PosturIQ Terms of Service

Last updated: May 31, 2026

1. Agreement

By accessing or using PosturIQ ("the Service"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.

The Service is provided by [Company name], registered in Finland (Business ID: [Y-tunnus]).

2. Service Description

PosturIQ is a security posture management tool that checks the security configuration of your Microsoft 365 environment and endpoint devices. It provides security scores, findings, and remediation guidance.

PosturIQ is an informational tool, not a security guarantee. A passing score does not mean your environment is secure. You remain solely responsible for the security of your environment.

Scope limitation. PosturIQ checks a defined set of approximately 30 configurations across Microsoft 365 identity, email security, and endpoint settings. It does not cover all possible security controls, and does not detect threats such as phishing attacks, insider threats, malware infections, supply chain compromises, network intrusions, physical security issues, or zero-day vulnerabilities. Many categories of risk - including backup and recovery, incident response readiness, employee security awareness, and access to on-premises systems - are entirely outside the scope of the Service.

Point-in-time assessments. Scan results reflect the state of your environment at the time the scan was performed. Configurations may change between scans. PosturIQ does not provide real-time monitoring or continuous protection.

Third-party data sources. PosturIQ relies on data returned by Microsoft Graph API and Exchange Online APIs. PosturIQ does not independently verify the accuracy or completeness of data provided by Microsoft. If a third-party API returns incorrect or incomplete data, PosturIQ's assessments may be inaccurate.

Endpoint checks. Device security checks are performed by lightweight scripts (PowerShell on Windows, bash on macOS) that inspect a defined set of configuration settings. These scripts are not a substitute for endpoint detection and response (EDR), vulnerability scanning, or mobile device management (MDM) solutions.

3. Accounts & Access

  • You must sign in using a valid Microsoft work or school account.
  • You are responsible for all activity under your account.
  • Organization owners are responsible for managing user access within their organization.
  • You must not share your session or grant access to unauthorized individuals.

4. Acceptable Use

You agree not to:

  • Use the Service to violate any applicable law or regulation.
  • Attempt to gain unauthorized access to other organizations' data.
  • Reverse-engineer, decompile, or disassemble the Service.
  • Use the Service to develop a competing product.
  • Interfere with or disrupt the integrity or performance of the Service.
  • Exceed reasonable usage limits or abuse API endpoints.

5. Free Trial

  • New organizations receive a 30-day free trial with full access to the Service.
  • No payment information is required during the trial.
  • At the end of the trial, access to scan and reporting features is suspended until a paid plan is activated.
  • We reserve the right to modify or discontinue the trial offer at any time.

6. Subscription & Payment

  • Paid plans are billed according to the pricing published at the time of subscription.
  • Payments are processed by Paddle (Paddle.com Market Ltd), who acts as the merchant of record. Your payment relationship is with Paddle, subject to Paddle's Terms.
  • PosturIQ does not store credit card details - all payment data is handled by Paddle.
  • Current pricing is available at posturiq.com/pricing.
  • Fees are non-refundable except where required by applicable law. Under the EU Consumer Rights Directive, you may have a 14-day right of withdrawal. By activating your subscription, you expressly request that the service begins immediately and acknowledge that you waive your right of withdrawal once the service has been fully provided during that period.
  • You may cancel your subscription at any time. Access continues until the end of the current billing period.
  • We reserve the right to change pricing with 30 days' prior notice.

7. Data & Privacy

Your use of the Service is also governed by our Privacy Policy. By using the Service, you acknowledge and accept the collection and use of data as described therein.

8. Microsoft 365 Permissions

  • The Service requires specific Microsoft permissions to perform security assessments. A full list is available in our Privacy Policy, Section 5.
  • PosturIQ only performs read operations and does not modify your Microsoft 365 configuration.
  • You must grant admin consent for these permissions within your Microsoft 365 tenant.
  • You may revoke consent at any time through your Microsoft Entra admin portal, which will prevent further scanning.

9. Service Availability

  • We aim to provide reliable and consistent access to the Service, but do not guarantee uninterrupted availability.
  • Scheduled maintenance will be communicated at least 24 hours in advance where possible.
  • We are not liable for downtime caused by third-party services, including Microsoft or Azure outages.
  • This is a service-level objective, not a guarantee. No service credits are offered at this time.

10. Intellectual Property

  • The Service, including its design, code, reports, and scoring methodology, is owned by PosturIQ.
  • Your organization data remains yours. We claim no ownership over your data.
  • You are granted a limited, non-exclusive, non-transferable license to use the Service for the duration of your subscription.

11. Disclaimer of Warranties

  • To the extent permitted by applicable law, the Service is provided "as is" and "as available" without warranties of any kind, whether express, implied, or statutory.
  • Security scores, findings, and remediation guidance are informational only. They do not constitute professional security advice, audit, certification, or assurance.
  • A passing check or a high score does not mean your environment is secure. PosturIQ checks a defined set of configurations and cannot detect all possible threats, vulnerabilities, attack vectors, or misconfigurations. Security threats evolve continuously, and no automated tool can guarantee protection.
  • PosturIQ does not guarantee that following its remediation guidance will prevent security incidents. Remediation suggestions are general guidance, not instructions tailored to your environment. Implementing changes based on PosturIQ's guidance may have unintended consequences, including disruption to your users or business operations (for example, blocking legacy authentication may lock out users or applications that depend on it). You are solely responsible for evaluating, testing, and implementing any configuration changes in your environment.
  • PosturIQ does not warrant the accuracy, completeness, or timeliness of scan results. Results depend on data provided by third-party APIs (see Section 2) and reflect a point-in-time snapshot, not continuous monitoring.
  • You should not rely solely on PosturIQ for your organization's security. PosturIQ is one tool among many and does not replace professional security assessments, penetration testing, or security expertise.
  • Nothing in these Terms affects your statutory rights under applicable consumer protection law in your jurisdiction.

12. Limitation of Liability

  • PosturIQ is not liable for any security incidents, data breaches, or unauthorized access in your environment, regardless of whether the Service indicated a passing score or did not identify the underlying vulnerability. Your organization is solely responsible for the security of its own systems and data.
  • PosturIQ is not liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of data, loss of revenue, or business interruption.
  • PosturIQ is not liable for any actions taken or not taken based on the Service's scores, findings, or remediation guidance. This includes, without limitation, any operational disruption, user lockouts, application failures, or business interruption resulting from configuration changes you make based on PosturIQ's suggestions.
  • PosturIQ is not liable for inaccurate or incomplete results caused by errors, omissions, or limitations in data returned by third-party APIs, including Microsoft Graph API and Exchange Online.
  • MSP and reseller use. If you use the Service to monitor or manage environments belonging to your clients or other third parties, you are solely responsible for the accuracy and completeness of any assessments, reports, or representations you share with those third parties. PosturIQ makes no representations or warranties to your clients or end users, and you agree not to represent PosturIQ's assessments as a guarantee or certification of your clients' security posture.
  • Our total aggregate liability for any claims arising from or related to the Service shall not exceed the fees you paid to PosturIQ in the 12 months preceding the claim.
  • Nothing in these Terms excludes liability for fraud, gross negligence, or death/personal injury caused by negligence, as required by applicable law.

13. Export Compliance

You agree not to use the Service in violation of any applicable export control or sanctions laws, including those of the EU, Finland, and the United States. The Service may not be used in embargoed countries or by individuals on applicable sanctions lists.

14. Indemnification

If you are using the Service on behalf of a business organization, you agree to indemnify and hold PosturIQ harmless from any claims, damages, or expenses arising from your use of the Service or violation of these Terms. This section does not apply to individual consumers.

15. Force Majeure

Neither party shall be liable for failure to perform obligations due to circumstances beyond reasonable control, including natural disasters, war, pandemic, government actions, or failure of third-party services.

16. Termination

  • You may cancel your subscription at any time.
  • We may suspend or terminate your access if you violate these Terms, with notice where practicable.
  • Upon termination, you may delete your organization and all associated data from within the Service. If you do not, we may delete your data after a reasonable period.

17. Changes to Terms

We may modify these Terms at any time. Material changes will be communicated through the Service or via email at least 30 days before taking effect. Continued use after changes constitutes acceptance. If you do not agree, you may terminate your subscription.

18. Governing Law & Disputes

  • These Terms are governed by the laws of Finland, without regard to conflict of law principles.
  • Any disputes shall first be attempted to resolve amicably. If unsuccessful, disputes shall be resolved in the District Court of Helsinki, Finland.
  • If you are a consumer in the EU/EEA, this does not affect your right to bring proceedings in your local courts (Brussels I Regulation, Art. 18). EU consumers may also use the EU Online Dispute Resolution platform.
  • If you are a consumer in another jurisdiction, your local mandatory consumer protection laws may apply to the extent they cannot be waived.

19. Severability

If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

20. Assignment

We may assign or transfer these Terms in connection with a merger, acquisition, or sale of assets, with notice to you. You may not assign your rights under these Terms without our prior written consent.

21. Waiver

Failure by PosturIQ to enforce any provision of these Terms does not constitute a waiver of the right to enforce that provision or any other provision in the future.

22. Contact

For questions about these Terms, contact us at support@posturiq.com.