HomeLegalTerms of service

Terms of service

The terms governing use of ScanPosture — eligibility, billing, acceptable use, data handling, liability and termination.

Last updated March 2026

1 · Who we are

ScanPosture™ is a trading name of Lawsons Enterprises Ltd (Company No. 16433965, VAT GB495884223, ICO Registration ZC120359, UK trade mark application UK00004384294), registered in England & Wales.

Contact: contact@scanposture.com

2 · What ScanPosture does

ScanPosture is a cloud-based security scanning service that connects to your Microsoft Azure AD / Entra ID environment via read-only API access and identifies security misconfigurations. We provide findings, severity ratings, compliance mapping and remediation guidance.

ScanPosture does not:

  • Modify, delete or create any data in your Azure AD environment
  • Provision or deprovision user accounts
  • Manage passwords, roles or permissions
  • Automatically fix or remediate any issues without your explicit action

All scanning is read-only. We never modify your environment.

3 · Eligibility

You must be at least 18 years old and have the legal authority to bind your organisation to these terms. By signing up you represent that you have the authority to grant ScanPosture read-only access to your organisation’s Azure AD tenant.

4 · Your account

You are responsible for:

  • Maintaining the security of your account credentials
  • Setting up and maintaining multi-factor authentication (mandatory for all accounts)
  • All activity that occurs under your account
  • Ensuring that only authorised personnel within your organisation access the service

You must notify us immediately at contact@scanposture.com if you become aware of any unauthorised use of your account.

5 · Beta programme

During the beta period the service is provided free of charge for testing purposes. Beta access is at our discretion and may be limited, suspended or terminated at any time. Beta users acknowledge that the service may contain bugs, errors or incomplete features. We welcome feedback but are not obligated to act on it.

6 · Subscription and pricing

Pricing

  • 1–100 users: £3.50 per user per month
  • 101–500 users: £3.00 per user per month
  • 501+ users: £2.50 per user per month
  • Annual billing: 10% discount (equivalent to 2 months free)

User counts are determined by the number of active, enabled member accounts in your Azure AD tenant at each scan. Guest accounts, disabled accounts and service principals are excluded from billing.

Billing

  • Subscriptions are billed monthly or annually in arrears via Stripe
  • User-count updates are applied automatically when the count changes by more than 5%
  • All prices are in GBP and exclusive of VAT (UK VAT at 20% is added where applicable)

Free trial

  • 28-day free trial, no credit card required
  • Full access to all features during the trial period
  • Scans are paused if payment details are not provided at the end of the trial

7 · Payment and non-payment

Failed payments

  • If a payment fails, we will notify you by email and display a banner in your dashboard
  • Stripe will automatically retry the payment
  • After 3 days of failed payment, scanning is paused and your dashboard becomes read-only
  • Your data is retained for 90 days after suspension
  • After 90 days without payment, your data is permanently deleted

Refunds

  • We do not offer refunds for partial months
  • Annual subscriptions receive pro-rated credit if your user count decreases
  • You may cancel at any time, effective at the end of your current billing period

8 · Acceptable use

You agree not to:

  • Scan Azure AD tenants that you do not own or have authorisation to scan
  • Attempt to reverse-engineer, decompile or extract source code from the service
  • Use the service to conduct any illegal activity
  • Abuse API rate limits or attempt to overload the service
  • Share account credentials with unauthorised parties
  • Resell or redistribute access to the service without a written agreement

We reserve the right to suspend or terminate accounts that violate these terms. The full Acceptable Use Policy is at /acceptable-use.

9 · Data and privacy

Your data is handled in accordance with our Privacy Policy and, where applicable, our Data Processing Agreement.

Your data: You own all data within your Azure AD tenant. ScanPosture accesses this data in read-only mode solely to provide the scanning service. Scan results (findings, scores and associated metadata) are stored in our database for as long as your subscription is active.

Our use of your data

  • We use your data only to provide and improve the scanning service
  • We do not sell your data to third parties
  • We may use anonymised, aggregated data (with no identifying information) to improve the product and generate industry benchmarks
  • The complete sub-processor list is published at /sub-processors

Data deletion

  • You can export all your data at any time via the dashboard
  • You can delete your account via Settings, which triggers a 90-day data retention period
  • After 90 days, all findings, scans, user data and Azure AD connection data are permanently deleted
  • Billing records and audit logs are retained for 7 years as required by HMRC

10 · Azure AD connection

By connecting your Azure AD tenant to ScanPosture, you:

  • Consent to granting read-only API access via Microsoft OAuth
  • Acknowledge that an Azure AD administrator must approve the consent
  • Understand that we store an encrypted refresh token to maintain the connection
  • Can revoke access at any time by removing the ScanPosture app from your Azure AD tenant or disconnecting within the ScanPosture dashboard

If your refresh token expires or is revoked, scanning will pause and we will notify you to reconnect.

11 · Service availability

We aim to provide 99.9% uptime but do not guarantee uninterrupted service. The service may be temporarily unavailable due to:

  • Planned maintenance (we will provide advance notice where possible)
  • Microsoft Azure AD / Graph API outages (outside our control)
  • Emergency security patches

We are not liable for any losses arising from service unavailability.

12 · Intellectual property

Our IP: ScanPosture, its code, design, documentation and branding are owned by Lawsons Enterprises Ltd. These terms do not grant you any rights to our intellectual property except the right to use the service as described.

Your IP: You retain all rights to your Azure AD data. We claim no ownership over your data.

13 · Limitation of liability

To the maximum extent permitted by law:

  • The service is provided “as is” without warranties of any kind, whether express or implied
  • We do not warrant that scan results are complete, accurate or error-free
  • We are not liable for any security breaches in your Azure AD environment, whether or not identified by our scans
  • Our total liability to you for any claims arising from the service is limited to the total fees you have paid to us in the 12 months preceding the claim
  • We are not liable for indirect, consequential or incidental damages, including lost revenue, lost data or business interruption

Nothing in these terms excludes or limits liability that cannot be excluded by law, including liability for death or personal injury caused by negligence, or fraud.

14 · Indemnification

You agree to indemnify and hold harmless Lawsons Enterprises Ltd from any claims, damages or expenses arising from:

  • Your use of the service
  • Your breach of these terms
  • Your violation of any applicable law
  • Any unauthorised scanning of Azure AD tenants

15 · Termination

By you: You may cancel your subscription at any time. Cancellation takes effect at the end of your current billing period. Your data is retained for 90 days after cancellation, then permanently deleted.

By us: We may terminate your account immediately if you breach these terms, fail to pay after the grace period, or use the service in a way that poses a risk to other customers or our infrastructure. We will notify you by email.

16 · Changes to these terms

We may update these terms from time to time. We will notify you of material changes by email at least 30 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the updated terms.

17 · Governing law

These terms are governed by the laws of England and Wales. Any disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.

18 · Contact

If you have questions about these terms, contact us at:

  • Email: contact@scanposture.com
  • Company: Lawsons Enterprises Ltd
  • Company No.: 16433965
  • VAT No.: GB495884223
  • ICO Registration: ZC120359