1. Scope and Provider
These Terms of Service ("Terms") govern the use of the ConformScan cloud compliance scanning platform ("Service") operated by:
By creating an account or using the Service, you agree to these Terms. If you do not agree, do not use the Service.
2. Service Description
ConformScan provides automated cloud infrastructure compliance scanning for AWS, Azure and GCP environments against EU regulatory frameworks including NIS2, DSGVO/GDPR, BSI C5, ANSSI SecNumCloud, CIS Benchmarks, and ISO 27001.
The Service includes:
- Read-only scanning of cloud infrastructure configurations
- Compliance scoring and finding reports
- PDF report generation (EN/DE/FR)
- REST API access (depending on plan)
- Findings tracking and SLA escalation
- Integration with third-party tools (Slack, Jira, Teams, ServiceNow)
- IaC scanning (Terraform, CloudFormation) — Enterprise plan
- Scheduled scans and drift detection
- EU data residency verification
3. Account Registration
You must provide a valid email address and create a password to register. You are responsible for maintaining the confidentiality of your credentials. You must notify us immediately of any unauthorized use of your account.
You must be at least 18 years old and have the legal authority to enter into these Terms on behalf of your organization if applicable.
4. Plans and Pricing
ConformScan offers the following plans:
- Starter (Free): 1 scan per month, 1 cloud account, 1 framework (NIS2 or DSGVO), findings dashboard
- Professional (99 EUR/month): Unlimited scans, 5 cloud accounts, all 6 EU frameworks, PDF reports, SLA escalation, Slack/Teams/Jira, scheduled scans, API keys
- Enterprise (299 EUR/month): Unlimited scans, unlimited accounts, everything in Professional plus REST API, CI/CD integration, IaC scanning, SSO (SAML/OIDC), self-hosted option, priority support
Prices are exclusive of VAT where applicable. We reserve the right to change pricing with 30 days notice. Existing subscriptions are honored until renewal.
5. Payment and Billing
Paid plans are billed monthly via Stripe. By subscribing, you authorize us to charge your payment method on a recurring basis. You may cancel at any time; your plan remains active until the end of the current billing period. No refunds for partial months.
6. Read-Only Access
ConformScan requires read-only access to your cloud infrastructure via IAM roles (AWS), service principals (Azure), or service accounts (GCP). You are responsible for:
- Creating and configuring the IAM role or service principal in your cloud account
- Ensuring the permissions granted are limited to read-only access
- Revoking access at any time by deleting the IAM role or service principal
ConformScan will never request or use write, modify, or delete permissions on your cloud resources.
7. Data Processing
We process your data in accordance with our Privacy Policy and, where applicable, our Data Processing Agreement. All data is stored on servers in Germany (Netcup GmbH, Karlsruhe). We do not use US-based subprocessors.
8. Acceptable Use
You agree not to:
- Use the Service for any unlawful purpose
- Attempt to reverse-engineer, decompile, or extract source code from the Service
- Resell, redistribute, or sublicense the Service without written permission
- Use the Service to scan cloud accounts you do not own or have authorization to scan
- Attempt to circumvent rate limits, plan restrictions, or security controls
- Interfere with the Service infrastructure or other users' use of the Service
9. Intellectual Property
The Service, including its source code, algorithms, design, trademarks, and documentation, is the exclusive property of ConformScan. These Terms do not grant you any intellectual property rights in the Service beyond the limited right to use it as described herein.
Your scan data and compliance reports remain your property. We claim no ownership over your data.
10. Disclaimer of Warranties
The Service is provided "as is" and "as available" without warranties of any kind, express or implied. ConformScan does not guarantee:
- That scan results are complete, accurate, or legally sufficient for regulatory compliance
- Uninterrupted or error-free operation of the Service
- That the Service will meet specific regulatory requirements in your jurisdiction
ConformScan is a compliance scanning tool, not a legal advisor. Scan results should be reviewed by qualified professionals. Compliance with NIS2, GDPR, or any other regulation remains your responsibility.
11. Limitation of Liability
To the maximum extent permitted by law, ConformScan's total liability for any claims arising from or related to the Service is limited to the amounts paid by you in the 12 months preceding the claim.
ConformScan is not liable for indirect, incidental, consequential, or punitive damages, including lost profits, data loss, or regulatory fines, even if advised of the possibility of such damages.
12. Termination
You may terminate your account at any time from the dashboard. We may suspend or terminate your account if you violate these Terms, with prior notice where practicable.
Upon termination, your scan data will be deleted within 30 days. You may request an export of your data before termination.
13. Changes to Terms
We may update these Terms from time to time. We will notify registered users via email at least 14 days before material changes take effect. Continued use of the Service after changes constitutes acceptance.
14. Governing Law and Jurisdiction
These Terms are governed by the laws of the French Republic. Any disputes shall be subject to the exclusive jurisdiction of the courts of Paris, France.
If any provision of these Terms is found to be unenforceable, the remaining provisions remain in full force and effect.
15. Contact
For questions about these Terms, contact us at: [email protected]