constitute the entire agreement between you and LeakyCreds regarding the Service and supersede all prior agreements, understandings, and representations.

21. Contact Information

For questions, support, or business inquiries, please contact us through the appropriate channel below: