Terms of Service

By accessing or using EchelonGraph (the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization.

If you do not agree to these Terms, do not access or use the Service. We reserve the right to modify these Terms at any time. Material changes will be communicated 30 days in advance via email or in-product notification.

EchelonGraph is a cloud-native security intelligence platform that provides: multi-cloud asset discovery and inventory, vulnerability assessment and CVE intelligence, compliance framework scoring and automation, attack surface mapping and blast radius analysis, threat detection and incident response, and security posture management.

The Service is provided as a Software-as-a-Service (SaaS) platform hosted on Google Cloud Platform infrastructure.

Registration: You must provide accurate, complete, and current information during registration. You are responsible for maintaining the confidentiality of your account credentials.

Multi-Factor Authentication: We strongly recommend enabling MFA on all accounts. Enterprise plans require MFA for all users.

Authorized Users: You may only permit authorized individuals to access the Service under your subscription. Each user must have a unique account. Credential sharing is prohibited.

Account Security: You are responsible for all activity under your account. Notify us immediately at security@echelongraph.io if you suspect unauthorized access.

You agree NOT to: (a) use the Service to scan infrastructure you do not own or have authorization to scan; (b) attempt to access other customers' data or bypass tenant isolation; (c) reverse engineer, decompile, or disassemble any part of the Service; (d) use the Service to develop a competing product; (e) share API keys, access tokens, or credentials with unauthorized parties; (f) exceed reasonable usage limits or engage in activities that degrade Service performance for others.

Scoping Authorization: Before connecting cloud accounts, you must ensure you have proper authorization (written or implicit) from the account owner to perform security scanning. EchelonGraph is not responsible for unauthorized scanning activities performed by customers.

Violation of this policy may result in immediate suspension or termination of your account without refund.

Your Data: You retain all rights to your cloud configuration data, scan results, compliance scores, and any content you upload to the Service. We do not claim ownership of your data.

License to Us: You grant EchelonGraph a limited, non-exclusive license to process your data solely for the purpose of providing and improving the Service. We will not use your data for advertising, sell it to third parties, or share it beyond our sub-processors.

Our Content: The Service, including its software, algorithms, documentation, and design, is owned by EchelonGraph and protected by intellectual property laws. Your subscription grants you a non-exclusive, non-transferable license to use the Service during your subscription term.

Aggregated Data: We may use anonymized, aggregated data derived from usage patterns (e.g., "85% of customers use SOC 2 framework") for benchmarking and product improvement. This data cannot identify individual customers or their infrastructure.

Uptime Target: EchelonGraph targets 99.5% monthly uptime for all production services. Uptime is measured as the percentage of time the Service is available, excluding scheduled maintenance windows.

Scheduled Maintenance: We perform maintenance during low-traffic windows (Sundays 02:00–06:00 UTC, communicated 7 days in advance). Scheduled maintenance does not count against uptime.

Credits: If monthly uptime falls below 99.5%, eligible customers (Pro and Enterprise plans) receive service credits: below 99.5% = 10% credit, below 99.0% = 25% credit, below 95.0% = 50% credit. Credits are applied to the following month's invoice.

Exclusions: The SLA does not apply to: Free-tier accounts, beta features, customer-caused outages (e.g., exceeding rate limits), force majeure events, or third-party service failures beyond our control (cloud provider outages).

Subscription: The Service is offered on monthly or annual subscription plans. Annual plans receive a discount and are billed upfront. Prices are listed on our pricing page and may change with 30 days' notice.

Payment: We accept credit card and wire transfer (Enterprise only). Payments are processed by Stripe. All fees are non-refundable except as required by law or as specified in the SLA.

Overages: If you exceed your plan's usage limits (users, scans, API calls), we will notify you and either upgrade your plan or apply overage charges at the rates listed in your order form.

Taxes: Listed prices exclude applicable taxes. You are responsible for all taxes except taxes on our net income.

By You: You may cancel your subscription at any time via the dashboard settings or by contacting support@echelongraph.io. Cancellation takes effect at the end of the current billing period.

By Us: We may suspend or terminate your account if you violate these Terms, fail to pay, engage in prohibited activities, or pose a security risk. We will provide reasonable notice (7 days) except in cases of severe violations.

Data Export: Upon termination, you have 30 days to export your data via the API or request a data export. After 30 days, all customer data is permanently deleted per our data retention policy.

Survival: Sections on liability, indemnification, intellectual property, and dispute resolution survive termination.

Our commitment: We provide the Service with reasonable skill and care, and will not materially reduce its core security functionality during a paid subscription term.

"AS IS": EXCEPT AS EXPRESSLY STATED IN THESE TERMS, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

No tool catches everything: EchelonGraph helps you discover, prioritize, and remediate security risks, but no security product can detect every vulnerability, misconfiguration, or threat. We do not warrant that the Service will identify all risks in your environment or that findings will be complete or error-free. The Service supports — and does not replace — your own security program, judgment, and controls.

Beta features: Features labelled beta, preview, or experimental are provided for evaluation, may change or be withdrawn at any time, and are excluded from the SLA and from the warranties in this section.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ECHELONGRAPH'S TOTAL LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE AMOUNT PAID BY YOU IN THE 12 MONTHS PRECEDING THE CLAIM.

ECHELONGRAPH SHALL NOT BE LIABLE FOR: (A) INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES; (B) LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES; (C) SECURITY BREACHES CAUSED BY YOUR FAILURE TO IMPLEMENT RECOMMENDED CONFIGURATIONS; (D) DAMAGES ARISING FROM THIRD-PARTY SERVICES OR INTEGRATIONS.

These limitations apply regardless of whether the damages were foreseeable or whether EchelonGraph was advised of the possibility of such damages.

You agree to indemnify and hold harmless EchelonGraph against any claims, damages, or costs arising from: (a) your violation of these Terms; (b) your use of the Service to scan infrastructure without authorization; (c) your violation of applicable laws; or (d) your content uploaded to the Service.

EchelonGraph will indemnify you against third-party claims that the Service infringes intellectual property rights, provided you notify us promptly and allow us to control the defense.

EchelonGraph, Inc. is a United States C-corporation. These Terms are governed by the laws of the State of California, without regard to conflict-of-law provisions.

Disputes shall be resolved through binding arbitration under JAMS rules in San Francisco, California, unless you are an individual consumer entitled to bring claims in your local jurisdiction. Class action waiver applies.

Nothing in this section prevents either party from seeking injunctive relief in a court of competent jurisdiction to prevent irreparable harm.

Entire Agreement: These Terms, together with our Privacy Policy, Data Processing Agreement, and any applicable order forms, constitute the entire agreement between you and EchelonGraph and supersede all prior agreements on the subject matter.

Severability: If any provision is held unenforceable, the remaining provisions stay in full force, and the unenforceable provision will be modified to the minimum extent necessary to make it enforceable.

No Waiver: Our failure to enforce any right or provision is not a waiver of that right or provision.

Assignment: You may not assign these Terms without our prior written consent, except to a successor in a merger or acquisition of all or substantially all of your assets. We may assign these Terms to an affiliate or successor. Any other attempted assignment is void.

Force Majeure: Neither party is liable for any failure or delay caused by events beyond its reasonable control, including natural disasters, war, terrorism, civil unrest, labour disputes, internet or utility failures, or cloud-provider outages.

Export & Sanctions Compliance: You represent that you are not located in, and will not access the Service from, a country or region subject to comprehensive sanctions, and that you are not a restricted or denied party under applicable export-control and sanctions laws. You agree to comply with all applicable export, re-export, and sanctions regulations.

Notices: Legal notices to EchelonGraph must be sent to legal@echelongraph.io. We may provide notices to you by email or in-product notification.

Independent Contractors: The parties are independent contractors; these Terms create no agency, partnership, or joint venture.

Legal: legal@echelongraph.io

Support: support@echelongraph.io

Security: security@echelongraph.io

Mailing Address: EchelonGraph, Inc. • Legal Department • Susaek, Eunpyeong-gu, Seoul, South Korea