Terms of Service
These terms govern your use of the Breachdeck cybersecurity tabletop exercise platform ("Service") operated by Breach Deck LLC ("Breachdeck," "we," "us," or "our"). By using the Service, you agree to these terms.
1. Service description
Breachdeck provides an interactive cybersecurity tabletop exercise simulator. The platform enables incident response teams to practice through branching scenarios grounded in the MITRE ATT&CK framework. Exercises produce scores, competency assessments, and debrief reports.
2. Account terms
- You must be at least 16 years old to use the Service.
- You must provide accurate and complete information when creating an account.
- You are responsible for maintaining the security of your account credentials.
- You are responsible for all activity that occurs under your account.
- One person or organization may not maintain more than one free (demo) account.
3. Acceptable use
You agree not to:
- Use the Service for any unlawful purpose or to facilitate illegal activity.
- Attempt to gain unauthorized access to the Service or its infrastructure.
- Interfere with or disrupt the Service or other users' experience.
- Reverse-engineer, decompile, or attempt to extract the source code of the Service.
- Use automated systems (bots, scrapers) to access the Service without our permission.
- Resell or redistribute exercise content without authorization.
- Share account credentials or provide access to unauthorized users.
4. Payment terms
Paid subscriptions are billed through Paddle, our payment provider. By subscribing to a paid plan, you agree to Paddle's terms of service in addition to these terms.
- Billing: Subscriptions are billed annually. Your subscription renews automatically unless canceled before the renewal date.
- Price changes: We may change pricing with 30 days' notice. Existing subscriptions continue at their current price until the next renewal.
- Refunds: We offer a 30-day refund policy for new subscriptions. Contact us at [email protected] to request a refund.
- Enterprise: Enterprise subscriptions may have custom billing terms agreed separately.
5. Intellectual property
Our content
Breachdeck owns all rights to the platform, scenario content, scoring algorithms, and associated materials. The MITRE ATT&CK framework is used under its terms of use and is a registered trademark of The MITRE Corporation.
Your data
Your organization retains ownership of all data you create through the Service, including exercise responses, scores, and team analytics. We do not claim ownership of your data.
6. Data ownership and portability
You can request an export of your organization's exercise data at any time by contacting [email protected]. Upon account deletion, we will delete your data within 30 days, except where retention is required by law. For details on how we collect, use, and protect your data, see our Privacy Policy.
7. Communications
By creating an account, you agree to receive transactional emails related to your account (invitations, password resets, billing receipts). You may separately subscribe to our newsletter for product updates and incident response insights. You can unsubscribe from the newsletter at any time via the link in each email.
8. Service availability
We strive to maintain high availability but do not guarantee uninterrupted access. We may perform maintenance with reasonable advance notice when possible. Enterprise customers may have separate availability commitments in their service agreements.
9. Termination
- By you: You may cancel your account at any time. Paid subscriptions remain active until the end of the current billing period.
- By us: We may suspend or terminate accounts that violate these terms, with notice where practical. We will provide a reasonable opportunity to export data before deletion.
10. Disclaimer of warranties
The Service is provided "as is" and "as available." We make no warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement. Exercise scenarios are educational simulations and do not constitute professional security advice.
11. Limitation of liability
To the maximum extent permitted by law, Breachdeck's total liability for any claim arising from or related to the Service is limited to the amount you paid us in the 12 months preceding the claim. We are not liable for indirect, incidental, special, consequential, or punitive damages.
12. Governing law
These terms are governed by the laws of the State of Washington, United States, without regard to conflict of law provisions. Any disputes will be resolved in the state or federal courts located in Washington.
13. Changes to these terms
We may update these terms from time to time. We will notify you of material changes by email or through a notice in the application at least 30 days before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the new terms.
14. Contact
For questions about these terms, contact us at [email protected].
Adapted from Basecamp open-source policies (CC BY 4.0).