Terms of Service

These Terms of Service (“Terms”) govern your access to and use of Talon, a security scanning service operated by Prince Holdings LLC (“we”, “us”, or “our”), a Delaware limited liability company. By accessing or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.

Talon performs automated security scanning against web domains and applications. The Service includes a free passive surface scan and paid deep scan tiers. Scans check for publicly observable security issues including misconfigured headers, exposed credentials, debug endpoints, and application-level vulnerabilities through active probing.

Scans are performed from our infrastructure. All scans are read-only and non-destructive. We do not exploit vulnerabilities, create accounts, modify data, or take any action that would alter the state of the target system beyond normal read requests.

You must be at least 18 years of age to use the Service. By using the Service, you represent that you are 18 or older and have the legal capacity to enter into these Terms. The Service is not directed at or intended for use by minors. If you are under 18, do not use the Service.

You must own or have explicit written authorisation from the owner of any domain you submit for scanning. By submitting a domain, you represent and warrant that:

• You are the owner of the domain, or
• You have explicit authorisation from the domain owner to conduct security testing of that domain and its associated systems.

Submitting a domain you do not own or are not authorised to test is a material breach of these Terms and may violate applicable law, including the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the UK Computer Misuse Act 1990, and equivalent legislation in other jurisdictions. We reserve the right to terminate your access and report suspected unauthorised activity to appropriate authorities.

We cooperate fully with law enforcement investigations. If we receive a credible claim that a scan was conducted without authorisation, we will provide all available information to the affected party and relevant authorities.

You agree not to use the Service to:

• Scan domains you do not own or are not authorised to test.
• Circumvent, interfere with, or attempt to compromise the security of any system.
• Use findings to conduct attacks, extort targets, or engage in any unlawful activity.
• Automate, scrape, or abuse the Service in ways that place excessive load on our infrastructure.
• Impersonate any person or entity or misrepresent your affiliation.
• Use the Service for any purpose that violates applicable law.
• Share or resell access to your account or scan results for commercial purposes without our written consent.

Accounts are created for monthly subscribers. You are responsible for maintaining the confidentiality of your account and for all activity that occurs under it. You agree to notify us immediately of any unauthorised use. We may suspend or terminate accounts that violate these Terms.

Magic link authentication is provided via Supabase. Links are single-use and expire after 24 hours.

Paid features are offered on a one-time ($39) or monthly subscription ($29/month) basis. All payments are processed by Stripe. By purchasing, you authorise Stripe to charge your payment method on the terms selected.

• One-time scans — non-refundable after the scan has been initiated. If the scan completes and produces no medium-severity or higher findings, contact us for a full refund.
• Monthly subscriptions — billed monthly in advance. You may cancel at any time from your dashboard; cancellation takes effect at the end of the current billing period. No partial-month refunds are issued.
• Failed payments — if a renewal payment fails, we will notify you by email. Stripe will attempt to retry the charge per its standard retry schedule. If the charge cannot be collected, your subscription will be cancelled.

Prices are in USD and do not include any applicable taxes. You are responsible for any taxes or duties imposed by your jurisdiction.

Reports reflect the state of the target domain at the time of the scan. Findings are generated through automated analysis and may occasionally contain false positives or miss certain issues. Reports are for informational purposes only.

It is your responsibility to verify findings before taking action. We are not liable for any outcome resulting from your decision to act or not act on a finding.

Reports are PIN-protected or account-gated. You are responsible for keeping your PIN confidential. We are not liable for unauthorised access to reports resulting from your disclosure of a PIN.

Optional test credentials you provide are used solely for authenticated probing within the scope of the scan. For one-time scans, credentials are deleted immediately after the scan completes. For monthly subscriptions, credentials are stored encrypted for the duration of the active subscription so that renewal scans can run automatically, and deleted within 30 days of cancellation. You represent that you have the authority to provide these credentials and that using them for the purpose of the scan is authorised.

Optional GitHub App authorisation is used solely for static analysis of the repository you select. The installation ID is stored for monthly subscribers for the duration of the active subscription so that renewal scans can access the same repository. Short-lived access tokens are generated fresh at each scan time and never retained. You represent that you have the authority to authorise this access.

If you operate a domain and do not want Talon to scan it (including via our prospect discovery pipeline), contact us at admin@prince-holdings.com and we will add it to our exclusion list within 48 hours.

The Service, including all software, design, text, and branding, is owned by Prince Holdings LLC and protected by applicable intellectual property laws. You are granted a limited, non-exclusive, non-transferable licence to use the Service for its intended purpose. You may not copy, modify, reverse-engineer, or create derivative works from the Service.

Scan reports generated for you are yours to use for your own security remediation purposes. You may not redistribute, resell, or publish reports without our written consent.

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS, OR THAT ANY FINDINGS ARE COMPLETE OR ACCURATE.

SECURITY SCANNING IS NOT A SUBSTITUTE FOR A PROFESSIONAL SECURITY AUDIT, PENETRATION TEST, OR ONGOING SECURITY PROGRAMME.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PRINCE HOLDINGS LLC AND ITS OFFICERS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS, OR GOODWILL, ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL CUMULATIVE LIABILITY FOR ANY CLAIMS ARISING UNDER THESE TERMS SHALL NOT EXCEED THE AMOUNT YOU PAID TO US IN THE 12 MONTHS PRECEDING THE CLAIM, OR $50, WHICHEVER IS GREATER.

SOME JURISDICTIONS DO NOT ALLOW EXCLUSION OF CERTAIN WARRANTIES OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES; THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU IN THOSE JURISDICTIONS.

You agree to defend, indemnify, and hold harmless Prince Holdings LLC and its officers, employees, and agents from and against any claims, damages, losses, and expenses (including reasonable legal fees) arising out of or related to: (a) your use of the Service in violation of these Terms; (b) your submission of a domain you are not authorised to scan; (c) your violation of any applicable law; or (d) your infringement of any third-party right.

These Terms are governed by the laws of the State of Delaware, without regard to its conflict of law provisions. Any dispute arising out of or related to these Terms or the Service shall be resolved exclusively in the state or federal courts located in Delaware, and you consent to personal jurisdiction in those courts.

Before initiating formal proceedings, you agree to contact us at admin@prince-holdings.com to attempt informal resolution. We will attempt to resolve the dispute within 30 days.

We may suspend or terminate your access to the Service at any time, with or without notice, for conduct that we believe violates these Terms or is otherwise harmful to us, other users, or third parties. Upon termination, your right to use the Service ceases immediately. Sections 11, 12, 13, and 14 survive termination.

We may update these Terms from time to time. We will post the revised Terms on this page with an updated effective date. For material changes, we will notify registered users by email. Your continued use of the Service after the effective date constitutes acceptance of the updated Terms.

Questions about these Terms:

Email: admin@prince-holdings.com

Contact form: talonwatch.com/contact