Terms of Service

1. Subject matter and acceptance

These Terms of Service ("Terms") govern access to and use of the Cronsec service ("Service") offered by CRONSEC TECH S.L. ("Cronsec", "we", "us"), with registered address at Calle de Serrano, 41, 2nd floor B, 28001 Madrid, Spain.

By creating an account or using the Service, you agree to these Terms in full. If you are acting on behalf of a company or organisation, you represent that you have the authority to bind it to these Terms.

2. Description of the service

Cronsec is an automated security auditing platform for VPS servers. Via an SSH connection authorised by the user, the system analyses the server configuration and generates a risk-prioritised findings report with suggested remediation steps.

What the service covers

• Automated scanning of server configuration (operating system, installed packages, active services).
• Detection of known vulnerabilities (CVEs) in installed software.
• Review of open ports and internet-exposed services.
• Review of SSH access configuration, system users and critical file permissions.
• Delivery of a report prioritised by real exploitation risk.
• Suggested remediation steps for each finding.

What the service does NOT cover

• We do not fix vulnerabilities. Cronsec reports; applying the fixes is the user's sole responsibility.
• We do not guarantee that the server will be secure after receiving the report. Security depends on the actions taken by the user.
• We do not audit application code deployed on the server (websites, APIs, databases, etc.).
• We do not cover external network infrastructure beyond the server itself: network firewalls, load balancers, CDNs, DNS or other third-party services.
• We do not detect zero-day vulnerabilities or those not yet recorded in public CVE databases at the time of the scan.
• We are not a SIEM, IDS or WAF. Cronsec does not monitor your server in real time or detect ongoing attacks.
• We do not replace compliance certifications (ISO 27001, ENS, SOC 2, PCI-DSS, HIPAA, etc.). A Cronsec report has no validity as a certification audit.
• We are not liable for economic losses arising from security incidents occurring after the report is delivered, regardless of whether the identified findings were remediated by the user.

3. Audit process and SSH consent

To perform the audit, you must provide the SSH credentials needed to access your server. By doing so, you represent and warrant that:

• You are the owner of the server or have the express authorisation of the owner to subject it to a security audit.
• The access does not breach any applicable law or contract.
• You are authorised to share the server configuration data with Cronsec.

Cronsec only performs read-only operations on the server; it does not install software, modify configurations or make changes of any kind. SSH credentials are treated confidentially and are not stored after the audit completes.

4. Account registration

Access to the Service requires creating an account with accurate information. You are responsible for keeping your access credentials confidential and for all activity carried out under your account. Cronsec will not be liable for losses arising from unauthorised access to your account due to causes attributable to you.

5. Pricing and payment

The Service operates on a pay-per-use model; no mandatory subscription is required. Current prices are shown on the pricing page before you confirm each audit. All amounts include applicable taxes unless stated otherwise. Payment is collected at the time of confirming the audit, before it begins.

6. Refund policy

Technical failure attributable to Cronsec. If an audit cannot complete due to a technical error on Cronsec's side (scan engine failure, infrastructure error), the unused credit will be returned in full to the user's account.

Server unreachable due to user causes. If the audit cannot complete because the server is unavailable, credentials are incorrect or the user has revoked access, no refund is issued, as the failure is not attributable to Cronsec.

Completed audit. Once the report has been delivered, no refund is available based on the report's findings.

Credits are personal and non-transferable. Credits have a maximum validity of 12 months from the date of purchase.

7. Intellectual property

The audit report resulting from the processing of the user's server data is the property of the user. Cronsec claims no rights over the report's content.

The Cronsec platform, including its software, methodology, design and brand, is the exclusive property of CRONSEC TECH S.L. and is protected by intellectual and industrial property law. The user acquires no rights to it beyond using the Service as permitted by these Terms.

8. User obligations

You agree to:

• Use the Service only on servers you own or for which you have express authorisation.
• Not use the Service for unauthorised audits or illegal activities.
• Provide accurate information during registration and the audit process.
• Not attempt to circumvent, decompile or reverse-engineer the platform.
• Not resell or sublicense access to the Service.

9. Limitation of liability

To the extent permitted by applicable law, Cronsec will not be liable for:

• Indirect, incidental, special, punitive or consequential damages of any kind.
• Loss of business, revenue, data or anticipated profits.
• Service disruptions on the audited server during or after the audit, unless directly caused by Cronsec's wilful misconduct or gross negligence.
• Security incidents occurring after the report is delivered.

Cronsec's total cumulative liability to you for any claim arising from these Terms will not exceed the amount paid by you in the three (3) months preceding the event giving rise to the claim.

Nothing in these Terms excludes or limits Cronsec's liability for fraud, wilful misconduct, personal injury or any other liability that cannot be excluded by law.

10. Consumer rights (B2C users in the EU)

If you are a consumer resident in the European Union, you have a 14-day right of withdrawal from the date of the contract, in accordance with Directive 2011/83/EU.

However, in accordance with Article 16(a) of that Directive, you expressly waive this right of withdrawal when you request that the audit begins immediately after payment, before the 14-day period expires. This request is made when you confirm the audit. Once the audit has started, the digital service is considered performed and the right of withdrawal no longer applies.

For consumer complaints you may also use the European Online Dispute Resolution platform: ec.europa.eu/consumers/odr.

11. Amendments to the Terms

Cronsec may update these Terms. Significant changes will be notified by email or via a notice on the platform with a minimum of 30 days' advance notice. Continued use of the Service after the new Terms take effect constitutes acceptance. If you do not agree to the changes, you may cancel your account before they take effect.

12. Suspension and cancellation

Cronsec may suspend or cancel access to the Service, with or without notice, in the event of a breach of these Terms, fraudulent use or illegal activity. You may cancel your account at any time from the platform or by writing to hola@cronsec.com.

13. Governing law and jurisdiction

These Terms are governed by Spanish law.

EU consumers (B2C): Notwithstanding the above, if you are a consumer resident in an EU Member State, you benefit from the mandatory consumer protection provisions of your country of residence, and the courts of your domicile will have jurisdiction over any dispute.

All other users and B2B contracts: For any dispute arising from these Terms, the parties submit to the exclusive jurisdiction of the Courts and Tribunals of the city of Madrid, waiving any other jurisdiction.