Terms and Conditions

Last Updated: October 2025

1. Agreement to Terms

By accessing or using XposedOrNot (including this website, our API, mobile applications, or any related services), you enter into a binding agreement and accept these terms in full. If you disagree with any part of these terms, you must discontinue use of our service immediately.

We reserve the right to modify these terms periodically to reflect changes in our services, legal requirements, or operational practices. When we make significant changes that materially affect your rights or obligations, we'll post a prominent notice on the website at least 14 days before the changes take effect. Your continued use of our service after such changes become effective constitutes your acceptance of the modified terms.

2. What We Provide

XposedOrNot is a comprehensive data breach monitoring and alerting service designed to help individuals and organizations stay informed about data security incidents. Our service includes:

• Email breach lookups that allow you to check if your email address has appeared in any known data breaches in our database
• Continuous monitoring for new breaches affecting your email address or your organization's verified and validated domains
• Automated alerts delivered via email when your information appears in newly discovered or reported breaches, enabling you to take timely protective action
• Comprehensive breach information including affected data types, breach dates, and security insights to help you understand the scope and impact
• API access for programmatic integration, allowing developers and organizations to incorporate breach data into their own security workflows and applications
• Domain monitoring tools for organizations to track breach exposure across their entire email infrastructure

We offer both free community tools accessible to everyone and premium features with enhanced capabilities. The availability of specific features depends on your service level, with premium subscriptions providing additional functionality, higher rate limits, and priority support.

3. Your Account and Responsibilities

Certain features of our service, including email alerts, domain monitoring, and premium tools, require you to create an account. When you register and use an account, you accept the following responsibilities:

• Provide accurate, current, and complete information during the registration process, and maintain the accuracy of this information throughout your use of the service. This includes keeping your contact email address up to date.
• Maintain the security and confidentiality of your account credentials, particularly API keys if you use our API services. Treat these credentials as sensitive and never share them publicly or embed them in client-side code.
• Refrain from sharing your account access with others or allowing unauthorized use of your account. Each account is intended for use by a single individual or organization as specified during registration.
• Accept full responsibility for all activities that occur under your account, whether or not you personally authorized such activities. You are accountable for any actions taken using your credentials.
• Notify us immediately at deva[@]xposedornot.com if you suspect any unauthorized access to your account, discover your API keys have been exposed, or become aware of any security breach related to your account.

4. Acceptable Use

To maintain a safe, fair, and legal service for all users, you agree NOT to engage in the following activities:

• Use the service for any illegal purpose, to facilitate unlawful activities, or to cause harm to others. This includes using breach data for harassment, extortion, or unauthorized access to accounts.
• Attempt to access data you're not authorized to view, including trying to bypass access controls, authentication mechanisms, or privacy protections.
• Scrape, harvest, or collect breach data in bulk without explicit written permission. Automated bulk collection violates our terms and places undue strain on our infrastructure.
• Intentionally overload our systems, attempt denial-of-service attacks, or engage in any activity designed to disrupt service availability for other users.
• Resell, redistribute, or sublicense our breach data without explicit written authorization. Commercial use of our data requires a proper licensing agreement.
• Use automated tools, scripts, or bots to abuse our free tier services or circumvent rate limits, API restrictions, or usage quotas.
• Impersonate other users, organizations, or XposedOrNot staff, or misrepresent your affiliation with any entity.
• Upload malware, viruses, malicious code, or any content designed to compromise the security of our service or other users.
• Engage in activity that violates the privacy rights of individuals whose information appears in breach data, including using the data for unsolicited marketing or spam.

We reserve the right to suspend or terminate accounts that violate these rules, and we may report serious violations to law enforcement authorities when appropriate. While our codebase is open source and available for review, our infrastructure, data, and services remain subject to these acceptable use restrictions.

5. API Usage

Our API provides programmatic access to breach data for developers and organizations. If you use our API, you must comply with these additional requirements:

• Strictly adhere to the rate limits specified in our API documentation. These limits are in place to ensure fair access and system stability for all users
• Do not attempt to circumvent usage restrictions, rate limits, or access controls through technical means such as using multiple API keys, rotating IP addresses, or any other method
• Provide clear attribution to XposedOrNot when displaying our breach data in your applications, websites, or services. This helps users understand the source of the information
• Understand that we may modify API endpoints, adjust rate limits, or change available features with reasonable advance notice to maintain service quality and security
• Be aware that certain premium API features with higher rate limits or additional functionality may require a paid subscription

6. Intellectual Property

XposedOrNot is an open-source project, and we actively encourage community participation and contributions. However, certain intellectual property rights are retained:

• Our source code is publicly available on GitHub and is licensed under the terms specified in the repository. You are free to review, modify, and contribute to the code in accordance with that license.
• The XposedOrNot name, logo, branding elements, and visual design are our intellectual property and may not be used without permission to create competing services or in ways that could cause confusion about affiliation or endorsement.
• Breach data in our database comes from various public sources and is aggregated for the public benefit. While the underlying breach data is not our creation, our database compilation, organization, and presentation represent substantial effort and investment.
• You may not claim ownership of our service, rebrand it as your own, or create substantially similar services using our brand identity in a manner that causes marketplace confusion.
• As an open-source project, we welcome forks and derivative works of our code, provided they comply with our software license and do not misuse our trademarks or brand identity.

7. Privacy and Data

Your privacy is fundamental to our service. We believe in complete transparency about how we handle your personal information and have designed our systems with privacy as a core principle:

• We collect only the minimum data absolutely necessary to provide our service effectively. We do not collect extraneous information or data that doesn't serve a direct purpose for the functionality you're using.
• We never sell your personal information to third parties, data brokers, or advertisers. Your privacy is not for sale, and your data will not become a revenue stream.
• Search queries are processed in memory and are not stored in any identifiable form that could be linked back to you. We do not maintain logs of what email addresses you search for.
• Email alert subscriptions require us to store your email address so we can send you notifications. You maintain full control and can unsubscribe at any time through the link in every alert email or through your account settings.
• For domain monitoring features, organizations that verify domain ownership receive breach information for email addresses within those domains. This is done with proper authorization and serves the legitimate security interests of the organization.
• Read our comprehensive Privacy Policy and Transparency Report for complete details on our data collection practices, security measures, and legal compliance.

8. Accuracy and Limitations

• We can only report on data breaches that have been publicly disclosed or that we have received through our sources. Many breaches remain unreported, undiscovered, or are kept confidential under legal agreements. The absence of a result does not mean your data has never been compromised.
• Breach data may be incomplete, outdated, or contain inaccuracies inherited from the original source. We aggregate data from various sources, and we cannot guarantee the completeness or accuracy of every data point.
• While we verify major breaches, we do not have the resources to independently verify every single data breach reported in our system. We rely substantially on the security research community and public disclosures.
• A search result showing no breaches does not guarantee that your information has never been compromised. It only indicates that we have no record of breaches affecting the searched identifier in our current database.
• Our service is designed to be one tool in your overall security strategy, not a complete security solution. You should employ multiple security measures including using strong, unique passwords for each account, enabling two-factor authentication wherever available, and using a reputable password manager to securely store your credentials.

9. No Warranties

Our service is provided on an "as is" and "as available" basis without warranties of any kind, whether express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. Specifically, we do not guarantee:

• That the service will be available at all times, be uninterrupted, or operate without errors. Maintenance, technical issues, or circumstances beyond our control may cause temporary disruptions.
• That all data breaches affecting your information will be detected, reported, or included in our database. Our coverage depends on public disclosure and source availability.
• That the information provided is 100% accurate, complete, current, or free from errors. Data quality depends on our sources and the inherent challenges of breach data aggregation.
• That using our service will prevent future security incidents, identity theft, or unauthorized access to your accounts. Our service is informational and does not provide active protection.

While we strive to provide a reliable and useful service, technology has inherent limitations and unexpected issues can occur despite our best efforts.

10. Limitation of Liability

To the maximum extent permitted by applicable law, our liability is limited as follows:

• We are not liable for any indirect, incidental, consequential, special, or punitive damages arising from your use of the service, including but not limited to loss of profits, data, business opportunities, or reputation.
• We are not responsible for damages resulting from service outages, interruptions, data inaccuracies, incomplete breach coverage, or unauthorized access to accounts that results from your failure to maintain security.
• We are not liable for actions you take or fail to take based on information obtained through our service. You are solely responsible for how you respond to breach notifications and security information.
• These limitations apply regardless of the legal theory on which your claim is based, whether contract, tort, negligence, strict liability, or otherwise.

These limitations do not affect any mandatory consumer rights you may have under applicable law that cannot be contractually waived or limited. Some jurisdictions do not allow certain liability exclusions, so some of these limitations may not apply to you.

11. Premium Services and Payments

We offer premium features and subscriptions that provide enhanced functionality, higher rate limits, and additional tools. The following terms apply to all paid services:

• All pricing information is displayed transparently before purchase, including any applicable taxes or fees. You will always know the exact cost before completing a transaction.
• Subscriptions automatically renew at the end of each billing period (monthly, annually, etc.) using your payment method on file, unless you cancel before the renewal date.
• You may cancel your subscription at any time through your account settings. Cancellation takes effect at the end of the current billing period, and you will retain access to premium features until that time.
• Refund requests are evaluated on a case-by-case basis. While we aim to be fair and reasonable, refunds are not guaranteed and depend on factors such as usage and the reason for the request.
• We reserve the right to modify pricing for our services. Existing subscribers will receive at least 30 days advance notice before any price changes take effect, and you may cancel before the new pricing applies.
• Failed or declined payments may result in immediate suspension of premium features. You will be notified of payment issues and given an opportunity to update your payment information.

12. Service Availability

While we strive to maintain reliable and consistent service availability, there are important limitations to understand:

• We may perform scheduled or emergency maintenance that temporarily affects service availability. Where possible, we will provide advance notice of planned maintenance windows.
• We are not responsible for service downtime, degraded performance, or interruptions caused by factors beyond our reasonable control, including but not limited to internet outages, cloud provider issues, DDoS attacks, or force majeure events.
• You can monitor current service status and view historical uptime data on our Status Page, which provides real-time information about system health and ongoing incidents.
• We reserve the right to temporarily suspend service to specific users who violate these terms, exhibit abusive usage patterns, or pose a security risk to our infrastructure or other users.
• While we work to maintain high availability, we do not guarantee any specific uptime percentage or service level agreement (SLA) for free tier users. Premium subscribers may have specific SLA terms outlined in their subscription agreement.

13. Termination

You have the right to stop using our service at any time, for any reason, without penalty:

• You may close your account permanently through your account settings. Account closure deletes your profile information, though anonymized usage data may be retained for statistical purposes.
• You can unsubscribe from email alerts at any time using the unsubscribe link included in every alert email, or by adjusting your preferences in your account settings.

We also reserve certain rights regarding service termination and account management:

• We may suspend or terminate accounts that violate these terms, engage in abusive behavior, or pose a security risk to our service or other users. Where possible, we will provide notice and an opportunity to remedy the violation.
• We reserve the right to discontinue the service entirely, in whole or in part, with reasonable advance notice to give users time to export their data or make alternative arrangements.

14. Third-Party Services

Our service may contain links to, integrate with, or reference third-party websites, services, or resources. Your interactions with these third parties are governed by separate terms:

• We are not responsible for the content, accuracy, availability, privacy practices, or policies of third-party services. We do not endorse or make any representations about third-party services merely by linking to them.
• Third-party services operate under their own independent terms of service and privacy policies. You should review these documents before using any third-party service.
• Any data you share with third-party services is governed by their privacy policies, not ours. We cannot control how third parties handle your information.
• You use third-party services at your own risk. We are not liable for any damage or loss caused by your interactions with third-party services accessed through or in connection with our platform.
• If you choose to integrate our service with third-party applications or tools, you are responsible for ensuring such integrations comply with both our terms and the third party's terms.

15. Community Contributions

As an open-source project, we actively welcome and encourage community contributions. If you choose to contribute to XposedOrNot, the following terms apply:

• You retain ownership and copyright of your original contributions. We do not claim ownership of code, documentation, or other materials you submit.
• By contributing, you grant XposedOrNot and its users a perpetual, worldwide, non-exclusive, royalty-free license to use, modify, distribute, and incorporate your contribution into the project under the project's open-source license.
• You represent that you have the legal right to grant this license and that your contribution does not infringe on the intellectual property rights of others or violate any applicable laws.
• Contributors should follow our contribution guidelines available on GitHub, including code style conventions, documentation requirements, and the pull request process.
• We reserve the right to accept or reject contributions at our discretion based on factors including code quality, alignment with project goals, security considerations, and maintenance burden.
• Contributors may be publicly credited for their work in release notes, documentation, or project acknowledgments, though such attribution is not guaranteed for all contributions.

16. Dispute Resolution

We believe most disputes can be resolved through open communication. If you have concerns about our service, we encourage the following process:

• Contact us first at deva[@]xposedornot.com with a clear description of your issue. We respond to good-faith inquiries and complaints promptly.
• We will work with you in good faith to understand your concerns and reach a fair resolution. Our goal is to address issues constructively rather than through adversarial processes.
• Most problems can be resolved through friendly, professional communication. We value our community and want to maintain positive relationships with our users.
• If we cannot resolve a dispute through direct communication, you may have legal recourse depending on your jurisdiction. These terms do not waive any rights you have under applicable consumer protection laws.

17. General Terms

The following general provisions govern these terms and your use of the service:

• Severability: If any provision of these terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision will be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, it will be severed. The remaining provisions will continue in full force and effect.
• No Partnership: These terms do not create any partnership, joint venture, employment, or agency relationship between you and XposedOrNot. You have no authority to bind us or make commitments on our behalf.
• Assignment: We may assign or transfer these terms and our rights and obligations to another entity in connection with a merger, acquisition, corporate reorganization, or sale of assets. You may not assign these terms without our prior written consent.
• Waiver: Our failure to enforce any provision of these terms does not constitute a waiver of that provision or our right to enforce it in the future. Waivers must be in writing to be effective.
• Entire Agreement: These terms, along with our Privacy Policy and any other referenced policies, constitute the entire agreement between you and XposedOrNot regarding the service and supersede all prior agreements or understandings.
• Headings: Section headings are provided for convenience only and do not affect the interpretation or meaning of these terms.

18. Contact Us

Questions about these terms? Reach out to us:

• Email: deva[@]xposedornot.com
• GitHub: github.com/XposedOrNot
• Twitter: @XposedOrNot