Terms of Service
Plain summary. ZeroExfil is a security platform operated by Olsson Security from Zurich, Switzerland. By creating an account you agree that we will store your account information and the security telemetry collected by your ZeroExfil agents on Microsoft Azure infrastructure that we control. You can stop using the service at any time. We will keep your data for the periods described in our Privacy Policy and Data Processing Addendum, and then delete it.
1. Who we are
The ZeroExfil platform (the "Service") is operated by Olsson Security, Baslerstrasse 77, 8048 Zurich, Switzerland ("Olsson Security", "we", "us"). For data protection questions, contact contact@zeroexfil.com.
2. Acceptance
By creating an account, deploying a ZeroExfil agent, or accessing the portal at security.zeroexfil.com, you ("Customer", "you") accept these Terms of Service and the Privacy Policy and Data Processing Addendum. If you accept these terms on behalf of an organization, you confirm you are authorized to bind that organization.
3. The Service
ZeroExfil is a Data-Centric Endpoint Detection and Response (EDR) service. It includes:
- A web portal for managing detections, alerts, investigations, devices, and users.
- An installable endpoint agent that collects security telemetry from devices you authorize.
- An automated correlation analyst (CORA) that triages alerts and provides verdicts.
- Server-side detection rules, alerting, and response actions.
We may add, change, or remove features. We will not materially reduce the security functionality you rely on without reasonable notice.
4. Accounts and tenants
You must provide an accurate email address and verify it before signing in. Each organization is represented by a "tenant"; users may belong to one or more tenants by invitation or join request. You are responsible for:
- Keeping your password and any API or agent installer keys confidential.
- The actions of users you invite or admit to your tenant.
- Only deploying the agent on devices you have authority to monitor.
5. Acceptable use
You agree not to:
- Use the Service to monitor devices, networks, or individuals you are not authorized to monitor.
- Reverse engineer, resell, or sublicense the Service except as permitted by law.
- Attempt to disrupt the Service, exfiltrate other tenants' data, or probe for vulnerabilities outside a coordinated disclosure agreement with Olsson Security.
- Upload unlawful content or content that infringes third-party rights.
Security research that follows our coordinated disclosure process is welcome. Email contact@zeroexfil.com before testing.
6. Your data
You retain all rights to the data your agents and users send to the Service ("Customer Data"). You grant Olsson Security a limited license to process Customer Data solely to operate, secure, and improve the Service for you, and to meet our legal obligations. The full terms are in our Privacy Policy and Data Processing Addendum, which forms part of these Terms.
7. Data retention
Customer Data is retained as follows:
- Operational data (alerts, investigations, devices, response actions, configuration, and rule state) is retained for 180 days rolling and is visible across the portal during that period.
- Advanced hunting telemetry is queryable in the investigation experience for 30 days from the time it was ingested.
- If your license is in grace period or suspended mode, your data remains available to you for the standard retention windows above. After contract termination or expiration, all Customer Data is permanently and irrecoverably erased no later than 180 days from the termination or expiration date.
Account records (email, tenant membership, audit logs of security-relevant administrative actions) may be retained for longer where required to comply with law or to defend legal claims.
8. Where data is stored
Customer Data is stored on Microsoft Azure infrastructure under accounts operated by Olsson Security. The primary processing region is Microsoft Azure West Europe (Netherlands). Transactional emails are sent through Azure Communication Services. We do not use the Service to send marketing email. Sub-processors and international transfer mechanisms are listed in the Privacy Policy and Data Processing Addendum.
9. Security
We implement administrative, technical, and organisational measures appropriate to the risk, including encryption in transit, encryption at rest provided by Microsoft Azure, role-based access control inside the platform, MFA support for accounts, hashed passwords (bcrypt), and audit logging of security-relevant changes. No security control is absolute; you are responsible for protecting your own credentials and devices.
10. Fees and licensing
Pricing, billing terms, license tiers, grace and suspension behaviour, and renewal terms are set out in the order form, quote, or pricing page applicable to your tenant. If no separate agreement exists, the Service is provided on an evaluation basis and may be discontinued at any time.
11. Confidentiality
Each party will protect the other party's confidential information with at least the same degree of care it uses for its own confidential information, and in no case less than reasonable care. This obligation survives termination.
12. Intellectual property
The Service, including the portal, agent software, detection rules, CORA correlation logic, documentation, and brand, is the property of Olsson Security and its licensors. These Terms do not transfer ownership. You may use the Service only as authorised by these Terms and any applicable order form.
13. Warranties and disclaimers
We will provide the Service with reasonable skill and care. Otherwise the Service is provided "as is" and "as available" without warranties of any kind, whether express or implied, including any implied warranty of merchantability, fitness for a particular purpose, or non-infringement. No security tool can guarantee detection or prevention of every threat. The Service is not a substitute for your own security programme.
14. Limitation of liability
To the maximum extent permitted by law, neither party is liable to the other for any indirect, incidental, special, consequential, or punitive damages, or for lost profits, lost revenue, lost data, or business interruption. Each party's total aggregate liability arising out of or relating to these Terms is limited to the fees paid by Customer to Olsson Security for the Service in the twelve months preceding the event giving rise to the claim, or, where no fees have been paid, to one hundred Swiss francs (CHF 100). Nothing in these Terms limits liability for fraud, wilful misconduct, or any liability that cannot be limited by law.
15. Termination
You may stop using the Service and delete your account at any time by emailing contact@zeroexfil.com. We may suspend or terminate your access if you materially breach these Terms or if continued provision creates a security or legal risk. On termination, the retention rules in section 7 apply.
16. Changes to these Terms
We may update these Terms from time to time. The version and effective date are shown at the top of this page. If a change materially affects your rights, we will give reasonable notice (for example, by email or via the portal) before it takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated Terms.
17. Governing law and forum
These Terms are governed by the substantive laws of Switzerland, excluding its conflict-of-laws rules and the United Nations Convention on Contracts for the International Sale of Goods. The exclusive forum for any dispute arising out of or relating to these Terms or the Service is the competent courts of Zurich, Switzerland, subject to any mandatory consumer protection rights in your jurisdiction.
18. Contact
Olsson Security
Baslerstrasse 77
8048 Zurich, Switzerland
contact@zeroexfil.com