These Terms of Service (“Terms”) constitute a legally binding agreement between you (“User,” “you,” or “your”) and vCSO.ai, Inc. (“Company,” “we,” “us,” or “our”) governing your access to and use of the Theodolite platform, accessible at app.theodolite.io, and any associated services, APIs, and documentation (collectively, the “Service”).
By creating an account, accessing, or using the Service, you agree to be bound by these Terms and our Privacy Policy. If you are accepting on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.
If you do not agree to these Terms, do not access or use the Service.
Theodolite is a cybersecurity decision-making platform that provides:
The Service is designed for CISOs, security leaders, board members, and due diligence teams. It is a decision-support tool and does not replace professional cybersecurity judgment.
Current Status: Theodolite is currently in a closed beta program. Access is by invitation only. Additional terms in the Beta Participation Agreement apply to beta participants and supplement these Terms. In the event of a conflict, the Beta Participation Agreement controls during the beta period.
Beta features may be added, modified, or removed at any time without notice. We make no guarantees regarding the availability, performance, or continued existence of any features during the beta period. The Service may contain bugs, errors, and incomplete functionality.
When Theodolite transitions to general availability, these Terms will be updated. Existing users will be notified and asked to accept the updated Terms.
You must create an account to use the Service. You agree to provide accurate, current, and complete information and to keep your account information updated.
You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account. You must notify us immediately at security@vcso.ai if you suspect unauthorized access. We are not liable for losses caused by unauthorized use of your account.
You must be at least 18 years old and have the legal authority to enter into these Terms. During the beta period, access is restricted to invited participants.
Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service for your internal business purposes.
You shall not:
All right, title, and interest in the Service, including all intellectual property rights, patents, trademarks, trade secrets, and copyrights, are and remain the exclusive property of vCSO.ai, Inc. These Terms do not grant you any ownership interest in the Service.
You retain all ownership rights in the data you submit to or process through the Service (“Your Data”). We do not claim ownership of Your Data.
You grant us a limited, non-exclusive license to access, process, store, and display Your Data solely to the extent necessary to provide, maintain, and improve the Service. This license terminates when you delete Your Data or when your account is terminated.
You represent and warrant that:
Our data collection, use, and protection practices are described in our Privacy Policy, which is incorporated into these Terms by reference. For sensitive data discovery, we process data to generate classifications and findings — we do not store the underlying sensitive data itself.
You may export Your Data at any time using the Service's available export features. Upon termination of your account or upon written request, we will delete Your Data within 30 days, except where retention is required by law or for legitimate purposes (such as aggregated, de-identified analytics).
The Service, its features, underlying technology, documentation, non-public APIs, pricing, product roadmap, risk quantification methodologies, FAIR analysis frameworks, and any other non-public information disclosed to you constitute our Confidential Information. You agree to hold it in confidence, not disclose it to third parties, and use it solely for purposes permitted by these Terms.
We treat Your Data and account information as confidential. Our handling of your information is governed by our Privacy Policy.
Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was already known to the receiving party without restriction; (c) is received from a third party without restriction; or (d) is independently developed without reference to confidential information.
If you provide suggestions, ideas, bug reports, feature requests, or other feedback about the Service (“Feedback”), you irrevocably assign to us all right, title, and interest in such Feedback. We may use, modify, and incorporate Feedback into the Service or any other product without restriction, attribution, or compensation. This assignment does not apply to Your Data.
You agree not to use the Service to:
We reserve the right to investigate and take appropriate action, including suspension or termination, for violations of this section.
The Service allows you to connect third-party services, including cloud providers (AWS, Azure, GCP), project management tools (Jira), dark web monitoring services, and vulnerability scanning tools (Nessus, OpenVAS). These integrations are initiated by you and governed by the third party's own terms and policies. We are not responsible for third-party services, their availability, data practices, or any losses arising from their use.
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. WE SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
Important: Security findings, risk quantification outputs (ALE, VaR, breach cost estimates), compliance scores, and all other assessments generated by the Service are provided for informational purposes only. They do not constitute professional cybersecurity advice, legal advice, insurance recommendations, or a guarantee of your security posture. The Service is a decision-support tool — not a substitute for professional judgment. You should not rely on the Service's outputs as the sole basis for any business, security, compliance, legal, or financial decisions.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL vCSO.ai, Inc., ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, BUSINESS INTERRUPTION, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR YOUR USE OF THE SERVICE, REGARDLESS OF THE THEORY OF LIABILITY.
OUR TOTAL AGGREGATE LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNTS YOU HAVE PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED DOLLARS ($100.00 USD).
Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, our liability shall be limited to the maximum extent permitted by law.
You agree to indemnify, defend, and hold harmless vCSO.ai, Inc. and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:
You may terminate your account at any time by contacting us or using the account deletion feature in the Service. Upon termination, your right to access the Service ceases immediately.
We may suspend or terminate your access to the Service at any time, with or without cause, with or without notice. We will endeavor to provide reasonable notice where practicable, except where we believe immediate termination is necessary (such as for violations of Section 9 or a security incident).
Upon termination: (a) your license to use the Service terminates immediately; (b) you must cease all use of the Service; (c) you must delete or destroy all copies of Confidential Information in your possession; (d) we will delete Your Data in accordance with Section 6.5 and our Privacy Policy.
Sections 5.3 (Reservation of Rights), 7 (Confidentiality), 8 (Feedback & IP), 11 (Disclaimers), 12 (Limitation of Liability), 13 (Indemnification), 15 (Governing Law), and 16 (General Provisions) survive any termination or expiration of these Terms.
These Terms shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of laws principles.
Any dispute arising out of or relating to these Terms or the Service shall be resolved exclusively in the state or federal courts located in San Francisco County, California. You consent to the personal jurisdiction of such courts.
Nothing in this section shall prevent either party from seeking injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm pending resolution of a dispute.
These Terms, together with the Privacy Policy and any applicable Beta Participation Agreement, constitute the entire agreement between you and Company regarding the Service and supersede all prior agreements and understandings.
We reserve the right to modify these Terms at any time. We will notify you of material changes by posting the updated Terms on this page, updating the “Effective” date, and providing notice through the Service or by email. Your continued use of the Service after the effective date of any changes constitutes acceptance. If you do not agree with the revised Terms, you must stop using the Service.
If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
The failure of either party to enforce any provision of these Terms shall not constitute a waiver of that provision or the right to enforce it at a later time.
You may not assign or transfer these Terms or any rights hereunder without our prior written consent. We may assign these Terms without restriction, including in connection with a merger, acquisition, or sale of assets.
We may provide notices to you through the Service, by email to the address associated with your account, or by posting on this page. You may provide notices to us at the contact information below.
You acknowledge that clicking “I Accept” or similar acknowledgment constitutes your electronic signature and is legally binding. Your acceptance is logged with a timestamp, agreement version, and device information to create an enforceable audit trail.
Questions about these Terms of Service should be directed to: