Terms of Service

The following capitalised terms have the meanings set out below throughout these Terms and any Order Form, Data Processing Agreement, or addendum that reference them.

By registering for an account, executing an Order Form, or accessing any part of the Service, you confirm that:

• ›You are at least 18 years of age and have the legal capacity to enter into binding contracts.
• ›If you are acting on behalf of a legal entity, you have the authority to bind that entity to these Terms.
• ›Your use of the Service complies with all applicable laws and regulations in your jurisdiction.
• ›You are not located in, or acting on behalf of a party located in, a jurisdiction subject to applicable trade sanctions.

These Terms shall apply from the earliest of: (a) the date you first access the Service, (b) the date you accept these Terms electronically, or (c) the effective date stated in an Order Form.

Scrubbe provides a governed multi-agent incident intelligence platform designed to help enterprise engineering teams detect, investigate, and remediate operational incidents with appropriate policy controls.

The Service includes, subject to your Subscription tier:

Scrubbe reserves the right to modify, enhance, or discontinue features of the Service upon reasonable notice, provided that material reductions in core functionality are communicated to Customer with at least 30 days' notice.

Account security. Customer is responsible for maintaining the confidentiality of all authentication credentials issued to or created by Authorised Users. You must promptly notify Scrubbe of any suspected unauthorised access or credential compromise.

Authorised Users. Customer may provision access for the number of Authorised Users permitted under the applicable Subscription. You may not share credentials between individuals or use service accounts in a manner that circumvents per-seat limits.

Role-based access. The Service provides role-based access controls ("RBAC"). Customer is responsible for configuring and maintaining appropriate role assignments, including designating at least one tenant administrator who holds responsibility for account configuration and policy governance.

Connector credentials. Where a Connector requires third-party credentials (API keys, OAuth tokens, or service account credentials), Customer is responsible for ensuring such credentials are valid, appropriately scoped, and rotated in accordance with the relevant third-party's security requirements.

• ›Scrubbe will store Connector credentials encrypted at rest using AES-256 and transmit them only over TLS 1.2 or higher.
• ›Customer must not provision credentials with permissions beyond those documented as required for each Connector.
• ›Customer must revoke Connector credentials promptly upon termination or suspension of the Service.

Customer and all Authorised Users must use the Service only for lawful purposes and in accordance with these Terms. The following uses are expressly prohibited:

• ›Circumventing, disabling, or tampering with any policy guardrail, automation ceiling, or approval gate built into the Service.
• ›Attempting to reverse-engineer, decompile, or derive source code or model weights underlying the Service.
• ›Using the Service to store, process, or transmit data that violates applicable law, infringes third-party rights, or constitutes regulated health information (PHI/HIPAA) unless covered by an applicable Business Associate Agreement.
• ›Conducting load, penetration, or security testing against the Service without Scrubbe's prior written consent.
• ›Reselling, sublicensing, or providing access to the Service to any third party outside Customer's organisation without express written authorisation.
• ›Using the Service in a safety-critical context where human life or physical safety depends on uninterrupted, failure-free operation.
• ›Attempting to extract or reconstruct Scrubbe's proprietary playbook logic, agent decision models, or training data.
• ›Introducing malicious code, viruses, or payloads into the Service or any connected system.

Scrubbe may monitor Service usage for compliance with this policy and will notify Customer of any suspected violation before taking remedial action, except where immediate suspension is necessary to protect the Service or other customers.

Ownership. Customer retains all right, title, and interest in Customer Data. These Terms do not grant Scrubbe any ownership interest in Customer Data.

Licence to process. Customer grants Scrubbe a limited, non-exclusive licence to receive, store, process, and transmit Customer Data solely to provide and improve the Service, comply with legal obligations, and as otherwise directed by Customer.

Data Processing Agreement. Where Customer Data includes personal data subject to applicable data protection law (including UK GDPR and EU GDPR), the parties shall execute Scrubbe's standard Data Processing Agreement ("DPA"), which is incorporated into these Terms by reference. The DPA governs all processing of personal data under these Terms.

Security. Scrubbe implements and maintains technical and organisational security measures appropriate to the risk, including:

• ›Encryption of Customer Data in transit (TLS 1.2+) and at rest (AES-256).
• ›Role-based access controls and audit logging for all access to Customer Data by Scrubbe personnel.
• ›Regular penetration testing and vulnerability assessments by independent third parties.
• ›Incident response procedures including notification to Customer within 72 hours of becoming aware of a confirmed breach affecting Customer Data.

Data location. Customer Data is processed and stored in data centres located in the European Economic Area and/or the United Kingdom by default. Enterprise Customers may request specific data residency configurations in their Order Form.

Retention and deletion. Upon termination or expiry of the Subscription, Customer Data will be retained for 30 days to allow export, after which it will be securely deleted within 90 days, except where retention is required by applicable law.

Scrubbe IP. All rights in the Service, including software, agents, orchestration logic, playbook frameworks, APIs, Documentation, trademarks (including the Scrubbe name, Diamond S Mark, and associated visual identity), and all improvements thereto, are and remain the exclusive property of Scrubbe Ltd or its licensors.

Customer's licence. Subject to payment of applicable fees and compliance with these Terms, Scrubbe grants Customer a limited, non-exclusive, non-transferable, non-sublicensable licence to access and use the Service during the Subscription period solely for Customer's internal business operations.

Feedback. If Customer or any Authorised User provides suggestions, feedback, or ideas relating to the Service ("Feedback"), Customer hereby assigns to Scrubbe all right, title, and interest in such Feedback. Scrubbe may use Feedback without restriction or compensation.

Usage data. Scrubbe may collect and use aggregated, anonymised usage and performance data derived from Customer's use of the Service to operate, improve, and benchmark the Service, provided such data cannot reasonably be used to identify Customer or any individual.

Fees are specified in the applicable Order Form. Unless otherwise stated, the following terms apply:

Taxes. All fees are exclusive of applicable taxes, levies, and duties. Customer is responsible for all taxes other than those assessed on Scrubbe's net income.

Disputes. Customer must notify Scrubbe in writing of any invoice dispute within 30 days of the invoice date. Undisputed amounts remain due by the payment deadline.

Scrubbe targets the following monthly uptime commitments for the core Service:

Service credits. Where Scrubbe fails to meet the committed SLA in any calendar month, Customer is eligible for service credits equal to 10% of the monthly fee for each full percentage point below the target, up to a maximum of 30% of the monthly fee. Service credits are Customer's sole remedy for SLA failures.

Exclusions. SLA commitments do not apply to downtime caused by: Customer-side infrastructure, network, or connector failures; force majeure events; Customer-requested changes; third-party platform outages outside Scrubbe's reasonable control; or actions taken in accordance with these Terms.

Each party agrees to maintain the confidentiality of the other party's Confidential Information and not to disclose such information to any third party without the disclosing party's prior written consent, except:

• ›To employees, contractors, or advisors who have a legitimate need to know and are bound by confidentiality obligations no less protective than these Terms.
• ›As required by applicable law, regulation, or court order, provided the receiving party gives the disclosing party maximum practicable prior notice and cooperates in seeking a protective order.
• ›For information that is or becomes publicly available through no fault of the receiving party, was rightfully known prior to disclosure, or was independently developed.

Confidentiality obligations under this section shall survive termination or expiry of these Terms for a period of five (5) years, except that obligations with respect to trade secrets shall continue for so long as the relevant information remains a trade secret.

Scrubbe warrants that during the Subscription period: (a) the Service will perform materially in accordance with the Documentation; (b) Scrubbe will implement and maintain commercially reasonable security measures; and (c) Scrubbe has the right to grant the licences set out in these Terms.

Customer warrants that: (a) it has all rights necessary to submit Customer Data to the Service; (b) the submission and processing of Customer Data does not violate applicable law or any third-party rights; and (c) it has implemented appropriate Connector credential security measures.

Cap. To the maximum extent permitted by applicable law, each party's total aggregate liability arising out of or in connection with these Terms (whether in contract, tort including negligence, or otherwise) shall not exceed the greater of: (a) the total fees paid or payable by Customer in the twelve months immediately preceding the event giving rise to the claim; or (b) £10,000 GBP.

Exclusions. Neither party shall be liable to the other for any:

• ›Loss of profits, revenue, or anticipated savings;
• ›Loss of business, contracts, or opportunities;
• ›Loss of data or corruption of data (other than Scrubbe's obligation to maintain backups as specified in the DPA);
• ›Indirect, incidental, special, or consequential damages;
• ›Damage arising from actions taken or not taken by automated agents within the Automation Level configured by Customer.

These exclusions apply even if a party has been advised of the possibility of such loss. Nothing in these Terms shall limit liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded by law.

By Scrubbe. Scrubbe will defend Customer against any third-party claim that the Service, as provided and used in accordance with these Terms, infringes any UK, EU, or US patent, copyright, or trademark, and will indemnify Customer against damages finally awarded in such a claim. This obligation does not apply where the claim arises from: modification of the Service by Customer; use of the Service in combination with non-Scrubbe products; use contrary to the Documentation; or Customer Data.

By Customer. Customer will defend Scrubbe against any third-party claim arising from: (a) Customer Data; (b) Customer's use of the Service in breach of applicable law; or (c) Customer's violation of applicable law; or (d) actions taken by the Service pursuant to Customer's policy and playbook configuration.

Procedure. The indemnified party must: (i) promptly notify the indemnifying party in writing of any claim; (ii) give the indemnifying party sole control of the defence and settlement; and (iii) provide reasonable assistance at the indemnifying party's expense. The indemnified party may participate in the defence with its own counsel at its own cost.

By Customer. Customer may terminate the Subscription at any time by providing written notice. Unless a different notice period is specified in the Order Form, termination takes effect at the end of the then-current Subscription period. No refunds are provided for prepaid fees except where termination is for Scrubbe's material uncured breach.

By Scrubbe for cause. Scrubbe may terminate these Terms immediately on written notice if: (a) Customer is in material breach and fails to cure within 30 days of notice; (b) Customer becomes insolvent or enters administration; or (c) continued provision would violate applicable law.

Effect of termination. On termination or expiry:

• ›All licences granted to Customer terminate immediately.
• ›Customer must cease all use of the Service and destroy all copies of Documentation in its possession.
• ›Customer retains the right to export Customer Data during the 30-day retention period per Section 6.
• ›Sections 1, 7, 10, 11, 12, 13, 15, and this Section survive termination indefinitely.

These Terms are governed by and shall be construed in accordance with the laws of England and Wales. The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute arising out of or in connection with these Terms.

Dispute resolution. Before commencing legal proceedings, the parties agree to attempt resolution through good-faith negotiation for at least 30 days. Either party may request a meeting between senior representatives of each organisation.

UN Convention. The United Nations Convention on Contracts for the International Sale of Goods does not apply to these Terms.

Injunctive relief. Nothing in this section prevents either party from seeking urgent injunctive or other equitable relief in any court of competent jurisdiction where delay would cause irreparable harm, including in connection with a breach of confidentiality or intellectual property obligations.

Scrubbe may update these Terms from time to time. Where changes are material, we will provide at least 30 days' advance notice by email to the primary account contact and/or by prominent notice within the Service.

Material changes include modifications to payment terms, data handling provisions, limitation of liability, or Customer's core rights. Non-material changes (e.g. formatting, clarifications, new feature descriptions) take effect immediately upon publication.

Continued use of the Service after the effective date of updated Terms constitutes acceptance. If you do not accept updated Terms, you must notify Scrubbe within the notice period and you may terminate the Subscription without penalty for the change itself.

Where Customer holds an active Order Form, changes to these Terms do not affect the Order Form until it next renews or is amended by mutual agreement, unless required by applicable law.

For legal notices under these Terms, or to report a potential breach of these Terms, please contact Scrubbe's legal team using the details below. Notices sent by email are deemed received on the next business day. Notices sent by recorded post to the registered address are deemed received three business days after posting.