Terms of Service
These Terms of Service ("Terms") govern your use of EntryGuard, a software-as-a-service platform provided by Entropy Lab SRL ("Entropy Lab", "we", "us", "our"). By creating an account, signing an order, or otherwise accessing the EntryGuard service, you ("Customer", "you") agree to these Terms.
If you are accepting these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to these Terms.
Contents
1. The Service
1.1 What EntryGuard does
EntryGuard ("the Service") is a hosted platform for managing temporary, audited access to cloud and on-premise infrastructure. The Service provides time-bounded IP whitelisting, secure TCP tunnels to private network resources, role-based access control, audit logging, and related features as described at entryguard.io and docs.entryguard.io.
1.2 Account creation
To use the Service, you must create an account, designate at least one administrator, and provide accurate contact information. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account.
1.3 Updates and changes
We continuously improve the Service. We may add, modify, or remove features at any time. We will give reasonable advance notice for changes that materially reduce functionality you are actively using. We will not retroactively reduce features promised in your Order Form during a paid term.
2. Customer Responsibilities
2.1 Cloud credentials
The Service operates by connecting to your cloud provider accounts and infrastructure using credentials you provide (AWS access keys, Azure service principals, APISIX API keys, agent tokens, etc.). You are solely responsible for:
- The accuracy, validity, and scope of credentials you provide
- Granting only the minimum permissions necessary for the Service to function
- Rotating credentials when employees with access to them leave
- Revoking credentials that are no longer needed
- Monitoring your cloud accounts for unexpected activity
We encrypt all credentials at rest using AES-256-GCM and never share them with third parties. However, we cannot validate that the credentials you provide grant only the permissions you intend, and we are not liable for damage caused by over-privileged credentials.
2.2 Acceptable use
You agree not to use the Service to:
- Manage access to infrastructure you do not own or have explicit authorization to manage
- Violate any law or regulation
- Infringe the intellectual property or privacy of others
- Distribute malware, conduct phishing, or facilitate fraud
- Probe, scan, or test the vulnerability of the Service or its underlying infrastructure
- Reverse engineer, decompile, or attempt to extract source code from the Service
- Resell, sublicense, or white-label the Service without our written agreement
- Use the Service in a way that disrupts or degrades its operation for other customers
We may suspend access without notice if we reasonably believe you are violating this section.
2.3 User management
You are responsible for all users you invite to your account, including their actions within the Service. You must terminate access for users who no longer need it and notify us if you suspect any unauthorized access to your account.
2.4 Compliance
You are responsible for ensuring your use of the Service complies with the laws and regulations applicable to you, including data protection laws, industry-specific regulations (gambling, finance, healthcare, etc.), and any contractual obligations you have with third parties.
3. Subscription and Payment
3.1 Subscription plans
The Service is offered on a subscription basis. The specific plan, features, included usage, and pricing for your account are set out in your Order Form or invoice. Plans are billed in advance — monthly or annually depending on the plan you choose.
3.2 Pay-as-you-go model
For pay-as-you-go customers, the Service tracks daily usage of resources (active users, protected resources, tunnels, static IP rules, and other billable items). Daily costs are deducted from your prepaid wallet balance. You are responsible for maintaining a positive balance.
3.3 Top-ups and auto top-up
You may top up your wallet at any time using a payment card via our payment processor. You may optionally enable an auto top-up feature that recharges your wallet automatically when the balance falls below a threshold you configure. Auto top-up uses tokenized card details and can be disabled at any time.
3.4 Negative balance and grace period
If your wallet balance becomes negative, you enter a grace period of 14 days. During the grace period, existing access continues to function, but you cannot create new users, resources, tunnels, or rules. If you do not restore a positive balance within the grace period, we may suspend or limit your account.
3.5 Invoices, taxes, refunds
Invoices are issued in EUR unless otherwise agreed. You are responsible for any applicable taxes, including VAT, except for taxes on our income.
Subscription fees and wallet top-ups are generally non-refundable. As an exception, if you terminate an annual subscription plan early, we will refund the unused portion on a pro-rata basis, calculated from the date of termination to the end of the prepaid term, minus any usage already consumed. Monthly subscription fees and pay-as-you-go top-ups remain non-refundable.
3.6 Late payment
If a subscription invoice remains unpaid for more than 14 days past its due date, we may suspend your access to the Service until payment is received.
4. Service Levels and Support
4.1 Availability target
We target a monthly uptime of 99.5% for the Service, excluding scheduled maintenance windows announced in advance. Availability is measured at the API and dashboard endpoints. We do not guarantee uninterrupted access.
4.2 Maintenance
We may perform maintenance on the Service that requires temporary downtime. We will give at least 24 hours' advance notice for planned maintenance and will conduct it during off-peak hours when possible. Emergency maintenance may occur without notice.
4.3 Support
Customers receive support via email at [email protected] and in-app channels. Response targets:
- Critical issues (Service down, security incident): within 4 hours, 24/7
- High-priority issues (significant functionality broken): within 1 business day
- Normal issues (questions, minor bugs, feature requests): within 2 business days
These response targets are best-effort. We do not guarantee resolution times.
4.4 Suspension for cause
In addition to the cases described elsewhere in these Terms, we may suspend or terminate your access if (a) we are legally required to, (b) your use poses a security risk to the Service or other customers, or (c) you fail to pay invoices after a reasonable cure period.
5. Data and Privacy
5.1 Customer data
You retain ownership of all data you submit to or generate within the Service ("Customer Data"), including resource configurations, audit logs, user information, and access policies. We process Customer Data only as necessary to provide the Service, comply with our legal obligations, and as set out in our Privacy Policy.
5.2 Data processing
For Customer Data that includes personal data (such as user names, emails, IP addresses, and access logs), we act as a data processor on your behalf, and you act as the data controller. Our processing of personal data is governed by our Data Processing Agreement, which is incorporated into these Terms by reference.
5.3 Data location
Customer Data is stored on infrastructure hosted in the European Union (currently Oracle Cloud Infrastructure, eu-frankfurt-1 region, Germany). We will give reasonable notice before changing the data location.
5.4 Backups
We perform daily encrypted backups of the database with 14-day retention. Backups are intended for disaster recovery and not as a substitute for your own data export practices.
5.5 Data export and deletion
You may export Customer Data through the Service's dashboard, API, or by request to [email protected]. On termination of your account, we will retain Customer Data for 30 days to allow for export, after which it will be permanently deleted unless we are legally required to retain it.
5.6 Confidentiality
Each party agrees to keep confidential any non-public information disclosed by the other party in connection with the Service, and to use such information only for purposes related to the use or provision of the Service.
6. Security
6.1 Our security measures
We implement reasonable technical and organizational measures to protect Customer Data, including:
- Encryption in transit (TLS) and at rest (AES-256-GCM) for sensitive data
- Access controls and audit logging for our internal systems
- Regular security updates and patches
- Encrypted database backups
- Network isolation between customer environments
- Multi-factor authentication for administrative access
6.2 Your security measures
You agree to:
- Use strong, unique passwords and enable multi-factor authentication for your accounts
- Maintain the security of your cloud provider credentials
- Notify us promptly if you suspect any unauthorized access to your account or compromise of credentials you have provided to us
- Keep your contact information up to date so we can reach you in case of security incidents
6.3 Incident notification
If we become aware of a security incident affecting your Customer Data, we will notify you without undue delay and provide reasonable cooperation in your incident response.
7. Intellectual Property
7.1 Our intellectual property
The Service, including all software, designs, documentation, trademarks, and related materials, is owned by Entropy Lab and is protected by copyright, trademark, and other intellectual property laws. We grant you a limited, non-exclusive, non-transferable, revocable right to access and use the Service in accordance with these Terms during your subscription term.
7.2 Your intellectual property
You retain all rights to Customer Data. You grant us a limited license to access, store, process, and transmit Customer Data solely as necessary to provide and improve the Service.
7.3 Feedback
If you provide us with feedback, suggestions, or ideas about the Service, we may use that feedback freely without obligation to you. You retain no rights in such feedback once provided.
8. Disclaimers
8.1 As-is service
To the maximum extent permitted by applicable law, the Service is provided "as is" and "as available", without warranties of any kind, whether express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, or uninterrupted operation.
8.2 No guarantee of compliance
We do not represent or warrant that the Service will help you achieve compliance with any specific law, regulation, or standard (such as GDPR, ISO 27001, SOC 2, PCI DSS, or industry regulations). You are responsible for determining whether the Service meets your compliance needs.
8.3 Third-party services
The Service interacts with third-party services such as cloud providers (AWS, Azure, GCP, etc.) and payment processors. We are not responsible for the availability, accuracy, or behavior of these third-party services.
9. Limitation of Liability
9.1 Liability cap
To the maximum extent permitted by applicable law, our total aggregate liability to you for any claims arising out of or relating to these Terms or the Service, whether in contract, tort, or otherwise, shall not exceed the total fees you paid to us in the twelve (12) months preceding the event giving rise to the claim.
9.2 Excluded damages
In no event shall we be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to lost profits, lost revenue, lost data, business interruption, or loss of goodwill, even if we have been advised of the possibility of such damages.
9.3 Cloud infrastructure damage
You acknowledge that the Service modifies firewall rules, security groups, and other access control configurations on your cloud infrastructure based on the credentials you provide. We are not liable for damages caused by:
- Errors in the credentials you provide
- Over-privileged credentials granting more access than intended
- Unauthorized access by your users to the EntryGuard dashboard
- Misconfiguration of resources, roles, or sessions by your users
- Failures of third-party cloud providers
- Your decision to use the Service to manage critical infrastructure
9.4 Exceptions
The liability limits in this section do not apply to (a) your obligation to pay fees, (b) breaches of confidentiality obligations, (c) infringement of the other party's intellectual property, or (d) any liability that cannot be limited under applicable law.
10. Indemnification
10.1 By you
You agree to indemnify, defend, and hold harmless Entropy Lab and its officers, directors, employees, and agents from any claim, demand, loss, or damage (including reasonable legal fees) arising out of:
- Your violation of these Terms or applicable law
- Your use of the Service to manage infrastructure you are not authorized to access
- Your Customer Data or content
- Your acts or omissions related to the Service
10.2 By us
We will defend you against any third-party claim alleging that the Service, when used in accordance with these Terms, infringes the intellectual property rights of a third party in the European Union, and we will pay any final judgment or settlement amount, subject to the liability limits in Section 9.
We are not responsible for claims that arise from (a) modifications to the Service made by anyone other than us, (b) use of the Service in combination with other products not provided by us, (c) Customer Data, or (d) use of the Service in violation of these Terms.
11. Term and Termination
11.1 Term
These Terms remain in effect for as long as you use the Service.
11.2 Termination by you
You may terminate your subscription at any time by written notice to [email protected]. For monthly plans, termination takes effect at the end of the current billing month. For annual plans, you may terminate early and receive a pro-rata refund of the unused portion as described in Section 3.5.
11.3 Termination by us
We may terminate your subscription:
- For convenience, with at least 30 days' written notice
- Immediately, if you materially breach these Terms and fail to cure the breach within 14 days of written notice
- Immediately, if you cease operations, become insolvent, or become subject to bankruptcy proceedings
- Immediately, if required by law or to protect the security of the Service or other customers
11.4 Effect of termination
On termination:
- Your right to access the Service ends immediately (or at the end of the notice period)
- We will retain your Customer Data for 30 days for export purposes, then permanently delete it
- Sections that by their nature should survive termination (including IP, liability, indemnification, and confidentiality) will continue to apply
12. Modifications to These Terms
We may update these Terms from time to time. If we make material changes, we will notify you at least 30 days in advance via email or in-app notification. Your continued use of the Service after the effective date of the updated Terms constitutes your acceptance of the changes. If you do not agree with the changes, you may terminate your subscription before the effective date.
13. General
13.1 Governing law
These Terms are governed by the laws of the Republic of Moldova, without regard to conflict of laws principles.
13.2 Dispute resolution
Any dispute arising out of or relating to these Terms shall be resolved exclusively in the competent courts of Chișinău, Republic of Moldova.
13.3 Force majeure
Neither party shall be liable for any failure or delay in performance due to causes beyond its reasonable control, including natural disasters, war, terrorism, pandemic, government action, internet outages, or failures of third-party services.
13.4 Assignment
You may not assign or transfer these Terms or your account without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets.
13.5 No waiver
Our failure to enforce any provision of these Terms shall not be deemed a waiver of that provision or of any other rights under these Terms.
13.6 Severability
If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.
13.7 Entire agreement
These Terms, together with the Privacy Policy, Data Processing Agreement, and any Order Form or invoice, constitute the entire agreement between you and Entropy Lab regarding the Service and supersede any prior agreements or understandings.
13.8 Contact
Entropy Lab SRL
IDNO: 1025600028930
Address: Alba Iulia 21, ap. 33, Chișinău, MD-2051, Republic of Moldova
Email: [email protected]