Terms of Service

Last Updated: May 1, 2026

1. Acceptance of Terms

By submitting a request for service through blackboxauditor.com, or by receiving and using login credentials to the BlackBox Auditor platform, you ("Customer") agree to be bound by these Terms of Service on behalf of yourself and any organization you represent. If you do not agree to these Terms, do not request or use the service.

2. The Service

BlackBox Auditor provides automated, read-only collection of AWS environment metadata and delivery of HTML-formatted audit evidence reports ("Reports"). The service is a technical evidence-gathering tool intended to assist in the audit and compliance process.

Reports are not:

  • Legal advice
  • Professional auditing or attestation services
  • A certification, validation, or guarantee of compliance with any framework including SOC 2, PCI DSS, HIPAA, ISO 27001, or any other standard
  • A substitute for the professional judgment of a licensed auditor or attorney

3. Authorized Use and Customer Responsibilities

3.1 Authorization to Access

Customer warrants that before initiating any connection or scan, they have obtained explicit written authorization from the owner of the AWS account being accessed. If Customer is an external auditor, consultant, or third party using this service on behalf of a client, Customer is solely responsible for ensuring appropriate authorization is in place.

3.2 IAM Role Management

Customer is solely responsible for the creation, configuration, and deletion of the AWS Cross-Account IAM Role used to grant access to the service. BlackBox Auditor does not store IAM Role ARNs, External IDs, or AWS Account IDs after a connection is established. Customer may revoke access at any time by deleting or modifying the trust policy of the IAM role in their own AWS account.

3.3 Accuracy and Verification

While BlackBox Auditor strives for technical accuracy, Customer is responsible for reviewing and verifying all findings and evidence before presenting them to clients, third parties, auditors, or regulatory bodies.

3.4 Acceptable Use

Customer agrees not to:

  • Use the service to access any AWS account for which they do not have explicit written authorization
  • Attempt to exceed the permissions granted by the configured IAM role
  • Resell, sublicense, or provide access to the platform to third parties without a separate written reseller agreement with BlackBox Auditor
  • Use the service for any unlawful purpose or in violation of any applicable law

4. Free Trial

BlackBox Auditor may offer a free trial period of up to 30 days ("Trial"). During the Trial:

  • Access is limited to the AWS RoleScan and Inventory & Boundary Scan tools
  • All other provisions of these Terms apply in full
  • No payment is required and no payment information is collected during the Trial
  • At the end of the Trial period, access will be suspended unless Customer upgrades to a paid subscription
  • Trial duration may be extended or modified at BlackBox Auditor's sole discretion

5. Subscription and Payment

5.1 Fees

Subscription fees are as communicated at the time of sign-up or as otherwise agreed in writing. Fees are due in advance of each billing period.

5.2 Non-Payment

If payment is not received within 10 days of the due date, BlackBox Auditor reserves the right to suspend access until payment is made.

5.3 No Refunds

Fees paid are non-refundable except as required by applicable law or as expressly agreed in writing.

6. Data Ownership and Retention

6.1 Your Data

Customer retains ownership of all AWS environment metadata and Reports generated through the service.

6.2 License to Operate

Customer grants BlackBox Auditor a limited, non-exclusive license to process and store Customer data solely as necessary to provide the service.

6.3 Retention

Reports and AWS environment metadata are retained for 14 days from generation and then permanently deleted. Customer is responsible for downloading Reports before that window expires. Deleted Reports are not recoverable. Account information is retained for 90 days following account termination and then permanently deleted.

7. Service Availability

The service is provided on an "as-is" and "as-available" basis. BlackBox Auditor makes no warranty or representation regarding uptime, availability, or response times and is not liable for any service interruptions or delays.

8. No Certification or Pass/Fail Guarantee

BlackBox Auditor does not certify, validate, or audit AWS environments. Reports represent a point-in-time snapshot of technical configurations collected via read-only API calls. A Report does not constitute evidence of compliance, a passing result, or any form of certification with respect to any compliance framework.

9. Limitation of Liability

9.1 Exclusion of Consequential Damages

To the maximum extent permitted by applicable law, BlackBox Auditor shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of data, business interruption, or regulatory fines, arising from Customer's use of or inability to use the service.

9.2 Liability Cap

BlackBox Auditor's total aggregate liability to Customer shall not exceed the total fees paid by Customer in the twelve (12) months immediately preceding the event giving rise to the claim.

9.3 AWS Environment Security

BlackBox Auditor shall not be liable for any security breaches, unauthorized access, or data loss in Customer's AWS environment. Customer is responsible for the security of their own AWS environment, including the IAM roles and policies they configure.

10. Indemnification

Customer agrees to defend, indemnify, and hold harmless BlackBox Auditor LLC and its officers, employees, and agents from and against any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from:

  • Customer's use of the service in violation of these Terms
  • Customer's connection to an AWS account without proper authorization from the account owner
  • Customer's use of Reports in a manner inconsistent with these Terms

11. Termination

11.1 By Customer

Customer may terminate their subscription at any time by contacting BlackBox Auditor at info@blackboxauditor.com. Termination takes effect at the end of the current billing period.

11.2 By BlackBox Auditor

BlackBox Auditor may suspend or terminate Customer's access immediately upon a material violation of these Terms, or with 30 days' written notice for any other reason.

11.3 Effect of Termination

Upon termination, Customer's access will be revoked and data will be deleted in accordance with Section 6.3. Customer is responsible for exporting any needed Reports before the termination date.

12. Governing Law

These Terms are governed by the laws of the State of Tennessee. Any disputes shall be resolved in the state or federal courts located in Williamson County, Tennessee, and both parties consent to the exclusive jurisdiction of such courts.

13. Changes to These Terms

BlackBox Auditor may update these Terms at any time. Registered users will be notified of material changes by email at least 30 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated Terms.

14. Contact

BlackBox Auditor LLC
4057 Oxford Glen Dr.
Franklin, TN 37067
info@blackboxauditor.com

Questions About These Terms?

Contact us and we'll respond within one business day.

Contact Us