Terms of Service

1. Acceptance of Terms

By creating an account, accessing the website, or using any part of the Service — including the web interface, the REST API, or any automated integrations — you confirm that you have read, understood, and agree to these Terms and our Privacy Policy. These Terms form a legally binding agreement between you and Breach Monitor.

If you are accepting on behalf of an employer or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms.

2. Description of Service

Breach Monitor is a credential security intelligence platform. The Service aggregates data from publicly circulating sources — including data breaches, stealer malware logs (credentials harvested from compromised devices), and credential dumps — and provides a searchable index to allow individuals and organisations to determine whether their credentials appear in any of these sources.

The Service provides:

• Credential search and lookup (web interface and REST API)
• Email monitoring with breach-detection alerts
• Bulk email verification for organisations
• CSV export of search results
• Paid data removal / takedown requests

All data offered through the Service is derived from publicly circulating sources. This includes data from corporate breaches, stealer malware campaigns targeting individual devices, and aggregated credential dumps. We do not verify or validate every individual record, and we make no warranties or guarantees as to the completeness, accuracy, or currency of the information provided.

The Service does not publish, sell, or facilitate access to credential data for any purpose other than security awareness and self-protection. Breach Monitor is not a credit reporting agency and does not provide consumer reports within the meaning of the Fair Credit Reporting Act (FCRA) or equivalent legislation.

3. Eligibility

You must be at least 18 years of age to use the Service. By using the Service you represent and warrant that you are of legal age and have the legal capacity to enter into these Terms.

Use of the Service is permitted only for lawful purposes. You may not use the Service if you are located in a jurisdiction where doing so would be prohibited by law.

4. User Accounts

You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify us immediately at [email protected] if you suspect any unauthorised access.

You may not share your account, API key, or access credentials with third parties unless explicitly permitted by your subscription tier. Each API key is tied to a single account and must not be embedded in publicly accessible code repositories.

We reserve the right to suspend or terminate any account that we determine, in our sole discretion, is in violation of these Terms.

5. Acceptable Use

You agree to use the Service only for lawful purposes. You must not:

• Search for credentials belonging to individuals without their consent, except where you are authorised to perform security assessments on their behalf (e.g., penetration testing with written authorisation)
• Use the Service to facilitate identity theft, fraud, account takeover, or any other criminal activity
• Use data obtained from the Service to evaluate any individual's eligibility for credit, insurance, employment, housing, or any other purpose covered by the Fair Credit Reporting Act (FCRA), the UK Consumer Credit Act, or any equivalent consumer protection legislation in any jurisdiction
• Use data obtained from the Service to send unsolicited communications, spam, or marketing messages in violation of CAN-SPAM, the UK Privacy and Electronic Communications Regulations (PECR), or any equivalent law
• Resell, redistribute, or sublicense data obtained from the Service without prior written consent
• Attempt to circumvent rate limits, authentication controls, or any other technical restrictions
• Scrape or bulk-download data beyond what is permitted by your subscription tier and the API rate limits
• Use the Service to harass, threaten, or harm any individual
• Reverse-engineer, decompile, or attempt to extract the underlying breach database
• Introduce malware, denial-of-service attacks, or any other harmful code or traffic
• Impersonate any person or entity or misrepresent your affiliation with any person or entity

Violations may result in immediate account termination without refund, reporting to law enforcement, and/or civil or criminal liability.

6. Subscriptions & Payments

6.1 Monthly Plans

Paid plans (Starter, Pro, 3-Month) are one-time purchases that grant access for the stated duration. They do not auto-renew. Once the plan period expires, your account reverts to the free tier automatically.

6.2 API Credits

API credit packs are one-time purchases. Credits never expire and are deducted only when rows are downloaded (bulk search results or CSV export). Searching is always free — you only pay for data you download.

6.3 Payments & Refunds

All payments are processed by Stripe. We do not store payment card information. Prices are displayed in USD and are inclusive of any applicable taxes unless otherwise stated.

All purchases are final. Refunds are not provided for partially used subscription periods or consumed API credits, except where required by applicable consumer protection law. If you believe there has been a billing error, contact [email protected] within 7 days of the charge.

Nothing in these Terms affects your statutory rights under the Consumer Rights Act 2015 or any other applicable mandatory consumer protection legislation.

6.4 Right to Cancel — Digital Services (UK / EU)

Under the UK Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 and the EU Consumer Rights Directive, you have the right to cancel a digital service purchase within 14 days without giving a reason.

However, by completing your purchase you expressly request that the Service begins immediately and acknowledge that you lose your 14-day right to cancel once the digital content has been delivered or the service has commenced. This acknowledgement is presented at checkout and forms part of your purchase agreement.

This waiver applies only to subscription plans and credit packs that are activated immediately upon purchase. It does not affect any statutory rights arising from defective or misdescribed services.

6.5 Free Trial

New accounts may receive a limited-time free trial at our discretion. Trial access may be restricted or removed at any time without notice. Trial restrictions apply as described in your account dashboard.

7. API Access

API access is available to active paid subscribers. Your API key is personal and non-transferable. You are responsible for all activity performed using your API key.

You must comply with the following rate limits. Limits are enforced per API key. Circumventing rate limits is a violation of these Terms and may result in immediate suspension without refund.

All rate-limited responses include a Retry-After header. Full rate limit documentation is available at /api-pricing.

Data returned by the API may not be stored in a queryable database and redistributed as a competing or complementary breach search service. Caching search results for internal security tooling within your own organisation is permitted.

8. Intellectual Property

The Service, including its software, design, search infrastructure, and original content, is the property of Breach Monitor and is protected by applicable intellectual property laws. You are granted a limited, non-exclusive, non-transferable licence to access and use the Service for its intended purpose.

The breach data indexed by the Service originates from third-party sources and was previously publicly exposed. We make no copyright claim over this underlying data, but the indexing, search infrastructure, and derived presentation are our intellectual property.

9. Data Removal Requests

If your personal data appears in our index and you wish to have it removed, you may submit a removal request via the Data Removal page. All requests are reviewed by our team before any deletion is carried out.

We process removal requests within 30 days. We may require verification that you are the legitimate owner of the data you are requesting to remove. Removal from our index does not affect copies of the data held by third parties.

Paid expedited removal requests are subject to the same review process as free requests. The additional fee covers priority processing, not a guaranteed outcome.

10. Disclaimers

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.

• We do not warrant that the Service will be uninterrupted, error-free, or free of viruses
• We do not guarantee the completeness, accuracy, or currency of breach data — records may be incomplete, outdated, duplicated, or contain errors introduced at the source
• A positive result does not mean the breach is recent, that the password is still active, or that your account has been compromised. The credential may be from an old or irrelevant breach
• A negative result (no records found) does not guarantee that your credentials have not been compromised or that they do not appear in breaches we have not yet indexed
• We do not warrant that any security measures we implement will prevent unauthorised third-party access to our systems
• The Service is a security awareness tool only — it is not a substitute for professional security assessment or penetration testing

11. Limitation of Liability

To the fullest extent permitted by applicable law, Breach Monitor and its officers, directors, employees, agents, and suppliers shall not be liable for any indirect, incidental, special, consequential, or punitive damages — including loss of profits, data, business, or goodwill — arising out of or in connection with your use of the Service, even if we have been advised of the possibility of such damages.

Our total aggregate liability to you for any claims arising out of or relating to these Terms or the Service shall not exceed the greater of (a) the total amount paid by you to us in the 12 months preceding the claim, or (b) GBP £10.

Nothing in these Terms limits or excludes our liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited under applicable law including the Consumer Rights Act 2015.

12. Indemnification

You agree to indemnify, defend, and hold harmless Breach Monitor and its affiliates, officers, directors, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from your use of the Service, your violation of these Terms, or your violation of any law or the rights of a third party.

13. Termination

You may request deletion of your account at any time by contacting us at [email protected]. Termination does not entitle you to a refund of any prepaid subscription fees or purchased credits.

We may suspend or terminate your account immediately, without prior notice or liability, for any violation of these Terms. Upon termination, your right to access the Service ceases immediately. Provisions of these Terms that by their nature should survive termination will do so, including Sections 5, 8, 10, 11, 12, and 14.

14. Governing Law & Jurisdiction

These Terms are governed by and construed in accordance with the laws of England and Wales. Any disputes arising from these Terms or your use of the Service shall be subject to the exclusive jurisdiction of the courts of England and Wales.

If you are a consumer resident in another jurisdiction, you may also have the right to bring proceedings in the courts of your country of habitual residence. Nothing in this clause affects your mandatory statutory rights as a consumer.

If any provision of these Terms is found by a court of competent jurisdiction to be invalid or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall remain in full force and effect.

15. Force Majeure

We shall not be liable for any delay or failure to perform our obligations under these Terms where such delay or failure results from circumstances beyond our reasonable control, including but not limited to acts of God, war, terrorism, civil unrest, government action, strikes or industrial disputes, infrastructure failures, internet or telecommunications outages, third-party service failures, or natural disasters.

In such circumstances, our obligations will be suspended for the duration of the event. We will use reasonable endeavours to notify you of the cause and expected duration, and to resume performance as soon as practicable.

16. Assignment

You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign these Terms, in whole or in part, in connection with a merger, acquisition, corporate restructuring, or sale of all or substantially all of our assets, without your prior consent.

In the event of such an assignment, we will notify registered users by email or via a prominent notice on the Service. Your continued use of the Service following notification constitutes acceptance of the assignment. If you do not wish to continue using the Service under the new entity, you may terminate your account.

17. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify registered users of material changes via email or a prominent notice on the Service at least 14 days before the changes take effect (except where changes are required by law, in which case they may take effect immediately). Your continued use of the Service after the effective date constitutes acceptance of the revised Terms.

We encourage you to review these Terms periodically. The "Last updated" date at the top of this page indicates when these Terms were last revised. If you do not agree to the revised Terms, you must stop using the Service and may request account deletion.

18. Contact

If you have questions about these Terms, please contact us: