Terms of Service

These Terms of Service ("Terms") govern access to and use of the products and services provided by Anytool Inc., a Delaware corporation doing business as Parameter ("Parameter," "we," "us," or "our"), available at parameter.ai and related domains. These Terms apply to any party that executes an Order Form referencing them or otherwise accepts them in writing ("Customer," "you"). The Services are provided on a sales-led basis; access is granted only after execution of a mutually agreed Order Form. The individual signing the Order Form represents that they have authority to bind the entity identified as Customer.

1. Definitions

"Services" means the Parameter platform, including AI-powered penetration testing agents, the Parameter GitHub pull request scanning bot, dashboards, APIs, reports, and any related tools or features made available by Parameter.

"Targets" means the applications, systems, networks, repositories, infrastructure, endpoints, and other assets that Customer authorizes Parameter to test or scan.

"Customer Data" means data, code, configurations, credentials, and other materials that Customer or its users submit, upload, or otherwise make accessible to the Services.

"Findings" means vulnerabilities, weaknesses, misconfigurations, and related observations identified by the Services, together with the associated reports, evidence, and remediation guidance.

"Order Form" means a written or electronic ordering document executed by the parties referencing these Terms.

2. The Services

2.1 Description

Parameter provides automated and AI-assisted security testing services, including external and authenticated penetration testing, continuous scanning of source code repositories, and reporting of Findings. The specific Services, scope, and any service levels are defined in the applicable Order Form.

2.2 Authorization to Test

Customer expressly authorizes Parameter to conduct security testing against the Targets identified in the Order Form or otherwise designated through the Parameter platform. This authorization includes:

• Active probing, fuzzing, and exploitation attempts consistent with the agreed scope.
• Submitting payloads to identify vulnerabilities such as IDOR, XSS, broken access control, SSRF, and infrastructure misconfigurations.
• Storing, analyzing, and replaying request and response data necessary to validate Findings.
• Re-testing Findings after Customer indicates remediation.

Customer is solely responsible for ensuring that all Targets are owned by Customer or that Customer has obtained all necessary rights, consents, and authorizations from third parties (including hosting providers, contractors, and affiliates) to permit Parameter's testing. Customer agrees to defend, indemnify, and hold Parameter harmless against any claim arising from Customer's failure to obtain such authorizations.

2.3 Out-of-Scope Activity

Unless expressly agreed in writing, the Services exclude denial-of-service attacks intended to disrupt availability, social engineering against employees or customers, physical security testing, and testing of assets not listed as Targets. Parameter will use commercially reasonable efforts to operate within agreed scope but is not liable for incidental impact on shared infrastructure outside its control.

2.4 GitHub PR Bot and Continuous Scanning

If Customer enables Parameter's GitHub integration, Customer authorizes Parameter to access the designated repositories, read source code and pull request contents, post comments and reviews, and surface Findings within the Services. Customer may revoke access at any time through GitHub.

3. Customer Responsibilities

Customer will:

• Provide accurate scope, contact information, and any credentials or test accounts required.
• Maintain the security of its own accounts and API keys for the Services.
• Cooperate with Parameter on remediation testing and provide timely responses to questions impacting the engagement.
• Comply with all applicable laws in connection with its use of the Services and the Findings.

Customer will not:

• Use the Services to test assets it does not own or is not authorized to test.
• Resell, sublicense, or provide the Services to third parties except as expressly permitted.
• Reverse engineer, decompile, or attempt to extract the underlying models, prompts, or proprietary techniques used by Parameter.
• Use the Services to develop a competing product.
• Upload Customer Data that infringes third-party rights or violates law.

4. Accounts and Access

Customer is responsible for activity under its accounts. Customer will promptly notify Parameter of any unauthorized access. Parameter may suspend access if Customer's use poses a security, legal, or operational risk, or if Customer is materially in breach of these Terms.

5. Fees and Payment

Fees are set forth in the applicable Order Form. Unless otherwise stated, fees are billed monthly or annually in advance, are non-refundable, and exclude taxes. Late payments accrue interest at 1.5% per month or the maximum rate permitted by law, whichever is lower. Parameter may suspend the Services for accounts more than 30 days past due after written notice.

6. Intellectual Property

6.1 Parameter IP

Parameter retains all right, title, and interest in and to the Services, including its software, models, agents, prompts, methodologies, dashboards, and documentation, and any improvements thereto. No rights are granted except as expressly set forth in these Terms.

6.2 Customer Data

Customer retains all right, title, and interest in Customer Data. Customer grants Parameter a non-exclusive, worldwide license to use, process, transmit, and store Customer Data solely to provide and improve the Services and as otherwise permitted in Section 8.

6.3 Findings

Parameter grants Customer a perpetual, worldwide, non-exclusive license to use the Findings delivered to Customer for its internal security and compliance purposes, including sharing with auditors, regulators, and customers under reasonable confidentiality obligations. Parameter retains the right to use anonymized and aggregated data derived from Findings to improve the Services.

6.4 Feedback

If Customer provides feedback or suggestions, Customer grants Parameter a perpetual, irrevocable, royalty-free license to use such feedback without restriction.

7. Confidentiality

Each party may receive Confidential Information of the other. The receiving party will use Confidential Information only to perform its obligations under these Terms and will protect it with the same care it uses for its own confidential information, but no less than reasonable care. Confidential Information does not include information that is publicly available, independently developed, or rightfully obtained from a third party without confidentiality obligations. The receiving party may disclose Confidential Information if required by law, provided it gives prompt notice where legally permitted.

Findings, vulnerability details, and credentials shared during an engagement are Customer's Confidential Information.

8. Data Security and Privacy

8.1 Security

Parameter maintains administrative, technical, and physical safeguards designed to protect Customer Data, including encryption in transit and at rest, role-based access controls, logging, and vendor review. Parameter is pursuing SOC 2 Type II certification.

8.2 Privacy and Subprocessors

Parameter's processing of personal data is governed by its Privacy Policy and, where applicable, a Data Processing Addendum. A current list of subprocessors is available on request. Parameter provides 30 days' notice of new subprocessors when required by the DPA.

8.3 HIPAA

For Customers subject to HIPAA, Parameter will execute a Business Associate Agreement on request. Customers should not transmit Protected Health Information to the Services without a BAA in place.

8.4 Sub-processed AI Providers

The Services use third-party AI providers, including foundation model APIs, to power the testing agents. Customer Data submitted to these providers is handled under data retention and confidentiality terms negotiated by Parameter, including zero data retention configurations where required for compliance.

9. Warranties and Disclaimers

9.1 Mutual

Each party warrants that it has the authority to enter into these Terms.

9.2 Parameter Warranty

Parameter warrants that the Services will be performed in a professional manner consistent with industry standards. Customer's exclusive remedy for breach of this warranty is re-performance of the affected Services.

9.3 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES ARE PROVIDED "AS IS" AND PARAMETER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. PARAMETER DOES NOT WARRANT THAT THE SERVICES WILL IDENTIFY ALL VULNERABILITIES, BE UNINTERRUPTED, OR BE ERROR-FREE. SECURITY TESTING INVOLVES INHERENT RISK, AND CUSTOMER ACKNOWLEDGES THAT NO PENETRATION TEST CAN GUARANTEE COMPLETE SECURITY OR THE ABSENCE OF VULNERABILITIES.

10. Limitation of Liability

EXCEPT FOR (A) CUSTOMER'S PAYMENT OBLIGATIONS, (B) BREACH OF SECTION 3 (CUSTOMER RESPONSIBILITIES), (C) INDEMNIFICATION OBLIGATIONS, (D) BREACH OF CONFIDENTIALITY, AND (E) GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

EXCEPT FOR THE EXCLUSIONS ABOVE, EACH PARTY'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO PARAMETER IN THE TWELVE MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11. Indemnification

11.1 By Parameter

Parameter will defend Customer against any third-party claim alleging that the Services, when used as permitted, infringe a valid U.S. patent, copyright, or trademark, and will pay damages finally awarded or amounts agreed in settlement. If the Services become, or in Parameter's opinion are likely to become, the subject of an infringement claim, Parameter may modify the Services, procure rights for continued use, or terminate the affected Services and refund prepaid unused fees. This Section states Parameter's entire liability for infringement claims.

11.2 By Customer

Customer will defend Parameter against any third-party claim arising from (a) Customer Data, (b) Customer's failure to obtain authorization to test the Targets, (c) Customer's use of the Services in violation of law, or (d) Customer's breach of Section 3, and will pay damages finally awarded or amounts agreed in settlement.

11.3 Procedure

The indemnified party will provide prompt notice of the claim, sole control of defense and settlement (provided no settlement requires admission of liability or payment by the indemnified party without consent), and reasonable cooperation.

12. Term and Termination

12.1 Term

These Terms remain in effect for the duration of any active Order Form. Order Forms renew as specified therein.

12.2 Termination for Cause

Either party may terminate for the other's material breach not cured within 30 days of written notice.

12.3 Effect of Termination

Upon termination, Customer's right to access the Services ends and Customer will pay all fees accrued through the termination date. Parameter will make Customer Data available for export for 30 days after termination, after which Parameter may delete it. Sections that by their nature should survive will survive, including Sections 6, 7, 9.3, 10, 11, and 13.

13. General

13.1 Governing Law and Venue

These Terms are governed by the laws of the State of California, excluding its conflict-of-laws principles. The exclusive venue for any dispute is the state and federal courts located in the City and County of San Francisco, California.

13.2 Publicity

Parameter may identify Customer as a customer and use Customer's name and logo on its website and marketing materials, subject to Customer's brand guidelines. Customer may revoke this right with written notice.

13.3 Assignment

Neither party may assign these Terms without the other's written consent, except that either party may assign to a successor in connection with a merger, acquisition, or sale of substantially all assets.

13.4 Force Majeure

Neither party is liable for delays or failures caused by events beyond its reasonable control.

13.5 Notices

Notices must be in writing and sent to the addresses on the Order Form, with email notice to founders@parameter.ai sufficient for routine matters.

13.6 Entire Agreement

These Terms, together with any Order Form, DPA, BAA, or referenced policies, constitute the entire agreement between the parties and supersede all prior agreements on the subject. In the event of conflict, the order of precedence is: Order Form, DPA or BAA, these Terms.

13.7 Modifications

Parameter may update these Terms from time to time. The version of these Terms in effect on the date the applicable Order Form is signed will govern that Order Form for its term. Updated Terms apply on renewal or upon a new Order Form, and Parameter will provide notice of material changes in advance.

13.8 Independent Contractors

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, or agency.

13.9 No Third-Party Beneficiaries

These Terms do not create any third-party beneficiary rights.

• Anytool Inc. dba Parameter
• San Francisco, California
• founders@parameter.ai
• parameter.ai