Strategic Technical Layered Unified Resolver Logo
STLUR

Terms of Service

Welcome to STLUR (Strategic Technical Layered Unified Resolver). By accessing or using our services, you agree to be bound by these terms.

1. Services

STLUR is a B2B SaaS that provides automated web security monitoring, vulnerability scanning, and governance reporting services. For domains you register, the service performs automated security assessments including HTTP security header analysis, DNS configuration checks, TLS/SSL evaluation, known vulnerability (CVE) scanning, and authenticated dynamic application security testing (DAST), delivering the results as monthly reports. STLUR does not modify your codebase or data directly.

2. Subscription & Payments

Services are billed on a monthly or annual subscription basis according to your selected plan (Starter / Professional / Enterprise). Payments are processed through Stripe; STLUR does not store credit card information. You may cancel at any time, but cancellation takes effect at the next billing date, and charges for the current billing period are non-refundable. If a free trial is offered, billing begins automatically at the end of the trial period.

3. Authorization and Scope of Security Scanning

You authorize STLUR to perform security assessments on the domains you register. This authorization is established through domain ownership verification (DNS TXT record or file placement) at the time of site registration. The scope of scanning is as follows: (a) Scans are non-destructive and read-only; no data is modified, deleted, or written. (b) Scans follow methodologies aligned with the OWASP Testing Guide and PTES. (c) Scans are limited to the domains you register; no access is made to out-of-scope domains or systems. (d) Destructive endpoints such as logout, account deletion, and payment processing are automatically excluded. (e) For Enterprise authenticated scanning (DAST), session information you provide is used to inspect authenticated areas, but usernames and passwords are never captured or stored.

4. WAF/IDS Alert Notice

Security scans send automated HTTP requests to the target domain. This may trigger alerts in your web application firewall (WAF), intrusion detection system (IDS), or other security monitoring tools. Enterprise DAST scans, in particular, include test payloads to detect vulnerabilities and may generate additional alerts. We recommend notifying your security team in advance and adding STLUR's scanning IP addresses to your allowlist. Scanning IP addresses are available in your account dashboard.

5. Your Responsibilities and Warranties

You represent and warrant that: (a) You are the owner of, or hold legitimate administrative authority over, the registered domains. (b) You have the legal authority to authorize security assessments on those domains. (c) You will not register domains owned or managed by third parties without their authorization. (d) If using Enterprise authenticated scanning, you have the legal authority to provide session information. If you breach these warranties, STLUR reserves the right to immediately suspend service, and you shall be responsible for all damages arising from the breach.

6. Disclaimer of Warranties

STLUR strives for the highest accuracy, but security assessments are an advisory service and do not guarantee detection of all vulnerabilities. STLUR is not liable for security incidents, data breaches, or service disruptions that occur despite scan results. Reports and recommendations are provided for informational purposes only and do not replace individualized security assessments by qualified professionals.

7. SOC 2 / ISO 27001 Compliance Disclaimer

STLUR reports, data exports, and security monitoring outputs are designed as 'supplementary evidence' to support your SOC 2 / ISO 27001 evidence collection process. However, they do not constitute an independent SOC 2 Type I / Type II audit opinion issued by a licensed CPA firm, nor an ISO 27001 certification. STLUR does not guarantee that your organization will achieve or maintain these certifications. Ultimate responsibility for your compliance posture rests with your organization.

8. Enterprise Authenticated Scanning

The Enterprise authenticated scanning (DAST) feature uses your browser session data to perform security scans on authenticated areas of your web application. By enabling this feature, you agree to the following: (a) You have the legal authority to authorize such scanning. (b) You understand that scans may trigger WAF/IDS alerts. (c) You understand the technical process described in our Privacy Policy and Trust page. STLUR processes session credentials only for scan execution, encrypts them with AES-GCM 256-bit for transfer and storage, and retains plaintext credentials only in memory during scan execution. Encrypted data is automatically deleted within 48 hours of scan completion.

9. Intellectual Property

All reports, analyses, scores, and data generated by STLUR remain the intellectual property of STLUR. You are granted a non-exclusive license to use, share, and print these outputs for your internal security and compliance purposes. You may not resell, redistribute, or use STLUR reports to build competing services.

10. Limitation of Liability

To the maximum extent permitted by law, STLUR's total liability for any claim arising from use of the service (including direct, indirect, incidental, special, and consequential damages) shall not exceed the amount paid by you in the twelve months preceding the claim. This limitation applies regardless of whether the cause of action is based on contract, tort, or strict liability.

11. Cancellation and Service Suspension

You may cancel your subscription at any time from the account dashboard. Upon cancellation, service will cease at the next billing date. STLUR reserves the right to suspend or terminate service with prior notice in the event of a breach of these terms, misuse, or legal requirement. Data retention after cancellation is governed by our Privacy Policy.

12. Governing Law and Dispute Resolution

These terms are governed by and construed in accordance with the laws of Japan. Any disputes arising from or in connection with these terms shall be subject to the exclusive jurisdiction of the Tokyo District Court as the court of first instance.

13. Changes to Terms

We may update these terms from time to time. For material changes (including changes to scan scope, pricing, or data handling), we will provide at least 30 days' notice via email or in-product notification before the changes take effect. Continued use of the service after changes constitutes acceptance of the updated terms.

Last Updated: May 2026