These Terms of Service (“Terms”) govern your use of the Charity Cyber Service (“Service”), operated by Mira Software Ltd, trading as “Charity Cyber” (“we”, “our”, “us”).

 

This Agreement sets forth the legally binding terms and conditions for your use of charitycyber.co.uk and the Charity Cyber Portal.

 

“You”, “the Customer”, or similar terms mean the person creating an account, logging into the Service, or otherwise accessing or using the Service, as well as the organisation on whose behalf the Service is accessed. By creating an account, logging in, or using the Service in any way, you confirm that you have the authority to enter into this Agreement on behalf of yourself or your organisation, and that you agree to be bound by these Terms.

​

1. Scope of Service

​​

• The Service provides tools to support organisations in improving their cyber security posture. These include, but are not limited to, external vulnerability scanning, dark web credential monitoring, guided frameworks (such as Cyber Essentials), cyber maturity assessments, and reporting

• The Service is intended to supplement, not replace, your organisation’s own cyber security controls, monitoring, or compliance activities.

• The Service is intended to provide visibility, guidance, and oversight to help organisations manage cyber risks. It is not a substitute for comprehensive penetration testing, a managed security operations centre (SOC), or dedicated cyber security services. Features of the Service may change, be added, or be removed from time to time.

​​

2. Account Terms

​

• Accounts must be created on behalf of an organisation, and the person creating the account confirms they have the authority to do so.

• You are responsible for maintaining the security of your account and password.

• Each subscription is tied to a single organisation. That organisation may create multiple user accounts under its subscription

• You must provide accurate and complete information when creating your account.

• You must not add user accounts belonging to other organisations or shared tenants. Each account must be limited to the subscribing organisation.

​

3. Asset Ownership and Monitoring

​

• You may only register or submit domains, IP addresses, or other digital assets for monitoring that your organisation owns, controls, or has legal authorisation to monitor.

• You must not use the Service to scan or monitor third-party assets without consent.

• Any breach of this requirement may result in immediate suspension or termination of your account.

​

4. Grant of Licence and Restrictions on Use

​

Subject to these Terms and payment of applicable fees, we grant you a non-exclusive, non-transferable, limited right to use the Service for your own internal business purposes.

​

You may not, and you may not allow any third party to:

​

• Copy, distribute, rent, lease, transfer, or sublicense the Service.

• Modify or create derivative works of the Service.

• Use the Service in a way that threatens its security, performance, or availability.

• Use the Service in any unlawful manner or against assets you do not own or control.

• Reverse engineer, decompile, or disassemble the Service.

• You may not misrepresent or publish results from the Service in a misleading way, including suggesting that the Service provides complete or guaranteed protection against cyber threats.

• You must not attempt to bypass, disable, or interfere with any security-related features of the Service, or attempt to gain unauthorised access to other accounts or systems.

• You must only use the Service in compliance with applicable laws and regulations, including data protection, privacy, and cyber security laws in your jurisdiction.

• The Service must not be used to perform penetration testing, denial-of-service attacks, or other offensive security activities beyond the intended monitoring and reporting functions provided.

• We reserve the right to impose limits on usage (such as frequency of scans or number of monitored assets) to ensure fair use and system stability.

• Compliance with Laws – You must use the Service in compliance with all applicable laws and regulations, including data protection, privacy, export control, and cyber security laws in your jurisdiction.

​

5. Licence to Charity Cyber

​

For clarity:

​

• Customer Data means the electronic data and information that you submit to the Service, including but not limited to domains, IP addresses, user accounts, and uploaded documents.

• System Data means technical, diagnostic, and usage-related information generated through your use of the Service (such as log data, configuration data, and performance metrics).

• Reports means analyses, alerts, or recommendations produced by the Service based on Customer Data or System Data.

​

All data you submit to the Service remains your property. By submitting data, you grant us a non-exclusive licence to use, store, and process the data as necessary to:

​

• Provide the Service to you.

• Generate reports and statistics for you.

• Improve and maintain the Service.

• Create aggregated, anonymised reports or statistics that do not identify you or your organisation.

​

We may process data in the UK and in other jurisdictions where our authorised third-party providers operate, solely for the purposes of delivering the Service.

​

We will not sell or rent your data to third parties. Any processing of personal data is carried out in line with our Privacy Policy, which forms part of this Agreement

​

6. Ownership

​

The Service, including all software, code, databases, designs, reports (excluding the underlying data you provide), user interfaces, and all intellectual property rights in the Service, are and shall remain the exclusive property of Mira Software Ltd.

 

Except for the limited licence granted under these Terms, no rights or ownership in the Service are transferred to you.

 

All data that you provide to the Service remains your property. We do not claim ownership of your data, but you grant us the rights described in Section 5 to process it for the purposes of providing the Service.

​

7. Subscriptions, Payment, and Refunds

​

• Subscriptions are managed securely through Stripe.

• Plans automatically renew at the end of each billing cycle unless cancelled before the renewal date.

• You are responsible for maintaining accurate billing information and ensuring that your payment method is valid and up to date.

• If payment cannot be collected, we may suspend or terminate your access to the Service until payment is received.

• Refunds are not provided for partial use, downgrades, or unused time within a billing period, unless required by law.

• We may change subscription fees on renewal. For annual subscriptions, we will give at least 30 days’ notice before the new price applies. For monthly subscriptions, changes will take effect from the start of your next billing cycle, and we will notify you before the new price is applied. If you do not wish to continue at the new price, you may cancel your subscription before the renewal date.

• If you are a Managed Service Provider (MSP), your subscription charges will be based on the number of end-customer organisations you onboard, in line with the pricing plan agreed with us at the time of subscription (and as updated from time to time in accordance with these Terms).

​

8. Third-Party Services

​

• Certain features of the Service rely on third-party providers, including but not limited to vulnerability scanning, credential monitoring, Cloud hosting and email delivery services.

• These providers may process data outside the UK/EU.

• Some features of the Service depend entirely on such third-party providers and may be unavailable if those providers suspend, change, or restrict our access.

• We do not guarantee the accuracy, completeness, or timeliness of data provided through third-party integrations.

• You must only use features powered by third-party providers in compliance with applicable laws and with respect to assets and data you own or are authorised to monitor.

• We may change or substitute third-party providers at any time without notice, provided that such changes do not materially reduce the overall functionality of the Service.

• We are not liable for any interruptions, omissions, or failures of third-party services.

​

9. Term and Termination

​

• These Terms remain in effect for as long as you maintain a subscription to the Service.

• You may terminate your subscription at any time through your account settings. Termination will take effect at the end of the current billing period, and no refunds will be provided for unused time unless required by law.

• We may suspend or terminate your account immediately if:

  • you breach these Terms,

  • you use the Service in an unauthorised or unlawful manner, or

  • your payment cannot be collected.

• Upon termination, your access to the Service will cease. We may retain data for a limited period in line with our Privacy Policy, after which it may be deleted or anonymised.

• The following sections will survive termination: Ownership, Licence to Charity Cyber, Confidentiality, Indemnification, Limitation of Liability, Governing Law, and General Provisions.

• Upon termination, you must promptly delete or destroy any Reports, documentation, or other materials derived from the Service that contain our Confidential Information, unless you are legally required to retain them.

​

10. Warranty Disclaimers

​

The Service is provided on an “as is” and “as available” basis.

​

We make no warranties or representations, express or implied, about the Service, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.

​

In particular, you acknowledge and agree that:

​

• The Service is intended to provide visibility, monitoring, and guidance but does not guarantee protection against cyber attacks, breaches, or vulnerabilities.

• Information provided through third-party integrations may be inaccurate, incomplete, or delayed, and we make no warranty as to its reliability.

• We do not guarantee that the Service will be uninterrupted, secure, or error-free.

• You remain solely responsible for your organisation’s overall cyber security measures, compliance requirements, and incident response.

​

11. Limitation of Liability

​

To the maximum extent permitted by law:

​

• Our total liability to you for all claims arising under or in connection with these Terms or the Service is limited, in aggregate, to the amount you paid for the Service in the 12 months before the event giving rise to the claim.

• We are not liable for any indirect, incidental, special, or consequential damages of any kind, including but not limited to loss of profits, loss of data, loss of business opportunities, or reputational harm.

• We are not liable for any losses or damages arising from:

  • cyber attacks, breaches, or vulnerabilities not detected, prevented, or reported by the Service;

  • your reliance on incomplete, delayed, or inaccurate data provided through third-party services;

  • your failure to implement appropriate security measures or to act on information provided by the Service; or

  • your unauthorised or unlawful use of the Service.

• The limitations above apply whether the claim is based on contract, tort (including negligence), statutory duty, or otherwise.

​

12A. User Content

​

You are solely responsible for any data, documents, or materials you upload, share, or submit to the Service (“User Content”). You warrant that you have all necessary rights, licenses, and permissions to provide such User Content and to grant us the rights described in Section 5.

 

You agree to indemnify us against any claim, loss, or liability arising from User Content that:

• infringes the rights of any third party, including intellectual property, privacy, or data protection rights;

• is submitted without the necessary authority or consent; or

• violates applicable law or regulation.

​

12. Indemnification

​

You agree to indemnify and hold Mira Software Ltd (trading as Charity Cyber), its directors, employees, and partners harmless from any claim, demand, liability, damage, loss, or expense (including reasonable legal fees) arising out of or connected to:

​

• your use of the Service in violation of these Terms;

• your submission of domains, IP addresses, or user accounts that you do not own or have authority to monitor;

• your misuse of data obtained through the Service, including dark web or vulnerability information;

• any claim brought by a third-party service provider (e.g. scanning, monitoring, or email services) resulting from your misuse of the Service; or

• your violation of any law, regulation, or third-party rights.

​

This indemnity obligation survives termination of these Terms.

​

13. Confidentiality

​

Each party agrees to keep confidential all non-public, proprietary, or confidential information disclosed by the other party in connection with the Service (“Confidential Information”), whether in written, electronic, or oral form.

Confidential Information does not include information that:

​

• is or becomes public other than through a breach of this Agreement;

• was already known to the receiving party at the time of disclosure;

• is independently developed without reference to the other party’s Confidential Information; or

• must be disclosed by law, regulation, or court order (in which case the receiving party shall, where legally permitted, give prompt notice to the disclosing party).

​

Each party may disclose Confidential Information only to its employees, contractors, or subprocessors who need access for the purposes of delivering or receiving the Service and who are bound by confidentiality obligations at least as strict as those in these Terms.

​

The obligations in this Section survive termination of these Terms and remain in effect for as long as the information remains confidential.

​

14. MSP-Specific Terms

​

If you are a Managed Service Provider (MSP) using the Service on behalf of your clients:

​

• You remain fully responsible for your clients’ use of the Service, and for ensuring that they comply with these Terms.

• You must ensure that each of your clients agrees to terms that are at least as strict as these Terms of Service, including requirements relating to data ownership, asset authorisation, confidentiality, and acceptable use.

• End-client data remains the property of the end-client. You are responsible for ensuring that only domains, IP addresses, or user accounts owned or controlled by your end-clients are submitted for monitoring.

• You may not resell, white-label, or redistribute the Service as a standalone product without our prior written consent.

• Your subscription fees will be based on the number of end-client organisations you onboard, as set out in your subscription plan (and subject to Section 7 on Subscription Fees).

• We reserve the right to monitor MSP usage of the Service and to suspend or terminate MSP access if we reasonably believe you or your clients are in breach of these Terms.

• We are not liable for the actions or omissions of your clients in connection with the Service.

​

We reserve the right to monitor MSP usage of the Service and to suspend or terminate MSP access if we reasonably believe you or your clients are in breach of these Terms.

​

15. Publicity

​

You may state publicly that you are a customer of Charity Cyber.

​

Unless you opt out by notifying us in writing, you agree that we may include your organisation’s name and logo in our customer lists, website, and marketing materials, provided that we do not suggest you endorse the Service.

​

Any use of your logo will be consistent with any brand guidelines you provide.

​

If you are a Managed Service Provider (MSP), we will not reference your end-clients without your prior written consent.

​

16. Governing Law and Jurisdiction

​

These Terms are governed by the laws of England and Wales, and you agree to submit to the exclusive jurisdiction of the courts of England and Wales.

​

Any disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.

​

17. General Provisions

​

• Entire Agreement – These Terms constitute the entire agreement between you and us regarding the Service and supersede all prior agreements, understandings, or representations.

• Severability – If any provision of these Terms is found unenforceable, the remaining provisions will remain in full force and effect.

• No Waiver – A failure or delay by either party to enforce any right or provision shall not constitute a waiver of that right or provision.

• Assignment – You may not assign or transfer this Agreement without our prior written consent. We may assign or transfer our rights or obligations under these Terms without restriction, provided this does not materially reduce your rights under the Agreement.

• Force Majeure – We are not liable for any failure or delay caused by circumstances beyond our reasonable control, including but not limited to internet or hosting outages, cyber attacks, denial-of-service events, strikes, power failures, or natural disasters.

• Notices and Communications – You agree that communications and notices regarding the Service may be provided electronically, including via email to the address in your account or through in-app notifications. You must send legal notices to the contact email published on our website.

• Headings – Section titles are for convenience only and have no legal effect.

• Relationship of the Parties – Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between you and us.

• Export Control & Sanctions Compliance – You may not use the Service if you are subject to UK, EU, or US sanctions, or in violation of applicable export control laws.

• Language & Precedence – These Terms are provided in English. If translated, the English version shall prevail.

• Survival – In addition to the sections listed in Section 9, any provisions which by their nature should survive termination (including accrued payment obligations) will survive.

• Governing Version – In the event of any conflict between different versions of these Terms, the version published on our website shall prevail.

​