Terms of Service

1. Introduction and Scope

1.1 Agreement. These Terms of Service (the "Terms") govern access to and use of the Services provided by Kantoku Pte. Ltd. ("Kantoku", "Company", "we", "us", or "our").

1.2 Scope of Services. For purposes of these Terms, the "Services" include the software, platform, APIs, modules, and related services made available by Kantoku, including the Kantoku Platform and Superviso.

1.3 Binding Agreement. By accessing or using the Services, or by executing an order form, subscription, or other document that incorporates these Terms, the Customer agrees to be bound by the Agreement.

1.4 Customer Representation. If an individual accepts the Agreement or uses the Services on behalf of a legal entity or organization, that individual represents and warrants that they have authority to bind that entity or organization to the Agreement.

1.5 Agreement Components. The "Agreement" consists of these Terms together with any applicable order form, pricing plan, supplemental terms, the Privacy Policy, and, where applicable, the Data Processing Agreement ("DPA"). These Terms should be read together with the Definitions document, and defined terms have the meaning given to them in the Definitions document unless expressly stated otherwise in these Terms. In the event of a conflict, the following order of precedence applies unless expressly stated otherwise in the applicable document:

1. the order form or other signed commercial agreement;
2. the DPA, solely with respect to Personal Data processing;
3. these Terms; and
4. the Privacy Policy.

1.6 Eligibility. The Services may be used by individuals, legal entities, and organizations. If an individual uses the Services on their own behalf, that individual is the Customer for purposes of the Agreement. If an individual accesses or uses the Services on behalf of a legal entity or organization, that entity or organization is the Customer.

1.7 Changes to the Services or Terms. Kantoku may modify the Services or these Terms from time to time. If Kantoku makes a material change to these Terms, Kantoku will provide notice by reasonable means. Continued use of the Services after the effective date of the updated Terms constitutes acceptance of the updated Terms. Material changes to these Terms will not apply retroactively. For paid Subscriptions, material changes will apply from the next renewal term or billing period, unless the change is required for legal, security, or operational reasons or the Customer accepts the updated Terms earlier.

2. Services

2.1 Provision of Services. Subject to the Agreement, Kantoku grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the applicable Subscription term to access and use the Services for the Customer's internal business purposes.

2.2 Service Changes. Kantoku may update, enhance, modify, or discontinue features or functionality of the Services from time to time, provided that Kantoku does not materially reduce the core functionality of the Services purchased by the Customer during the applicable Subscription term, except where such change is required for security, legal, or technical reasons.

2.3 Third-Party Services and Integrations. The Services may interoperate with or include integrations with third-party services, products, content, or websites. Kantoku is not responsible for third-party services and does not warrant or guarantee their availability, security, accuracy, or performance.

2.4 Availability. Kantoku will use commercially reasonable efforts to make the Services available, subject to scheduled maintenance, emergency maintenance, technical issues, force majeure events, and other circumstances beyond Kantoku's reasonable control.

2.5 Beta, Trial, or Preview Features. Kantoku may make beta, trial, early-access, or preview features available from time to time. Unless otherwise expressly stated, such features are provided "as is" and may be modified, suspended, or discontinued at any time without liability.

2.6 Suspension for Operational or Security Reasons. Kantoku may temporarily suspend access to all or part of the Services if reasonably necessary to prevent harm to the Services, address security or integrity concerns, comply with Applicable Law, or respond to misuse of the Services.

3. Accounts and Authorized Use

3.1 Accounts. Access to the Services may require the creation of an Account. The Customer is responsible for ensuring that Account information is accurate, complete, and kept up to date.

3.2 Authorized Users. The Customer may permit its Authorized Users to access and use the Services solely on the Customer's behalf and in accordance with the Agreement. The Customer is responsible for its Authorized Users' compliance with the Agreement.

3.3 Credentials. The Customer is responsible for maintaining the confidentiality and security of Credentials and for all activities occurring under its Accounts, except to the extent caused by Kantoku's breach of the Agreement.

3.4 Unauthorized Access. The Customer shall promptly notify Kantoku of any known or reasonably suspected unauthorized access to Accounts or Credentials or any other security incident affecting the Customer's use of the Services.

3.5 Account Control. Kantoku may require the Customer to designate one or more administrative users with authority to manage the Customer's Accounts and Authorized Users. The Customer is responsible for actions taken by its administrative users within the Services.

3.6 Service Identifiers and Subdomains. Kantoku may make available account names, workspace names, tenant identifiers, subdomains, URLs, or similar service identifiers for use with the Services. Such identifiers are provided for operational convenience only and do not create any ownership, trademark, domain name, or other proprietary rights in favour of the Customer.

Kantoku may reject, reserve, suspend, modify, reassign, or require the Customer to change any service identifier, including any subdomain made available through the Services, if Kantoku reasonably determines that doing so is necessary to address legal, security, operational, abuse, service integrity, reputational, naming policy, reserved name, or legitimate business concerns. The Customer shall promptly cooperate with any reasonable request by Kantoku to change or migrate from a service identifier.

4. Customer Responsibilities

4.1 Lawful Use. The Customer shall use the Services only in accordance with the Agreement and Applicable Law.

4.2 Responsibility for Customer Data. The Customer is responsible for the accuracy, quality, legality, and means by which it acquires and provides Customer Data to Kantoku, and for ensuring that its use of the Services and provision of Customer Data comply with the Agreement and Applicable Law.

4.3 Responsibility for Users. The Customer is responsible for ensuring that its Users and Authorized Users comply with the Agreement and for all acts and omissions of such users in connection with the Services.

4.4 Prohibited Conduct. The Customer shall not, and shall not permit any User or third party to:

1. access or use the Services in violation of Applicable Law;
2. interfere with or disrupt the integrity, security, or performance of the Services;
3. attempt to gain unauthorized access to the Services or related systems or networks;
4. use the Services to store, transmit, or process unlawful, infringing, fraudulent, or malicious content;
5. reverse engineer, decompile, disassemble, copy, or create derivative works of the Services, except to the extent such restriction is prohibited by Applicable Law;
6. use the Services to develop, benchmark, or provide a competing product or service without Kantoku's prior written consent; or
7. misuse any API, including by exceeding reasonable technical limits, circumventing access controls, or using the API other than in accordance with Kantoku's applicable documentation;
8. use the Services to perform unauthorized scanning, probing, monitoring, testing, enumeration, or assessment of domains, IP addresses, systems, networks, accounts, or assets; or
9. register, use, or attempt to use any account name, workspace name, tenant identifier, subdomain, URL, or other service identifier in a manner that is unlawful, misleading, infringing, impersonating, abusive, or inconsistent with Kantoku's naming policies or reasonable instructions.

4.5 Customer Systems and Integrations. The Customer is responsible for the systems, devices, networks, configurations, and third-party services it uses with or in connection with the Services, including the lawfulness and security of any integrations enabled by the Customer.

4.6 Scanning and Asset Authorization. If the Customer uses any asset discovery, attack surface monitoring, port scanning, vulnerability identification, or similar functionality made available through the Services, the Customer represents and warrants that it owns, controls, or has obtained all necessary authorization to scan, monitor, assess, or otherwise interact with the relevant domains, IP addresses, systems, networks, cloud accounts, or other assets.

Kantoku may suspend or terminate access to the Services if it reasonably believes that the Customer or any User has used the Services for unauthorized scanning, probing, monitoring, testing, or similar activity. In such cases, Fees are non-refundable to the maximum extent permitted by Applicable Law.

4.7 Cooperation. The Customer shall provide reasonable cooperation and information as may be necessary for Kantoku to provide, secure, support, or maintain the Services.

5. Data Ownership and Usage Rights

5.1 Customer Data. As between Kantoku and the Customer, the Customer retains all right, title, and interest in and to Customer Data.

5.2 Customer Control of Customer Data. The Customer determines the Customer Data submitted to the Services and remains responsible for its content, accuracy, legality, and use, except to the extent expressly stated otherwise in the Agreement.

5.3 Limited Rights Granted to Kantoku. The Customer grants Kantoku a non-exclusive, worldwide, limited right to host, copy, transmit, process, and otherwise use Customer Data solely to the extent necessary to provide, operate, maintain, support, secure, and improve the Services, provided that any use of Personal Data is subject to the DPA where applicable, and to comply with Applicable Law or perform Kantoku's obligations or exercise its rights under the Agreement.

5.4 No Sale or Unauthorised Use of Customer Data. Kantoku shall not sell Customer Data and shall not access, use, or disclose Customer Data except:

1. as necessary to provide, maintain, support, secure, and improve the Services;
2. as instructed or authorized by the Customer through the Services or under the Agreement; or
3. as required by Applicable Law.

5.5 Service Data. Kantoku retains all right, title, and interest in and to Service Data. Kantoku may collect, generate, use, and analyze Service Data for legitimate business purposes related to the operation, administration, protection, support, analytics, and improvement of the Services, provided that such use complies with Applicable Law.

5.6 Aggregated or De-Identified Data. Kantoku may create and use aggregated or de-identified data derived from Customer Data or use of the Services, provided that such data does not identify the Customer, any User, or any individual, and cannot reasonably be used to do so. Kantoku may use such aggregated or de-identified data for analytics, security, product improvement, benchmarking, and business operations, in each case in compliance with Applicable Law.

5.7 No Transfer of Ownership. Except for the limited rights expressly granted in the Agreement, no rights or ownership interests in Customer Data are transferred to Kantoku.

6. Fees and Payment

6.1 Fees. The Customer shall pay all Fees applicable to its Subscription or use of the Services, as specified in the applicable order form, pricing plan, invoice, or other commercial agreement.

6.2 Billing. Fees are payable in accordance with the billing terms specified at the time of purchase or in the applicable order form, pricing plan, invoice, or commercial agreement.

6.3 Taxes. Fees are exclusive of all taxes, duties, levies, withholding taxes, and similar governmental charges, unless expressly stated otherwise. The Customer is responsible for all such charges associated with its purchase or use of the Services, other than taxes based on Kantoku's net income. If the Customer is required by Applicable Law to withhold or deduct any amount from a payment to Kantoku, the Customer shall increase the payment as necessary so that Kantoku receives the amount it would have received without such withholding or deduction, unless such gross-up is prohibited by Applicable Law.

6.4 Changes to Fees. Kantoku may change Fees or introduce new charges by providing reasonable notice to the Customer. Fee changes will not apply retroactively and will apply only from the next renewal term or billing period, unless otherwise agreed.

6.5 Late Payment. If any Fees are overdue, Kantoku may, after providing reasonable notice, suspend access to the Services until the overdue amounts are paid. Suspension for non-payment does not relieve the Customer of its obligation to pay outstanding Fees.

6.6 Refunds. Unless otherwise stated in the applicable order form, pricing plan, or required by Applicable Law, Fees are non-refundable.

7. Confidentiality

7.1 Confidential Information. "Confidential Information" means non-public information disclosed by one party to the other party in connection with the Agreement that is identified as confidential or that should reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure.

7.2 Exclusions. Confidential Information does not include information that the receiving party can demonstrate:

1. is or becomes publicly available without breach of the Agreement;
2. was lawfully known to the receiving party before disclosure;
3. is lawfully received from a third party without breach of any confidentiality obligation; or
4. is independently developed without use of or reference to the disclosing party's Confidential Information.

7.3 Protection of Confidential Information. The receiving party shall use reasonable care to protect the disclosing party's Confidential Information from unauthorized access, use, or disclosure, and shall not use or disclose such Confidential Information except as necessary to perform or exercise rights under the Agreement or as otherwise permitted by the Agreement.

7.4 Permitted Disclosures. The receiving party may disclose Confidential Information to its employees, contractors, professional advisers, affiliates, and service providers who need to know such information for purposes related to the Agreement and who are subject to confidentiality obligations no less protective than those in this Section.

7.5 Required Disclosure. The receiving party may disclose Confidential Information if required by Applicable Law, court order, or governmental authority, provided that, where legally permitted, it gives the disclosing party reasonable notice and cooperates with reasonable efforts to limit the scope of disclosure.

7.6 Survival. The confidentiality obligations in this Section survive termination of the Agreement for as long as the relevant information remains Confidential Information.

8. Privacy and Data Processing

8.1 Privacy Policy. Kantoku's collection and use of Personal Data in connection with the Services is described in the Privacy Policy.

8.2 Data Processing Agreement. Where Kantoku processes Personal Data on behalf of a Customer as a Processor, such processing is governed by the DPA, unless the parties have entered into another written data processing agreement signed or expressly accepted by Kantoku that expressly supersedes the DPA.

8.3 Customer Instructions. To the extent Kantoku acts as a Processor, the Customer is responsible for ensuring that its instructions to Kantoku comply with Applicable Law.

8.4 Customer Role. The Customer is responsible for determining whether and how it may collect, use, disclose, retain, or otherwise process Personal Data through the Services, including obtaining any required notices, consents, authorizations, or legal bases.

8.5 Subprocessors. The Customer authorizes Kantoku to engage Subprocessors in connection with the provision of the Services, subject to the terms of the DPA where applicable.

8.6 Security Measures. Kantoku shall implement reasonable technical and organizational measures designed to protect Personal Data processed through the Services, taking into account the nature of the Services, the risks presented by the processing, and Applicable Law.

8.7 No Expansion of Rights. Nothing in this Section expands Kantoku's rights to process Personal Data beyond what is permitted under the Agreement, the DPA, or Applicable Law.

9. Intellectual Property

9.1 Kantoku Ownership. Kantoku and its licensors retain all right, title, and interest in and to the Services, including the Platform, Superviso, APIs, software, documentation, technology, designs, workflows, know-how, and all related intellectual property rights.

9.2 Customer Rights. Subject to the Agreement, Kantoku grants the Customer the limited right to access and use the Services during the applicable Subscription term. No rights are granted except as expressly stated in the Agreement.

9.3 Restrictions. The Customer shall not, and shall not permit any User or third party to copy, modify, distribute, sell, lease, sublicense, reverse engineer, decompile, disassemble, or create derivative works of the Services, except to the extent such restriction is prohibited by Applicable Law.

9.4 Feedback. If the Customer or any User provides suggestions, comments, or feedback regarding the Services ("Feedback"), Kantoku may use such Feedback without restriction or obligation, provided that such Feedback does not include Customer Data or Personal Data.

10. Warranties and Disclaimers

10.1 Mutual Authority. Each party represents that it has the legal power and authority to enter into the Agreement.

10.2 Customer Warranty. The Customer represents and warrants that it has all rights, permissions, and authorizations necessary to provide Customer Data to Kantoku and to permit Kantoku to process Customer Data in accordance with the Agreement.

10.3 Disclaimer. Except as expressly stated in the Agreement, the Services are provided on an "as is" and "as available" basis. To the maximum extent permitted by Applicable Law, Kantoku disclaims all warranties, conditions, and representations, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, availability, accuracy, and uninterrupted or error-free operation.

10.4 No Guarantee. Kantoku does not warrant that the Services will meet the Customer's specific requirements, operate without interruption, be error-free, or produce complete, accurate, or sufficient outputs for the Customer's legal, regulatory, security, audit, or compliance objectives.

10.5 No Compliance, Audit, or Security Outcome Guarantee. The Services may include tools, workflows, reports, monitoring capabilities, documentation features, or other functionality designed to support governance, risk, compliance, security, audit, or assurance activities. The Customer remains solely responsible for determining whether its use of the Services, internal controls, policies, procedures, evidence, configurations, monitoring scope, remediation activities, and operations satisfy any applicable legal, regulatory, contractual, audit, certification, or compliance requirements. Kantoku does not guarantee that use of the Services will result in compliance with any law, regulation, standard, framework, certification, audit requirement, or customer requirement, that any monitoring capability will detect all assets, exposures, vulnerabilities, misconfigurations, or risks, or that the Customer will pass any audit, assessment, certification, or review.

11. Suspension and Termination

11.1 Suspension. Kantoku may suspend the Customer's or any User's access to all or part of the Services if Kantoku reasonably determines that:

1. the Customer or User has materially breached the Agreement;
2. suspension is necessary to prevent harm to the Services, Kantoku, the Customer, other customers, or third parties;
3. suspension is necessary to address security, integrity, legal, or compliance concerns;
4. Fees are overdue, subject to Section 6.5; or
5. suspension is required by Applicable Law.

11.2 Notice of Suspension. Where reasonably practicable and legally permitted, Kantoku will provide notice of suspension and an opportunity to resolve the issue. Kantoku may suspend access immediately if necessary to address urgent security, legal, or operational risks.

11.3 Termination by Customer. The Customer may terminate its Subscription in accordance with the applicable order form, pricing plan, or subscription terms.

11.4 Termination for Cause. Either party may terminate the Agreement if the other party materially breaches the Agreement and fails to cure the breach within thirty (30) days after receiving written notice of the breach.

11.5 Effect of Termination. Upon termination or expiry of the Agreement:

1. the Customer's right to access and use the Services ceases;
2. the Customer remains responsible for all Fees incurred before termination or expiry;
3. each party shall return or delete the other party's Confidential Information as required by the Agreement, except where retention is required by Applicable Law or reasonable backup, archival, security, or compliance processes; and
4. Kantoku will handle Customer Data in accordance with the Agreement, the DPA where applicable, and Applicable Law.

11.6 Survival. Any provisions that by their nature should survive termination shall survive, including provisions relating to Fees, confidentiality, data rights, intellectual property, disclaimers, limitation of liability, indemnity, governing law, and dispute resolution.

12. Limitation of Liability

12.1 Liability Cap. To the maximum extent permitted by Applicable Law, each party's total aggregate liability arising out of or relating to the Agreement shall not exceed the Fees paid or payable by the Customer to Kantoku for the Services giving rise to the claim during the twelve (12) months immediately preceding the event giving rise to the liability.

12.2 Exclusion of Indirect Damages. To the maximum extent permitted by Applicable Law, neither party shall be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, or for any loss of profits, revenue, goodwill, business opportunity, anticipated savings, data, or business interruption, whether based in contract, tort, negligence, strict liability, or any other legal theory, even if advised of the possibility of such damages.

12.3 Exceptions. Nothing in the Agreement limits or excludes liability to the extent such limitation or exclusion is prohibited by Applicable Law.

12.4 Essential Basis. The limitations and exclusions in this Section form an essential basis of the Agreement and apply even if any limited remedy fails of its essential purpose.

12.5 Free, Trial, Beta, Preview, or Unpaid Use. To the maximum extent permitted by Applicable Law, Kantoku shall have no liability arising out of or relating to any free, trial, beta, preview, or unpaid use of the Services. If liability cannot be excluded under Applicable Law, Kantoku's total aggregate liability for all claims arising out of or relating to all free, trial, beta, preview, or unpaid use of the Services shall not exceed SGD 100 in total.

13. Indemnity

13.1 Customer Indemnity. The Customer shall defend, indemnify, and hold harmless Kantoku, its officers, directors, employees, contractors, and affiliates from and against any third-party claims, damages, liabilities, penalties, costs, and expenses, including reasonable legal fees, arising out of or relating to:

1. Customer Data;
2. the Customer's or its Users' breach of the Agreement;
3. the Customer's or its Users' violation of Applicable Law;
4. the Customer's or its Users' misuse of the Services; or
5. the Customer's systems, integrations, or third-party services used with the Services.

13.2 Indemnity Procedure. Kantoku shall provide the Customer with prompt notice of any claim for which indemnity is sought, provide reasonable cooperation, and allow the Customer to control the defense and settlement of the claim, provided that the Customer may not settle any claim in a manner that imposes liability or obligations on Kantoku without Kantoku's prior written consent.

13.3 Kantoku IP Indemnity. Kantoku shall defend the Customer against any third-party claim alleging that the Services, as provided by Kantoku and used by the Customer in accordance with the Agreement, infringe that third party's intellectual property rights, and shall indemnify the Customer against damages, costs, and expenses finally awarded by a court of competent jurisdiction or agreed in a settlement approved by Kantoku. This Section 13.3 applies only to paid Subscriptions and does not apply to free, trial, beta, preview, or unpaid use of the Services.

If the Services become, or in Kantoku's reasonable opinion are likely to become, the subject of such a claim, Kantoku may, at its option:

1. procure the right for the Customer to continue using the affected Services;
2. modify the affected Services so they are no longer infringing;
3. replace the affected Services with substantially equivalent functionality; or
4. terminate the affected Services and provide a prorated refund of prepaid unused Fees for the terminated portion.

13.4 Exclusions from Kantoku IP Indemnity. Kantoku has no obligation under Section 13.3 for claims arising from:

1. Customer Data;
2. use of the Services in breach of the Agreement;
3. modification of the Services not made by Kantoku;
4. combination of the Services with systems, software, data, or services not provided by Kantoku, where the claim would not have arisen but for such combination; or
5. use of the Services after Kantoku has provided notice to stop using the affected Services.

14. Governing Law and Dispute Resolution

14.1 Governing Law. The Agreement and any dispute, claim, or controversy arising out of or relating to the Agreement, the Services, or any related matter shall be governed by and construed in accordance with the laws of Singapore, without regard to conflict of law principles.

14.2 Good Faith Resolution. Before commencing formal proceedings, the parties shall first attempt in good faith to resolve any dispute arising out of or relating to the Agreement through discussions between authorized representatives of each party.

14.3 Courts of Singapore. If the parties are unable to resolve the dispute within thirty (30) days after written notice of the dispute, either party may bring proceedings before the courts of Singapore. The parties submit to the exclusive jurisdiction of the courts of Singapore for any dispute arising out of or relating to the Agreement.

14.4 Injunctive Relief. Nothing in this Section prevents either party from seeking urgent injunctive, equitable, or other interim relief from a court of competent jurisdiction where necessary to protect its rights, confidential information, intellectual property, systems, data, or the security and integrity of the Services.

15. General

15.1 Notices. Kantoku may provide notices to the Customer by email, through the Services, or by other reasonable means. Notices to Kantoku must be sent by email to legal@kantoku.io, unless Kantoku designates another address for legal notices.

15.2 Assignment. The Customer may not assign or transfer the Agreement without Kantoku's prior written consent, except where such restriction is prohibited by Applicable Law. Kantoku may assign or transfer the Agreement in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.

15.3 Force Majeure. Neither party shall be liable for any delay or failure to perform its obligations under the Agreement, except payment obligations, to the extent caused by events beyond its reasonable control, including natural disasters, acts of government, war, terrorism, civil unrest, labour disputes, internet or telecommunications failures, cloud provider outages, or other events of force majeure.

15.4 Export Control and Sanctions. The Customer shall not access or use the Services in violation of applicable export control, sanctions, or trade restriction laws, or make the Services available to any person or entity that is subject to such restrictions.

15.5 Severability. If any provision of the Agreement is held to be invalid, unlawful, or unenforceable, the remaining provisions shall remain in full force and effect, and the invalid, unlawful, or unenforceable provision shall be interpreted or replaced to the extent necessary to give effect to the parties' original intent.

15.6 Waiver. A failure or delay by either party to exercise any right or remedy under the Agreement shall not constitute a waiver of that right or remedy. A waiver must be in writing and shall apply only to the specific instance for which it is given.

15.7 Independent Contractors. The parties are independent contractors. Nothing in the Agreement creates any partnership, joint venture, agency, fiduciary, or employment relationship between the parties.

15.8 No Third-Party Beneficiaries. Except as expressly stated in the Agreement, the Agreement does not confer any rights or remedies on any third party.

15.9 Entire Agreement. The Agreement constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior or contemporaneous agreements, understandings, communications, or representations, whether written or oral, regarding that subject matter.

15.10 Amendments. Kantoku may update these Terms in accordance with Section 1.7. Any amendment to an order form, DPA, or other signed written agreement must be made in writing or by another method expressly permitted by that document.

15.11 Interpretation. Headings are for convenience only and do not affect interpretation. Words such as "including" mean "including without limitation." References to laws include amendments, replacements, and successor legislation.