Terms of Service

In these Terms of Service, the following definitions apply:

• "Service" — the Secure Tenant platform, including all web applications, APIs, scanning tools, dashboards, and reports provided by Secure Tenant.
• "Customer" / "You" — the legal entity or individual who registers for and uses the Service.
• "Customer Data" — all data that the Customer provides or makes accessible to Secure Tenant, including Microsoft 365 Tenant Data.
• "Tenant Data" — security configuration data, audit logs, user metadata, and compliance settings retrieved from the Customer's Microsoft 365 environment via read-only OAuth access.
• "Scan" — an automated, read-only assessment of a Microsoft 365 tenant's security posture against industry benchmarks.
• "Health Check" — a free-tier Scan providing a limited security overview.
• "Premium Scan" — a paid Scan providing a comprehensive security audit with full remediation guidance.
• "Credits" — prepaid units that may be used to purchase individual Premium Scans.
• "MSP" (Managed Service Provider) — a Customer who manages multiple Microsoft 365 tenants on behalf of third-party clients.
• "We" / "Us" / "Secure Tenant" — Secure Tenant, registered at the Dutch Chamber of Commerce (KVK) under number 84249242, with its registered address at Diepmeerven 33, 5645KG Eindhoven, the Netherlands.

By creating an account, accessing, or using the Service, you confirm that you have read, understood, and agree to be bound by these Terms. If you are accepting these Terms on behalf of an organization, you represent and warrant that you have the authority to bind that organization. If you do not agree to these Terms, you may not use the Service.

Secure Tenant provides automated security and compliance auditing for Microsoft 365 environments. The Service operates exclusively via read-only OAuth access to the Microsoft Graph API. Secure Tenant does not install agents, require shared passwords, or modify any settings in your Microsoft 365 environment. The Service includes:

• Automated scanning of Microsoft 365 security configurations against industry benchmarks (CIS, ISO 27001, SOC 2).
• Generation of security assessment reports with risk scoring and prioritized remediation guidance.
• A live dashboard for monitoring security posture over time.
• Historical drift tracking and benchmarking (Premium).
• Multi-tenant management capabilities for MSPs (Enterprise).

To use the Service, you must register an account with a valid email address. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must notify us immediately at contact@secure-tenant.com if you become aware of any unauthorized use of your account. Secure Tenant requires you to grant read-only OAuth consent to access your Microsoft 365 tenant. You represent and warrant that you have the administrative authority to grant this consent for each tenant you connect to the Service.

The Free Health Check tier is provided "as is" without any warranty or service level commitment. Secure Tenant reserves the right to modify, limit, or discontinue the free tier at any time without prior notice. Free-tier accounts that remain inactive for more than 12 months may be automatically deleted after a 30-day prior notice via email. Data retention for free-tier scan results is limited to 30 days.

Subject to your compliance with these Terms, Secure Tenant grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Service for your internal business purposes. You may not: (a) sublicense, sell, resell, or distribute the Service (except as explicitly permitted under an MSP Enterprise agreement); (b) modify, reverse engineer, decompile, or disassemble the Service or its scanning algorithms; (c) use the Service to build a competing product; (d) access the Service through automated means beyond the provided API, or circumvent any rate limits or access controls.

The Service, including all software, algorithms, scanning methodologies, user interface designs, and documentation, is and remains the exclusive property of Secure Tenant. Customer Data remains the Customer's property at all times. Scan results generated by the Service are owned by the Customer. Secure Tenant may use aggregated, anonymized data derived from the Service for product improvement, benchmarking, and research purposes, provided such data cannot be used to identify any individual Customer or their tenant.

You retain all rights, title, and interest in your Customer Data. You grant Secure Tenant a limited license to process your Customer Data solely as necessary to provide the Service. Secure Tenant processes Microsoft 365 Tenant Data on your behalf as a data processor. The details of this processing are governed by our Data Processing Agreement (DPA), which forms an integral part of these Terms. You are responsible for ensuring that you have the necessary rights and legal basis to provide Customer Data to Secure Tenant and to authorize the processing described in the DPA.

Each party agrees to treat as confidential all non-public information disclosed by the other party in connection with the Service ("Confidential Information"). This includes, without limitation, Customer Data, scan results, business plans, and technical information. Neither party shall disclose Confidential Information to any third party without the prior written consent of the disclosing party, except as required by law or as necessary to provide the Service (e.g., to sub-processors bound by equivalent confidentiality obligations). These confidentiality obligations survive termination of these Terms for a period of three (3) years.

Secure Tenant represents and warrants that: (a) the Service will perform materially as described in our documentation; (b) we will comply with applicable laws in providing the Service; (c) we will implement appropriate technical and organizational security measures.

• You represent and warrant that: (a) you have the legal authority to enter into these Terms; (b) you have the administrative authority to grant OAuth access to each Microsoft 365 tenant you connect; (c) you own or have the necessary rights to the Customer Data you provide; (d) your use of the Service will comply with all applicable laws and these Terms.

THIS IS A CRITICAL CLAUSE. THE SERVICE PROVIDES AUTOMATED SECURITY ASSESSMENTS FOR INFORMATIONAL PURPOSES ONLY. YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT:

• No automated scanning tool can detect 100% of security misconfigurations, vulnerabilities, or compliance gaps.
• Scan results and recommendations do not constitute professional security consulting, legal advice, or a guarantee of security.
• Following the Service's recommendations does not guarantee the prevention of security breaches or incidents.
• The Service is a tool to assist your security efforts, not a replacement for professional security judgment, penetration testing, or comprehensive security programs.
• You are solely responsible for evaluating and implementing any recommendations provided by the Service.
• Secure Tenant does not guarantee that your Microsoft 365 environment is or will become compliant with any particular standard or regulation as a result of using the Service.

The Service operates exclusively in read-only mode via the Microsoft Graph API. Secure Tenant cannot and does not modify, alter, delete, or write any data or configurations in your Microsoft 365 environment. You are solely responsible for implementing any configuration changes recommended by the Service. Secure Tenant bears no liability for any consequences arising from your implementation or non-implementation of recommended changes.

Secure Tenant may modify these Terms at any time. For material changes, we will provide at least 30 days' notice via email or through the Service. Your continued use of the Service after the effective date of any modifications constitutes acceptance of the modified Terms. If you do not agree to the modified Terms, you may terminate your account before they take effect.

These Terms are governed by and construed in accordance with the laws of the Netherlands, without regard to its conflict of laws provisions. Any disputes arising from or in connection with these Terms shall be submitted to the exclusive jurisdiction of the competent court in Oost-Brabant, the Netherlands. In the event of any discrepancy between the English and Dutch versions of these Terms, the English version shall prevail.

Neither party shall be liable for any failure or delay in performance resulting from circumstances beyond its reasonable control, including but not limited to: natural disasters, war, terrorism, pandemic, government actions, internet or telecommunications failures, power outages, and changes to the Microsoft Graph API, Microsoft 365 platform, or Microsoft's OAuth consent framework that affect the Service's ability to function as intended.

• Severability: If any provision of these Terms is held to be unenforceable, the remaining provisions shall continue in full force and effect.
• Entire Agreement: These Terms, together with the DPA, Privacy Policy, Acceptable Use Policy, and any applicable order forms, constitute the entire agreement between the parties.
• Assignment: You may not assign or transfer these Terms without Secure Tenant's prior written consent. Secure Tenant may assign these Terms in connection with a merger, acquisition, or sale of assets.
• No Waiver: Failure by either party to enforce any right or provision shall not constitute a waiver of that right or provision.
• Notices: All notices shall be sent via email. Notices to Secure Tenant shall be sent to contact@secure-tenant.com. Notices to you shall be sent to the email address associated with your account.
• Export Compliance: You agree to comply with all applicable export and import laws and regulations.

For questions about these Terms, contact us at:

• Secure Tenant
• KVK: 84249242
• Address: Diepmeerven 33, 5645KG Eindhoven, Netherlands
• Email: contact@secure-tenant.com