1. Agreement
By creating or using a SentraLens tenant you (the “Customer”) agree to these Terms and Conditions with SentraShield (the “Provider”). These terms form a binding contract. If you do not agree, do not use the platform.
If you are accepting these terms on behalf of an organisation, you confirm that you have authority to bind that organisation.
2. The Service
SentraLens is a Continuous Threat Exposure Management (CTEM) platform that provides:
- external attack surface discovery and vulnerability scanning,
- internal network and credentialed scanning via an on-prem probe,
- phishing simulation and security-awareness training,
- AI-powered finding enrichment and report generation (optional module),
- multi-tenant MSSP workflow and customer management,
- automated PDF reporting and custom template editing.
3. Licensed Modules
Access to individual feature modules — External Attack Surface Management (WAS), Internal Attack Surface Management (NIS), Phishing Simulation (PHI), Compliance & Governance (COG), Threat Intelligence (THI), Code Lifecycle Security (CLS) and AI Features (AI) — is granted per the commercial agreement with your tenant. Reporting and asset management are available as part of every plan. Module enforcement is applied consistently at the backend, orchestration and UI layers.
4. Customer Responsibilities
- Ensure you have authorisation to scan every asset you add. See System Policies for the full acceptable-use policy.
- Keep tenant administrator credentials secure and rotate them on staff departure.
- Enable multi-factor authentication for all privileged accounts.
- Review audit logs periodically as part of your own compliance programme.
- Configure retention, notification and AI-processing preferences to suit your regulatory regime.
- Pay fees per your commercial agreement.
5. Provider Responsibilities
- Operate the SaaS according to the availability target and backup commitments in the System Policies.
- Notify the tenant administrator of any confirmed breach affecting your tenant within 72 hours.
- Apply security patches to the platform in a timely manner.
- Not use your tenant data for training third-party AI models, targeted advertising, or analytics outside your tenant.
- Maintain an auditable record of deployments, configuration changes and incident responses.
6. Fees and Billing
Fees are governed by your commercial agreement. Unless otherwise agreed in writing, invoices are payable within 30 days of issue. Overdue payments may result in temporary suspension of access after 14 days' written notice, and continued non-payment may result in termination under clause 9.
7. Warranty Disclaimer
SentraLens is provided on an “as-is” basis. While we take reasonable steps to ensure the accuracy of findings, no vulnerability scanner can guarantee detection of every security issue. Customers remain responsible for the security of their own systems, for validating findings in their environment, and for applying remediation.
8. Limitation of Liability
To the maximum extent permitted by applicable law, the Provider's aggregate liability for any claim arising out of or relating to the SentraLens platform — whether in contract, tort (including negligence), or otherwise — is limited to the fees paid by the Customer in the twelve (12) months preceding the claim. This limit does not apply to:
- wilful misconduct or fraud by the Provider,
- breach of the Provider's confidentiality obligations,
- liability that cannot lawfully be excluded under applicable law.
Neither party will be liable for indirect, consequential, special, punitive or incidental damages, including loss of profits, loss of goodwill, or loss of data, even if advised of the possibility of such damages.
9. Termination
Either party may terminate this agreement for material breach on 30 days' written notice if the breach is not remedied within that notice period. The Provider may suspend access immediately in response to a confirmed violation of the acceptable-use policy.
On termination, the Customer may export their data for 30 days. After that, tenant data is purged according to the retention policy described in the Data Privacy notice.
10. Confidentiality
Each party agrees to protect the other's confidential information with the same degree of care it applies to its own, and in any event with no less than a reasonable standard of care. Confidentiality obligations survive termination.
11. Data Processing
Where the Provider processes personal data on the Customer's behalf, it does so as a data processor under the Customer's instructions. The Data Privacy notice and any signed Data Processing Addendum (DPA) govern the specifics. A DPA is available on request from [email protected].
12. Force Majeure
Neither party will be liable for any failure to perform due to causes beyond its reasonable control, including natural disasters, war, terrorism, civil unrest, major infrastructure outages, or governmental action.
13. Governing Law & Disputes
These terms are governed by the laws applicable to SentraShield's operating jurisdiction. Disputes arising under or in connection with these terms will be resolved exclusively by the competent courts of that jurisdiction, unless the parties agree in writing to binding arbitration.
14. Changes to These Terms
We may update these terms from time to time. Material changes will be communicated to tenant administrators with at least 30 days' notice via in-product notification and email. Continued use of the platform after the notice period constitutes acceptance of the updated terms.
15. Entire Agreement
These terms, together with any signed commercial agreement, Data Processing Addendum, and the Legal Notice, Data Privacy and System Policies pages, form the entire agreement between the parties and supersede all prior discussions, proposals or agreements.