Terms of Service

---

Effective Date: September 1, 2025
Last Updated: September 1, 2025

By accessing or using Scantr Reach services provided by Scantr LLC ("Scantr," "we," "us," or "our"), you agree to be bound by these Terms of Service ("Terms"). These Terms constitute a legally binding agreement between your organization ("Customer," "you") and Scantr LLC. If you disagree with any part of these terms, you do not have permission to access our Services.

Scantr Reach is an email authentication and monitoring service designed for organizations to secure their outbound email infrastructure. Our Services include SPF, DKIM, and DMARC configuration and enforcement, BIMI setup, continuous monitoring of email authentication protocols, and comprehensive reporting on email security status.

"Order Form" means a mutually executed ordering document (including PandaDoc/Stripe checkout) specifying tier, pricing, term, and any special terms.

"RUA Reports" means DMARC aggregate reports containing statistical data about email authentication results.

"RUF Reports" means DMARC forensic reports containing detailed information about individual authentication failures, including potentially sensitive email content and headers.

• Available exclusively to registered businesses and organizations
• Authorized representative must sign contracts
• Valid business information and tax ID required where applicable
• Must have legitimate ownership or authorization for all monitored domains

• Provide accurate, complete, and current business information
• Maintain confidentiality of account credentials
• Responsibility for all activities under your account
• Immediate notification of any unauthorized use
• One account may manage multiple domain contracts

• Each domain requires a separate service contract
• Minimum 12-month commitment for monitoring Services
• One-time setup fees for initial configuration
• Monthly billing for ongoing monitoring Services
• Annual contracts with automatic renewal unless cancelled
• Usage limits, domain counts, and support tier are as stated on the Order Form and govern scope of Services

• NET 30 for established businesses with approved credit
• Immediate payment required for new customers
• All fees quoted in USD unless otherwise specified
• Prices subject to change upon renewal with at least 30 days prior notice, unless the parties agree in writing to mid-term changes
• No free trials or free tiers available

• Single dashboard for multiple domains
• Separate billing per domain
• Volume discounts available for 2+ domains
• Master Service Agreements available for enterprise clients

• Customer is responsible for all taxes, duties, and withholdings related to the Services (excluding Scantr's income taxes)
• Late payments may accrue interest at 1.5% per month (or the maximum rate allowed by law), whichever is less
• Customer responsible for reasonable collection costs incurred by Scantr
• Scantr may suspend Services for non-payment after written notice and a 10-day cure period
• If any withholding is required by law, Customer will gross-up the payment so Scantr receives the full amount it would have received absent such withholding
• If Customer is tax-exempt, it will provide a valid exemption certificate; otherwise applicable taxes may be charged

Our SLAs reflect commercially reasonable efforts to provide reliable data processing and reporting, recognizing that email authentication monitoring depends on third-party systems and periodic reporting cycles.

We will use commercially reasonable efforts to achieve the following processing targets:

• Basic: Process RUA Reports within 24 hours of receipt, generate monthly reports within 72 hours
• Pro Pack: Process RUA/RUF Reports within 12 hours of receipt, generate weekly summaries within 48 hours
• Premium: Process RUA/RUF Reports within 6 hours of receipt, provide priority forensic analysis

These targets apply only to reports actually received by our systems and do not include delays in third-party report generation or delivery.

We will use commercially reasonable efforts to maintain:

• Dashboard Access: General availability during normal operating conditions, excluding scheduled maintenance
• Report Generation: Delivery of monthly/quarterly reports within agreed timeframes
• DNS Monitoring: Checks at approximately 6-hour intervals (Basic), 2-hour intervals (Pro Pack), or 1-hour intervals (Premium)
• Alert Delivery: Critical alerts typically sent within 1 hour of detection

We will use commercially reasonable efforts to provide:

• Basic: Email support with target 48-hour response during business days (Monday–Friday, U.S. federal holidays excluded, in PT unless otherwise stated on the Order Form)
• Pro Pack: Priority support with target 24-hour response during business days
• Premium: Dedicated support with target 4-hour response during business hours, 24-hour on weekends

Service credits, which are your sole and exclusive remedy for any SLA failures, apply only for failures directly caused by Scantr Reach, specifically:

• Loss of RUA/RUF data after receipt due to our system failure
• Processing delays exceeding targets by 100% or more for data already in our possession
• Complete dashboard unavailability exceeding 48 consecutive hours due to our infrastructure
• Failure to generate contracted reports within 7 days when all required data is available

Service credits are capped at the fees paid for the impacted month and do not apply to any performance issues not directly within our control. To receive a credit, Customer must request it in writing within 30 days of the event with reasonable supporting details. Credits are measured and applied per impacted monthly billing period.

SLAs and service credits explicitly do not apply for:

• Delays in email providers generating or sending RUA/RUF Reports
• Third-party mail server downtime or delivery delays
• Variable report delivery schedules from mailbox providers
• DNS propagation delays
• Customer configuration errors or changes
• Issues arising from Customer's email infrastructure
• Scheduled maintenance (announced 48 hours in advance)
• Force majeure events
• Any factors outside Scantr Reach's direct control

All targets and intervals are approximate and measured over the applicable monthly billing period.

Service credits constitute your sole and exclusive remedy, and our entire liability, for any failure to meet these SLAs. You waive any right to seek other remedies, damages, or compensation for SLA-related issues.

You agree not to:

• Violate any applicable laws or regulations
• Monitor domains without proper authorization
• Use Services to facilitate spam or malicious emails
• Attempt to compromise our systems or infrastructure
• Resell Services without written partnership agreement
• Submit false or misleading information

You warrant and represent that you have full legal authority to monitor and configure email authentication for all domains in your account. Misrepresentation of domain ownership results in immediate termination without refund.

• Spoofed email testing is available only under a separate Acceptable Testing Agreement
• We strongly prefer and recommend that clients conduct spoofing tests from their own infrastructure
• Scantr provides configuration guidance, best practices, and technical support for client-conducted tests
• Scantr LLC reserves the right to refuse to perform spoofing tests directly from our infrastructure to protect against reputational damage and email blacklist risks, subject to §8.6 (No Legal Advice)

• We provide detailed instructions and scripts for conducting your own spoofing tests
• Technical support available to ensure proper test configuration
• Client maintains full control over test timing and recipients
• No limit on number of tests when conducted from client infrastructure
• Client assumes all risks associated with tests from their infrastructure

If we agree to conduct tests from our infrastructure:

• Requires explicit written consent via executed Acceptable Testing Agreement
• Subject to our sole discretion and risk assessment
• Limited to maximum 5 test emails per domain per month
• Only to pre-authorized recipient addresses you provide
• Test emails clearly marked as security tests
• Additional fees may apply

• Ensure legal authority to authorize spoofing tests for the domain
• Inform relevant stakeholders about planned security testing
• Provide authorized recipient email addresses if Scantr conducts tests
• Accept that test emails may trigger spam filters
• Maintain compliance with all applicable laws regarding email testing

You indemnify and hold harmless Scantr LLC from any claims arising from:

• Spoofing tests you conduct from your own infrastructure using our guidance
• Any authorized tests we agree to perform at your request
• Any reputational damage or blacklisting resulting from testing activities
• Violations of third-party terms of service or applicable laws

• Industry-standard encryption at rest and in transit
• We are pursuing SOC 2 Type II; current controls are described in our security overview and DPA as updated from time to time
• Regular security audits and penetration testing
• Audit logs maintained for 12 months
• Data Protection Agreement (DPA) required for all customers

• Collection and processing of DMARC aggregate reports
• Encrypted storage for contract duration plus 90 days
• Full access via dashboard and API
• Never shared with third parties except as required by law
• You maintain ownership of all RUA data

Critical Notice: Forensic reports contain sensitive data including email content, headers, and personally identifiable information (PII).

• Prior legal review required by Scantr LLC before RUF collection can be enabled
• Written confirmation of lawful basis required - you must provide documented proof of legitimate interest, consent, or other lawful basis under applicable privacy laws
• Explicit opt-in required with written acknowledgment of risks and legal responsibilities
• Right to refuse or suspend - Scantr LLC reserves the right to refuse RUF activation or suspend existing RUF processing if the legal basis is unclear, insufficient, or non-compliant with applicable laws, subject to §8.6 (No Legal Advice)
• Default 30-day retention (customizable per contract)
• Enhanced encryption and access controls
• Minimum necessary data processing with redaction where possible
• You are the data controller; we are the data processor
• Immediate suspension of RUF processing upon any regulatory inquiry or compliance concern
• Scantr may immediately suspend or disable RUF for affected domains if required by a mailbox provider or regulator

For RUF data collection, you must:

• Comply with GDPR, CCPA, and all applicable privacy laws
• Obtain necessary consents from email users if required
• Respond to data subject requests
• Immediately notify us of any privacy obligations
• Indemnify Scantr for claims arising from RUF data processing

• Secure submission via dashboard or API only
• Maximum 100 emails per day for analysis
• You warrant rights to submit all email samples
• Emails analyzed for technical compliance only
• Automatic deletion after analysis unless retention requested

Configuration guidance, technical interpretations, and compliance recommendations provided by Scantr are technical in nature and do not constitute legal advice. You should consult your own legal counsel regarding regulatory obligations, including GDPR, CCPA, and RUF data collection requirements.

9.1. All Services, software, and technology are owned by Scantr LLC.

9.2. You retain ownership of your data and content.

9.3. You grant us limited license to process your data as necessary to provide Services.

9.4. "Scantr" and "Scantr Reach" are trademarks of Scantr LLC.

10.1. We warrant Services will perform substantially as described in your service agreement.

10.2. Services otherwise provided "as is" without warranties of any kind.

10.3. No guarantee of preventing all spoofing or achieving 100% email deliverability.

10.4. You are solely responsible for email content and compliance with email regulations.

Except as provided in Section 11.6, our total liability for all claims arising under or related to these Terms shall not exceed the total fees paid by you in the preceding 12 months.

In no event shall we be liable for any indirect, incidental, special, consequential, or punitive damages, regardless of the cause of action or foreseeability of such damages.

• No liability for RUF content or PII contained in forensic reports
• We act as data processor, not controller, for all email data
• You remain solely responsible for legal compliance of data collection

Security testing, including any spoofed emails, is performed at your sole risk. We assume no liability for reputational damage or blacklisting resulting from authorized testing.

We are not liable for failures or delays caused by third-party services, including email providers, DNS systems, or reporting mechanisms outside our direct control.

The liability limitations in Section 11.1 do not apply to:

• Claims arising from our gross negligence or willful misconduct
• Breaches of our confidentiality obligations under these Terms or any executed NDA
• Breaches of our data protection obligations under the Data Protection Agreement (DPA)
• Our indemnification obligations (if any) under these Terms

For claims falling under these exceptions, our liability shall be determined in accordance with applicable law.

You agree to indemnify, defend, and hold harmless Scantr LLC, its officers, directors, employees, and agents from any claims, damages, losses, or expenses (including reasonable attorney fees) arising from:

• Your use of the Services
• Violation of these Terms
• Violation of any rights of another party
• Your email content or practices
• Authorized security testing
• RUF data collection and processing
• False domain ownership claims

• Initial term as specified in your service agreement (minimum 12 months)
• Automatic renewal for successive 12-month terms unless cancelled
• Enterprise agreements may specify different renewal terms or non-renewal procedures

• Either party may terminate with 30 days written notice before renewal
• Immediate termination for material breach after 10-day cure period
• We may immediately terminate for Terms violations or illegal activity

• Access to Services ceases immediately
• Final invoice due within 30 days
• Data export available for 60 days
• Scantr will delete or return Customer Data per the DPA within 30 days of termination; backups expire on standard cycles
• Sections 5.6, 8, 9, 10, 11, 12, 14, 15 (Confidentiality), 16.1–16.16, 17–19, and accrued payment obligations survive termination

Scantr may suspend Services, with notice where practicable, for:

• Security risk, suspected abuse, or risk of blacklisting
• Legal non-compliance, including unclear or unlawful RUF processing or failure to provide lawful basis
• Non-payment after the 10-day cure period specified in Section 4.4
• Customer actions that materially degrade the Services or third-party systems

"Confidential Information" means non-public information disclosed by one party to the other that is marked confidential or would reasonably be considered confidential given its nature and the circumstances of disclosure.

Confidential Information does not include information that: (a) is or becomes publicly available through no breach by the receiving party; (b) was rightfully known by the receiving party before disclosure; (c) is independently developed without use of Confidential Information; or (d) is rightfully received from a third party without breach of confidentiality obligation.

Each party will: (a) protect the other's Confidential Information using at least the same care it uses for its own confidential information, but no less than reasonable care; (b) use Confidential Information only to fulfill its obligations under these Terms; and (c) not disclose Confidential Information to third parties except as permitted herein.

If legally compelled to disclose Confidential Information, the receiving party will provide prompt notice (if permitted) and reasonable assistance in seeking a protective order.

This confidentiality obligation survives termination for 5 years.

16.1. Entire Agreement: These Terms and your service agreement constitute the entire agreement.

16.2. Severability: If any provision is invalid, other provisions remain in effect.

16.3. No Waiver: Failure to enforce any provision is not a waiver.

16.4. Assignment: You may not assign these Terms without our written consent (not to be unreasonably withheld for change of control). Scantr may assign these Terms to an affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of substantially all assets, with notice to Customer.

16.5. Force Majeure: Neither party liable for delays due to circumstances beyond reasonable control.

16.6. Order of Precedence: In case of conflict: (a) an Order Form or Service Agreement controls over these Terms; (b) the DPA controls for data protection matters; (c) the Acceptable Testing Agreement controls for testing matters; (d) otherwise these Terms control. Usage limits, domain counts, and support tier are as stated on the Order Form and govern scope of Services.

16.7. Publicity: Scantr may identify Customer as a customer and use Customer's name and logo in marketing materials and on its website, subject to Customer's reasonable brand guidelines. Customer may opt out via written notice. Opt-out becomes effective within 10 business days of receipt.

16.8. Feedback: You grant Scantr a perpetual, irrevocable, worldwide, royalty-free license to use any feedback or suggestions to improve the Services, without obligation or attribution. Such feedback is not your Confidential Information.

16.9. Open Source: Some components of the Services may be governed by open-source licenses, which are available upon request or as provided in notices.

16.10. Beta Features: Beta or preview features are provided "AS IS," excluded from SLAs and service credits, and may be modified or discontinued at any time.

16.11. Export Controls and Sanctions: Customer represents that it is not on any U.S./EU/UK sanctions list, will not use the Services in embargoed countries, and will comply with applicable export-control laws.

16.12. De-identified Analytics: Scantr may use de-identified and aggregated usage data to improve the Services, provided no Customer Confidential Information or personal data is disclosed.

16.13. Service Changes and Technical Limits: Scantr may update or modify the Services, impose reasonable technical limits (e.g., rate limits, storage, message volume), or deprecate features with reasonable notice. Material changes will not materially reduce core functionality of the paid tier during the then-current term.

16.14. Notices: Notices may be sent by email to the contacts on the Order Form. Notices are deemed received when sent (if sent during business hours in PT, otherwise next business day). Scantr may provide general operational notices via in-product messaging.

16.15. No Set-off: Customer may not withhold, set off, or net payments owed under these Terms.

16.16. Relationship of the Parties: The parties are independent contractors. No partnership, agency, franchise, fiduciary, or employment relationship is created.

We reserve the right to modify these Terms with 30 days notice for material changes. Notice provided via email to your account administrator. Continued use after the effective date constitutes acceptance. Enterprise agreements may specify different modification procedures.

These Terms are governed by the laws of the State of California, USA, without regard to conflict of law principles.

• Good faith negotiations required first
• If unresolved, binding arbitration in California
• Arbitration under AAA Commercial Arbitration Rules
• Prevailing party entitled to reasonable attorney fees
• Injunctive relief may be sought in courts
• Large enterprise agreements may specify alternative dispute resolution forums if negotiated separately

All customers must execute our DPA covering:

• Data processing terms
• Security measures
• Data subject rights
• Breach notification procedures
• Sub-processor authorization
• Scantr may use subprocessors and will maintain a subprocessor list
• Notice of material subprocessor changes as described in the DPA
• Implementation of appropriate transfer mechanisms (e.g., EU SCCs/UK IDTA) for international data transfers

Required for customers using spoofed email testing features:

• Testing parameters and limitations
• Authorized recipients
• Testing frequency
• Liability and indemnification

Business Support: business@scantr.com
Technical Support: support@scantr.com
Legal Inquiries: legal@scantr.com
Security Issues: security@scantr.com
Business Hours: Monday-Friday, 9 AM - 5 PM PT