By registering for an account, or by accessing or using the Service, Customer agrees to these Terms of Service, the Privacy Policy, and the Cookie/Tracking Policy. If Customer does not agree, it must not register for or use the Service. In case of conflict, the following order of precedence applies: (1) any signed Order Form, (2) the Data Processing Addendum (DPA), (3) these Terms of Service, (4) the Privacy Policy, (5) the Cookie/Tracking Policy.
Provider (“we”, “us”, “our”): the Shieldlabs entity that operates the Service.Customer Data: data submitted by or on behalf of Customer to or through the Service (including results generated for Customer’s use within retention windows).Service Data: operational and technical data generated by the Service to operate, secure, and measure performance (excluding Customer Data).Aggregated Metrics: de-identified statistics derived from Service usage that do not identify Customer or end-users.Confidential Information: non-public information disclosed by either party that is marked or should reasonably be considered confidential.
Shieldlabs SaaS is a service and API for anti-fraud and risk scoring. Business use (B2B) only. Scores, signals, and other outputs are provided as decision-support only. Customer is solely responsible for any decision it makes based on the outputs, including any solely automated decision-making or profiling, and for ensuring an appropriate legal basis and any required human review or safeguards.
Customer is responsible for the security of its account and API keys. We may throttle, limit, or suspend access in case of security risk, abuse, policy violations, or plan overuse. Where practicable, we will provide prior notice and a reasonable opportunity to cure before suspension, except where immediate action is required to address security risks, abuse, or legal requirements.
Prohibited uses include: unlawful processing, attempts to de-anonymize natural persons without a valid legal basis, reverse engineering, limit circumvention, load testing against the Service, and creating/managing bot networks or fraud activity.
Fees, plans, and payment terms are set out in the applicable Order Form or pricing page. Taxes are the Customer’s responsibility unless stated otherwise.
Data is processed under the Privacy Policy and the Cookie/Tracking Policy. Customer, acting as controller, determines the purposes and means of processing the end-user data it submits, is responsible for having a valid legal basis and providing appropriate disclosures/consent to its end-users, and for the correctness of fields it configures or transmits. We process such data only on Customer’s documented instructions as its processor.
By default, the Service collects the technical signals and operational data necessary to provide and improve the Service, in line with the applicable retention policy and the Customer’s plan. Specific methods and signal composition are proprietary. In the admin console, Customer controls which fields are visible (dashboards, logs, responses) and selects which fields to export or fetch (including via API/webhooks/CSV/JSON) and at what cadence, within plan limits and retention windows.
Customer retains rights to its input data and results generated for Customer’s use while Customer maintains an active account and within applicable retention windows. After termination and expiration of retention periods, access may cease. The platform, models, and Aggregated Metrics are owned by us and are not used to reconstruct Customer Data.
The Service is provided “as is” and “as available”. No warranties of accuracy, uninterrupted availability, or fitness for a particular purpose. Outputs may contain false positives or false negatives, and are not a substitute for Customer’s own judgment.
To the maximum extent permitted by law, neither party is liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, revenue, data, or goodwill. To the maximum extent permitted by law, our aggregate liability related to the Service shall not exceed the fees paid by Customer for the Service during the twelve (12) months preceding the first event giving rise to the claim.
Customer may stop using the Service at any time. Upon account closure or termination and upon request, we will make available an export of then-available Customer Data (JSON/CSV) for 30 days after termination. Exports cover data available in our systems and do not include deleted or purged logs. Following the 30-day export window, Customer Data will be deleted or anonymized within a reasonable period, except where retention is required by law or data resides in routine backups, which are deleted on a rolling basis.
Customer represents and warrants it is not a restricted/sanctioned party and will not use the Service in violation of applicable export control or sanctions rules. We may suspend access if we reasonably believe a violation has occurred.
Confidentiality: each party will protect the other’s Confidential Information and use it only as needed to perform under these terms.Force Majeure: neither party is liable for delays caused by events beyond its reasonable control.Assignment: neither party may assign without the other’s consent, except to an affiliate or in connection with a corporate reorganization.Severability / No Waiver: if a term is invalid, the rest remains effective; failure to enforce is not a waiver.Entire Agreement / Survival: these terms are the entire agreement about the Service; provisions that by nature should survive will survive termination.
