norppa.io

Terms of Service

Last updated: 11 April 2026

These Terms of Service ("Terms") govern your access to and use of the norppa.io platform and services ("Service"). By subscribing to or using the Service, you agree to these Terms on behalf of your organisation ("Customer").

The Service is provided exclusively to businesses and other legal entities. If you are a consumer (an individual acting outside the scope of any trade or profession), you may not use the Service.

1. The Service

norppa.io provides automated external security intelligence and NIS2 supply chain risk monitoring. The Service continuously monitors publicly available and intelligence-source data relating to domains and organisations submitted by the Customer, and delivers findings and compliance reports.

The Service is provided on an "as available" basis. We do not guarantee that the Service will identify every security issue or that all findings are exhaustive. Security intelligence by nature is probabilistic and incomplete — our findings represent a best-effort assessment based on available sources at the time of scanning.

2. Authorisation and Permitted Use

By submitting a domain or organisation for monitoring, the Customer represents and warrants that:

  • The Customer has a legitimate business reason to monitor the submitted entity (e.g. an existing supplier, partner, or the Customer's own organisation).
  • The Customer has obtained any necessary consents or has a legitimate interest under applicable law to request external security intelligence on the submitted entity.
  • The submitted domains and entities are not used for unlawful purposes.

norppa.io performs passive and active reconnaissance on submitted domains using techniques equivalent to standard security assessments (DNS queries, certificate transparency lookups, publicly available breach data, port scanning, and similar methods). The Customer acknowledges this and takes responsibility for ensuring that such assessment is appropriate for the submitted targets.

The Service may not be used to monitor individuals, to facilitate harassment, or for any purpose that violates applicable law. We reserve the right to suspend the Service immediately if we determine that submitted targets are being used in violation of these Terms.

3. Subscriptions and Payment

3.1 Commitment and billing

Continuous monitoring plans require an annual commitment of 12 months. Fees are billed monthly at the monthly rate. No annual prepayment is required. Your commitment period begins on the date your subscription is activated.

3.2 Renewal and cancellation

Subscriptions renew automatically for successive 12-month periods unless cancelled before the renewal date. To prevent renewal, you must cancel via the billing portal or by emailing info@norppa.io at least 30 days before your renewal date. Cancellation ends your obligation at the close of the current commitment period; no refunds are issued for unused months within the current period.

3.3 Price changes

We may adjust pricing at renewal. We will notify you by email at least 60 days before any price change takes effect. Continuing to use the Service after a price change constitutes acceptance.

3.4 One-time assessments

One-time scan orders are non-refundable once scanning has commenced. Delivery timelines (OSINT Scan: 24 hours; Full Scan: 48 hours) are targets and not guaranteed service levels.

3.5 Late payment

Overdue invoices accrue interest at the rate prescribed by the Finnish Interest Act (Korkolaki 633/1982). We may suspend access to the Service if payment is more than 14 days overdue.

4. Confidentiality

Each party agrees to keep the other party's confidential information — including findings, reports, and technical details of the Service — confidential and not to disclose it to third parties without prior written consent. This obligation survives termination for a period of three years. Reports generated by the Service are the Customer's confidential information.

5. Intellectual Property

Reports and findings delivered to the Customer are owned by the Customer. The methodology, software, algorithms, and infrastructure underlying the Service remain the exclusive property of norppa.io. The Customer receives no licence to the underlying technology beyond the right to use the Service during the subscription period.

6. Limitation of Liability

To the maximum extent permitted by Finnish law:

  • norppa.io is not liable for any indirect, consequential, incidental, or special damages arising from use of the Service or reliance on any findings.
  • norppa.io's total aggregate liability for any claim arising under or in connection with these Terms is limited to the fees paid by the Customer in the 12 months preceding the claim.
  • norppa.io makes no warranty that findings are complete, accurate, or free from error. The Customer is solely responsible for decisions taken on the basis of findings.
  • norppa.io is not liable for security incidents that occur at the Customer or its suppliers regardless of whether such incidents could have been detected by the Service.

7. Indemnification

The Customer agrees to indemnify and hold norppa.io harmless from any claims, damages, or costs (including legal fees) arising from: (a) the Customer's submission of targets that the Customer did not have authorisation to monitor; (b) the Customer's violation of these Terms; or (c) the Customer's violation of applicable law.

8. Service Availability and Changes

We aim for high availability but do not commit to a specific uptime SLA on standard plans. Enterprise customers may negotiate SLA terms separately. We reserve the right to modify, suspend, or discontinue any part of the Service with 30 days' notice. In the event of discontinuation, we will provide a pro-rated refund for any prepaid period.

9. Termination

Either party may terminate these Terms immediately if the other party materially breaches these Terms and fails to remedy the breach within 14 days of written notice. norppa.io may also terminate immediately if the Customer violates Section 2 (Authorisation and Permitted Use).

Upon termination, the Customer's access to the Service ceases. Customer data is retained for 90 days post-termination to allow retrieval of reports, after which it is permanently deleted.

10. Governing Law and Disputes

These Terms are governed by the laws of Finland, excluding its conflict-of-law provisions. Any dispute arising from these Terms shall be submitted to the exclusive jurisdiction of the District Court of Helsinki (Helsingin käräjäoikeus) as the court of first instance.

11. Changes to These Terms

We may update these Terms. Material changes will be notified by email at least 30 days before taking effect. Continued use of the Service after the effective date constitutes acceptance. The current version is always available at norppa.io/terms.

12. Contact

Legal notices and formal correspondence: info@norppa.io