Terms of Service

1. Services

WVISA provides automated and analyst-assisted cybersecurity assessments, monitoring, findings summaries, risk reports, remediation guidance, and related informational services. WVISA services are advisory and informational only. WVISA does not provide legal advice, compliance certification, insurance, managed detection and response, emergency incident response, guaranteed prevention, or any warranty that a system is secure. WVISA scans are designed to be read-only. Supported remediation commands do not run during scanning; they run only if the customer/operator chooses to run an elevated PowerShell command or approves an administrator elevation prompt.

1A. Advertising, comparisons, and public descriptions

WVISA website comparisons, category descriptions, SEO copy, examples, and public explanations are provided for general purchasing context. They are intended to compare broad categories of tools and services, not to state that every product, vendor, edition, configuration, or provider in a category has or lacks a specific feature. Objective WVISA claims should be read together with the published tier descriptions, service boundaries, and report limitations.

WVISA does not claim endorsement, sponsorship, affiliation, certification, or approval by any third-party product, vendor, platform, payment processor, search engine, or security organization unless expressly stated in writing. Third-party names, if referenced, are used only to identify compatibility, context, or category differences.

2. No guarantee; assessment limits

• No cybersecurity assessment, scan, report, or monitoring service can identify every vulnerability, exposed asset, misconfiguration, compromise, attacker path, or future threat.
• Any assessment may contain false positives, false negatives, incomplete results, stale results, or results limited by connectivity, permissions, device behavior, segmentation, vendor restrictions, encryption, unsupported platforms, inaccessible networks, third-party systems, or customer-provided information.
• A report reflects conditions observable at the time of service only and may become inaccurate as systems, software, networks, accounts, or threats change.
• Any statement, label, score, badge, or summary indicating that an issue is "cleared," "resolved," "passed," "good," "lower risk," or similar language means only that WVISA did not identify that issue based on the information and conditions available at the time of service. It is not a promise, certification, guarantee, warranty, or representation that the issue does not exist, will not recur, or cannot be exploited later.
• WVISA does not certify that any customer environment is secure, compliant, hardened, breach-free, attack-proof, malware-free, or fit for any particular purpose.
• Unless expressly stated in a separately signed written agreement, WVISA does not perform full penetration testing, exploitation, phishing, social engineering, denial-of-service testing, destructive testing, privilege abuse, persistence, malware deployment, credential attacks, or unlawful access attempts.

3. Customer authorization and ownership

• You own, control, or have express written authorization to assess every device, network, account, IP range, hostname, application, domain, cloud resource, or other asset you place in scope.
• You will not use WVISA services on third-party assets without authorization from the lawful owner or controller.
• You have authority to bind the person, household, business, or organization purchasing the service.
• Any information you provide to WVISA is accurate and complete to the best of your knowledge.

4. Customer responsibilities

• Maintain backups, restore capability, and basic change control before using the service.
• Provide an accurate technical contact and respond promptly to scope or safety questions.
• Keep life-safety, medical, emergency, industrial, and other mission-critical systems out of scope unless expressly approved in writing by WVISA.
• Review all findings and make your own decisions regarding remediation and risk acceptance.
• Run remediation commands only after reviewing the expected impact, from an elevated PowerShell session or after approving an administrator elevation prompt.
• Independently validate remediation, patching, configuration changes, and operational impacts before relying on any report or status label in production.
• Maintain your own antivirus, patching, network controls, identity protections, backups, and incident response procedures.

5. Scope and safety restrictions

WVISA may refuse, suspend, limit, or terminate any service if WVISA reasonably believes that the requested activity is unauthorized, unlawful, unsafe, misleading, or outside scope, or may disrupt systems, data, connectivity, or third-party services. WVISA may narrow scope, delay execution, or request additional written authorization at any time.

6. Credentials and sensitive data

You must not submit passwords, MFA codes, recovery codes, secret keys, protected health information, payment card data, government ID numbers, child account passwords, private messages, school records, or other highly sensitive data through checkout fields, unsecured email, or any channel not specifically designated by WVISA for secure transfer.

7. Reports and license

• WVISA grants you a limited, non-exclusive, non-transferable license to use deliverables internally for your own security and operational purposes.
• Reports are generated locally and remain under customer control unless you voluntarily share them with WVISA or a separate written agreement provides otherwise.
• You may not resell, sublicense, white-label, publish, or distribute WVISA reports or data as your own product or as a third-party certification.
• You may not alter WVISA findings or branding and then present the deliverable as an official WVISA result.
• You may not use WVISA reports, scores, screenshots, output labels, or summaries as a guarantee to customers, regulators, insurers, counterparties, or other third parties that an environment is secure, compliant, safe, or free of vulnerabilities.

8. Confidentiality

WVISA will use reasonable administrative, technical, and organizational measures to protect customer information you submit or voluntarily share for service delivery, support, billing, or legal purposes. However, no method of transmission, storage, or processing is completely secure, and WVISA does not guarantee absolute security.

9. Fees

Fees are due as presented at checkout or as stated in a written quote. Taxes, if applicable, are additional unless expressly stated otherwise.

10. Refunds and service commencement

All services are digital, customized, or capacity-reserved services. Except where prohibited by law or expressly stated otherwise in the Refund and Cancellation Policy, payments are non-refundable once work begins. Work is deemed to begin when intake is reviewed, scope is evaluated, a session is scheduled, credentials are prepared for use, a scan is launched, or a report is generated.

11. Monitoring and subscription terms

If you purchase the separate WVISA Ongoing Monitoring add-on or any recurring service, the subscription automatically renews at the disclosed billing interval until canceled, and cancellation stops future renewals only unless applicable law requires otherwise.

12. Disclaimer of warranties

To the maximum extent permitted by law, WVISA services are provided "as is" and "as available," without warranties of any kind, whether express, implied, statutory, or otherwise, including any implied warranties of merchantability, fitness for a particular purpose, title, non-infringement, uninterrupted availability, accuracy, or guaranteed results.

13. Limitation of liability

To the maximum extent permitted by law, WVISA will not be liable for any indirect, incidental, consequential, special, exemplary, punitive, or lost profit, lost revenue, lost business, lost data, downtime, or reputational damages arising out of or relating to the services. WVISA's total aggregate liability arising out of or relating to any claim will not exceed the total amount you paid for the specific service giving rise to the claim during the twelve months preceding the event giving rise to the claim.

Without limiting the foregoing, WVISA is not liable for claims arising from customer or third-party reliance on any report wording, score, label, recommendation, or statement that an issue was cleared, resolved, passed, or not detected, except to the extent a court of competent jurisdiction finally determines that such limitation is unenforceable under applicable law.

14. Indemnification

You agree to defend, indemnify, and hold harmless WVISA and its owners, employees, contractors, and agents from and against third-party claims, losses, liabilities, damages, judgments, costs, and expenses arising from your breach of these Terms, lack of authorization, misuse of WVISA services, violation of law or third-party rights, or failure to maintain backups and reasonable safeguards.

15. Third-party services

WVISA may rely on third-party services, APIs, cloud infrastructure, device vendors, data providers, payment processors, or security intelligence sources. WVISA is not responsible for third-party outages, vendor changes, data inaccuracies, API limitations, unsupported devices, or external service failures.

16. Suspension and termination

WVISA may suspend or terminate access to services, reports, or subscriptions if you breach these Terms, dispute charges in bad faith, misuse the services, or create legal, operational, or safety risk.

17. No third-party beneficiaries

These Terms are solely for the benefit of the parties. No third party has any right to rely on or enforce any WVISA report, output, statement, score, or these Terms as a third-party beneficiary.

18. Governing law and venue

These Terms are governed by the laws of the State of Oregon, without regard to conflict-of-law rules. Any dispute arising from these Terms shall be resolved exclusively in the state or federal courts located in Oregon, unless WVISA later adopts separate arbitration language in writing.

19. Changes to terms

WVISA may update these Terms from time to time. The current version will be posted at /legal/terms.html. Continued use of the services after updated Terms become effective constitutes acceptance of the updated Terms.

20. Contact

Joel Williams, operator of the WVISA cybersecurity assessment tool
Support email: IndependentJoel@gmail.com
Website: https://www.wvisa.org/