wiredepth
Run a check

Legal

Terms of Service

Last updated: 2026-05-11

These terms are the agreement between you ("you", "customer") and Wiredepth ("we", "us") when you use wiredepth.com. By signing in or using the service, you agree to them. They are short on purpose.

What Wiredepth does

Wiredepth runs non-invasive external posture checks against domains you point us at - TLS configuration, DNS health, email authentication (DMARC / SPF / DKIM / BIMI / MTA-STS), security headers, blacklist status, certificate transparency log enumeration. We surface findings, optionally on a schedule, and optionally fire alerts to destinations you configure.

Your account

  • You are responsible for what happens under your account. Keep your inbox secure - email access is the security boundary for passwordless sign-in.
  • One account per person or per company-controlled mailbox. You can monitor as many domains as your plan's quota allows.
  • You can delete your account any time by emailing [email protected] from the address on the account.

Acceptable use

You agree not to:

  • Use Wiredepth to scan hosts you do not own or have explicit authorization to assess. The custom-port and subdomain-drift checks are powerful; do not point them at someone else's infrastructure.
  • Use Wiredepth to enumerate, harass, harm, or interfere with the operation of any system. Repeatedly hammering the same target host through monitored-domain quotas is abuse.
  • Use Wiredepth to evade or bypass bot detection, web application firewalls, or rate limits on third-party services.
  • Resell or sublicense access to Wiredepth outside of an MSP-tier white-label arrangement (which is what the MSP plan is for).
  • Reverse-engineer the service to compete with us. Standard SaaS stuff - we are a small team and we want to be reasonable, but we have to write this down.

Violations can result in immediate account suspension and a refund of any unused subscription period.

Plans, billing, refunds

Plain summary of what you pay and how to stop paying. The full billing-and-refund policy is at /refund-policy.

  • Free tier covers the public on-demand tools (no signup required) and a signed-in free tier with 1 monitored domain on a daily scan cadence. Heavy composite tools (unified domain check, subdomain inventory, deliverability score, vendor batch) have generous daily caps; individual checks (TLS, DMARC, DNS, headers, etc.) are unlimited.
  • Paid plans (Starter $30/mo, Pro $79/mo, Power User $349/mo, MSP $699/mo, Enterprise from $3,995/mo) renew on a monthly or annual cycle, processed via Stripe. Annual is billed once in advance.
  • Cancel any time via the customer portal linked from /account/billing. Cancellation takes effect at the end of the current billing period; we do not pro-rate refunds for unused time unless your local consumer protection law requires it.
  • Accidental signup refunds. Email [email protected] within 7 days of signup with the charge reference and we will refund any disputed charge in full. After 7 days, normal cancellation rules apply.
  • Plan limits (domain count, AI playbooks per month) are enforced - exceeding them either fails the action or prompts an upgrade. We do not silently overcharge.
  • Pricing changes are sent by email at least 30 days before a renewal. If you do not accept the new price, you can cancel before the renewal date with no fee.

Service availability

Wiredepth is provided on a best-effort basis. The free tier has no SLA. Pro and MSP have a target of 99.5% monthly uptime, measured by an external uptime monitor. If we miss that materially in a calendar month, we will credit affected accounts a prorated amount of the failed period on request - email us. Enterprise customers get a per-contract SLA.

We may briefly take the service offline for maintenance, usually announced in advance. Background scheduler delays during maintenance do not count against the SLA.

External services we depend on

Wiredepth's checks consult public sources (mail-reputation blocklists, public certificate-transparency log aggregators, RDAP, DNS-over-HTTPS, public CVE feeds) plus a small number of named infrastructure providers (Stripe for billing, Resend for transactional email, AWS for hosting, the named Time Stamping Authority used for audit-chain anchoring). If those are down or rate-limit us, your scans may fail or return partial data. We work around this with multi-source fallbacks where we can. Named sub-processors are listed at /subprocessors.

Audit log integrity (Wiredepth Prove)

Wiredepth Prove customers receive a cryptographically-chained audit log (sha256 Merkle chain), with daily anchor heads submitted to a public Time Stamping Authority under RFC 3161 for third-party non-repudiation. The chain canonicalisation rules, the public anchor endpoint, and the open-source verifier are documented at /docs/verify. Wiredepth does not warrant that any third-party Time Stamping Authority will remain available indefinitely; if a chosen TSA is unreachable at anchor-publish time, the anchor still publishes and the TSA token re-attempts on subsequent runs.

Your data, our outputs

  • You retain ownership of any data you submit to Wiredepth - domain lists, monitored configurations, alert endpoint URLs, email headers you paste into the forensics tool.
  • The reports, scores, grades, and PDFs we generate are provided to you for your use. You can share them however you want.
  • We may use de-identified aggregate signals from the checks (e.g. "X percent of monitored domains have DMARC at p=reject") for product analytics and possibly published industry reports. We will not include identifying information about you, your customers, or your domains in anything we publish.

AI features

The AI-assisted remediation feature sends your scan output to a third-party AI provider for analysis. The provider may retain the prompt and response for a limited period for abuse detection; we do not allow them to use your data for training. If you do not want a specific scan to leave our servers, do not click "Generate AI remediation plan" for that scan.

AI-generated content is best-effort. Always verify before deploying any DNS or security change.

Extension & AI verdicts are advisory, not authoritative

The Wiredepth browser extension, Outlook desktop add-in, free web tools, and AI-generated verdicts ("Is this real?") provide signals and decision support, not a final authority on whether a given email, URL, or domain is safe. The signals are derived from third-party threat- intelligence feeds, DNS / authentication records, and language- model interpretation - each of which can be stale, incomplete, or wrong.

Specifically and without limitation:

  • A pill rendered as CLEAR means we found no adverse signal for the host or URL at the moment of the check. It does not warrant that the message, link, attachment, or sender is safe. Threats appear in real time and the feeds we query may lag minutes-to-days behind.
  • A pill rendered as HIT means at least one third-party feed has flagged the host. We surface that finding; we do not adjudicate it. Legitimate hosts are occasionally false-positive-listed on these feeds.
  • The AI verdict ("Likely real" / "Suspicious" / "Phishing" etc.) is generated by a large language model interpreting the visible content of one email. It is a second opinion, not a determination.
  • Wiredepth does not click body links, open attachments, or inspect message payloads beyond what is documented in our privacy policy. A link that looks safe statically can lead to malware dynamically.

You retain full responsibility for the security decisions you make about the email you read, including whether to click links, open attachments, reply, forward, share credentials, or take any other action. Wiredepth is not liable for harm resulting from a security decision made in reliance on a Wiredepth signal, including but not limited to malware infection, credential compromise, phishing-induced financial loss, or business- email-compromise events, regardless of whether a Wiredepth pill or verdict indicated the message was safe at the time.

This is consistent with how every other security tool operates: the tool surfaces signals, the human makes the call. We document this explicitly so there is no ambiguity in our reliance disclaimer.

Limitation of liability

Standard limitation: in no event will Wiredepth be liable to you for indirect, incidental, consequential, or punitive damages, including but not limited to loss of profits, loss of data, business interruption, or any security incident resulting from a third party's action against you (malware, phishing, credential theft, business email compromise, etc.). Total liability for any claim related to the service is capped at the amount you paid us in the 12 months before the claim, or CAD $100, whichever is greater.

Wiredepth is a posture-monitoring tool, not an accreditation body. The compliance-evidence PDFs we generate are not a substitute for an audit by a licensed assessor. Do not represent them as such to your customers or auditors.

The service is provided "as is" and "as available". We disclaim all warranties, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non- infringement, accuracy of threat-intelligence data, and timeliness of upstream feed updates. We do not warrant that the service will be uninterrupted, error-free, or that it will detect every malicious email, link, or domain you encounter.

Termination

  • You can cancel any time, for any reason.
  • We can terminate or suspend your access for material violation of these terms. We will tell you why if we do.
  • On termination we keep your data for 30 days in case of accidental cancellation, then delete it.

Governing law

These terms are governed by the laws of the Province of Ontario, Canada, without regard to conflict-of-laws rules. Disputes will be resolved in the courts of that province.

Changes

If we change these terms in a way that materially affects your rights, we will email signed-in users at least 14 days before the change takes effect. The current version is always at wiredepth.com/terms.

Contact

[email protected].