Terms of Service
Last updated: April 10, 2026.
These terms govern your use of Rorix — the scanner, the dashboard, the registry proxy, and everything at rorix.io. Plain-language summaries sit above each section; the legal text below is what binds. If they conflict, the legal text controls.
1. Your account
You need an account to use the dashboard. One human per account. Sharing credentials is not allowed.
You must be at least 16 years old, or of age of majority in your jurisdiction, whichever is higher. If you sign up on behalf of a company, you represent you have authority to bind that company to these terms.
Keep your credentials secret. You are responsible for activity on your account until you tell us otherwise at security@rorix.io.
2. Acceptable use
Do not use Rorix to attack infrastructure you do not own or have explicit authorization to test. The pentesting product requires DNS-based domain verification precisely for this reason.
Do not attempt to reverse-engineer the dashboard, scrape the advisory feed outside the documented API limits, or re-sell Rorix output without a reseller agreement.
You may publish scan findings you generated against your own code. You may reference Rorix as the tool. You may not use our name or marks in ways that imply endorsement of products we have not endorsed.
3. Subscriptions and billing
Paid plans are billed monthly or annually in advance. Annual plans are non-refundable after the first 14 days. Monthly plans are non-refundable once the billing period starts.
We may change prices with 60 days notice. If you disagree, cancel before the change takes effect; the existing price applies until end of your term.
Overage for scans above your plan is billed at the rate listed on the pricing page at the time of overage. You can set a hard cap in dashboard settings.
4. Your data and our access
Your code, SBOMs, scan output, and policies are your data. We do not train models on it, sell it, or share it except as described in the Privacy Policy.
You grant us a limited license to process your data to operate the service: run scans, surface findings in the dashboard, deliver webhooks, export SBOMs.
You can export or delete your data any time from dashboard settings. Backups are purged within 35 days of deletion.
5. Service availability
We target 99.9% uptime. Past performance is on status.rorix.io. Enterprise plans include a 99.95% SLA with credits; see the Enterprise agreement.
Planned maintenance is announced at least 48 hours in advance on status.rorix.io and via email to the account primary contact.
6. Termination
You can cancel any time. Access continues through the end of your paid period.
We can suspend or terminate accounts that violate these terms, put other users at risk, or generate chargebacks. For cause terminations, we will tell you why unless legally prohibited.
7. Warranties and liability
Rorix is provided "as is." Security tooling finds risks; it does not eliminate them. You remain responsible for the security of your software.
Our total liability for any claim is capped at the fees you paid in the 12 months before the claim. We are not liable for indirect, incidental, or consequential damages.
8. Governing law
These terms are governed by the laws of Sweden. Disputes go to the courts of Stockholm, except that you can bring small claims in your local court.
If a provision is unenforceable, the rest still applies.
9. Changes
We may update these terms. Material changes get 30 days notice by email. Continued use after the effective date is acceptance.
Previous versions are archived. Email legal@rorix.io to request a specific past version.