Terms of Service

1. Scope of Service

PQC Auditor provides an automated post-quantum cryptography audit for regulated businesses (B2B). The Service comprises passive scanning of public domains, analysis, and a report (PDF). The Service is not directed at consumers.

2. No Regulatory Certification

Reports constitute an informational opinion, not a compliance certificate recognised by any regulator. References to DORA, NIS2, GDPR, KNF, BaFin, NIST FIPS 203/204/205 are illustrative and serve as input to your internal compliance review. Final acceptance remains the prerogative of the relevant supervisory authority.

3. Money-Back Guarantee

If the final report contains fewer than three actionable findings rated CRITICAL, HIGH or MEDIUM (excluding INSUFFICIENT_DATA fallbacks), we refund the full fee. Severity classifications follow our published methodology. Disputes regarding classification may be submitted to support@pqcaudit.eu within 14 days of delivery and are subject to independent review.

4. Limitation of Liability

The operator's liability is limited to the amount paid for the specific audit engagement and excludes indirect, consequential, and lost-profit damages. The Customer is solely responsible for: independent legal review, independent technical review of the findings, and operational decisions taken on their basis.

5. Customer Obligations

The Customer warrants that it is authorised to commission scanning of the domains it submits. We scan public DNS names only; no active probing, no payload injection.

6. Governing Law

This agreement is governed by the law of the operator's seat as stated in the Imprint. The full legal document is also available in the LEGAL.md file of the project repository.