SignalBoard — VerityPoint Security

Terms of Service

The contractual terms that govern your subscription to and use of SignalBoard. Read alongside our Privacy Policy & Data Processing Addendum. Both documents together form the Services Agreement.

Effective: 2026-06-10 · Document version 1.0 ·
Contact us

Contents

  1. Plain-English summary
  2. Acceptance of these Terms
  3. Definitions
  4. The Service
  5. Account & authorized users
  6. Fees, billing & auto-renewal
  7. 14-day money-back guarantee & refund policy
  8. Cancellation & termination
  9. Customer data, privacy & confidentiality
  10. Acceptable use
  11. Intellectual property
  12. Third-party services
  13. Service availability & support
  14. Warranty disclaimer
  15. Limitation of liability
  16. Indemnification
  17. Governing law
  18. Binding arbitration & class action waiver
  19. Changes to these Terms
  20. Notices
  21. General provisions
  22. Contact

1. Plain-English summary

SignalBoard is a subscription service that scans your Microsoft 365 environment and produces an executive scorecard. By subscribing, you agree to pay the fees, use the service responsibly, and accept the legal terms below. We agree to deliver the service, protect your data per our Privacy Policy, and operate in good faith.

The fast version of what's in this document:

The numbered sections below are the binding terms. The summary is here for clarity; if it conflicts with the binding text, the binding text controls.

2. Acceptance of these Terms

These Terms of Service ("Terms") form a binding agreement between you, the entity you represent ("Customer", "you"), and JJS Partners, LLC, an Oklahoma limited liability company doing business as VerityPoint Security ("VerityPoint", "we", "us"). Together with the Privacy Policy & Data Processing Addendum ("Privacy Policy"), they constitute the "Services Agreement".

You accept these Terms by (i) clicking a checkbox or button indicating acceptance, (ii) completing a purchase through the SignalBoard checkout page, or (iii) accessing or using the Service. The individual accepting represents that they have authority to bind the Customer organization.

If you do not agree to these Terms, do not subscribe to or use SignalBoard.

3. Definitions

TermMeaning
ServiceThe SignalBoard hosted application, scanning engine, dashboards, reports, APIs, and documentation, as updated from time to time.
SubscriptionA paid plan (annual or monthly) that grants access to the Service for a single Microsoft 365 tenant.
Customer DataData submitted to or generated by the Service in connection with your tenant, including scan outputs, attestations, and uploaded files.
Authorized UserA natural person from your organization who is authenticated through Microsoft Entra ID against your tenant and granted access to the Service per these Terms.
TenantA Microsoft Entra ID directory identified by a tenant UUID. Each Subscription is bound to exactly one Tenant.
FeesThe amounts payable for the Subscription, as displayed at checkout and on subsequent invoices.
Order FormThe Stripe checkout transaction, any custom enterprise quote, or any other document by which you commit to a Subscription.

4. The Service

SignalBoard reads Microsoft 365 configuration data through Microsoft Graph using delegated permissions you authorize, computes posture scores, and presents an executive scorecard. The Service is read-only with respect to your Microsoft 365 environment: it does not modify settings, policies, or configuration; it does not remediate findings automatically; and it does not access email contents, OneDrive contents, SharePoint documents, Teams messages, or any credential material. The complete data-handling scope is described in the Privacy Policy.

4.1 Advisory only

SignalBoard provides advisory scoring, recommendations, and reporting. It is not:

You are responsible for evaluating SignalBoard's outputs in the context of your own risk environment and acting on (or declining to act on) any recommendation. Posture scores and Underwriting Readiness outputs are informational decision-support tools.

4.2 Updates & changes to the Service

We continuously improve SignalBoard. We may add, modify, or remove features at any time. We will not materially reduce the core functionality of the Service for a paid Subscription without notice. If a change materially reduces functionality you rely on, we will give you at least 30 days' notice; if you do not accept the change, you may cancel and receive a pro-rated refund for the unused portion of your paid period.

5. Account & authorized users

5.1 Per-tenant licensing

A Subscription licenses the Service for a single Microsoft 365 Tenant identified by tenant UUID. Any Authorized User from that Tenant may use the Service. You may not use one Subscription to scan or report on tenants other than the one to which it is bound.

5.2 Seat cap

Each Subscription supports up to five (5) distinct Authorized Users who can save scans to cloud storage. Additional users may sign in and run scans but cannot save until a seat is freed by deleting all scans owned by another user. The detailed operational rules are described in section 1 of the Privacy Policy and section 14 of the User Manual. Customers needing more seats may contact us for an enterprise tier.

5.3 Authentication

Access to the Service requires authentication through Microsoft Entra ID. You are responsible for the security of your Entra ID accounts, including enabling multi-factor authentication. We are not liable for access obtained through credentials you fail to protect.

5.4 Admin consent

Certain Service features require tenant-wide admin consent for the SignalBoard application registration. Granting and revoking that consent is solely under the Customer's control. Revoking consent will disable scanning until consent is re-granted.

5.5 Resale & sublicensing

You may not resell, sublicense, rent, or otherwise transfer the Service to a third party without our prior written consent. MSPs and consultancies running scans against client tenants under their own license bundle should contact us about the partner tier.

6. Fees, billing & auto-renewal

6.1 Pricing

PlanPriceBilling cycle
SignalBoard Annual$6,995 USD / yearCharged in advance; renews annually
SignalBoard Monthly$699 USD / monthCharged in advance; renews monthly

Prices are in U.S. dollars and exclude any applicable taxes. Promotional pricing or discounts apply only during the period stated at checkout.

6.2 Payment processor

All Fees are processed by Stripe, Inc., our payment processor. By subscribing you also accept Stripe's terms applicable to the transaction. We do not store full credit card numbers; Stripe handles card data under PCI-DSS.

6.3 Auto-renewal

Subscriptions renew automatically at the end of each billing cycle at the then-current published rate for the plan you are on, charged to the payment method on file. We will email a renewal notice to the billing email at least 7 days before each annual renewal. To stop renewal, cancel through the Customer Portal at any time before the renewal date (see section 8). No advance notice period is required.

6.4 Price changes

We may change subscription prices at renewal. We will notify you of a renewal price change at least 30 days before it takes effect. If you do not accept the new price, you may cancel before the renewal date and your Subscription will end at the close of the current paid period.

6.5 Taxes

Fees are exclusive of sales, use, VAT, GST, or similar taxes. Where we are required to collect such taxes, they will be added to your invoice. Customers exempt from taxation must provide a valid exemption certificate before subscribing.

6.6 Late or failed payment

If a renewal charge fails, we will retry payment up to four times over 14 days. If payment cannot be collected, the Subscription will lapse. Service access ends at the end of the last paid period, and the data retention rules in Privacy Policy section 7 apply (including the 30-day post-lapse grace period before permanent deletion of scan blobs).

7. 14-day money-back guarantee & refund policy

14-day money-back guarantee. If SignalBoard isn't right for you, request a full refund of your first charge within 14 days of that charge and we'll refund it — no questions asked. Email hello@veritypointsecurity.com with the subject "Refund request — 14-day". On refund, your Subscription ends and your tenant's data follows the lapse-deletion timeline.

7.1 The 14-day window

The 14-day guarantee applies only to your first charge for a given Tenant. Subsequent renewal charges, re-subscriptions after a cancellation, additional seats, or upgrades are not eligible for the 14-day refund.

7.2 No refunds after day 14

After the 14-day window closes, all Fees are non-refundable, including:

When you cancel after day 14, you retain access through the end of the period you have already paid for, and your Subscription does not renew. This is standard self-service SaaS practice.

7.3 Exceptions

We may, at our sole discretion, refund a charge outside the 14-day window in cases of (i) duplicate billing, (ii) an extended Service outage materially impacting your use, or (iii) a billing error on our part. These exceptions are discretionary and do not establish a right to a refund in future situations.

7.4 Chargebacks

Please contact us before initiating a credit-card chargeback. Chargebacks initiated without first attempting to resolve the issue with us may be disputed and, if upheld in our favor, may result in immediate Subscription termination and a hold on your tenant's account record.

8. Cancellation & termination

8.1 Cancellation by you

You may cancel your Subscription at any time through the Customer Portal, accessed from the in-app billing menu. No advance notice period is required. Cancellation takes effect at the end of your current paid period; you retain full access until that date and are not charged again.

8.2 Termination by us

We may suspend or terminate your Subscription, with or without notice, if:

8.3 Effect of termination

On termination or lapse, all rights to access and use the Service end. The data retention and deletion rules in Privacy Policy section 7 apply — in particular, the 30-day post-lapse grace window during which you may export your scan history, after which encrypted scan blobs are permanently and irreversibly deleted from Azure Storage. There is no recovery process.

8.4 Survival

The following sections survive termination: 3 (Definitions), 9 (Customer data), 11 (Intellectual property), 13–18 (Service availability through Arbitration), 20 (Notices), and 21 (General provisions), and any provision that by its nature should survive.

9. Customer data, privacy & confidentiality

9.1 Ownership

You retain all right, title, and interest in Customer Data. We acquire no ownership rights in Customer Data. Our rights are limited to what is necessary to provide the Service.

9.2 Privacy & data processing

Our handling of Customer Data is governed by the Privacy Policy & Data Processing Addendum. That document is incorporated into these Terms by reference and is binding on both parties. The Data Processing Addendum (section 13 of the Privacy Policy) governs processing of personal data under the GDPR.

9.3 Confidentiality

Each party may receive non-public information from the other in connection with the Service ("Confidential Information"). Confidential Information includes Customer Data and the non-public technical and business information of either party. Each party will (i) use Confidential Information of the other only to perform under or use the Service, (ii) protect it with at least the same degree of care it uses for its own confidential information of like importance (and not less than a reasonable standard of care), and (iii) not disclose it to third parties except to its personnel and sub-processors who need to know it and are bound by similar obligations. Confidentiality obligations survive termination for three (3) years, except that obligations relating to trade secrets and Customer Data continue for so long as the law affords them protection.

9.4 Aggregate & anonymized data

We may use aggregated, de-identified data derived from the Service (such as anonymized peer benchmarks) for product improvement, benchmarking, and statistical purposes. Such data does not identify any Customer or individual and is not Customer Data once aggregated and de-identified.

10. Acceptable use

You will not, and will not allow any Authorized User or third party to:

We may investigate suspected violations and suspend access during an investigation. Material or repeated violations are grounds for termination under section 8.2.

11. Intellectual property

11.1 Our IP

The Service, including all software, designs, dashboards, scoring methodologies, reports, documentation, trademarks (including "SignalBoard" and "VerityPoint Security"), and related materials, is and remains the property of JJS Partners, LLC or its licensors. Except for the limited rights expressly granted in these Terms, no rights are granted to you.

11.2 Limited license to you

Subject to your compliance with these Terms and payment of Fees, we grant you a non-exclusive, non-transferable, non-sublicensable, revocable license during the Subscription term to access and use the Service for your internal business purposes, including downloading, sharing, and using reports we generate from your Customer Data.

11.3 Feedback

If you provide feedback, ideas, or suggestions about the Service, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use that feedback for any purpose, including improving the Service, without obligation to compensate you. We have no obligation to implement feedback.

11.4 Open source & third-party components

The Service incorporates third-party software, some of which is open source. Such components are licensed under their own terms; nothing in these Terms supersedes those licenses.

12. Third-party services

The Service depends on third-party services including Microsoft Corporation (Azure, Entra ID, Microsoft Graph), Stripe, Inc. (payment processing), and Cloudflare, Inc. (DNS and edge proxy for the marketing site). Your use of those services through the Service is subject to their respective terms. We are not responsible for outages, errors, or changes in third-party services beyond our control. The Privacy Policy section 5 (Sub-processor register) lists each third-party processor and its role.

13. Service availability & support

13.1 Target availability

We strive to make the Service available with high reliability and use commercially reasonable efforts to minimize downtime. However, the Service is provided without a contractually binding uptime commitment (no formal SLA) at the current pricing tier. Customers requiring an SLA should contact us about enterprise terms.

13.2 Planned maintenance

We may take the Service offline for planned maintenance. We will give reasonable advance notice for maintenance expected to exceed 30 minutes during U.S. business hours.

13.3 Support

Standard support is provided by email at hello@veritypointsecurity.com. We target a first response within two (2) U.S. business days. Security and breach inquiries to security@veritypointsecurity.com are triaged within one (1) business day.

14. Warranty disclaimer

Please read this section carefully. It limits the promises we make about the Service.

The Service is provided "AS IS" and "AS AVAILABLE". To the maximum extent permitted by law, we disclaim all warranties, express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, and uninterrupted or error-free operation.

Without limiting the foregoing, we do not warrant that:

Some jurisdictions do not allow the exclusion of certain warranties; in those jurisdictions, the foregoing exclusions apply only to the extent permitted by law.

15. Limitation of liability

Please read this section carefully. It caps our liability and excludes certain damages.

15.1 Excluded damages

To the maximum extent permitted by law, in no event will either party be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages, including lost profits, lost revenue, lost data, business interruption, loss of goodwill, or cost of substitute services, arising out of or relating to the Services Agreement, even if advised of the possibility of such damages.

15.2 Liability cap

Our aggregate liability to you under or in connection with the Services Agreement, regardless of the form of action (contract, tort, statute, or otherwise), will not exceed ten thousand U.S. dollars ($10,000). This cap is a flat dollar cap, not a fees-paid cap, and applies in aggregate across all claims arising under the Services Agreement.

15.3 Carve-outs

The exclusions and cap in this section do not apply to: (i) your obligation to pay Fees, (ii) either party's indemnification obligations under section 16, (iii) either party's breach of confidentiality, (iv) infringement or misappropriation by either party of the other's intellectual property, or (v) liability that cannot be excluded or limited under applicable law (such as for fraud, willful misconduct, or, where applicable, gross negligence).

15.4 Basis of the bargain

The parties agree that the warranty disclaimers and liability limitations in these Terms are an essential basis of the bargain and reflect an allocation of risk between the parties, including in the pricing of the Service. The limitations apply even if a limited remedy fails of its essential purpose.

16. Indemnification

16.1 By Customer

You will defend, indemnify, and hold harmless JJS Partners, LLC and its officers, directors, employees, and agents from and against any third-party claim, demand, action, or proceeding, and any related losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of: (i) your or any Authorized User's breach of these Terms, including the Acceptable Use section; (ii) your use of the Service in violation of applicable law; or (iii) your scanning of a Microsoft 365 tenant without authorization.

16.2 By VerityPoint

We will defend, indemnify, and hold you harmless from and against any third-party claim alleging that the Service, as provided by us and used by you in accordance with these Terms, infringes a U.S. patent, copyright, or registered trademark, and any related losses, damages, and expenses (including reasonable attorneys' fees) finally awarded by a court of competent jurisdiction or agreed in a settlement we approve. The foregoing does not apply to claims arising from: (i) Customer Data; (ii) use of the Service in combination with software, data, or services not provided by us where the claim would not have arisen but for the combination; (iii) modifications to the Service not made by us; or (iv) use of the Service after we have notified you to stop using it for infringement reasons.

16.3 Procedure

The indemnifying party's obligations are conditioned on the indemnified party (i) giving prompt written notice of the claim, (ii) tendering sole control of the defense and settlement, and (iii) providing reasonable cooperation. The indemnified party may participate in the defense with its own counsel at its own expense.

17. Governing law

These Terms and any dispute arising from or relating to them are governed by the laws of the State of Oklahoma, United States, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

18. Binding arbitration & class action waiver

Please read this section carefully. It affects how disputes between you and us are resolved. By accepting these Terms, you waive the right to a trial by jury and the right to participate in a class action.

18.1 Informal resolution first

Before initiating arbitration, the parties will attempt to resolve any dispute informally. Either party must send written notice describing the dispute and the relief sought to the other (to hello@veritypointsecurity.com for us). The parties will negotiate in good faith for at least 30 days after the notice is received. If the dispute is not resolved within that period, either party may initiate arbitration.

18.2 Binding arbitration

Except as provided in 18.4, any dispute, claim, or controversy arising out of or relating to the Services Agreement or its breach, termination, enforcement, interpretation, or validity, including the determination of the scope or applicability of this agreement to arbitrate, will be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules (or, if both parties are consumers under applicable law and the AAA Consumer Rules apply, those Rules). The arbitration will be conducted by one (1) arbitrator. The seat and legal place of the arbitration is Oklahoma City, Oklahoma, United States. The arbitration will be conducted in English. The arbitrator's award is final and binding and may be entered as a judgment in any court of competent jurisdiction.

18.3 Class action & jury waiver

You and we each waive any right to a jury trial. Both parties agree to bring claims against the other only in an individual capacity and not as a plaintiff or class member in any purported class, collective, consolidated, representative, or private attorney-general action. The arbitrator may not consolidate more than one party's claims and may not preside over any form of representative or class proceeding. If this class-action waiver is found unenforceable, then the entirety of this Arbitration section is null and void as to the affected claim, and the claim will proceed in court under section 17.

18.4 Exceptions

Notwithstanding the foregoing, either party may bring an action in a court of competent jurisdiction for (i) injunctive or other equitable relief to protect intellectual property, confidentiality, or trade-secret rights pending arbitration, (ii) collection of undisputed Fees, and (iii) small-claims court actions within the court's jurisdictional limits.

18.5 Costs & fees

Each party bears its own costs and attorneys' fees in arbitration, except that AAA filing and arbitrator compensation are allocated under AAA rules. The arbitrator may award attorneys' fees and costs to the prevailing party where authorized by applicable law or by the Services Agreement.

18.6 Opt-out

You may opt out of this Arbitration section within 30 days of first accepting these Terms by emailing hello@veritypointsecurity.com with the subject "Arbitration opt-out" and including your name, organization, tenant identifier, and a clear statement that you opt out. Opting out does not change any other part of these Terms.

19. Changes to these Terms

We may update these Terms from time to time. The "Effective" date at the top of this page reflects the most recent change. Material changes (changes that adversely affect your rights or obligations) will be announced to active customers by email to the billing address at least 30 days before they take effect. Continued use of the Service after a change takes effect constitutes acceptance of the updated Terms. If you do not accept a material change, your sole remedy is to cancel under section 8.1; we will refund the pro-rata unused portion of any pre-paid period that follows the effective date of the rejected change.

20. Notices

Notices to us under these Terms must be sent to hello@veritypointsecurity.com with a subject line clearly identifying the matter. Legal process must additionally be served on the registered agent of JJS Partners, LLC in the State of Oklahoma. Notices to you will be sent to the billing email associated with your Subscription and are effective when sent. You are responsible for keeping your billing email up to date.

21. General provisions

21.1 Entire agreement

These Terms, together with the Privacy Policy and any Order Form, constitute the entire agreement between the parties regarding the Service and supersede all prior agreements, proposals, and communications, whether oral or written. Pre-printed terms on a customer purchase order or vendor management form are rejected and have no effect unless we sign a separate agreement expressly incorporating them.

21.2 Order of precedence

In the event of conflict, the order of precedence is: (i) a signed enterprise order form or master agreement between the parties, (ii) the Data Processing Addendum, (iii) these Terms, (iv) the Privacy Policy, (v) the in-app documentation. Where required by GDPR Article 28, the Data Processing Addendum prevails for processing of personal data.

21.3 Assignment

You may not assign or transfer the Services Agreement, in whole or in part, without our prior written consent, except to a successor in connection with a merger, acquisition, or sale of substantially all your assets. We may assign the Services Agreement at any time, including to an affiliate or in connection with a merger, acquisition, or sale of substantially all our assets relating to the Service. Any assignment in violation of this section is void.

21.4 No waiver

Failure to enforce a provision of these Terms is not a waiver of the right to enforce it later.

21.5 Severability

If a provision of these Terms is held unenforceable, the remaining provisions remain in effect, and the unenforceable provision will be modified to the minimum extent necessary to make it enforceable.

21.6 No third-party beneficiaries

There are no third-party beneficiaries of these Terms.

21.7 Independent contractors

The parties are independent contractors. These Terms do not create a partnership, joint venture, agency, employment, or fiduciary relationship.

21.8 Force majeure

Neither party is liable for delay or failure to perform (other than payment obligations) caused by events beyond its reasonable control, including acts of God, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, pandemics, strikes, or shortages of transportation, facilities, fuel, energy, labor, or materials. The affected party will use reasonable efforts to resume performance.

21.9 Government end users

If you are a U.S. government end user, the Service is "Commercial Computer Software" and "Commercial Computer Software Documentation" as those terms are used in FAR 12.212 and DFARS 227.7202. Government end users acquire only those rights granted to non-government customers under these Terms.

21.10 Export

You will comply with all applicable U.S. and foreign export-control and economic-sanctions laws when using the Service.

21.11 Construction

Headings are for convenience only and do not affect interpretation. "Including" means "including without limitation." Words in the singular include the plural and vice versa.

22. Contact

TopicEmail
General questions about these Termshello@veritypointsecurity.com
Refund requests (14-day window)hello@veritypointsecurity.com (subject: "Refund request — 14-day")
Billing & subscription issueshello@veritypointsecurity.com
Privacy / data protectionprivacy@veritypointsecurity.com
Security inquiries / vulnerability reportssecurity@veritypointsecurity.com
Notice of dispute / arbitration opt-outhello@veritypointsecurity.com
Abuseabuse@veritypointsecurity.com

Legal entity: JJS Partners, LLC, an Oklahoma limited liability company, doing business as VerityPoint Security. Marketing site: veritypointsecurity.com.