Legal Notice & Contractual Terms

1. LEGAL NOTICE

2. GENERAL TERMS OF USE (GTU)

Service Purpose : autodit.io is an EASM (External Attack Surface Management) solution that identifies exposed assets and detects vulnerabilities through automated audit technologies.
User Responsibility : Target Ownership : The user formally commits to submitting for audit only assets (IPs, domains) of which they are the legal owner or for which they hold explicit audit authorization.
Ethical Use : The user commits to using the audit results solely for security and remediation purposes. Any attempt to use this information to conduct attacks, destabilization campaigns, or any other illegal activity is strictly prohibited. In case of detection of fraudulent use, autodit.io reserves the right to immediately suspend the user's account without prior notice and without any possible refund, and to file a complaint against the user.

3. GENERAL TERMS OF SALE (GTS)

You declare and warrant that you have the necessary rights and authorizations to scan the domains and applications you submit to our service. Unauthorized scanning of third-party systems is strictly prohibited.
Pricing : Prices are presented in Euros including tax.
Subscription : The service is provided as an annual subscription with a minimum commitment period of 12 months. Cancellation is possible at any time via the customer interface, but no refund will be issued for the remaining commitment period.
Limitation of Liability : autodit.io provides an analysis based on the state of the art at the time of the scan. We cannot be held responsible for any intrusions occurring on the audited systems, the tool being an aid to security and not a guarantee of absolute invulnerability.

4. PRIVACY POLICY & GDPR

Sovereignty and Local AI (AI Act Compliance) : In accordance with the requirements of the European AI Act, autodit.io is an artificial intelligence solution developed and operated exclusively within the territory of the European Union. All data processed, whether user queries or vulnerability databases (CVEs), transit and are stored on certified infrastructure based in Europe. We commit to never exporting personal or technical data to non-European third-party jurisdictions, thus guaranteeing maximum protection of your information and compliance of your use.
Data Collected : We collect the data strictly necessary for the execution of the service: IP addresses/domains submitted, analysis results, and billing information. Personal data is processed in accordance with GDPR and French law.
Data Management and Cache : Analysis results are stored in your customer area for a maximum period depending on your subscription. Beyond this period, the data is automatically deleted from our servers.
Right to be Forgotten : You can request the permanent deletion of your data at any time by contacting our support. Please note, this will result in the deletion of your account and all associated data as well as the termination of your subscription without any possibility of refund or data recovery. For any contact request, please use the contact form available on the site or from your customer area.

5. COOKIE POLICY

Cookies and Similar Technologies :
To ensure the proper functioning of our platform and improve your experience, we use cookies and similar technologies. These tools are essential to maintain your session active, secure exchanges and analyze service usage.
Manage Your Preferences :
From your first visit, a consent banner allows you to select the categories of cookies you wish to authorize. You can change your preferences at any time by clicking on the cookie management icon located at the bottom right of your screen.
Essential Cookies :
These cookies are essential for the technical operation of the site. They are placed without requiring your prior consent and cannot be disabled.
Analytics and Performance Cookies :
We use these cookies to collect anonymized information about how visitors use the site. This data helps us identify the most visited pages and improve our service performance.
Third-Party Cookies :
Some integrated services (such as interactive maps or videos) may place their own cookies. We invite you to consult the privacy policies of the third-party providers concerned to understand how these cookies are used.

6. USE OF ARTIFICIAL INTELLIGENCE

Use of AI and Transparency: The User acknowledges that certain features of the Platform, particularly report summarization, vulnerability analysis, and scan management assistance, rely on artificial intelligence (AI) technologies provided by the solution and by third-party providers. In accordance with European regulations, autodit.io informs the User that the content thus generated is the product of automated processing.
Nature of Results: The analyses and summaries provided by the AI are intended exclusively to aid technical decision-making. Although autodit.io strives to optimize the relevance of the models used, the AI may generate errors, omissions, or inaccurate interpretations (hallucinations).
Limitation of Liability: The User remains solely responsible for the interpretation of the results and the implementation of corrective actions on their infrastructure. Validation by a human expert is essential before any critical intervention on a production system. autodit.io cannot be held responsible for direct or indirect damages resulting from a decision made solely on the basis of an automated summary.

7. SECURITY OF PROCESSING

Technical and Organizational Measures: We implement appropriate technical and organizational security measures to protect personal data against loss, unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, data encryption, strict access controls, regular security checks, and backups. In the context of AI usage, we implement measures to ensure the security of the data processed by transmitting only the data strictly necessary for the execution of the service and by using, where applicable, AI services that do not retain or exploit any of the transmitted data.

8. APPLICABLE LAW AND JURISDICTION

These terms are governed by French law. Any dispute relating to the interpretation or execution of these terms will be submitted to the exclusive jurisdiction of the courts of Paris. In the event of a dispute, the total amount owed by autodit.io to the customer may not exceed 50% of the amounts paid by the customer to autodit.io under these terms.

9. RESPONSIBILITY

Like all vulnerability scanning and EASM solutions, autodit.io cannot guarantee the completeness of the results. It is recommended to supplement the analyses with other tools and methods. Furthermore, autodit.io cannot be held liable for any damages caused by the use of its services. Indeed, although every effort is made to ensure the quality of the results and minimal impact on the audited infrastructure, errors and malfunctions may occur.