Terms of Service

1. Who We Are

Codec8 ("Codec8", "we", "us") is a cybersecurity software-as-a-service company incorporated in Kenya. We operate the Codec8 platform at codec8.africa, including the Security-in-a-Box subscriptions (Protect, Desk), the Verify payment-verification module, Rescue incident escalation, and the free Cyber Insurance Readiness Check (collectively, the "Service").

Our registered contact address and Data Protection Officer contact are set out in Section 16.

2. Acceptance of These Terms

By creating an account, submitting a Readiness Check, initiating a Verify check, or using any part of the Service, you ("User" or "Tenant") agree to be bound by these Terms of Service ("Terms") and our Privacy Policy. If you are accepting on behalf of an organisation, you represent that you have authority to do so.

If you do not agree, do not use the Service.

3. Eligibility

You must be at least 18 years old and legally capable of entering into contracts in your jurisdiction. The Service is designed for business use; by registering you confirm that you are acting in a business capacity.

4. What the Service Provides

Codec8 provides:

• Readiness Check — a free, self-assessed questionnaire that returns a 0–100 Cyber Insurance Readiness Score with identified gaps and a 30-day fix plan. This is informational only and does not constitute a formal security audit or insurance assessment.
• Protect (Basic, Plus, Pro) — subscription tools including weekly scam alerts, monthly Codec8 Score, account safety checklists, device posture check, email domain health scan, and staff mini-training modules.
• Protect (Desk) — all Protect features plus multi-domain monitoring, website change alerts, backup readiness checks, phishing simulations, supplier payment verification, onboarding and offboarding checklists, and monthly management reports.
• Verify — a deterministic payment and invoice verification check. Users submit a paybill, till number, bank account, invoice, or WhatsApp payment request; the Service returns a risk rating of No major red flags found, Caution, High Risk, or Cannot Verify together with an evidence trail. AI commentary is advisory only and never overrides the deterministic verdict.
• Rescue — incident escalation support for hacked accounts, business email compromise (BEC), ransomware, and related cybersecurity incidents.

The Service is a software tool, not a guarantee. Risk ratings and scores are based on available signals and published threat intelligence. They do not guarantee the absence of fraud, and Codec8 accepts no liability for losses arising from reliance on a risk rating alone.

5. Accounts and Tenant Workspaces

Each organisation is a Tenant. Users are invited into a Tenant workspace with a role (Admin or Viewer). You are responsible for all activity that occurs under your account and for maintaining the confidentiality of your credentials. Notify us immediately at security@codec8.africa if you suspect unauthorised access.

We may suspend or terminate accounts that violate these Terms, exhibit abuse patterns, or pose a security risk to other users.

6. Subscriptions and Payment

Paid plans are billed in Kenyan Shillings (KES) unless otherwise stated. Prices are displayed at /pricing and may change with 30 days' notice. Payments are processed by Paystack and Flutterwave (our payment sub-processors). By subscribing, you authorise us to charge your selected payment method on the applicable billing cycle.

Verify checks are available as a per-check fee (KSh 500) or in bundles (10 or 25 checks). Credits expire after 12 months.

Refunds are at our discretion. If the Service is materially unavailable for more than 72 continuous hours in a billing period, you may request a pro-rated credit.

7. Acceptable Use

You must not use the Service to:

• Submit false, misleading, or fraudulent payment details for the purpose of generating favourable risk ratings;
• Reverse-engineer, scrape, or systematically extract data from the Service;
• Probe or test the security of the Service without written authorisation;
• Facilitate financial crime, money laundering, or terrorist financing;
• Violate any applicable law or regulation, including Kenya's Computer Misuse and Cybercrimes Act 2018 and the Data Protection Act 2019.

We may report suspected criminal activity to the Kenya National Computer Incident Response Team Coordination Centre (KE-CIRT/CC) and relevant law-enforcement agencies.

8. Intellectual Property

All software, scoring models, signal registries, brand assets, and documentation are owned by or licensed to Codec8. Nothing in these Terms transfers intellectual-property rights to you. You receive a non-exclusive, non-transferable licence to use the Service during your active subscription.

Data you submit remains yours. You grant us a limited licence to process it solely to provide the Service, as described in our Privacy Policy.

9. Disclaimers

The Service is provided "as is" and "as available". To the fullest extent permitted by law, Codec8 disclaims all warranties, express or implied, including fitness for a particular purpose and non-infringement.

Risk ratings produced by Verify are based on deterministic signals and publicly available data. They are not legal advice, financial advice, or insurance recommendations. Always apply your own judgement before authorising payments.

10. Limitation of Liability

To the maximum extent permitted by applicable law, Codec8's total liability for any claim arising out of or related to the Service shall not exceed the amount you paid us in the three months preceding the claim. We shall not be liable for indirect, incidental, consequential, or punitive damages, including loss of profits or data.

Nothing in this section excludes liability for fraud, death, or personal injury caused by our negligence.

11. Indemnification

You agree to indemnify and hold harmless Codec8 and its related entities from any claims, losses, damages, or expenses (including legal fees) arising from your use of the Service in violation of these Terms or applicable law.

12. Termination

Either party may terminate the agreement at any time. On termination, your access to the Service ceases. We will delete your data within 90 days of termination, except where retention is required by law (see Privacy Policy §6). Unused Verify credits are forfeited on account closure with no refund.

13. Changes to These Terms

We may update these Terms from time to time. We will notify active subscribers by email at least 30 days before material changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised Terms.

14. Governing Law and Disputes

These Terms are governed by the laws of Kenya. Any disputes that cannot be resolved amicably shall be referred to the courts of Kenya. Where applicable, we commit to co-operate with the Office of the Data Protection Commissioner (ODPC) as required by the Kenya Data Protection Act 2019.

15. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions remain in full force. The unenforceable provision will be modified to the minimum extent necessary to make it enforceable.

16. Contact and Data Protection Officer

For questions about these Terms or to exercise your data-subject rights, contact us at:

See also our Privacy Policy for full details on data collection, processing, and your rights under the Kenya Data Protection Act 2019.