Terms of Service

Effective: May 11, 2026 · Last updated: May 11, 2026

These Terms of Service ("Terms") govern your access to and use of syntrix.solutions, api.syntrix.solutions, and any related services operated by OMNISTRATA, LLC ("Syntrix," "we," "us"). By using the Service, you agree to these Terms.

1. The Service

Syntrix provides automated security scanning and manual penetration testing for agentic AI systems, including MCP servers and agent endpoints. The Service is provided on an "as is" and "as available" basis.

2. Accounts

You must be at least 18 years old to create an account. You are responsible for maintaining the confidentiality of your credentials and for all activity under your account. Notify us at chandler@syntrix.solutions if you suspect unauthorized access.

3. Authorization to scan — your responsibility

This section is important. Read it.

When you submit a target for scanning, you represent and warrant that:

(a) You own the target system, OR you have explicit, written authorization from the owner to conduct security testing against that target.

(b) Your authorization covers the testing activities Syntrix performs, which include unauthenticated HTTP probes, JSON-RPC method invocations, header inspection, and submission of test payloads designed to elicit responses from MCP servers and agent endpoints.

(c) Submitting a target URL constitutes your affirmation of (a) and (b) above.

You agree to indemnify and hold harmless Syntrix and OMNISTRATA, LLC from any claim, demand, loss, or damage (including legal fees) arising out of your scanning of any target you did not own or were not authorized to test, including any claim under the Computer Fraud and Abuse Act, state computer crime statutes, or equivalent laws in any jurisdiction.

We reserve the right to refuse or terminate scans against any target at our discretion.

4. Acceptable use

You may not:

• Use the Service to scan systems you do not own or have written authorization to test
• Use the Service to facilitate unauthorized access, denial of service, or any other unlawful activity
• Reverse engineer, disassemble, or attempt to extract source code from the Service
• Resell, rent, or commercially exploit the Service without a written reseller agreement
• Submit content that is illegal, infringes third-party rights, or contains malware
• Use automated means to access the Service except via our public API and within documented rate limits
• Probe, scan, or test the vulnerability of the Service itself except through our Responsible Disclosure program

Violation may result in immediate termination without refund.

5. Pen testing engagements

Manual penetration testing engagements ("Engagements") are governed by a separate written Statement of Work and Rules of Engagement signed by both parties. These Terms apply to the Service generally; the SOW controls in case of conflict for that Engagement.

6. Fees and payment

Paid plans are billed in advance and renew automatically until cancelled. Fees are non-refundable except as required by law or as we choose to grant in our discretion.

We may change prices with at least 30 days notice. Continued use after the change date constitutes acceptance.

7. Findings and reports

Findings, scan results, and reports we provide are based on automated probing and limited manual analysis. We do not guarantee that we will identify every vulnerability or that any specific finding accurately reflects exploitable risk. The absence of findings does not mean the target is secure.

Reports are provided for your internal use. You may share reports with auditors, customers, or insurance carriers. You may not publish reports publicly without our written consent.

8. MIRA and AI-generated content

The MIRA assistant generates responses using third-party AI models. MIRA's output is informational and may be inaccurate or incomplete. Verify any MIRA output before acting on it. Do not share confidential information with MIRA.

9. Intellectual property

All Syntrix software, scanner logic, check libraries, report templates, and brand assets are owned by OMNISTRATA, LLC or its licensors. You receive a limited, non-exclusive, non-transferable license to use the Service in accordance with these Terms.

Findings about your own systems belong to you.

10. Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF VULNERABILITIES. WE DO NOT WARRANT THAT THE SERVICE WILL IDENTIFY EVERY SECURITY ISSUE PRESENT IN A TARGET.

11. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL OMNISTRATA, LLC OR SYNTRIX BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR YOUR USE OF THE SERVICE.

OUR TOTAL LIABILITY FOR ALL CLAIMS WILL NOT EXCEED THE GREATER OF (a) THE AMOUNT YOU PAID US IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR (b) ONE HUNDRED U.S. DOLLARS ($100).

Some jurisdictions don't allow exclusion of certain warranties or limitation of certain damages. Some of the above may not apply to you.

12. Termination

You may cancel your account at any time. We may suspend or terminate your access immediately if we believe you have violated these Terms.

13. Governing law and disputes

These Terms are governed by the laws of the State of Indiana, USA, without regard to conflict of law principles. Disputes will be resolved in the state or federal courts located in St. Joseph County, Indiana, and you consent to personal jurisdiction there.

14. Changes

We may update these Terms. Material changes will be communicated by email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

15. Contact

Questions about these Terms: chandler@syntrix.solutions