Terms of Service

By accessing or using EchelonGraph (the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization.

If you do not agree to these Terms, do not access or use the Service. We reserve the right to modify these Terms at any time. Material changes will be communicated 30 days in advance via email or in-product notification.

EchelonGraph is a cloud-native security intelligence platform that provides: multi-cloud asset discovery and inventory, vulnerability assessment and CVE intelligence, compliance framework scoring and automation, attack surface mapping and blast radius analysis, threat detection and incident response, and security posture management.

The Service is provided as a Software-as-a-Service (SaaS) platform hosted on Google Cloud Platform infrastructure.

Registration: You must provide accurate, complete, and current information during registration. You are responsible for maintaining the confidentiality of your account credentials.

Multi-Factor Authentication: We strongly recommend enabling MFA on all accounts. Enterprise plans require MFA for all users.

Authorized Users: You may only permit authorized individuals to access the Service under your subscription. Each user must have a unique account. Credential sharing is prohibited.

Account Security: You are responsible for all activity under your account. Notify us immediately at security@echelongraph.io if you suspect unauthorized access.

You agree NOT to: (a) use the Service to scan infrastructure you do not own or have authorization to scan; (b) attempt to access other customers' data or bypass tenant isolation; (c) reverse engineer, decompile, or disassemble any part of the Service; (d) use the Service to develop a competing product; (e) share API keys, access tokens, or credentials with unauthorized parties; (f) exceed reasonable usage limits or engage in activities that degrade Service performance for others.

Scoping Authorization: Before connecting cloud accounts, you must ensure you have proper authorization (written or implicit) from the account owner to perform security scanning. EchelonGraph is not responsible for unauthorized scanning activities performed by customers.

Violation of this policy may result in immediate suspension or termination of your account without refund.

Your Data: You retain all rights to your cloud configuration data, scan results, compliance scores, and any content you upload to the Service. We do not claim ownership of your data.

License to Us: You grant EchelonGraph a limited, non-exclusive license to process your data solely for the purpose of providing and improving the Service. We will not use your data for advertising, sell it to third parties, or share it beyond our sub-processors.

Our Content: The Service, including its software, algorithms, documentation, and design, is owned by EchelonGraph and protected by intellectual property laws. Your subscription grants you a non-exclusive, non-transferable license to use the Service during your subscription term.

Aggregated Data: We may use anonymized, aggregated data derived from usage patterns (e.g., "85% of customers use SOC 2 framework") for benchmarking and product improvement. This data cannot identify individual customers or their infrastructure.

Uptime Target: EchelonGraph targets 99.5% monthly uptime for all production services. Uptime is measured as the percentage of time the Service is available, excluding scheduled maintenance windows.

Scheduled Maintenance: We perform maintenance during low-traffic windows (Sundays 02:00–06:00 UTC, communicated 7 days in advance). Scheduled maintenance does not count against uptime.

Credits: If monthly uptime falls below 99.5%, eligible customers (Pro and Enterprise plans) receive service credits: below 99.5% = 10% credit, below 99.0% = 25% credit, below 95.0% = 50% credit. Credits are applied to the following month's invoice.

Exclusions: The SLA does not apply to: Free-tier accounts, beta features, customer-caused outages (e.g., exceeding rate limits), force majeure events, or third-party service failures beyond our control (cloud provider outages).

Subscription: The Service is offered on monthly or annual subscription plans. Annual plans receive a discount and are billed upfront. Prices are listed on our pricing page and may change with 30 days' notice.

Payment: We accept credit card and wire transfer (Enterprise only). Payments are processed by Stripe. All fees are non-refundable except as required by law or as specified in the SLA.

Overages: If you exceed your plan's usage limits (users, scans, API calls), we will notify you and either upgrade your plan or apply overage charges at the rates listed in your order form.

Taxes: Listed prices exclude applicable taxes. You are responsible for all taxes except taxes on our net income.

By You: You may cancel your subscription at any time via the dashboard settings or by contacting support@echelongraph.io. Cancellation takes effect at the end of the current billing period.

By Us: We may suspend or terminate your account if you violate these Terms, fail to pay, engage in prohibited activities, or pose a security risk. We will provide reasonable notice (7 days) except in cases of severe violations.

Data Export: Upon termination, you have 30 days to export your data via the API or request a data export. After 30 days, all customer data is permanently deleted per our data retention policy.

Survival: Sections on liability, indemnification, intellectual property, and dispute resolution survive termination.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ECHELONGRAPH'S TOTAL LIABILITY FOR ALL CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE AMOUNT PAID BY YOU IN THE 12 MONTHS PRECEDING THE CLAIM.

ECHELONGRAPH SHALL NOT BE LIABLE FOR: (A) INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES; (B) LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES; (C) SECURITY BREACHES CAUSED BY YOUR FAILURE TO IMPLEMENT RECOMMENDED CONFIGURATIONS; (D) DAMAGES ARISING FROM THIRD-PARTY SERVICES OR INTEGRATIONS.

These limitations apply regardless of whether the damages were foreseeable or whether EchelonGraph was advised of the possibility of such damages.

You agree to indemnify and hold harmless EchelonGraph against any claims, damages, or costs arising from: (a) your violation of these Terms; (b) your use of the Service to scan infrastructure without authorization; (c) your violation of applicable laws; or (d) your content uploaded to the Service.

EchelonGraph will indemnify you against third-party claims that the Service infringes intellectual property rights, provided you notify us promptly and allow us to control the defense.

These Terms are governed by the laws of the State of California, without regard to conflict of law provisions.

Disputes shall be resolved through binding arbitration under JAMS rules in San Francisco, California, unless you are an individual consumer entitled to bring claims in your local jurisdiction. Class action waiver applies.

Nothing in this section prevents either party from seeking injunctive relief in a court of competent jurisdiction to prevent irreparable harm.

Legal: legal@echelongraph.io

Support: support@echelongraph.io

Security: security@echelongraph.io

Mailing Address: EchelonGraph, Inc. • Legal Department • Susaek, Eunpyeong-gu, Seoul, South Korea