Terms of Service

These Terms govern your use of the DFIR Platform at dfir-lab.ch (the "Platform"), operated by DFIR Lab, a company based in Switzerland. By creating an account or using the Platform, you agree to these Terms.

If you are using the Platform on behalf of an organisation, you confirm you have the authority to bind that organisation to these Terms.

The Platform provides API-based cybersecurity tools for security professionals. Currently available services include:

• Phishing email analysis (with AI-enhanced option)
• Exposure and credential leak scanning
• IOC enrichment from multiple threat intelligence sources

We also offer a standalone desktop investigation app (DFIR Investigation) that connects to the Platform via API key for cloud enrichment and plan-based feature access.

We may add, change, or remove features at any time. We will give reasonable notice for changes that affect paid features.

You must provide accurate information when registering. You are responsible for keeping your credentials (password, API keys, 2FA tokens) secure.

If you suspect unauthorised access, notify us immediately at support@dfir-lab.ch. You are responsible for all activity under your account.

We may suspend or close accounts that violate these Terms or pose a security risk.

The Platform uses a credit-based pricing model. Each plan (Free, Starter, Professional, Enterprise) includes a monthly credit allowance. Each API operation costs a fixed number of credits.

Payments are processed by Stripe. Subscriptions renew automatically unless cancelled before the renewal date. Unused monthly credits do not roll over. Credits purchased via top-up packages do not expire.

We may change pricing with at least 30 days' notice. All prices are exclusive of applicable taxes.

The Platform is for legitimate cybersecurity work only. You must not:

• Scan, probe, or test systems you do not own or have explicit authorisation to test
• Use the Platform for offensive purposes, malware development, or attacks
• Circumvent rate limits or abuse the API
• Resell or redistribute the Platform or its data without our consent
• Submit content that is illegal or infringes third-party rights

We may suspend access immediately if we believe a violation has occurred.

API keys are confidential. Do not share them, embed them in client-side code, or commit them to public repositories. We are not liable for losses caused by exposed API keys.

We own the Platform, its code, APIs, documentation, and branding. You retain ownership of any data you submit. You grant us a limited licence to process your data solely to provide the Platform.

We process personal data in accordance with Swiss data protection law and, where applicable, the GDPR. See our Privacy Policy for details.

Our infrastructure providers (Clerk, Stripe, Convex) are US-based, which means your data may be processed in the United States.

We aim for high availability but cannot guarantee the Platform will be uninterrupted or error-free. We are a small team and things may occasionally break. We will do our best to fix issues quickly.

We are not liable for downtime caused by our infrastructure providers, internet outages, or circumstances beyond our control.

To the extent permitted by Swiss law: our total liability is limited to the fees you paid us in the 12 months before the claim. We are not liable for indirect damages, lost profits, or lost data.

The Platform is a tool to assist security professionals — it does not constitute legal, security, or forensic advice. You are responsible for how you use the results.

Nothing in these Terms excludes liability for wilful misconduct or gross negligence under Swiss law.

You can close your account at any time. We can terminate your access if you violate these Terms. Upon termination, outstanding fees become due and we handle your data per our Privacy Policy.

We may update these Terms. For material changes, we will give at least 30 days' notice via email or the Platform. Continued use after changes means you accept them.

These Terms are governed by Swiss law. Disputes will be resolved in the courts of Zurich, Switzerland, unless mandatory law requires otherwise.

Questions? Reach out: