TroveSecPrivacy Policy →

Legal

Terms of Service

Last updated: 15 May 2025  ·  Effective: 15 May 2025

These Terms govern your access to and use of TroveSec, operated by StriveBit Technologies Private Limited. By creating an account or using the service, you agree to these Terms. If you are agreeing on behalf of a company or organisation, you represent that you have authority to bind that entity.

1. Agreement to Terms

By accessing or using TroveSec at trovesec.io, creating an account, or clicking "I agree", you confirm that you have read, understood, and agree to be bound by these Terms of Service and our Privacy Policy, which is incorporated herein by reference.

If you do not agree to these Terms, do not use TroveSec. We reserve the right to update these Terms at any time. Material changes will be communicated via email at least 14 days in advance. Continued use after the effective date constitutes acceptance.

2. Description of Service

TroveSec is a cloud security platform that connects to your AWS account using a read-only IAM role, runs automated security checks against your AWS infrastructure, stores the resulting findings in a secure database scoped to your organisation, and makes those findings accessible through a web dashboard and an MCP (Model Context Protocol) server for use with AI assistants such as Claude Desktop.

The service is provided on a subscription basis. Features available to you depend on your active subscription plan (Free, Growth, or Scale). Plan limits are documented at trovesec.io/pricing and enforced by the service.

We reserve the right to modify, discontinue, or limit features of the service at any time, with reasonable notice where practicable.

3. Eligibility

To use TroveSec, you must:

  • Be at least 18 years of age.
  • Have the legal authority to enter into a binding contract (on your own behalf or on behalf of your organisation).
  • Not be located in a country that is subject to applicable trade sanctions or embargoes under Indian or international law.
  • Not have had a previous account suspended or terminated by us for policy violations.

TroveSec is a business-to-business service. It is designed for organisations managing their own AWS infrastructure. Personal or hobbyist use is permitted on the Free plan, but the service is optimised for professional use.

4. Accounts & Organisations

The primary unit in TroveSec is an Organisation, not an individual user account. All billing, data, and permissions are scoped to an Organisation. Each Organisation has one Owner, who is responsible for the account, its members, and its billing.

Your responsibilities

  • Keep your login credentials and API keys confidential. Do not share them with unauthorised parties.
  • Notify us immediately at hello@trovesec.io if you suspect unauthorised access to your account.
  • Ensure that team members you invite have appropriate authorisation from your organisation.
  • Maintain accurate and current billing and contact information.

You are responsible for all activity that occurs under your Organisation, including actions taken by team members you have invited.

Role-based access

TroveSec enforces four roles within an Organisation: Viewer, Member, Admin, and Owner. Permissions for each role are documented in the product. Only the Owner may delete the Organisation or manage billing.

5. AWS Access & Permissions

To use the scanning features of TroveSec, you must create an AWS IAM role in your own AWS account and grant TroveSec permission to assume it. By doing so, you represent and warrant that:

  • You are authorised to grant cross-account IAM role access for the AWS account(s) you connect.
  • The IAM role you create grants only the permissions required for read-only security scanning, as documented by us.
  • You are responsible for revoking this access by deleting the IAM role when you no longer wish to use the service or wish to disconnect an account.

TroveSec uses AWS STS AssumeRole to obtain short-lived credentials. We do not store AWS access keys or secret keys. Our access is limited to configuration metadata — we do not read the contents of your application data, databases, or object storage.

We are not liable for any security findings, vulnerabilities, or incidents in your AWS environment. Security scan results are informational and do not constitute a guarantee that your environment is secure or that all vulnerabilities have been identified.

6. Subscription & Billing

Plans and charges

TroveSec offers a Free plan and paid plans (Growth and Scale) billed monthly. Prices are displayed at checkout and on the pricing page. All prices are in US Dollars (USD) unless stated otherwise. Payments are processed by Stripe.

Billing cycle

Paid plans are billed monthly in advance. Your subscription renews automatically on the same day each month unless cancelled. You will receive an email receipt after each successful payment.

Upgrades and downgrades

Upgrading takes effect immediately; you are charged a prorated amount for the remainder of the current billing period. Downgrading takes effect at the end of the current billing period. You retain access to your current plan's features until then.

Cancellation

You may cancel your subscription at any time via the Billing section of your dashboard (powered by Stripe Customer Portal). Cancellation takes effect at the end of the current billing period. We do not offer prorated refunds for partial months. After cancellation, your account reverts to the Free plan and Free plan limits apply.

Taxes

Prices are exclusive of applicable taxes, including GST where applicable. You are responsible for any taxes or duties imposed on your subscription by your local jurisdiction.

Failed payments

If a payment fails, we will retry up to three times over seven days and notify you by email. If payment is not resolved, your account may be downgraded to the Free plan or suspended until payment is made.

Refunds

All subscription fees are non-refundable except where required by applicable law, or at our sole discretion in exceptional circumstances. To request consideration of a refund, contact us at hello@trovesec.io.

7. Acceptable Use

You agree to use TroveSec only for lawful purposes and in accordance with these Terms. You must not:

  • Connect AWS accounts that you do not own or are not authorised to scan.
  • Use the service to scan, probe, or test AWS environments belonging to third parties without explicit written authorisation.
  • Attempt to reverse-engineer, decompile, or extract the source code of the service or its underlying scan logic.
  • Use automated scripts or bots to access the API beyond normal product usage (e.g., to scrape data or circumvent rate limits).
  • Resell, sublicense, or white-label the service without a written agreement with us.
  • Share or publicly disclose API keys; generate API keys on behalf of other organisations.
  • Use the service in any way that would violate applicable laws, including data protection laws applicable to your jurisdiction.
  • Attempt to gain unauthorised access to our infrastructure, other customers' data, or our internal systems.

Violation of this section may result in immediate account suspension or termination without refund.

8. Data Ownership & License

Your data is yours. You retain all rights, title, and interest in and to the AWS scan findings, configuration data, and any other data that originates from your AWS environment ("Customer Data").

You grant StriveBit Technologies Private Limited a limited, non-exclusive, worldwide license to store, process, and display your Customer Data solely for the purpose of providing the service to you. This license ends when you delete your organisation or terminate your account, subject to our retention obligations set out in the Privacy Policy.

We do not use your Customer Data to train machine learning models, sell to third parties, or derive anonymised insights for commercial purposes beyond service improvement.

9. Intellectual Property

TroveSec — including its software, design, trademarks, logos, API, MCP server, documentation, and all other components — is the exclusive intellectual property of StriveBit Technologies Private Limited, protected under applicable Indian and international IP law.

These Terms do not transfer any IP rights to you. You receive a limited, non-transferable, non-sublicensable right to access and use the service during the term of your subscription, solely for your internal business purposes.

Feedback, feature requests, or bug reports you submit to us may be used by StriveBit Technologies Private Limited to improve the service without any obligation to you.

10. Disclaimers

The service is provided "as is" and "as available", without any warranties of any kind, express or implied.

To the maximum extent permitted by applicable law, we disclaim:

  • Any implied warranty of merchantability, fitness for a particular purpose, or non-infringement.
  • Any guarantee that the service will be uninterrupted, error-free, or free of vulnerabilities.
  • Any guarantee that security findings are complete, accurate, or sufficient to make your AWS environment secure.
  • Any representation that using TroveSec will make your organisation SOC 2 compliant or satisfy any regulatory requirement.

TroveSec is a tool to assist your security posture assessment. It does not replace professional security audits, penetration testing, or qualified security advisory services.

11. Limitation of Liability

To the maximum extent permitted by applicable law, in no event shall StriveBit Technologies Private Limited, its directors, employees, or agents be liable for any indirect, incidental, special, consequential, or punitive damages — including loss of data, revenue, profits, or goodwill — arising out of or related to your use of TroveSec, even if we have been advised of the possibility of such damages.

Our total aggregate liability to you for any claims arising under or related to these Terms shall not exceed the greater of:

  • The total fees paid by you to StriveBit Technologies Private Limited in the three (3) months immediately preceding the event giving rise to the claim, or
  • INR 5,000 (Indian Rupees Five Thousand).

This limitation applies regardless of the legal theory (contract, tort, strict liability, or otherwise) and even if the remedy fails its essential purpose.

12. Indemnification

You agree to indemnify, defend, and hold harmless StriveBit Technologies Private Limited and its officers, directors, employees, and agents from and against any claims, losses, liabilities, damages, costs, and expenses (including reasonable legal fees) arising from:

  • Your use of the service in violation of these Terms.
  • Your connection of AWS accounts you are not authorised to scan.
  • Any breach of your representations, warranties, or obligations under these Terms.
  • Your violation of any applicable law or the rights of a third party.

13. Termination

Termination by you

You may delete your organisation at any time from the Settings page of your dashboard. This will permanently delete all associated data (findings, connections, API keys, and team members) within 30 days, as described in our Privacy Policy. You remain responsible for any outstanding amounts owed.

Termination by us

We may suspend or terminate your account immediately and without prior notice if:

  • You materially breach these Terms and fail to cure within 5 days of notice.
  • You engage in conduct that we believe poses a security or legal risk to us or other customers.
  • You fail to pay fees when due.
  • We are required to do so by applicable law or a government authority.

In less urgent cases, we will provide 30 days' written notice before terminating an account for convenience.

Effect of termination

On termination for any reason: your right to access the service ceases immediately; your data is deleted per the Privacy Policy retention schedule; provisions that by their nature should survive (IP, liability, indemnification, governing law) remain in full force.

14. Governing Law & Disputes

These Terms shall be governed by and construed in accordance with the laws of India, and specifically the laws applicable in the state of Uttar Pradesh, without regard to its conflict of law provisions.

Informal resolution. Before initiating any formal dispute, you agree to contact us at hello@trovesec.io and give us 30 days to attempt to resolve the matter informally.

Arbitration. If informal resolution fails, any dispute arising from or relating to these Terms shall be finally resolved by binding arbitration under the Arbitration and Conciliation Act, 1996 (India). The arbitration shall be conducted by a sole arbitrator mutually agreed upon by the parties, seated in Lucknow, Uttar Pradesh, India, in the English language.

Courts. For interim relief or enforcement of an arbitration award, both parties submit to the exclusive jurisdiction of the competent courts in Lucknow, Uttar Pradesh, India.

Class action waiver. You agree that disputes will be resolved on an individual basis. You waive any right to participate in a class-action lawsuit or class-wide arbitration.

15. General Provisions

  • Entire agreement. These Terms, together with the Privacy Policy and any Order Form, constitute the entire agreement between you and StriveBit Technologies Private Limited regarding the service and supersede all prior agreements.
  • Severability. If any provision of these Terms is found unenforceable, the remaining provisions will continue in full force.
  • Waiver. Our failure to enforce any right or provision does not constitute a waiver of that right or provision.
  • Assignment. You may not assign or transfer these Terms or your account without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets, with 30 days' notice to you.
  • Force majeure. Neither party is liable for delays or failures caused by events beyond their reasonable control, including natural disasters, internet outages, or government action.
  • Notices. Legal notices to you will be sent to the email address on your account. Notices to us must be sent to hello@trovesec.io.
  • Language. These Terms are written in English. In the event of any conflict with a translated version, the English version prevails.

16. Contact

Questions about these Terms? Contact us:

StriveBit Technologies Private Limited
Uttar Pradesh, India

Email: hello@trovesec.io