Terms of Service — Red Bridge Cyber

01Acceptance of Terms

These Terms of Service ("Terms") govern your access to and use of the Red Bridge Cyber platform, website, scanning service, live view, PDF snapshots, customer portal, and associated services (collectively "the Service"), operated at redbridgecyber.com.au and associated domains including our test-mail domain testthis.email, report.redbridgecyber.com.au, and redbridgecyber.com.au/improve, by QANT Pty Ltd (ACN 088 738 943; ABN 77 088 738 943).

By activating a subscription or accessing any part of the Service, you confirm that you:

Are of legal age in your jurisdiction to enter into a binding agreement
Have read, understood, and agree to be bound by these Terms in full
Accept sole responsibility for ensuring your use of the Service complies with all applicable laws in your country, state, and jurisdiction
Acknowledge that all live-view content, PDF snapshots, and findings are generated automatically and are provided for informational purposes only
Understand that any decisions made on the basis of those findings are made at your own risk and responsibility

If you do not agree to these Terms, you must not use this Service or activate any subscription.

02About Red Bridge Cyber

Red Bridge Cyber is an automated website security and performance scanning service operated by QANT Pty Ltd, a company registered in Australia. The Service provides:

Automated scanning of customer-nominated domain names across five plain-language categories: Email, Speed, Domain, Visibility, and Security. Each category covers a defined set of technical checks — including SPF/DKIM/DMARC, live email header analysis, page load and core web vitals, DNS configuration, SSL certificate health, a technical audit of how well your website is configured to be discovered by search engines and cited by AI tools (including but not limited to ChatGPT, Perplexity, Google AI Overviews, and Microsoft Copilot — this is a configuration check, not a measurement of whether any specific search engine or AI product is actually citing your site), HTTP security headers, and surface-level vulnerability indicators
A live view of the latest scan of every nominated domain, accessible at any time from the customer's account
Prioritised, plain-language PDF snapshot exports — produced automatically every Monday morning AEST and archived to the customer account, with the full historical archive accessible from the live view
A customer portal at report.redbridgecyber.com.au for accessing the live view, downloading PDF snapshots, managing account details, and reviewing historical scan results
Subscription-based ongoing scanning with comparison findings tracking change over time

Red Bridge Cyber is not a managed security provider, penetration testing service, security consultancy, or healthcare or legal service of any kind. We do not actively monitor customer websites, intervene in security incidents, or provide hands-on remediation services. The live view and PDF snapshots identify and explain findings — they do not fix them.

Scope: Public-Facing Surfaces Only

The Service is not a security review of your business. The Service scans only the public-facing surfaces of the specific domains you nominate when you subscribe, using the same outside-only techniques that any search engine, deliverability checker, certificate scanner, or basic reconnaissance tool would use against any internet-connected service. Specifically:

We scan only the domain or domains you have explicitly nominated against your subscription. We do not look at any other domain, brand, subdomain, parent company, related entity, or asset you may own, and we do not attempt to discover them.
We have no access to, and do not request, any details about your internal infrastructure, internal network, endpoints, internal applications, source code, cloud accounts, identity providers, or other non-public systems.
We do not request and do not collect details about your vendors, third-party software, security policies, internal procedures, staff, customers, or business processes. The only information you provide to us is the domain name(s) being scanned, your contact and billing details, and (optionally) a test email sent from your business address to enable the Email category's live-header analysis.
We do not perform internal-access activities of any kind — no credential testing, no authenticated session probing, no privilege-escalation attempts, no lateral movement, no log retrieval, no policy review, and no interview-based assessment. None of those inputs exist on our side because we never ask for them.
The findings we surface are necessarily limited to what is observable from the outside of your nominated domain at the time of each scan. A clean Red Bridge Cyber scan does not mean your overall security posture is clean — it means the externally visible portion of the surfaces we scan, at the time we scanned them, did not exceed the severity thresholds described in Section 05.

If your situation requires a deeper, internally-scoped review — including credentialed testing, internal-network probing, policy or compliance review, threat-modelling, or incident response — that is the role of a penetration-testing firm, a managed security provider, a compliance auditor, or an in-house security team. Red Bridge Cyber is deliberately outside that category, by design, so the same self-service scan can run on any customer's nominated domain without coordination or signed scoping documents. We can introduce you to a qualified provider for the deeper work if you would like one — contact us at info@redbridgecyber.com.au.

The Service is operated by QANT Pty Ltd, registered in Australia. All content reflects the output of automated systems and does not represent the views of any regulatory or security authority.

03The Scan Process and Test Email

The Red Bridge Cyber scan runs continuously and begins the moment a subscription is activated. The test email is the input that powers the live header analysis inside the Email category — it is not what triggers the scan, which is already running across every other enabled category (Domain, Speed, Visibility, Security).

Account Setup

Upon activating a subscription you receive a welcome email containing a one-time magic link. The magic link is for account setup only — clicking it brings you to a page where you choose a sign-in method: a password (a password is mandatory for password-based accounts and may optionally be combined with multi-factor authentication), or a linked Google account using Single Sign-On (SSO). After your first sign-in, the magic link cannot be reused.

The Test Email

If you enabled the Email category at signup, the post-signup confirmation screen and the welcome email both display the unique test email address generated for your account at testthis.email. To enable the live email header analysis inside the Email category, you send any email from your normal business email account to that address — the headers are what we analyse; the body, subject line, and any attachment are discarded immediately. The other enabled categories are not dependent on the test email and will continue to scan whether or not you send it.

The same test address belongs to your subscription for life and can be used as often as you like. To protect our scanning infrastructure from accidental looping or runaway mail, we process at most one test email per customer-domain combination per hour — any additional messages received within that window are accepted but discarded without processing. Sending a fresh email is the recommended way to re-validate your email posture after a DNS, SPF, DKIM, or DMARC change; the next Email-category scan picks the new headers up automatically, typically within minutes of the message arriving (processing time is load-dependent).

What We Capture

When your test email is received, we capture and process the full technical headers of that email — the routing, authentication, and server-handling metadata that is not visible in a normal email reader — to verify and validate message characteristics and identify deliverability issues. This data is used solely to generate your live view and PDF snapshots.

To be specific about what is and is not captured: the email headers are analysed. The message body, subject line, and any attachment are discarded immediately and are not read, stored, or used for any purpose. Header data is retained only for the purpose of producing and storing your live view and PDF snapshots. By sending a test email to our scanning infrastructure, you consent to this processing.

Delivery Commitment

Scanning begins the moment your subscription is activated. Initial findings are typically available in your live view within an hour of account creation; during high- demand periods this may take a little longer. Our target is to have the first scan of every new account completed within 24 hours of activation, and every category continues thereafter on its own continuous cadence with a maximum check-to-check interval of 72 hours (in practice we are typically well under that target). The first weekly PDF snapshot is produced automatically on the Monday morning AEST following subscription activation and archived to your account; subsequent snapshots follow every Monday. If your initial findings have not become available within 24 hours of subscription activation, contact us at info@redbridgecyber.com.au and we will investigate immediately.

04Plans and Pricing

Currency and GST

All prices are displayed and charged in Australian dollars (AUD).

Australian customers: GST is absorbed within the displayed price — the price you see is the price you pay. No GST is added at checkout.

International customers: The same price applies. As GST is not applicable to exported services, international customers effectively receive the service at the ex-GST rate. No additional charges are applied to international customers.

Prices are subject to change. Existing subscriptions are honoured at the price active at the time of purchase or last renewal.

Monthly Subscription

$250 AUD / month

Continuous scanning of up to four nominated domains, surfaced as a live view in your account with weekly PDF snapshot exports and comparison findings that track changes over time. The live view and snapshot archive are saved to your account. Subscription customers have access to the product feature voting roadmap. The Monthly Subscription is month-to-month with no fixed term — you can cancel anytime from your account, with no contract or lock-in. See Section 06 for full cancellation mechanics.

Annual

$2,000 AUD / year

Continuous scanning of up to four nominated domains, surfaced as a live view in your account with weekly PDF snapshot exports. Intended for small and medium businesses with up to four public-facing surfaces (for example: main site, staging, customer portal, marketing micro-site). Includes everything in the Monthly Subscription, with the annual rate locked in for the twelve-month term. Access to the product feature voting roadmap is included. See Section 06 for cancellation terms.

Agency / MSP

$5,000 AUD / year

For agencies, MSPs, and larger businesses with complex environments. Includes continuous scanning of up to sixteen nominated domains with a live view in the customer account, branded PDF snapshots (produced using the customer's supplied logo and colour scheme rather than Red Bridge Cyber branding, suitable for direct client delivery), and a structured JSON export of all findings for integration with customer reporting tools and dashboards. Access to the product feature voting roadmap is included. Agency / MSP subscriptions can be cancelled anytime — see Section 06 for cancellation mechanics.

Custom Engagement Quoted on request

For requirements outside the standard plans — more than sixteen domains; industry- specific, custom, non-standard, or proprietary-application checks; custom GEO/SEO strategy development tailored to your industry and competitive landscape; direct programmatic API access or full white-label integration into the customer's own platform; engagement with the customer's IT team or provider to plan and implement fixes to issues identified during scans; custom PDF snapshot formatting, delivery pipelines, or training and onboarding; or manual review against an internal checklist. Custom Engagements are quoted individually, scoped in writing, and delivered against a signed agreement. Contact us at info@redbridgecyber.com.au to start the conversation.

Annual plans are billed once per year. Customers with complex onboarding requirements or specific reporting or integration needs should contact us before purchasing — a Custom Engagement is the right path for any requirement that does not map cleanly onto the three fixed-price tiers above.

05First-Snapshot Guarantee

What the Guarantee Covers

Red Bridge Cyber offers a First-Snapshot Guarantee on the first PDF snapshot generated under every new subscription. If your first PDF snapshot contains no High or Critical severity findings across every category enabled on your subscription, and the Visibility category scores 60 out of 100 or above, you are eligible for a full refund of the first billing period's fee. A category that was not enabled on your subscription (for example, the Email category if no test email was sent) is excluded from the assessment rather than counted as a pass.

The guarantee exists because the first scan is only worth paying for if it identifies something worth fixing. If your public-facing services are already in excellent shape across the categories we check, you should not have to pay for that confirmation.

What the Guarantee Does Not Cover

The First-Snapshot Guarantee does not apply in the following circumstances:

The first PDF snapshot contains one or more findings rated High or Critical severity. In this case, the scan has performed exactly the function it is designed to perform and the full first-period fee applies.
The Visibility category scores below 60 out of 100. A failing Visibility score is treated as a Critical-equivalent finding for the purposes of this guarantee: it indicates the customer's public-facing presence is materially under-performing on traditional and AI-powered search, which is itself a high-value finding regardless of severity flags elsewhere in the snapshot.
The customer has previously received a First-Snapshot Guarantee refund covering any of the domains nominated against the current subscription. The guarantee applies once per domain — it cannot be claimed repeatedly for the same domain across multiple subscriptions, even if the subscription is created under a different account, payment method, or billing identity.
The PDF snapshot in question was generated under a subscription plan for a scan other than the first PDF snapshot of that subscription.

Claiming the Guarantee

To claim a First-Snapshot Guarantee refund, contact us at info@redbridgecyber.com.au within 30 days of your first PDF snapshot delivery date. Include your order reference and the domain scanned. Approved refunds will be processed to the original payment method within 5 to 10 business days of approval.

Relationship to Australian Consumer Law

The First-Snapshot Guarantee is a voluntary commercial guarantee offered by Red Bridge Cyber in addition to — and not in limitation of — your rights under Australian Consumer Law. If you have a complaint about the Service that is not addressed by the First-Snapshot Guarantee, your statutory rights under Australian Consumer Law apply in full regardless of the guarantee conditions above. Nothing in these Terms is intended to exclude, restrict, or modify any right or remedy you have under Australian Consumer Law that cannot be lawfully excluded.

06Subscriptions, Cancellation, and Refunds

Monthly Subscriptions

The Monthly Subscription is month-to-month with no contract and no minimum term. You can cancel anytime through your account at report.redbridgecyber.com.au or by contacting us at info@redbridgecyber.com.au. On cancellation, your subscription will not renew at the next billing date and you will retain access to the Service until the end of the current paid billing period. No partial refunds are provided for unused days within a billing period.

Annual and Agency / MSP Subscriptions

Annual and Agency / MSP subscriptions can be cancelled anytime from your account at report.redbridgecyber.com.au or by contacting us at info@redbridgecyber.com.au. Cancellation stops future renewal — your subscription will not renew at the next yearly renewal date. Because both plans are prepaid for the year at a discounted rate, no mid-term refund of the remaining unused months is provided; access continues until the end of the prepaid annual period. The discounted rate is the consideration for the prepay structure.

Non-Renewal

If you do not wish to renew a subscription, you may cancel at any time before the next renewal date. We will not charge you for a renewal period after a valid cancellation has been processed. If a renewal charge occurs after you have validly cancelled, contact us immediately and we will arrange a full refund of that charge.

Payment Processing

All payments are processed securely via Stripe. Red Bridge Cyber does not store payment card details. Your credit card statement will show a charge from RED BRIDGE CYBER.

For Agency / MSP Plans with non-standard licensing or procurement requirements, an invoice-based payment arrangement may be considered on request. Contact us at info@redbridgecyber.com.au to discuss.

07Domain Nominations and Scanning

Your Responsibility for Nominated Domains

By nominating a domain for scanning, you confirm that you are the owner of that domain, are authorised to request a security and performance assessment of that domain, and have the legal right to submit that domain to our scanning service.

You must not nominate domains that you do not own or are not authorised to scan. Doing so may constitute unauthorised access under Australian law and will result in immediate termination of your account without refund.

Scanning Limitations

Our scanning is automated and limited to publicly observable technical configuration — DNS records, SSL certificates, HTTP response headers, publicly accessible page structure, and domain-level email header analysis via your test email. We do not attempt to exploit vulnerabilities, access restricted areas of websites, or perform any activity that could be characterised as an attack or unauthorised access.

Domain Limits

Domain limits apply per plan as set out in Section 04. If you wish to add domains beyond your plan limit, contact us to discuss options. Agency / MSP customers may add additional domains at an agreed rate.

08Agency / MSP Plan — Specific Terms

Branded Snapshots

The Agency / MSP Plan includes the ability to receive PDF snapshots branded with the customer's logo and colour scheme. To enable this, the customer provides their logo and colour preferences to Red Bridge Cyber. These assets are used solely for the purpose of producing branded PDF snapshots for that customer and are not used for any other purpose.

Red Bridge Cyber retains no rights over customer-provided branding assets beyond what is required to produce the branded PDF snapshots. Customer-provided branding assets are deleted on request or on termination of the Agency / MSP Plan.

Structured Data Export

The Agency / MSP Plan includes a structured data export of findings in JSON and CSV format. This data is provided for the customer's own reporting and analysis purposes. The customer takes full responsibility for how this data is used, presented, or shared with their own clients.

Direct API access for programmatic extraction is not included in the standard Agency / MSP Plan at this time. Requests for API access — or for deeper access to the scanning infrastructure, including arrangements that would allow an Agency / MSP customer to effectively white-label the underlying product — are evaluated on a case-by-case basis and quoted as a Custom Engagement under Section 04. Such arrangements are not a standard offering and may be subject to separately agreed commercial terms. Contact us at info@redbridgecyber.com.au to discuss.

Red Bridge Cyber makes no warranty regarding the suitability of the structured data export for any specific third-party tool, platform, or reporting system.

Client Relationships

Agency / MSP Plan customers who use Red Bridge Cyber live-view content or PDF snapshots as part of a service provided to their own clients are solely responsible for how those materials are presented, interpreted, and acted upon by their clients. Red Bridge Cyber has no direct relationship with the Agency / MSP customer's clients and accepts no liability for any claim arising from an Agency / MSP customer's use of live-view or snapshot data in their own client engagements.

09Intellectual Property

The Red Bridge Cyber platform itself — including PDF snapshot formats and structures, live-view layout, finding categories and descriptions, severity frameworks, platform interfaces, scanning methodology, and all associated brand assets — is the intellectual property of QANT Pty Ltd unless otherwise stated. The customer is not granted any rights over the Red Bridge Cyber brand, name, or platform.

Your Snapshots Are Yours

The PDF snapshots delivered to you, and the live-view content rendered in your customer account, are your intellectual property. Once you have paid for a subscription period and received the corresponding output, you own that output and have full rights to use it however is reasonable for the purpose it was produced — namely, understanding and improving the security and performance posture of the domains scanned.

Specifically, and without limitation, you may:

Share snapshots with your internal team, including IT, security, marketing, and leadership personnel
Provide snapshots to external business partners assisting with remediation — including your IT service provider, managed service provider, web developer, hosting provider, or external security consultant — so that identified issues can be resolved
Discuss the contents of a snapshot or live view in internal meetings, board reports, supplier reviews, and any other internal business context
Publish or otherwise share a snapshot externally if you choose to (though we'd gently note this also publishes your attack surface — that's your call to make)
Quote, excerpt, or reference findings from the snapshot or live view in your own internal documentation, remediation plans, and supplier briefs

What you may not do is pass off a Red Bridge Cyber snapshot as your own original work. Specifically, editing the PDF to remove or replace Red Bridge Cyber's branding and then on-selling the resulting document as your own product to another customer is not permitted — except under the Agency / MSP Plan, where branded snapshots are explicitly licensed for that purpose under the terms set out in Section 08.

You also may not reproduce, restructure, or repackage Red Bridge Cyber's snapshot methodology, finding catalogue, or output format in a way that creates a competing scanning, audit, or reporting product.

Data Submitted to the Service

The customer retains ownership of all domain and website data submitted to the Service. By using the Service, the customer grants Red Bridge Cyber a limited licence to process that domain data solely for the purpose of generating and delivering the live view and PDF snapshots.

10User Conduct

By using the Red Bridge Cyber Service, you agree to:

Use the Service lawfully and in good faith at all times
Nominate only domains you own or are authorised to scan
Not attempt to circumvent, reverse engineer, or interfere with the scanning infrastructure, customer portal, or any part of the platform
Not misuse the First-Snapshot Guarantee — including through coordinated, repetitive, or bad-faith claims designed to obtain free scanning
Not share account credentials with unauthorised persons
Not submit false or misleading information at the time of purchase or account creation

Red Bridge Cyber reserves the right to suspend or terminate access for any customer whose conduct we consider harmful, unlawful, or inconsistent with the purpose of the Service. Where access is terminated for a breach of these terms, no refund will be provided.

11Limitation of Liability

To the fullest extent permitted by applicable law, QANT Pty Ltd, its operators, directors, employees, and agents shall not be liable for any direct, indirect, incidental, consequential, special, or punitive damages arising from or in connection with:

Any security incident, data breach, or other adverse outcome affecting a customer's website or domain, whether or not a prior scan identified related findings
Any decision made on the basis of live-view or PDF snapshot findings, including decisions made by third-party developers, IT providers, or security professionals acting on those findings
Any inaccuracy, incompleteness, or change in status of findings between the time of scanning and the time of remediation
Interruption, suspension, or termination of the Service
Unauthorised access to a customer account
Any loss of data, revenue, reputation, or business arising from use of the Service
Delay in initial-findings availability beyond the 24-hour target for new accounts, delay in any subsequent category re-check beyond the 72-hour maximum interval, or delay in delivery of any weekly PDF snapshot
Any outcome arising from an Agency / MSP customer's use of live-view or PDF snapshot content in their own client engagements

Our total liability to any customer in connection with any claim arising from the Service shall not exceed the total amount paid by that customer for the specific PDF snapshot or subscription period to which the claim relates.

Nothing in these Terms limits our liability for fraud, gross negligence, or any liability that cannot be excluded under applicable Australian law, including liability arising under Australian Consumer Law.

12Privacy

Your privacy is important to us. The collection, use, and storage of your personal information — including your name, email address, domain data, test email headers, and payment transaction details — is governed by our Privacy Policy, which forms part of these Terms of Service and is published at redbridgecyber.com.au/privacy.

In summary: your data is your data. We collect only what is necessary to provide the Service, deliver your live view and PDF snapshots, and comply with applicable law. We do not sell, share, or distribute your personal information to any third party for any commercial purpose.

All customer data is stored on infrastructure located in Sydney, Australia.

For privacy-specific enquiries, contact privacy@redbridgecyber.com.au.

13Changes to These Terms

Red Bridge Cyber reserves the right to update or modify these Terms of Service at any time. Where changes are material, we will make reasonable efforts to notify active customers via email before the changes take effect.

The date of the most recent update is noted at the top of this document. Continued use of the Service following any update constitutes acceptance of the revised Terms.

We encourage all customers to review these Terms periodically to stay informed of their rights and obligations.

14Governing Law

These Terms of Service are governed by and construed in accordance with the laws of the State of New South Wales, Australia, and the Commonwealth of Australia where applicable. Any disputes arising in connection with these Terms or your use of the Red Bridge Cyber Service shall be subject to the exclusive jurisdiction of the courts of New South Wales and the federal courts of Australia.

If any provision of these Terms is found to be invalid, unlawful, or unenforceable, the remaining provisions shall continue in full force and effect.

Customers outside Australia access this Service voluntarily and are responsible for ensuring their use complies with local laws and regulations applicable in their jurisdiction.