SurfaceWatch
Get started free
Home Legal
Table of Contents

Terms of Service

1. Purpose 2. Acceptance 3. Service Description 4. Account Access 5. Acceptable Use 6. Subscription 7. Liability 8. Intellectual Property 9. Amendments 10. Governing Law

Privacy Policy

1. Data Controller 2. Data Collected 3. Purposes 4. Retention 5. Cookies 6. Sub-processors 7. International Transfers 8. Your Rights 9. Security 10. Amendments
Version 1.0 — Effective March 19, 2026

Terms of Service

These Terms govern access to and use of the SurfaceWatch platform at surfacewatch.io.

Lire en Français
01

Purpose

These Terms of Service ("Terms") govern access to and use of the SurfaceWatch platform (the "Service"), accessible at surfacewatch.io.

SurfaceWatch is an external attack surface monitoring service. It enables organizations to monitor their internet-exposed assets, including DNS changes, leaked credentials, and exposed domains.

02

Acceptance

By accessing the Service or creating an account, you agree to be bound by these Terms. If you do not agree, you must stop using the Service immediately.

03

Service Description

SurfaceWatch provides the following features:

Monitoring of DNS changes on user-submitted domains
Detection and display of credentials (email addresses, hashed passwords) exposed in public data breaches linked to monitored domains
Identification of domains and assets exposed on the internet

Breach data displayed originates from publicly accessible third-party sources. SurfaceWatch does not create these breaches and only aggregates and presents this information for defensive security purposes.

04

Account Access

Access to the Service requires creating an account with a valid email address. The Service uses passwordless authentication. You are responsible for the security of your email address and any access made through your account.

05

Acceptable Use

The Service is intended exclusively for lawful and defensive use. It is strictly prohibited to:

Use the Service to monitor assets you do not own or for which you do not have explicit authorization
Use information obtained through the Service for offensive purposes, unauthorized access, or any malicious activity
Resell, redistribute, or share data from the Service without prior written authorization
Attempt to circumvent the Service's security measures or access other users' data
Use the Service in an automated manner (scraping, bots) without prior agreement

Any violation of these terms will result in immediate account suspension without refund.

06

Subscription and Termination

You may cancel your subscription at any time from your account settings. Cancellation takes effect at the end of the current billing period.

Customers are entitled to a full refund within 30 days of purchase, no questions asked. No exceptions or qualifiers apply.

SurfaceWatch reserves the right to suspend or terminate any account for violation of these Terms, without notice.

07

Limitation of Liability

The Service is provided "as is" and "as available." SurfaceWatch does not warrant the completeness, accuracy, or continued availability of the data presented.

In no event shall SurfaceWatch be liable for any indirect, consequential, incidental, or punitive damages arising from the use of or inability to use the Service, including decisions made based on the information provided.

SurfaceWatch's total liability is limited to the amount paid by the user in the three (3) months preceding the event giving rise to the claim.

08

Intellectual Property

All elements of the Service (interface, algorithms, brand, logos) are the exclusive property of SurfaceWatch. Any reproduction or use without authorization is prohibited.

09

Amendments

SurfaceWatch reserves the right to modify these Terms at any time. Users will be notified by email with 15 days' advance notice. Continued use of the Service after notification constitutes acceptance of the updated Terms.

10

Governing Law

These Terms are governed by the law of the jurisdiction where the Service operator is established. Any disputes shall be submitted to the competent courts of that jurisdiction.

Version 1.0 — Effective March 19, 2026

Privacy Policy

How SurfaceWatch collects, uses and protects your personal data under GDPR.

01

Data Controller

The data controller for personal data collected through SurfaceWatch is the operator of the Service. For any questions regarding your data, contact:

[email protected]
02

Data Collected

2.1 Data you provide directly

Email address — required for account creation and authentication
Domains and assets you submit for monitoring

2.2 Automatically collected data

Connection and usage logs (IP address, timestamps, actions performed)
Cookie and browsing data (see Section 5)

Data we do NOT collect

Name, postal address
Payment data
03

Purposes and Legal Bases

Service provision contract performance Art. 6.1.b GDPR
Security & abuse prevention legitimate interest Art. 6.1.f GDPR
Service improvement legitimate interest Art. 6.1.f GDPR
Google Analytics consent Art. 6.1.a GDPR
04

Retention Periods

Account data (email)Subscription duration + 12 months after cancellation
Monitored domainsDuration of active subscription
Connection logs6 rolling months
Breach dataNot permanently stored, refreshed on each query
05

Cookies and Analytics

SurfaceWatch uses Google Analytics to measure website traffic. Google Analytics places cookies on your browser and collects anonymized browsing data (pages visited, duration, referral source).

You can refuse these cookies via the consent banner displayed on your first visit, or by installing the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout.

For more information on Google's privacy practices: policies.google.com/privacy

06

Sub-processors

OVH SAS hosting · European Union Policy available at ovh.com
Google LLC analytics Data processed under Google's DPA
07

International Transfers

The Service is hosted within the European Union (OVH, France). Google Analytics may involve data transfers to the United States, governed by the European Commission's Standard Contractual Clauses.

08

Your Rights

Under GDPR, you have the following rights:

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing

To exercise these rights: [email protected] — we will respond within 30 days.

09

Security

SurfaceWatch implements appropriate technical and organizational measures to protect your data: encryption of sensitive data, passwordless authentication, restricted access to production data.

In the event of a data breach likely to result in a risk to your rights and freedoms, we commit to notifying the competent supervisory authority within 72 hours.

10

Amendments

Any material changes to this policy will be notified to you by email with 15 days' advance notice.