Terms of Service
Last updated: 17 April 2026
These Terms govern your use of the Shadow Guard AI platform operated by Oney Finanasal Danismanlik Turizm ve Dis Ticaret AS, a joint-stock company registered in the Istanbul Trade Registry. By creating an account you agree to these Terms.
§1The Service
Shadow Guard AI provides Shadow AI discovery, secret leak detection and autonomous remediation tooling on a software-as-a-service basis. Features, scan limits and retention are defined by the plan purchased.
§2Accounts & Eligibility
You must be 18+ and authorized to act on behalf of the organization you register for. You are responsible for the confidentiality of your credentials and for all activity under your account. You must enable MFA on the Business plan and above.
§3Permitted Use & Authorization
You warrant that you are the owner or have explicit written authorization to scan any asset submitted to the platform. You must not scan infrastructure you do not own or operate without authorization (CFAA, Computer Misuse Act, Turkish Penal Code Art. 243). We may suspend accounts that violate this warranty.
§4Autonomous Audit Consent
By submitting a target URL, domain or repository to the platform you EXPRESSLY AUTHORIZE the Shadow Guard Autonomous Core to perform a non-intrusive, read-only audit against that target. Authorized activities include: (i) fetching publicly reachable endpoints; (ii) enumerating commonly-exposed paths (e.g. /.env, /.git/config, /actuator); (iii) inspecting response headers, CORS policy and TLS configuration; (iv) regex and entropy analysis of fetched content for leaked credentials and Shadow-AI indicators; (v) persisting SHA-256 hashes of findings to produce your audit dossier. Prohibited activities — which the Core will not perform — include: authenticated exploitation, payload-based injection, credential stuffing, denial-of-service or any activity exceeding CFAA / TCK Art. 243 lawful-authorization boundaries. You remain solely responsible for obtaining all internal approvals required by your organization prior to submitting a target.
§5Prohibited Conduct
You may not (a) reverse-engineer, decompile or disassemble the service; (b) use the service to attack third parties; (c) use the service for developing competing products; (d) exceed documented API rate limits; (e) upload malware, illegal content or data subject to export controls.
§6Intellectual Property
We retain all rights in the platform, detectors, models and documentation. You retain all rights in your submitted data. You grant us a limited license to process your data solely to operate the service.
§7Fees & Taxes
Fees are billed monthly or annually in advance in EUR or USD and are non-refundable except where required by law. Turkish KDV (VAT) applies where relevant.
§8Warranty & Liability
The service is provided "as is" without warranties of merchantability or fitness for a particular purpose. To the maximum extent permitted by law, our aggregate liability shall not exceed the fees paid in the 12 months preceding the claim. Nothing limits liability for gross negligence, willful misconduct, or statutory consumer rights.
§9Termination
Either party may terminate for material breach uncured after 30 days' written notice. On termination you may export your data for 30 days, after which it is deleted per our Privacy Policy.
§10Governing Law & Jurisdiction
These Terms are governed by Turkish law. Disputes shall be resolved exclusively by the Istanbul Central (Çağlayan) Courts and Enforcement Offices, without prejudice to the mandatory consumer protections of your country of residence.
§11Contact
Questions about these Terms: legal@shadowguard.ai.