Terms of Service

By creating an account, accessing, or using Merlonix (the “Service”), you (“Customer”, “you”) agree to be bound by these Terms of Service (“Terms”). If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms, and “you” includes that organization.

If you do not agree to these Terms, do not use the Service.

Merlonix is a subscription software service that monitors digital infrastructure assets owned or controlled by the Customer. The Service performs automated checks on:

• SSL/TLS certificate expiration and validity
• DNS configuration and drift
• Upstream third-party SaaS vendor status (read from publicly published status pages)

When the Service detects an issue, it sends notifications to addresses Customer designates in the Service settings.

The Service is provided through the website at https://merlonix.com and the application at https://app.merlonix.com.

To use the Service, you must create an account. You agree to:

• Provide accurate and current registration information
• Maintain the security of your password
• Notify us promptly of any unauthorized account access
• Take responsibility for all activity under your account

You must be at least 18 years old and legally able to enter into a binding contract.

4.1 Subscription tiers

The Service is offered in subscription tiers — currently Starter, Team, Agency, and Compliance — which differ by the number of monitored assets, check frequency, and the compliance and reporting features included.

Current pricing, asset limits, check frequencies, and included features for each tier are published at https://merlonix.com/pricing. Pricing and tier limits are subject to change with 30 days’ written notice to active subscribers; the price in effect when you subscribe or renew applies for that billing period.

4.2 Free trial

New accounts receive a 14-day free trial of the tier they select. No payment method is required to start the trial. To continue using the Service after the trial expires, you must add a valid payment method through the Service’s billing interface.

4.3 Billing

All payments are processed by Stripe, Inc. (“Stripe”). Merlonix does not store, process, or transmit payment card data. By providing payment information, you authorize Merlonix and Stripe to charge the recurring subscription fee to your payment method on the recurring billing cycle (monthly).

Subscriptions automatically renew at the end of each billing period unless cancelled before the renewal date.

4.4 Refunds

No refunds are issued after the free trial expires. Cancelled subscriptions remain active until the end of the current billing period; no prorated refunds are issued for the unused portion of a billing period. Annual subscriptions, if offered, follow the same policy.

4.5 Cancellation

You may cancel your subscription at any time through the Service’s billing interface (Stripe Customer Portal). Cancellation takes effect at the end of the current billing period. After cancellation, you retain access until the period ends, then your account becomes inactive and your monitoring data is retained for 30 days before deletion.

4.6 Failed payments

If a payment fails, Merlonix (via Stripe) will retry the charge per Stripe’s standard dunning schedule. After repeated failures, your subscription will be cancelled and your account access suspended.

You agree to use the Service only to monitor digital assets that you own or are authorized by the legal owner to monitor. Specifically, you agree NOT to:

• Add, configure, or attempt to monitor any domain, subdomain, IP address, certificate, DNS record, or vendor endpoint that you do not own or have explicit written authorization to monitor
• Use the Service to perform reconnaissance, vulnerability scanning, or any form of access testing on third-party systems without authorization
• Use the Service in any manner that violates the U.S. Computer Fraud and Abuse Act, the Computer Misuse Act of any other jurisdiction, or any applicable computer security or anti-hacking law
• Resell, sublicense, or repackage the Service to third parties without a written reseller agreement
• Reverse engineer, decompile, or attempt to extract the source code of the Service
• Interfere with, disrupt, or attempt to gain unauthorized access to the Service’s infrastructure, other accounts, or back-end systems
• Use the Service to send unsolicited bulk communications

5.1 Customer asset attestation

When adding any asset to be monitored, you must affirmatively attest that you own or are authorized to monitor it. Merlonix may, at its sole discretion, request documentation of authorization. False attestation is grounds for immediate account termination without refund.

5.2 Enforcement

Merlonix may suspend or terminate accounts found in violation of this section without notice and without refund. Merlonix reserves the right to cooperate with law enforcement and to disclose user information when required by law or in response to valid legal process.

You are responsible for:

• The accuracy of the information you provide, including domain ownership claims
• Maintaining the legal authority to monitor any assets you add to the Service
• Acting on notifications you receive from the Service in a timely manner — Merlonix does not remediate issues, only reports them
• Keeping your contact and notification destinations current
• Compliance with the laws of the jurisdiction in which you operate

The Service is a monitoring tool, not a managed service. Merlonix does not promise that monitoring will catch every possible issue, that notifications will arrive within any specific time window, or that any specific outcome will result from using the Service.

Merlonix’s collection and use of personal data is governed by the Privacy Policy, available at https://merlonix.com/legal/privacy. By using the Service, you agree to the data practices described in the Privacy Policy.

For Customers in the European Economic Area, the United Kingdom, or other jurisdictions with data protection laws comparable to the GDPR, Merlonix acts as a data processor for the limited categories of personal data processed in connection with delivering the Service (email address, billing address, IP logs).

A Data Processing Addendum (DPA) is available on request by emailing [email protected]. The DPA incorporates the EU Standard Contractual Clauses where required for international data transfers.

Merlonix and all related software, documentation, content, and trademarks are owned by the provider and protected by U.S. and international copyright, trademark, and other intellectual property laws.

You are granted a limited, non-exclusive, non-transferable, revocable license to access and use the Service for the duration of your active subscription and only in accordance with these Terms.

You retain ownership of any data you input into the Service (“Customer Data”). You grant Merlonix a limited license to process Customer Data solely for the purpose of providing and improving the Service.

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ACCURACY. MERLONIX DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED.

MERLONIX MAKES NO WARRANTY THAT THE SERVICE WILL DETECT EVERY SSL EXPIRATION, DNS CHANGE, OR VENDOR OUTAGE. CUSTOMERS REMAIN RESPONSIBLE FOR THE OPERATION AND MONITORING OF THEIR OWN INFRASTRUCTURE.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MERLONIX’S TOTAL CUMULATIVE LIABILITY FOR ANY CLAIM ARISING FROM OR RELATED TO THE SERVICE OR THESE TERMS — WHETHER IN CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE — SHALL NOT EXCEED THE TOTAL FEES PAID BY THE CUSTOMER TO MERLONIX IN THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

IN NO EVENT SHALL MERLONIX BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, REVENUE, DATA, BUSINESS, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

This limitation applies to the maximum extent allowed by law. Some jurisdictions do not allow the exclusion or limitation of certain damages; in those jurisdictions, the limitations apply to the maximum extent legally permitted.

You agree to indemnify, defend, and hold harmless Merlonix and the operator, an Illinois sole proprietor doing business as Merlonix, from any claim, demand, loss, or damage (including reasonable attorneys’ fees) arising from (a) your use or misuse of the Service, (b) your violation of these Terms, (c) your violation of any law or third-party right, or (d) any false attestation of ownership or authorization for monitored assets.

13.1 Termination by Customer

You may terminate your subscription at any time through the billing interface. Termination takes effect at the end of the current billing period.

13.2 Termination by Merlonix

Merlonix may suspend or terminate your access at any time, with or without cause, with at least thirty (30) days’ written notice to your account email. Merlonix may terminate immediately and without notice for material breach of these Terms, including but not limited to violations of the Acceptable Use section.

13.3 Effect of termination

Upon termination, your right to use the Service ceases. Customer Data is retained for 30 days after termination, then deleted. Sections that by their nature should survive termination (Intellectual Property, Disclaimer of Warranties, Limitation of Liability, Indemnification, and Governing Law and Jurisdiction) survive.

These Terms are governed by the laws of the State of Illinois, United States, without regard to conflict of laws principles. Any legal action or proceeding arising from these Terms shall be brought exclusively in the state or federal courts located in Cook County, Illinois, and you consent to the personal jurisdiction of those courts.

Merlonix may update these Terms from time to time. Material changes will be announced by email to active subscribers and posted on https://merlonix.com/legal/terms at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Terms. If you do not agree to the updated Terms, you must stop using the Service before the effective date.

• Entire agreement: These Terms, together with the Privacy Policy and any DPA, constitute the entire agreement between you and Merlonix regarding the Service.
• Severability: If any provision is held unenforceable, the remaining provisions remain in full force.
• No waiver: Failure to enforce any provision is not a waiver of that provision.
• Assignment: You may not assign your rights under these Terms without Merlonix’s prior written consent. Merlonix may assign these Terms in connection with a merger, acquisition, or sale of assets.
• Force majeure: Neither party is liable for delays or failures caused by events beyond reasonable control.
• Notices to Merlonix: Send notices to [email protected].
• Notices to you: Sent to your account email address; deemed received when sent.

Provider: the operator, an Illinois sole proprietor doing business as Merlonix.

• General questions: [email protected]
• Privacy questions: [email protected]
• Support: [email protected]