Terms

Terms of Service

Terms governing BlackShield as an Irish-operated security SaaS, including customer obligations, commercial scope, and the shared responsibility model.

Commercial framework

Terms for an Irish-operated security SaaS, with explicit shared responsibility.

BlackShield is delivered by Chaplau as a business security platform, not a consumer app. These terms are meant to explain how the company operates the managed service, what customers control inside their own environments, and where both sides share responsibility for secure and effective use.

प्रभावी तिथि

March 18, 2026

अंतिम अपडेट

March 18, 2026

Operator

Chaplau, Ireland

BlackShield is operated as an Irish business for commercial, privacy, support, and customer contracting matters.

Service type

B2B security SaaS

The service aggregates security findings, asset context, and remediation workflows for business customers and authorized operators.

Default hosted region

AWS us-east-1

The managed control plane is delivered from AWS us-east-1 unless a different deployment arrangement is agreed in writing.

Primary contract path

Order form plus platform terms

Commercial specifics such as plan, price, invoicing, DPA, and enterprise security addenda are finalized in the applicable commercial documents.

Shared responsibility model

Using BlackShield safely requires both platform controls and customer controls.

The platform handles the hosted SaaS control plane, while the customer controls user approvals, scanner scope, connected systems, and remediation decisions. Neither side can fully deliver the intended security outcome on its own.

BlackShield responsibilities

Operate the hosted service, authentication controls, tenant isolation, logging, and managed infrastructure hardening for the SaaS control plane.
Protect managed data stores with encryption, access controls, and platform-level monitoring and incident response workflows.
Maintain the product, core integrations, and trust-review materials that support customer due diligence.

Customer responsibilities

Approve users, manage tenant roles, protect credentials and API keys, and decide which assets, environments, or repositories are in scope for scanning.
Harden customer-owned identities, endpoints, scanners, cloud accounts, and external systems connected to the platform.
Review findings, make remediation decisions, and validate that any operational action is appropriate for the customer's environment and risk tolerance.

Shared outcomes

Incident coordination, compliance evidence exchange, procurement review, and customer offboarding require cooperation from both BlackShield and the customer.
Regional, privacy, and contractual requirements must be raised early enough to be reflected in deployment or contracting decisions.
Availability and security outcomes depend on both the managed platform and the customer's connected systems, policies, and internal operating discipline.

Company scope and service model

These terms govern access to BlackShield as an Irish-operated, multi-tenant SaaS platform built for security and risk teams. The service is offered for business use, not consumer use.

BlackShield is intended for organizations managing authorized security scanning, findings review, remediation tracking, and related operational workflows.
The public website and documentation are informational, but binding commercial scope is defined by the active subscription, order form, or master agreement.
If an enterprise customer negotiates different legal, privacy, security, or support commitments, those negotiated documents control over general website summaries.

Accounts, tenant administration, and access control

Customers control who is invited into their tenant, which privileges are granted, and how internal access approvals are handled.

Each user must use an individual account and approved authentication flow rather than shared credentials.
Tenant admins are responsible for onboarding, offboarding, least-privilege role assignment, and prompt credential rotation when compromise is suspected.
API keys, scanner credentials, and connected-system secrets must be stored and rotated by the customer using appropriate internal controls.

Authorized use and scan authorization

BlackShield supports legitimate security operations. It must not be used to test or scan assets without proper authority.

Customers may only ingest data from scanners, connectors, repositories, accounts, or workloads they own or are explicitly authorized to assess.
Customers must not use the platform to interfere with service integrity, bypass tenant boundaries, exceed intended API usage patterns, or process unlawful content.
The customer remains responsible for deciding scan scope, remediation prioritization, and any operational action taken from findings or recommendations produced by the service.

Service operations, change management, and support

BlackShield is a continuously evolving managed service. Features, integrations, and operational controls may change over time as the platform matures.

Planned maintenance, material operational changes, or feature retirements are communicated through product, support, or contractual channels when appropriate.
Support, legal, privacy, and security requests are routed through contact@chaplau.com or Slack at chaplau.slack.com and triaged based on severity and request type.
The service depends on customer-managed integrations, scanners, identities, and cloud accounts; issues in those external systems may affect outcomes even when the core platform remains available.

Fees, billing, suspension, and termination

Paid access follows the commercial plan selected by the customer and any related invoicing or subscription terms.

Pricing, billing cycle, renewal timing, overage treatment, and invoicing mechanics are defined in the applicable order documents or billing flow.
Non-payment, abusive use, unlawful use, or material breach may result in suspension or termination after the handling process defined by contract or internal policy.
On termination, customer access is revoked and offboarding follows the platform's documented retention, export, and deletion process, subject to legal and contractual obligations.