Nano EASM
Back to Terms & Policies

Liability Limitation

Last updated 1 May 2026

Effective date: 1 May 2026 This document sets out the controlling limitation-of-liability terms for the Service. It is incorporated into the Terms of Use and supersedes any conflicting language elsewhere on the subject of liability.

Capitalised terms have the meanings given in the Terms of Use.

1. Excluded categories of loss

To the maximum extent permitted by applicable law, neither party will be liable to the other for any of the following kinds of loss or damage, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, or otherwise:

  • indirect, incidental, consequential, special, exemplary, or punitive damages,
  • loss of profits or revenue (whether direct or indirect),
  • loss of business, contracts, or business opportunity,
  • loss of anticipated savings,
  • loss of goodwill or reputation,
  • loss, corruption, or unavailability of data — except to the extent caused by our breach of our security obligations under the Privacy Policy or the Data Handling & Retention Policy,
  • the cost of substitute services or solutions.

These exclusions apply even if the relevant party was advised of the possibility of the loss.

2. Aggregate liability cap

Subject to §3 (Carve-outs), our total aggregate liability to you for all claims arising out of or in connection with the Service or these Terms — whether in contract, tort, breach of statutory duty, indemnity, or otherwise — is limited to the greater of:

(a) A$100 (one hundred Australian dollars, or its equivalent in your billing currency), and

(b) the total fees paid by you to us under the relevant subscription in the twelve (12) months immediately preceding the event giving rise to the claim (or, where the claim arises in the first twelve months of your subscription, the fees paid up to the date of the claim).

For the avoidance of doubt:

  • This cap is aggregate across all claims, not per-claim. The cap does not reset on each new claim.
  • For users on the Free plan or using the unauthenticated quick-scan tools, no fees have been paid to us, so liability is limited to A$100 (or the equivalent), subject only to §3.
  • Refunds we issue under the Refund & Cancellation Policy count toward this cap.

3. Carve-outs (what we do not exclude or cap)

Nothing in this document, the Terms of Use, or any other policy excludes or limits a party's liability for:

  • death or personal injury caused by that party's negligence,
  • fraud or fraudulent misrepresentation,
  • gross negligence or wilful misconduct,
  • any liability that cannot lawfully be excluded or limited under the law applicable to the parties.

In particular, nothing in this document excludes, restricts, or modifies the consumer guarantees that apply to you under the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010) where it applies. Where the Service is supplied to you as a "consumer" within the meaning of the ACL and we are liable for failure to comply with a consumer guarantee, our liability is — to the extent permitted by the ACL — limited to:

  • in the case of services, supplying the services again or paying the cost of having the services supplied again, and
  • in the case of goods, replacing the goods, supplying equivalent goods, repairing them, or paying the cost of replacement, supply, or repair.

Where applicable law in any other jurisdiction affords you non-waivable consumer-protection rights, those rights are not affected by this document.

4. Specific scanning-related exclusions

In addition to the general exclusions above, and reflecting the nature of an external attack-surface management service, we are not liable for:

  • consequences arising from scans, discovery jobs, monitor configurations, or other testing activities you initiated, including against systems you were not authorised to test (see Security & Scanning Authorisation),
  • third-party complaints, abuse reports, takedown notices, or law-enforcement inquiries arising from traffic the Service generated on your instruction,
  • alerts, blocks, or service-disruption effects on third-party systems caused by scans you authorised,
  • false positives, false negatives, or stale findings produced by the Service — findings are best-effort and require independent verification before being acted upon,
  • decisions or omissions you made on the basis of Service output,
  • outages or degradations caused by third-party services we depend on (including AWS, Stripe, Resend, and any reconnaissance data providers — see Privacy Policy §6.1) or by force majeure events.

5. Customer's liability — your indemnification obligations

You remain liable for your own breaches of the Terms of Use and the Acceptable Use Policy, and for the indemnification obligations in those documents. The cap in §2 does not limit your obligation to indemnify us under those documents.

Specifically, you remain liable, without cap, for:

  • claims, losses, and expenses arising from scans you initiated against systems you were not authorised to test,
  • claims by third parties relating to Customer Data you submitted unlawfully or in breach of third-party rights,
  • chargebacks initiated in bad faith for charges that were valid under the Terms of Use,
  • breaches of your obligations under the Security & Scanning Authorisation document.

This asymmetry — you indemnify uncapped, our liability is capped — reflects the allocation of risk discussed in §7.

6. Time limit on claims

Any claim against us under or in connection with the Service must be commenced within twelve (12) months of the date on which the event giving rise to the claim first arose, or such longer period as is required by applicable law. Claims commenced after that period are barred.

7. Allocation of risk

You acknowledge that:

  • the limits and exclusions in this document are a fundamental basis of the bargain between you and us,
  • the pricing of the Service — including the existence of a Free tier and the price points of paid plans — reflects this allocation of risk,
  • without these limits, we would not provide the Service, and the fees would be materially higher,
  • you have had the opportunity to seek independent legal advice before agreeing to these Terms.

Where applicable law would render any element of this document unenforceable, the remaining elements continue to apply to the fullest extent permitted, and the parties will treat the unenforceable element as modified to the minimum extent necessary to make it enforceable.

8. Severability and survival

If any limit or exclusion in this document is found unenforceable, the rest remain in force.

The provisions of this document survive termination, expiry, suspension, or cancellation of the Service or your Account.

9. Contact

Questions about this document: