Last updated: April 2026
Welcome to CSURFACE Threat Sensor. These Terms of Service (the "Terms") constitute a legally binding agreement between you ("User", "you") and CSURFACE ("we", "us", "CSURFACE"), the entity that owns and operates the CSURFACE Threat Sensor platform, accessible at threatsensor.csurface.io and related services (collectively, the "Platform").
By accessing, creating an account, or using any part of the Platform — including anonymous visitors to the public website, paid subscribers, and API consumers — you represent that you have read, understood, and agree to be bound by these Terms, as well as our Privacy Policy and our Cookie Policy, which are incorporated herein by reference.
If you do not agree to any provision of these Terms, you must not access or use the Platform. Continued use of the Platform after changes to these Terms are posted constitutes your acceptance of those changes.
If you are using the Platform on behalf of an organization, company, or legal entity, you represent that you have the authority to bind such entity to these Terms, and references to "you" will include both you personally and the entity you represent.
You represent that you are at least 18 years of age or the age of legal majority in your jurisdiction, whichever is greater, and that you have full legal capacity to enter into this agreement. The Platform is not intended for minors.
These Terms may be supplemented by additional terms applicable to specific features, subscription plans, or professional services. In case of conflict between these Terms and any supplementary terms, the supplementary terms will prevail only with respect to the specific feature or service to which they apply.
You acknowledge that the dynamic nature of cyber threat intelligence may require frequent updates to these Terms, and agree to periodically review this page to stay informed of any changes.
Acceptance of these Terms creates a contractual relationship between you and CSURFACE, but does not create any partnership, agency, joint venture, employment, or franchise relationship between the parties.
CSURFACE Threat Sensor is a cyber threat intelligence platform that aggregates, normalizes, enriches, and analyzes vulnerability data (CVEs), weaknesses (CWEs), attack patterns (CAPEC), adversary techniques (MITRE ATT&CK), and related intelligence drawn from more than ten public and proprietary sources.
The Platform provides, among other capabilities: evidence-based risk scoring (LEV+), four-tier SSVC decision framework, EPSS scoring, CISA KEV enrichment, detection rules (Suricata, Sigma, Snort, YARA), analytics, global search, an advanced query builder (TQL), configurable alerting, and a REST API for programmatic access.
Data sources include but are not limited to: the National Vulnerability Database (NVD), CISA Known Exploited Vulnerabilities (KEV), the Exploit Prediction Scoring System (EPSS), STIX feeds, public exploit and proof-of-concept repositories, ransomware trackers and, in the future, proprietary telemetry from sensors and honeypots operated by CSURFACE.
CSURFACE reserves the right to add, modify, or remove features, data sources, and integrations at its sole discretion, at any time, in order to improve the Platform, comply with legal obligations, or respond to changes in the threat landscape.
The Platform is intended exclusively for information security professionals, incident response teams, researchers, and organizations with a legitimate interest in threat intelligence for defensive, educational, or research purposes.
Certain features may be restricted to specific geographic regions for legal, regulatory, or operational reasons. All public features are otherwise equally available to every visitor.
The Platform may integrate with third-party services (for example, email providers, payment gateways, notification providers). Use of these third-party services is subject to the terms and privacy policies of the respective providers.
You acknowledge that threat intelligence is, by its nature, incomplete, changeable, and subject to interpretation. The Platform is a decision support tool and does not replace the qualified professional judgment of security analysts.
To access most features of the Platform, you must create a user account by providing accurate, current, and complete information, including a valid email address, a display name, and a password that meets our minimum complexity requirements.
You are solely responsible for maintaining the confidentiality of your access credentials, including your password, two-factor authentication (2FA) secrets, and API keys. Any activity performed through your account will be deemed to have been performed by you.
You agree to immediately notify CSURFACE via [email protected] of any unauthorized use of your account, suspected security breach, or credential compromise. CSURFACE will not be liable for losses arising from your failure to comply with this notification duty.
We strongly recommend that you enable two-factor authentication (2FA) on your account, use strong and unique passwords, do not share credentials with third parties, and periodically review active sessions and API keys linked to your account.
You agree to keep your account information up to date, especially your contact email address, which will be used for service-related communications, security notifications, billing alerts, and legal notices.
It is prohibited to create accounts using false information, on behalf of third parties without authorization, or for the purpose of evading blocks, bans, or usage limits previously imposed by CSURFACE.
Each account is personal and non-transferable. Sharing a single account among multiple individual users or between multiple organizations is prohibited. Organizations requiring multiple access points must subscribe to appropriate plans or contact us for enterprise solutions.
CSURFACE reserves the right to suspend or terminate accounts that remain inactive for extended periods, that violate these Terms, or whose maintenance poses a risk to the security or integrity of the Platform, with reasonable prior notice when practical.
You may request the termination of your account at any time through profile settings or by contacting support. Upon termination, your personal data will be handled as described in our Privacy Policy.
CSURFACE Threat Sensor is provided free of charge, with no paid tiers, no recurring fees, and no distinction between user categories. There are no “Free”, “Pro”, “Business” or equivalent plans; all public features are equally available to every visitor.
CSURFACE reserves the right to adjust Platform availability to ensure operational stability, perform maintenance, or respond to abusive use. Such adjustments will be communicated when practical.
The Platform is provided at no cost. We do not process payments, do not maintain active integrations with payment processors, and do not issue invoices, receipts, or charges under any circumstance. Any communication claiming a charge on behalf of CSURFACE Threat Sensor should be treated as fraudulent.
You agree to use the Platform only for lawful, ethical purposes, and in compliance with these Terms. You are solely responsible for all activities performed through your account or API keys.
You MUST NOT, directly or indirectly:
Violation of any provision of this Section 6 may result in immediate suspension, account termination, reversal of paid features without refund, notification to competent authorities, and the adoption of legal measures, including judicial action for damages.
CSURFACE reserves the right, but not the obligation, to monitor Platform usage in order to detect and prevent violations of these Terms. Such monitoring will be conducted in accordance with our Privacy Policy.
You agree to cooperate with reasonable CSURFACE investigations in case of suspected violation of these Terms, including providing additional information about the use of your account when requested.
CSURFACE Threat Sensor provides a public REST API for programmatic access to vulnerability data, analytics, detection rules, and search features. The API is provided free of charge and with no paid tiers.
CSURFACE may apply reasonable, non-discriminatory technical measures to preserve service stability and prevent abuse (for example, throttling in cases of clearly automated and disproportionate traffic). Such measures do not constitute commercial limits or quotas tied to any subscription.
The API is provided as available (as-is) and CSURFACE reserves the right to modify, add, or remove endpoints, change response formats, or deprecate API versions, with reasonable notice when possible. Breaking changes will be communicated with at least 90 days advance notice when practical.
Use of the API for training artificial intelligence or generative machine learning models requires express authorization from CSURFACE.
The CSURFACE Threat Sensor Platform, including its software, source code, design, interfaces, logos, trademarks, documentation, proprietary algorithms (including the LEV+ model, the customized SSVC framework, and derived enrichments), proprietary databases, and any derivative works, are the exclusive property of CSURFACE and/or its licensors, and are protected by copyright, trademark, trade secret, and other intellectual property laws.
Nothing in these Terms shall be construed as granting you any right, title, or interest in the Platform or CSURFACE's intellectual property rights, except for the limited, non-exclusive, non-transferable, and revocable license to access and use the Platform in compliance with these Terms.
Third-party data used by the Platform (NVD, CVE, CWE, CAPEC, MITRE ATT&CK, EPSS, CISA KEV, etc.) are property of their respective sources and may be subject to their own licenses or terms of use, which you agree to respect.
Detection rules (Suricata, Sigma, Snort, YARA) displayed on the Platform may originate from open source communities and be subject to licenses such as GPL, Apache, MIT, or similar. The Platform displays corresponding attribution when applicable, and you are responsible for complying with the terms of licenses applicable when using such rules.
You retain all rights to the data you provide or create on the Platform, including saved queries, configured alert rules, private annotations, and preferences. These are considered your data (User Data).
You grant CSURFACE a limited, non-exclusive, worldwide, royalty-free license to host, store, process, transmit, and display your User Data solely for the purpose of providing the Platform and related services to you. This license terminates when you delete the data or terminate your account.
CSURFACE may use aggregated and anonymized data derived from Platform usage (for example, statistics of popular queries, usage patterns, performance metrics) for purposes of service improvement, research, and publications, provided that such data cannot reasonably be linked to you or any individual user.
Any feedback, suggestion, idea, or contribution you submit to CSURFACE about the Platform may be used by CSURFACE freely, without any obligation of compensation or attribution, to improve its products and services.
The trademarks "CSURFACE Threat Sensor", "CSURFACE", and associated logos are the exclusive property of CSURFACE. You may not use these marks without prior written authorization, except to refer to the service in a factual and non-misleading manner.
THE PLATFORM AND ALL THREAT INTELLIGENCE INFORMATION, SCORES, ANALYSES, DETECTION RULES, INDICATORS OF COMPROMISE, AND RELATED DATA ARE PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED.
CSURFACE DOES NOT WARRANT the accuracy, completeness, timeliness, reliability, fitness for a particular purpose, absence of errors, or security of the information provided by the Platform. Threat intelligence is, by nature, a dynamic field subject to rapid changes.
Risk scores (including LEV+, SSVC, EPSS), classifications, prioritizations, and analyses produced by the Platform are estimates based on data available at the time of processing and must be interpreted by qualified professionals. They should NOT be used as the sole basis for decision-making in critical contexts.
Detection rules (Suricata, Sigma, Snort, YARA) made available on the Platform may contain false positives, false negatives, or errors. You are responsible for testing, validating, and adjusting these rules to your specific environment before production use.
Data derived from third-party sources (NVD, CISA KEV, EPSS, etc.) may present delays, inconsistencies, or errors relative to the original sources. CSURFACE is not responsible for inaccuracies originating in upstream data sources.
CSURFACE DOES NOT warrant that the Platform will meet all your requirements, that the service will be uninterrupted, timely, secure, or error-free, or that any defects will be corrected. Availability may vary, and scheduled or emergency maintenance may occur.
The Platform is a decision support tool. Ultimate responsibility for assessing, prioritizing, and responding to threats in your environments remains entirely with you and your organization. CSURFACE does not replace professional judgment, security audits, penetration testing, or other necessary security controls.
You acknowledge that security decisions based solely on information from the Platform, without independent verification or additional context, are at your sole responsibility and risk.
To the maximum extent permitted by law, CSURFACE disclaims all warranties, express, implied, statutory, or otherwise, including but not limited to warranties of merchantability, fitness for a particular purpose, title, and non-infringement.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL CSURFACE, ITS DIRECTORS, EMPLOYEES, AFFILIATES, AGENTS, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING, WITHOUT LIMITATION, LOSS OF PROFITS, REVENUES, DATA, BUSINESS OPPORTUNITIES, REPUTATION, OR ANY OTHER INTANGIBLE LOSSES.
Because the Platform is provided free of charge, with no fees of any kind, CSURFACE's total aggregate liability arising out of or related to these Terms or the use of the Platform, regardless of the form of action (contract, tort, negligence, or otherwise), will be limited to $100.00 (one hundred US dollars).
This limitation of liability applies even if CSURFACE has been advised of the possibility of such damages, and even if any limited remedy in this document fails in its essential purpose.
In no event shall CSURFACE be liable for: (a) losses arising from failures in third-party services (cloud infrastructure providers, CDN, etc.); (b) incorrect interpretations or inadequate use of the threat intelligence provided; (c) Platform unavailability due to force majeure events, cyberattacks on CSURFACE's infrastructure or that of its providers; (d) operational, financial, or legal decisions you or your organization make based on Platform information.
Some jurisdictions do not allow the exclusion or limitation of certain damages, so some of the above limitations may not apply to you. In such jurisdictions, CSURFACE's liability will be limited to the maximum extent permitted by law.
You agree to indemnify, defend, and hold harmless CSURFACE, its directors, employees, and agents from any claim, damage, loss, liability, cost, or expense (including reasonable attorneys' fees) arising from: (i) your use or misuse of the Platform; (ii) your violation of these Terms; (iii) your violation of third-party rights; or (iv) your content or data submitted to the Platform.
The limitations and exclusions in this Section reflect a reasonable allocation of risk between the parties and constitute an essential part of the agreement between you and CSURFACE. Without them, the economic terms of this agreement would be substantially different.
These Terms will remain in effect as long as you use the Platform or maintain an active account. You may terminate these Terms at any time, for any reason, by closing your account through profile settings or by contacting [email protected].
Because the Platform is free and open, no account or subscription is required to use it; voluntary "termination" therefore consists of ceasing to access the Platform. Any personal data collected (for example, contact-form submissions) will be handled as described in our Privacy Policy, including deletion or anonymization after applicable retention periods.
CSURFACE may, at its sole discretion, restrict or block access to the Platform for specific visitors, IPs, or agents, with or without prior notice, in case of: (i) material breach of these Terms, especially the Acceptable Use provisions; (ii) reasonable suspicion of fraudulent, abusive, or illegal activity; (iii) court orders or requirements from competent authorities; (iv) risks to the security, integrity, or operation of the Platform.
In cases of serious violations, suspension may be immediate and without prior notice. Minor violations will result in prior notice and a reasonable opportunity to remedy, when appropriate.
CSURFACE may also discontinue the Platform or specific services in their entirety, with at least 90 days prior notice to active users, in case of cessation of operations, strategic decision, or regulatory reasons.
After termination for any reason: (a) all rights granted to you under these Terms will cease immediately; (b) you will stop using the Platform; (c) API keys associated with your account will be revoked; (d) there will be no refund for unused periods, except as expressly provided in the 30-day refund policy or required by law.
The provisions of these Terms that by their nature should survive termination will continue in force after termination, including but not limited to: Intellectual Property, Threat Intelligence Disclaimer, Limitation of Liability, Indemnification, and Governing Law.
You may request a copy of your personal data before termination, in compliance with rights provided under GDPR, LGPD, or other applicable data protection laws. See the Privacy Policy for more details on data subject rights.
CSURFACE reserves the right to modify, update, or replace these Terms at any time, at its sole discretion, to reflect changes in our services, practices, legal requirements, or to better protect our users and the Platform.
When we make material changes to these Terms, we will notify you by email to the address associated with your account, at least 30 days in advance of the effective date of the new conditions. Non-material changes (typo corrections, clarifications, contact address updates) may take effect immediately upon publication on this page.
The date of the last update will always be displayed at the top of this page ("Last updated"). We recommend that you periodically review this page to stay informed of any changes.
Continued use of the Platform after the effective date of material changes constitutes your acceptance of the modified terms. If you do not agree with the changes, you must cease use of the Platform and terminate your account before the effective date.
For paid subscribers, if you reject material changes before their entry into force, you may request a prorated refund for the unused portion of the current paid period, in addition to mandatory free termination.
Changes motivated by legal, regulatory, or judicial requirements may take effect with less prior notice, as necessary to ensure compliance.
Previous versions of these Terms may be made available upon request to [email protected] for historical reference and transparency purposes.
No waiver of any provision of these Terms shall be considered a continuing waiver or waiver of any other provision, and CSURFACE's failure to enforce any right or provision shall not constitute a waiver of such right or provision.
These Terms shall be governed by and construed in accordance with the laws of the Federative Republic of Brazil, without regard to conflict of laws principles.
Any disputes, controversies, or claims arising out of or related to these Terms, use of the Platform, or the relationship between you and CSURFACE shall be submitted to the exclusive jurisdiction of the courts of the Judicial District of [City/State to be defined], Brazil, with express waiver of any other forum, however privileged.
Notwithstanding the foregoing, CSURFACE reserves the right to seek injunctive, preliminary, or enforcement relief in any competent jurisdiction to protect its intellectual property rights, trade secrets, or in case of unauthorized use of the Platform.
For consumer users located in the European Union or the United Kingdom, mandatory statutory rights under local consumer protection legislation will prevail over conflicting provisions of these Terms.
For users located in Brazil who qualify as consumers under the Consumer Protection Code (Law 8.078/1990), mandatory consumer protection provisions will prevail over conflicting clauses of these Terms.
Before initiating any legal action, the parties agree to attempt to resolve disputes in good faith through direct negotiation for a minimum period of 30 days, upon written notice sent to [email protected].
If any provision of these Terms is found to be invalid, illegal, or unenforceable by a competent court, such provision will be reformed to the minimum extent necessary to make it valid and enforceable, and the remaining provisions will remain in full force and effect.
These Terms, together with the Privacy Policy, Cookie Policy, and any applicable supplementary terms, constitute the entire agreement between you and CSURFACE regarding use of the Platform, superseding any previous agreements, oral or written.
For questions, complaints, requests, or legal notices related to these Terms or use of the Platform, you may contact CSURFACE through the following channels:
We will respond to all legitimate requests within a reasonable time, typically within 15 business days. Requests related to data protection rights will have specific deadlines as per the Privacy Policy.
For formal legal notices, including judicial citations and subpoenas, use the address [email protected] or contact CSURFACE at the physical address to be published here after final legal review.