These Terms bind you (the "Customer") and Eleion (the "Operator"), an Italy-based security product currently in pre-incorporation phase. The Italian corporate entity that will operate the Service is registered at the Chamber of Commerce; current operator identity, VAT ID and legal seat are disclosed on request at legal@eleion.io. The Operator will be formally named in invoices issued under the Sistema di Interscambio.
Eleion Scanner ("Service") runs automated vulnerability scans (nuclei engine, OWASP-aligned templates) against web assets that the Customer owns or is authorized to test. Service is delivered from AWS Frankfurt (eu-central-1). All customer data remains in the European Economic Area.
Before the first scan on any target, the Customer must pass one of these proofs:
DNS TXT record under _eleion-scanner.<target> with the token we issue;HTTP file at https://<target>/.well-known/eleion-scanner.txt;You warrant and represent that you have the authority to submit each target. You indemnify Eleion against any third-party claim arising from unauthorized scans you requested.
If the Service is alleged to be scanning your assets without authorization, email abuse@eleion.io. We acknowledge within 4 business hours and investigate within 24 hours. If a scan is confirmed without valid ownership proof, we suspend the requesting tenant immediately, preserve all logs, and share the sanitized audit trail with the affected party on valid request.
We retain scan metadata, findings and ownership proofs for 12 months (EU fiscal and abuse-investigation retention). Customer accounts can be deleted on request; audit logs required for legal/fiscal retention remain.
Prices listed in EUR. EU B2B customers with valid VIES-registered VAT ID benefit from reverse-charge (Art. 7-ter D.P.R. 633/72). Extra-EU customers: out-of-scope VAT. Italy: invoice issued via Sistema di Interscambio (SdI). Cancellations effective at end of current billing period. No refunds except for documented Service unavailability exceeding 72 consecutive hours. B2B customers are excluded from the 14-day B2C withdrawal right (Art. 45 Codice del Consumo).
Service is provided as is. We do not warrant that all vulnerabilities will be detected, that all reported findings are valid, or that absence of findings means absence of vulnerabilities. To the maximum extent allowed by law, total aggregate liability is limited to fees paid by you in the 3 months preceding the claim. Nothing limits liability for willful misconduct, gross negligence, or statutory rights that cannot be waived.
You retain ownership of your data and scan findings. We retain ownership of the Service, including all software, priority heuristics, UI, templates curation, and aggregate anonymous metrics.
The Service is a passive vulnerability scanner. It does not generate, deliver or include intrusion software as defined in EU Reg. 2021/821 Annex I categories 4.A.5 / 4.D.4 (dual-use). Our self-assessment is on record. The Service is not made available to parties on EU sanctions lists or to embargoed territories (RU, BY, IR, KP, SY and derivative sanctions).
We may update these Terms. Material changes are notified by email at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
These Terms are governed by Italian law. Any dispute shall be submitted to the exclusive jurisdiction of the competent courts of Milan, Italy, except where mandatory provisions of the Customer's country of residence apply.
Legal: legal@eleion.io
Privacy: privacy@eleion.io
Abuse: abuse@eleion.io
Security vulnerabilities in the Service itself: security@eleion.io