Last updated: before launch. Working draft — counsel review required before publication.
By signing up for or using CyberRunner you agree to these terms with Equa ApS, Bredgade 30, 1260 Copenhagen K, Denmark, CVR [to fill] ("EQUA", "we"). If you're agreeing on behalf of a company, you confirm you have authority to bind that company.
CyberRunner is an automated security-alert triage service. We process the alerts you send us and return verdicts, risk scores, narratives, and supporting evidence. The 12-agent investigation pipeline, the deterministic risk math, and the consumption pricing are described on /how-it-works and /pricing.
The service is provided "as is" and "as available", without warranty of any kind beyond what is required by mandatory Danish and EU law.
You are responsible for: (a) keeping account credentials and API keys confidential; (b) all activity under your account; (c) ensuring your users have authority to act on your behalf. MFA is enforced by default; please don't try to work around it.
Tell us at security@equa.dk as soon as you suspect a compromised credential.
Consumption-based pricing as published on /pricing. Billed monthly in arrears via Stripe; invoices are EU VAT compliant. We reserve the right to adjust pricing with at least 30 days' written notice; the adjusted pricing applies only to billing periods starting after the notice period.
The Free tier (≤50 investigations / month) requires a verified email and a card on file to prevent abuse; we do not charge the card on free-tier use.
You will not (a) use the service to break any law, including any cybercrime or data-protection law; (b) attempt to compromise the service's security, other users' isolation, or the integrity of our infrastructure; (c) reverse-engineer the service except as permitted by mandatory law; (d) use the service to triage data you do not have the right to process; (e) resell the service except under a separately negotiated reseller agreement.
You retain ownership of your alert data, your verdicts, your audit trail, and any output produced by the service for you. We act as data processor with respect to personal data in your alerts; see the DPA for terms governing that processing.
We do not use your alert data to train models that benefit other customers. We may use aggregated, anonymous usage metrics for internal capacity planning and product improvement.
We target — but do not guarantee, on the standard contract — 99.5% monthly uptime, excluding scheduled maintenance announced at least 48 hours in advance. Enterprise-grade SLAs with credits are available on a separately negotiated contract.
Standard-mode median wall-clock is ~12 seconds; Deep-mode median is ~90 seconds. Throughput is rate-limited per API key; current limits are visible in the customer console.
Support is via email at hello@equa.dk on working days (Copenhagen). Security-relevant reports go to security@equa.dk and are acknowledged within 48 hours. Enterprise support tiers (dedicated channel, response-time SLAs) are available on a separately negotiated contract.
Either party may terminate at any time with written notice. On termination:
We may suspend or terminate immediately on material breach (e.g. acceptable-use violation, non-payment) with notice.
Subject to mandatory law, our total aggregate liability arising out of or related to this agreement is capped at the amount you paid us in the prior 12 months. We are not liable for indirect, incidental, special, consequential, or punitive losses, including but not limited to missed detections, lost data, or lost profits.
The service supports analysts; it does not replace them. You retain responsibility for the actions taken based on our verdicts.
You will indemnify us for third-party claims arising from your use of the service in breach of these terms, including from data you submit that you did not have the right to submit. We will indemnify you for third-party claims that the service itself infringes their IP rights, subject to standard carve-outs.
Each party will protect the other's non-public information with at least the same care as its own (and never less than reasonable care). The obligation survives termination for 3 years.
Danish law, excluding its conflict-of-laws rules. Exclusive venue is the Copenhagen City Court (Københavns Byret), subject to mandatory consumer-protection rules in your jurisdiction (B2B customers waive these to the extent permitted by law).
We notify active customers by email at least 30 days before material changes take effect. Continued use after the notice period constitutes acceptance. If you don't accept, you may terminate without penalty during the notice period.
Entire agreement. No waiver of rights by failure to enforce. If any clause is unenforceable, the rest stands. Assignment requires the other party's consent except in a corporate reorganisation or sale.