Terms of Service

1. Acceptance of Terms

By accessing or using MANTIS (“the Service”), including the web dashboard, CLI tool, or any associated APIs, you agree to be bound by these Terms of Service. If you do not agree to all of these terms, you may not use the Service. These terms apply to all users, including individual security researchers, penetration testers, and enterprise customers.

2. Service Description

MANTIS is a cloud security posture management (CSPM) platform that provides automated scanning, misconfiguration detection, and security reporting for cloud infrastructure across AWS, GCP, Azure, and Kubernetes environments.

The Service includes: the MANTIS CLI tool for local scanning, the cloud dashboard for result visualization, automated PDF report generation, API access for integrations, and managed scanning infrastructure. Features may change over time and are subject to your subscription plan.

3. Account Terms

• You must provide accurate and complete registration information.
• You are responsible for maintaining the security of your account credentials and API keys.
• You must be at least 18 years old and have the legal authority to agree to these terms.
• One person or entity may not maintain more than one free account.
• You are responsible for all activity that occurs under your account.
• You must notify us immediately of any unauthorized access to your account.

4. CLI Tool Usage

The MANTIS CLI tool (mantis) is provided as open-source software under the MIT License. You may use, modify, and distribute the CLI tool subject to those license terms.

When using the CLI tool, you represent and warrant that: (a) you have authorization to scan the target cloud environment; (b) you are either the owner of the cloud account or have been granted explicit permission by the account owner; and (c) your use complies with the terms of service of the underlying cloud provider (AWS, GCP, Azure, etc.). MANTIS is not responsible for any unauthorized scanning activity conducted using our tools.

5. API Usage

API access is subject to rate limits defined by your subscription plan. You may not use the API to: exceed rate limits, reverse engineer the Service, build competing products, or access data belonging to other customers.

API keys are credentials — treat them as passwords. Keys may be rotated at any time. MANTIS reserves the right to revoke API keys that are misused or suspected to be compromised.

6. Cloud Scanning Permissions

MANTIS operates with read-only access to your cloud environment. Our scanners use IAM roles with least-privilege, read-only policies. We do not modify, delete, or create any resources in your cloud accounts.

You grant MANTIS temporary, read-only permission to access your cloud configuration data solely for the purpose of generating security findings and reports. This access is governed by the IAM credentials you provide and can be revoked by you at any time by removing the associated IAM role or access key.

7. Finding Data Ownership

All security findings, scan results, and reports generated from your cloud environment are owned by you. MANTIS claims no intellectual property rights over your scan data.

We may use aggregated, anonymized, non-identifying statistics from scan results (e.g., “X% of AWS accounts have public S3 buckets”) to improve the Service and publish industry research. No customer-identifying information is ever included in such aggregations without explicit consent.

8. Report Confidentiality

Generated security reports contain sensitive information about your infrastructure vulnerabilities. You are responsible for handling these reports appropriately and restricting access to authorized personnel only. MANTIS reports are generated for your internal use. Sharing reports publicly or with unauthorized third parties is at your own risk.

9. Data Handling

We collect and process data as described in our Privacy Policy. By using the Service, you consent to such processing.

Scan results are stored encrypted at rest using AES-256. Data is transmitted over TLS 1.3. You may export or delete your data at any time through the dashboard or by contacting support.

10. Security Responsibilities

You are responsible for the security of your account, API keys, and cloud credentials provided to MANTIS. If you believe your credentials have been compromised, revoke them immediately and notify us at security@mantis.dev.

You agree not to use the Service to: conduct unauthorized security testing against systems you do not own, attempt to gain unauthorized access to MANTIS systems or other customers' data, or circumvent any security measures implemented by the Service.

11. Limitation of Liability

THE SERVICE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, MANTIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED.

IN NO EVENT SHALL MANTIS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OF THE SERVICE. OUR TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM THESE TERMS SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE TWELVE MONTHS PRECEDING THE CLAIM.

12. Termination

Either party may terminate this agreement at any time. You may cancel your subscription through the dashboard. We may suspend or terminate your account for violations of these terms, non-payment, or at our discretion with reasonable notice.

Upon termination, your right to use the Service ceases immediately. Your data will be retained for 30 days after termination to allow for export, after which it will be permanently deleted.

13. Changes to Terms

We may update these Terms at any time. We will notify you of material changes by email or through the dashboard. Continued use of the Service after changes constitutes acceptance of the updated terms. The “Last updated” date at the top of this page reflects the most recent revision.

14. Contact

For questions about these Terms, contact us at hello@mantis.dev. For legal notices, use the same address with “Legal Notice” in the subject line.