The agreement between DataStun LLC and the customer. Read alongside the Privacy Policy and the Acceptable Use Policy — together they form the complete agreement.
These Terms of Service (“Terms”) form an agreement between DataStun LLC, a Texas limited liability company (the “Operator,” “we,” “us”), and the organization or individual who creates an account, installs the agent, or otherwise uses the DataStun platform (the “Customer,” “you”). By doing any of those things, you accept these Terms, the Privacy Policy, and the Acceptable Use Policy on behalf of yourself or the entity you represent. If you do not have authority to bind that entity, do not accept.
DataStun is a data-path intelligence platform consisting of three components: an endpoint agent, a tenant platform (“ten”), and a reputation provider (“rep”). It helps you observe and reason about network behavior on devices you own or are authorized to monitor. The full architecture and data-collection details are described at /data-collection; the current tier matrix is at /pricing.
DataStun is in beta. The service is provided “AS IS” and “WITH ALL FAULTS.” Features may change, regress, or be discontinued without notice. Data submitted to the service may be lost. There is no service-level agreement and no uptime commitment. The agent, ten, and rep may behave differently than this documentation describes during beta.
Beta participation is entirely at your own risk. We may terminate the beta program, discontinue any feature, or terminate any customer’s beta access at any time, for any reason or no reason. We will use reasonable efforts to give notice of major changes but are not required to.
Section 17 (Warranties and disclaimers) and Section 18 (Limitation of liability) apply with full force during beta. Read them.
You are responsible for the accuracy of the information you provide at registration and for safeguarding your login credentials (passwords, OAuth identities, API keys, agent enrollment tokens, per-agent dashboard tokens). You must not share account credentials with unauthorized parties. You are responsible for all activity that occurs under your account.
You must notify us promptly at [email protected] of any suspected unauthorized access. Credentials we issue are revocable; we may revoke any credential at any time if we have reason to believe it has been compromised or used in violation of these Terms, with or without prior notice.
Subject to these Terms and the Acceptable Use Policy, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the service for your own internal business purposes during the term of your subscription. You may not resell, sublicense, lease, or otherwise make the service available to any third party. You may not reverse engineer, decompile, disassemble, or attempt to derive the source code of the agent, ten, or rep, except to the extent applicable law expressly permits despite this limitation. Automated access is permitted only through APIs that we publicly document.
You agree to the Acceptable Use Policy, which is incorporated into these Terms by reference. In summary, you may not use the service to violate law, infringe third-party rights, distribute malware, attempt to access systems you are not authorized to access, test the security of systems you do not own or have written authorization to test, harass any person, submit data you have no right to submit, evade tenant isolation, or attempt to overwhelm or enumerate our infrastructure.
The DataStun agent observes network and host activity on the endpoint where it is installed. You represent and warrant that you have lawful authority to install the agent on each endpoint where you deploy it, and that any monitoring of individuals using those endpoints complies with applicable law — including, where applicable, employment law, electronic-monitoring statutes, wiretap statutes, and notice requirements to end-users.
If your jurisdiction requires you to notify end-users about workplace monitoring, you are responsible for that notice. We provide a per-endpoint /my-device view that surfaces the data we hold to the end-user; using it does not by itself satisfy any specific statutory notice requirement, but it is a building block you may use.
Customer metadata stays inside the customer’s tenant. Your fleet’s observations — the per-flow records, host inventories, SBOM rollups, support conversations, account information, and any other data scoped to your tenant — are your data. You retain all rights, title, and interest in customer data. You grant us a non-exclusive, limited license to process customer data only as necessary to provide the service to you, as described in the Privacy Policy. You can export your customer data at any time (see section 16).
You represent that you have the legal right to submit any data you submit, including any personal data of third parties such as your employees or end-users.
If you provide us feedback, suggestions, bug reports, feature ideas, or comments about the service (“Feedback”), you grant us a worldwide, perpetual, irrevocable, royalty-free license to use, copy, modify, distribute, and otherwise exploit that Feedback for any purpose, with no obligation of attribution or compensation. You are not required to provide Feedback; if you choose to, this license applies. This clause does not give us any rights to your fleet data — it is limited to the suggestions and comments you affirmatively share with us.
This section is the most consequential. Read it carefully.
The principle. Customer metadata stays inside the customer’s tenant. The only data that crosses tenant boundaries is the verdict on a public object — an IP address, DNS name, or executable hash. Those identifiers describe infrastructure used by many organizations; a verdict that helps one customer helps every customer asking the same question about the same address or hash. The fact that you asked is not part of the verdict and is not shared.
The reputation provider produces verdicts about public objects: IP addresses, file hashes (SHA-256), DNS hostnames, TLS certificates, and the like. These verdicts are derived from public observations — what an IP returns when probed, what a hash matches in NIST’s known-good corpus, what MalwareBazaar says about a sample, what multiple antivirus engines collectively flag. The verdicts are not derived from any single customer’s private fleet data.
Reputation verdicts produced by rep are owned by us. They are stored on rep without any tenant identifier and may be served to any current or future customer who asks about the same public object. This is the core mechanism that makes cross-tenant reputation valuable: every customer benefits from every other customer’s lookups without any customer’s identity being attached to the reputation record.
The fact that you asked about a particular IP or hash is not itself reputation data. The audit trail of who asked first is recorded on rep’s pending-lookup queue for accountability, but it is not a verdict and is not served to other customers.
If you delete your tenant, the verdicts on IPs and hashes that you happened to ask about first remain on rep, because they no longer carry any link to you. You did not contribute proprietary information to those verdicts; you contributed the question. The answers are property of the platform.
This clause does not give us any right to your fleet data. We will not derive customer-specific intelligence from your tenant and republish it. We will not single out a particular customer’s behavior or expose anything tenant-scoped to other tenants. The reputation cache contains only verdicts on public objects.
The agent, ten, rep, our documentation, the brand, our trademarks (including “DataStun”), and any methodology we describe in product documentation are our intellectual property, owned by DataStun LLC. The limited license in section 6 grants you the right to use the service; no other rights are granted, express or implied. Open-source components used inside the agent or platform are governed by their own licenses, which we honor and disclose in the relevant build artifacts.
If you self-host ten and / or rep on your own infrastructure, the same Terms apply, with these adjustments:
Self-hosting requires a separate licensing arrangement; contact us at [email protected] to set one up.
We aim for high availability but do not warrant uninterrupted service. During beta, all tiers receive best-effort availability with no service-level commitment. After commercial launch, paid-tier customers may receive availability commitments specified in their order or master service agreement.
The agent is designed to operate when ten is unreachable: the local blocklist enforcer continues using its last-fetched ruleset, flow observations buffer locally and replay when connectivity is restored, and self-update checks fall back gracefully. Brief ten outages do not break agent enforcement.
Fees are as published at /pricing at the time of subscription. All plans include a generous 30-day trial; you are not charged until the trial ends. Subscriptions are billed monthly or annually as elected. We may change prices on 30 days’ written notice; the new price applies at your next renewal.
Today, billing is simulated — we have not yet integrated a payment processor. Customer-stated tier elections drive entitlements. Real billing integration ships before commercial launch; at that point this section will describe taxes, refunds, auto-renewal, and dispute procedures.
The agreement begins when you accept these Terms or first use the service, and continues until terminated. You may terminate at any time by deleting your tenant from the in-product /privacy-settings page or by contacting us at [email protected].
We may terminate or suspend the agreement (a) immediately for any material breach by you, (b) on 30 days’ notice for any reason, or (c) at any time during beta. Where prepaid fees exist and we terminate without cause, we will refund the unused portion of the subscription.
On termination:
We warrant that we will provide the service with commercially reasonable skill and care. Except for that limited warranty:
Threat detection is a best-effort, evidence-based system. A clean grade or an empty findings list is not an assurance of safety; a flagged grade is not proof of malice. The service is one layer in your defense, not the only layer. Reputation verdicts, blocklist entries, and AI-assisted assessments may contain errors. You are responsible for your own security decisions.
Some jurisdictions do not allow the disclaimer of certain warranties or the exclusion of implied warranties. In those jurisdictions, the foregoing disclaimers apply to the maximum extent permitted by applicable law.
The limitations in this section do not apply to liability for gross negligence, willful misconduct, fraud, or any liability that cannot be limited under applicable law. Some jurisdictions do not allow the exclusion or limitation of certain damages; in those jurisdictions, our liability is limited to the maximum extent permitted by law.
You acknowledge that the fees reflect the allocation of risk in these Terms and that we would not provide the service on these terms without these limitations.
You will defend, indemnify, and hold us harmless from and against any third-party claims, losses, damages, liabilities, and expenses (including reasonable attorneys’ fees) arising out of or related to (a) your content or data, (b) your breach of these Terms or the Acceptable Use Policy, (c) your violation of applicable law, (d) your misuse of the service, or (e) your installation or operation of the agent on any device for which you lacked lawful authority.
We will promptly notify you of any claim subject to indemnification, allow you to control the defense and settlement (provided no settlement may impose obligations on us or admit our fault without our prior written consent), and reasonably cooperate at your expense.
Please read this section carefully. It affects your legal rights.
Before filing any arbitration or court proceeding, the parties will attempt to resolve the dispute in good faith. The complaining party will send written notice to [email protected] (if to us) or to the email on file (if to you) describing the dispute and the relief sought. The parties will negotiate for at least sixty (60) days before initiating formal proceedings.
Any dispute, claim, or controversy arising out of or relating to these Terms or the service that is not resolved informally will be resolved by final, binding arbitration administered by the American Arbitration Association (AAA). Individual consumer disputes are administered under the AAA Consumer Arbitration Rules; commercial disputes are administered under the AAA Commercial Arbitration Rules. The seat of arbitration is Williamson County, Texas. Arbitration may proceed by telephone, video, or written submissions where the rules and the arbitrator permit. The arbitrator’s award is final and may be entered as a judgment in any court of competent jurisdiction. Each party bears its own attorneys’ fees and costs except as the applicable rules or governing law provide.
The parties waive any right to participate in a class action, collective action, consolidated proceeding, or representative action. All disputes will be resolved on an individual basis. The arbitrator has no authority to conduct class, collective, or consolidated proceedings. If this class-action waiver is held unenforceable in any case, the entirety of this section 20 is void as to that case and the dispute proceeds in court under section 21.
Either party may bring an action in small-claims court for disputes within that court’s jurisdiction, or seek injunctive or other equitable relief in a court of competent jurisdiction for actual or threatened infringement of intellectual property rights, misappropriation of trade secrets, or breach of confidentiality, without first proceeding to arbitration.
You may opt out of this arbitration agreement (paragraphs b and c of this section) by sending written notice to [email protected] within thirty (30) days after first accepting these Terms. The notice must include your account email address and a clear statement that you opt out of arbitration. Opting out does not affect any other provision of these Terms.
These Terms are governed by the laws of the State of Texas, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.
To the extent any dispute is not resolved by arbitration under section 20 (because the claim falls within a carve-out, because the arbitration agreement is held unenforceable, or because a party validly opted out), the parties consent to the exclusive jurisdiction and venue of the state and federal courts located in Williamson County, Texas, and waive any objection to jurisdiction or venue in those courts.
We may update these Terms from time to time. Material changes will be communicated by email to registered users and/or by prominent notice on the service at least thirty (30) days before they take effect, except where a shorter notice period is necessary to comply with law or to address a security issue. The version number above will increment, and the effective date will be updated. Continued use of the service after the effective date constitutes acceptance of the updated Terms.
DataStun LLC
Attention: Legal
Mailing address — to be added once registered-agent address is confirmed.
Email: [email protected]
See also: /privacy (privacy policy) · /aup (acceptable use policy) · /data-collection (the receipt) · /glossary (feature definitions).
Questions? Email [email protected].