📝 Agreements (EULA • SLA • DPA)

End-User License Agreement (EULA)

This EULA governs your use of any JustHackIT software, clients, scripts, dashboards, bots, or downloadable tools.

1. License Grant

• We grant you a limited, non-exclusive, non-transferable, revocable license to install and use the software solely for lawful, educational, research, or authorized business purposes.
• This license does not transfer ownership. All intellectual property remains with JustHackIT.

2. Restrictions

• No reverse-engineering, decompilation, disassembly, or derivative works, except where explicitly permitted by law.
• No resale, rent, lease, sublicense, assignment, or redistribution without our prior written consent.
• No circumvention of technical protection measures, usage limits, rate limits, or authentication mechanisms.
• No use for illegal hacking, exploitation, unauthorized testing, malware distribution, spam, phishing, or privacy violations.
• No removal of proprietary notices, trademarks, or license keys.

3. Updates & Feedback

• We may provide updates or patches that are subject to this EULA.
• Feedback you provide may be used by us without restriction or obligation.

4. Termination

• We may suspend or terminate your license immediately for any breach of this EULA or other policies (e.g., ToS, AUP).
• Upon termination, you must cease use and destroy any copies of the software in your possession.

5. Warranty Disclaimer

THE SOFTWARE AND SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED (INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, OR RELIABILITY). YOUR USE IS AT YOUR OWN RISK.

6. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY LAW, JUSTHACKIT AND ITS TEAM (INCLUDING THE FOUNDER) SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES; DATA LOSS; LOSS OF PROFITS; BUSINESS INTERRUPTION; OR THIRD-PARTY MISUSE. OUR TOTAL LIABILITY, IF ANY, SHALL NOT EXCEED THE FEES PAID BY YOU IN THE THREE (3) MONTHS PRECEDING THE CLAIM.

7. Governing Law & Jurisdiction

This EULA is governed by the laws of India. Exclusive jurisdiction: the courts of Krishnanagar, West Bengal.

Service Level Agreement (SLA)

This SLA applies to paid business/SMB plans for dashboards, APIs, and threat feeds.

3. Measurement & Reporting

• Uptime is measured monthly across core components under our control.
• Incident summaries may be provided on request for affected customers.

4. Exclusions

• Force majeure (natural disasters, war, civil disturbances, major utility outages).
• Failures of third parties: Cloudflare, Stripe, Google services, Telegram, upstream data/feed providers.
• Customer’s network, ISP, hardware/software misconfiguration, or misuse/abuse of the Services.
• Planned maintenance windows and emergency security patches.

5. Remedies (Service Credits)

• If monthly uptime < 99.0%, you may request service credits proportional to the impact (not to exceed one billing cycle’s fees).
• Credits are non-refundable, non-transferable, and apply to future invoices only.
• Service credits are the sole and exclusive remedy for SLA breaches.

6. Customer Responsibilities

• Timely reporting of incidents with logs, timestamps, and impact details.
• Reasonable cooperation during troubleshooting.
• Maintaining secure configuration of your accounts, API keys, and access tokens.

7. Changes to SLA

We may update this SLA from time to time. The current version will be posted here with the “Last Updated” date.

Data Processing Agreement (DPA)

Applies where JustHackIT processes personal data on behalf of customers subject to GDPR/UK GDPR or similar laws.

1. Roles & Scope

• Customer is the Data Controller; JustHackIT is the Data Processor.
• We process personal data solely on documented instructions from the Controller, as necessary to deliver the Services and comply with law.

2. Nature & Purpose of Processing

• Provision of dashboards, bot access, APIs, scanning/analysis, threat intelligence reports, notifications/alerts, and support.
• Categories of data (may include): identifiers (email, Telegram ID/username), technical telemetry, logs, payment metadata (via Stripe), and content submitted for analysis (domains/IPs/hashes/files).
• Special categories of data are neither required nor intended; if submitted by the Controller, it is at their sole direction and risk.

3. Security Measures

• Encryption in transit (HTTPS/TLS); access control; least-privilege; key management; audit logging; segregation of environments where applicable.
• Regular monitoring for abuse, fraud, and anomalous activity.
• Employee/contractor confidentiality commitments where access is required.

4. Subprocessors

Controller authorizes Processor to use subprocessors necessary for service delivery, including but not limited to:

• Cloudflare (security/CDN), Stripe (payments), Google Analytics/AdSense (analytics/ads), Telegram (integrations/widgets).
• Security data providers/APIs (e.g., VirusTotal, Shodan, Pulsedive, AbuseIPDB, IPinfo, NVD, urlscan.io, Hybrid Analysis, etc.).

Processor shall maintain an updated list upon request and will impose data protection obligations on subprocessors no less protective than those in this DPA.

5. International Transfers

• Where personal data is transferred outside the EEA/UK, Processor shall ensure appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum) or rely on another lawful transfer mechanism.

6. Data Subject Rights & Assistance

• Processor shall assist Controller in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) and regulatory inquiries, to the extent reasonably possible and legally permitted.

7. Personal Data Breach Notification

• Processor will notify Controller without undue delay after becoming aware of a personal data breach impacting Controller data, providing available information to support Controller’s obligations.

8. Confidentiality & Disclosure

• Processor ensures persons authorized to process personal data are bound by confidentiality obligations.
• Processor shall not disclose personal data to third parties except as instructed by Controller or required by law (with notice to Controller where legally permitted).

9. Return & Deletion

• Upon termination or upon Controller’s request, Processor shall delete or return personal data (including copies) after any legally required retention period, unless law requires storage.

10. Audits

• Upon reasonable prior written notice, Processor shall make available information necessary to demonstrate compliance and allow audits/inspections by Controller or an appointed auditor, provided such audits do not compromise security or confidentiality of other customers.

11. Liability & Indemnity

• Each party is responsible for its own compliance with applicable data protection laws. Liability is limited as set forth in the Terms of Service and applicable commercial agreements.

12. Governing Law & Forum

This DPA is governed by Indian law. Exclusive jurisdiction: the courts of Krishnanagar, West Bengal, unless otherwise required by mandatory data protection law.