Terms of Service

ThreatModeler Software Inc. End User License Agreement (EULA)

NOTICE TO ALL USERS: PLEASE READ THIS CONTRACT (“AGREEMENT”) CAREFULLY.  BY USING THE PRODUCT, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN CONTRACT SIGNED BY YOU.  IF YOU DO NOT AGREE TO ALL THE TERMS OF THIS AGREEMENT, DO NOT USE THE PRODUCT. If Licensee is a party to a separate signed contract between Licensee and ThreatModeler Software inc. governing Licensee’s Use of the Product(s), such signed agreement controls the terms of such Product(s).

1.1             “Appliance” means a hardware device, software or virtual appliance on which the Product may be or is Used pursuant to the terms herein.

1.2             “Authorized Partner(s)” means ThreatModeler’s distributors, resellers, strategic partners, or other business partners.

1.3             “Documentation” means the then-current, generally available, written user manuals and online help and guides for Product.

1.4             “Licensee” means you as an individual or on behalf of the company, partnership, business you represent.

1.5             “Permitted Number” means one (1) Threat Model per license purchased unless otherwise indicated in a valid Quote.

1.6             “Product” means the ThreatModeler Software, Documentation, and any other software licensed hereunder.

1.7             “Quote” means a valid ThreatModeler or Authorized Partner quote that provides pricing for the Product that Licensee may affirmatively acknowledge, execute, or issue a purchase order against to purchase the Product.

1.8             “Software” means s (a) all of the software object code, portals, and contents of the files with which this Agreement is provided; or such software or content hosted by ThreatModeler or Authorized Partner(s) through electronic transmission of software as a service “SaaS” or on-premise software; (b) any Updates; and (c) any other ThreatModeler software, if any, licensed to Licensee by ThreatModeler or an Authorized Partner as part of a maintenance contract or service subscription.

1.9             Threat Model means one (1) architecture diagram for which one (1) threat model will be created by the Product. Such threat model may be deleted and refreshed at the end of every subscription year without an impact on the Permitted Number for purpose of license calculation.

1.10          “ThreatModeler” means ThreatModeler Software, Inc., with offices at 101 Hudson Street, Suite 2100, 21st Floor Jersey City, NJ 07302.

1.11          “Updates” means upgrades, updates, or any new version of Product that is made available without charge pursuant to the warranty for Product; or the Support Services for licensed Product, but does not mean a new Product.

1.12          “Use”, “Used” or “Using” means to access or otherwise benefit from using the Product.

  1. License Grant. Subject to the payment of the applicable license fees (where applicable), and subject to the terms and conditions of this Agreement, ThreatModeler hereby grants to Licensee a non-exclusive, non-transferable license to Use the Product subject to any restrictions or usage terms specified herein including as to the Permitted Number of licenses or on the applicable Quote or Documentation. In the event Product contains or uses third party software, ThreatModeler will have no responsibility and claims no right with respect to such third party software. Your use of such third party software and other copyrighted material is governed by their respective terms. No tangible personal property is transferred. For the avoidance of doubt, Licensee may not use templates or versions to build more than the Permitted Number of a license. Licensees who use those features to circumvent this restriction are in material breach hereof.
  2. Term. This Agreement is effective for the term set forth in the Quote issued to you by ThreatModeler or an Authorized Partner and which is accepted by you (the “Term”). If Licensee issues a purchase order to an Authorized Partner in response to a valid Quote and the terms and conditions as set forth in the Quote, this Agreement or any agreement referred to therein conflicts with the terms and conditions included in the purchase order, then the terms and conditions specified in the Quote, this Agreement or any other agreement referred to therein shall control and any terms other than those confirming the terms on the Quote are invalid and void.  Except for Evaluation Software, Beta Software or freeware, which is subject to Section 7 below, if no Term is included in the above-described materials, then the Term shall be for one (1) year from the date of purchase unless earlier terminated as set forth herein.  This Agreement will terminate automatically if Licensee fails to comply with any of the limitations or other requirements described herein.  Upon any termination or expiration of this Agreement, Licensee must cease Use of the Product and destroy all copies of the Product and the Documentation.
  3. Updates. This license is limited to the version of the Product delivered by ThreatModeler and does not include Updates, unless a separate maintenance contract is purchased or, alternatively, This license is limited to the version of the Product licensed by ThreatModeler and does not include Updates, unless a separate maintenance contract is purchased or, alternatively, Licensee has purchased a service subscription that entitles Licensee to Updates as described in the Quote. After the specified maintenance period or service subscription period has expired, Licensee has no further rights to receive any Updates without purchase of a new license to the Product.
  4. Ownership Rights and Confidential Information. The Product is protected by United States’ and other copyright laws, international treaty provisions and other applicable laws in the country in which it is being used. ThreatModeler and its suppliers own and retain all right, title and interest in and to the Product, including all copyrights, patents, trade secret rights, trademarks and other intellectual property rights therein.  Licensee’s possession, installation, or Use of the Product does not transfer to Licensee any title to the intellectual property in the Product, and Licensee will not acquire any rights to the Product except as expressly set forth in this Agreement.  Any copy of the Product and Documentation authorized to be made hereunder must contain the same proprietary notices that appear on and in the Product and Documentation and is prohibited without such authorization.  Each party shall (i) use Confidential Information of the other party only for the purposes of exercising rights or performing obligations in connection with this Agreement; and (ii) use at least reasonable care, but at a minimum no less care than either party would use to protect its own Confidential Information, to protect from disclosure to any third parties any Confidential Information disclosed by the other party for a period commencing upon the date of disclosure until three (3) years after the termination of this Agreement, except with respect to Company data to which ThreatModeler may have access in connection with the provision of Support Services, which shall remain Confidential Information until one of the exceptions stated in the above definition of Confidential Information applies. Notwithstanding the foregoing, either party may disclose Confidential Information (a) to an affiliate for the purpose of fulfilling its obligations or exercising its rights hereunder as long as such affiliate complies with the foregoing; and (b) if required by law provided the receiving party has given the disclosing party prompt notice.  For purposes of this Agreement, “Confidential Information” means and includes the terms of this Agreement, Software, and support tools and all confidential and proprietary information of ThreatModeler or Company, including without limitation, all business plans, Product plans, financial information, software, designs, and technical, business and financial data of any nature whatsoever, provided that such information is marked or designated in writing as “confidential,” “proprietary,” or any other similar term or designation, or that, given the nature of the information or the circumstances surrounding its disclosure, reasonably should be considered as confidential. Confidential Information does not include information that is (i) rightfully in the receiving party’s possession without obligation of confidentiality prior to receipt from the disclosing party as can be evidenced by documentation, (ii) a matter of public knowledge through no fault of the receiving party, (iii) rightfully furnished to the receiving party by a third party without restriction on disclosure or use; or (iv) independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information as can be evidenced by documentation.
  5. Multiple Environment Product/Multiple Language Product/Dual Media Product/Multiple Copies/Bundles/Updates. If the Product supports multiple platforms or languages, if Licensee receives the Product on multiple media, if Licensee otherwise receive multiple copies of the Product, or if Licensee receives the Product bundled with other software, the total number of Threat Models on Licensee’s Appliances on which all versions of the Product is installed may not exceed the Permitted Number. If the Product is an Update to a previous version of the Product, Licensee must possess a valid license to such previous version in order to Use the Update.  Licensee may continue to Use the previous version of the Product on Licensee’s Appliance after Licensee receives the Update to assist Licensee in the transition to the Update, provided that the Update and the previous version are installed on the same Appliance; the previous version or copies thereof are not transferred to another Appliance unless all copies of the Update are also transferred to such Appliance, and Licensee acknowledges that any obligation ThreatModeler may have to support the previous version of the Product ends upon availability of the Update.
  6. Evaluation Product Additional Terms. If the Product Licensee has received with this license has been identified as “Evaluation Software”, “Beta Software” or “freeware”, then the provisions of this section apply. To the extent that any provision in this section is in conflict with any other term or condition in this Agreement, this section shall supersede such other term(s) and condition(s) with respect to the Evaluation Software, Beta Software, or freeware, but only to the extent necessary to resolve the conflict.  Licensee acknowledges that the Evaluation Software, Beta Software or freeware may contain bugs, errors and other problems that could cause system or other failures and data loss.  Consequently, Evaluation Software, Beta Software, or freeware is provided to Licensee “AS-IS”, and ThreatModeler disclaims any warranty or liability obligations to Licensee of any kind.  WHERE LEGAL LIABILITY CANNOT BE EXCLUDED, BUT MAY BE LIMITED, ThreatModeler’S LIABILITY AND THAT OF ITS SUPPLIERS AND AUTHORIZED PARTNERS SHALL BE LIMITED TO THE SUM OF ONE THOUSAND DOLLARS (U.S. $1,000.00) IN TOTAL.  Licensee acknowledges that ThreatModeler has not promised or guaranteed to Licensee that freeware or Beta Software will be announced or made available to anyone in the future that ThreatModeler has no express or implied obligation to Licensee to announce or introduce the Beta Software, and that ThreatModeler may not introduce a product similar to or compatible with the Beta Software.  Accordingly, Licensee acknowledges that any research or development that Licensee performs regarding the Beta Software or any product associated with the Beta Software is done entirely at Licensee’s own risk.  During the term of this Agreement, if requested by ThreatModeler, Licensee will provide feedback to ThreatModeler regarding testing and use of the Beta Software, including error or bug reports; Licensee agrees to grant ThreatModeler a perpetual, non-exclusive, royalty-free, worldwide license to use, copy, distribute, make derivative works and incorporate the feedback into any ThreatModeler product at ThreatModeler’s sole discretion.  If Licensee has been provided the Beta Software pursuant to a separate written agreement, Licensee’s use of the Beta Software is also governed by such agreement.  Upon receipt of a later unreleased version of the Beta Software or release by ThreatModeler of a publicly released commercial version of the Beta Software, whether as a stand-alone product or as part of a larger product, Licensee agrees to return or destroy all earlier Beta Software received from ThreatModeler and to abide by the terms of the End User License Agreement for any such later versions of the Beta Software.  Licensee’s Use of the Evaluation or Beta Software is limited to 30 days and use of freeware is available for only so long as ThreatModeler makes the freeware available unless otherwise agreed to in writing by ThreatModeler.  ThreatModeler is under no obligation to continue providing freeware or to update such freeware. You shall return Evaluation and Beta Software and any Documentation at the end of the evaluation or loan period or when sooner terminated by ThreatModeler for convenience by giving you ten (10) days’ written notice, whichever occurs first. You shall bear the risk of loss and damage for return of physical media, if any, and de-installation. You may use Evaluation and Beta Software and freeware free of charge, but in the case of Evaluation Software, solely for the purpose of evaluation and not in a production environment. If you are found to be using the Evaluation or Beta Software beyond the terms contained in this Section you shall immediately pay ThreatModeler a license Fee for such Software and all terms under this Agreement will be binding.  Unless otherwise specifically agreed in writing by ThreatModeler, ThreatModeler does not provide maintenance or support for any Evaluation Software or Beta Software. YOU RECOGNIZE THAT THE EVALUATION OR BETA SOFTWARE MAY HAVE DEFECTS OR DEFICIENCIES WHICH CANNOT OR MAY NOT BE CORRECTED BY ThreatModeler. ThreatModeler shall have no liability to you for any action (or any prior related claims) brought by or against you alleging that your sale, use or other disposition of any Evaluation Software or Beta Software infringes any patent, copyright, trade secret or other intellectual property right. In the event of such an action, ThreatModeler retains the right to terminate this Agreement and take possession of the Evaluation or Beta Software. THIS SECTION STATES ThreatModeler’S ENTIRE LIABILITY WITH RESPECT TO ALLEGED INFRINGEMENTS OF INTELLECTUAL PROPERTY RIGHTS BY EVALUATION SOFTWARE OR BETA SOFTWARE ANY PART THEREOF OR OPERATION.
  7. Restrictions. Licensee may not sell, lease, license, rent, loan, resell or otherwise transfer, with or without consideration, the Product. If Licensee enters into a contract with a third party in which the third party manages Licensee’s information technology resources (“Managing Party”), Licensee may transfer all Licensee’s rights to Use the Product to such Managing Party, provided that (a) the Managing Party only Uses the Product for Licensee’s internal operations and not for the benefit of another third party; (b) the Managing Party agrees to comply with the terms and conditions of this Agreement, and (c) Licensee provides ThreatModeler with written notice that a Managing Party will be Using the Product on Licensee’s behalf.  Licensee may not permit third parties to benefit from the use or functionality of the Product via a timesharing, service bureau or other arrangement.  Licensee may not reverse engineer, decompile, or disassemble the Product, except to the extent the foregoing restriction is expressly prohibited by applicable law.  Licensee may not modify, or create derivative works based upon, the Product in whole or in part.  Licensee may not copy the Product or Documentation except as expressly permitted in Section 1 above.  Licensee may not remove any proprietary notices or labels on the Product.  All rights not expressly set forth hereunder are reserved by ThreatModeler. Threatmodeler prohibits any use of its content for “the development of any software program, including, but not limited to, training a machine learning or artificial intelligence (AI) system.”
  8. Warranty and Disclaimer.

9.1             Limited Warranty.  ThreatModeler warrants that for ninety (90) days from the date of purchase of the Product set forth on the respective Quote, the Product will meet the specifications set forth in the Documentation provided by ThreatModeler (“Specifications”).

9.2             End User Remedies.  ThreatModeler’s and its suppliers’ entire liability and Licensee’s exclusive remedy for any breach of the foregoing warranty shall be, at ThreatModeler’s option, either (i) return of the purchase price Licensee paid for the Product, or (ii) replacement of the Product that meets such Specifications.  Licensee must return the defective media to ThreatModeler at Licensee’s expense with a copy of Licensee’s invoice.  This limited warranty is void if the defect has resulted from accident, abuse, or misapplication.  Any replacement Product will be warranted for the remainder of the original warranty period.  Outside the United States, this remedy is not available to the extent ThreatModeler is subject to restrictions under United States export control laws and regulations.


  1. Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, SHALL ThreatModeler OR ITS AUTHORIZED PARTNERS OR SUPPLIERS BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR LOSS OF PROFITS, LOSS OF GOODWILL, LOSS OF DATA, OR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OR DAMAGES FOR GROSS NEGLIGENCE OF ANY Form INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, APPLIANCE FAILURE OR MALFUNCTION, OR FOR ANY OTHER DAMAGE OR LOSS. EXCEPT FOR ITS OBLIGATION OF INDEMNITY, WHICH SHALL BE CAPPED AT $100,000 FOR DIRECT DAMAGES RESULTING THEREFROM, IN NO EVENT SHALL ThreatModeler OR ITS AUTHORIZED PARTNERS OR SUPPLIERS BE LIABLE FOR ANY DIRECT DAMAGES IN EXCESS OF THE PRICE PAID FOR THE PRODUCT, IF ANY, EVEN IF ThreatModeler OR ITS AUTHORIZED PARTNERS OR SUPPLIERS SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  This limitation shall not apply to liability for death or personal injury to the extent that applicable law prohibits such limitation.  Furthermore, some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so this limitation and exclusion may not apply to Licensee.  Nothing contained in this Agreement limits ThreatModeler’s liability to Licensee for ThreatModeler’s negligence or for the tort of fraud.  ThreatModeler is acting on behalf of its suppliers and Authorized Partners for the purpose of disclaiming, excluding and/or limiting obligations, warranties and liability as provided in this Agreement, but in no other respects and for no other purpose.  The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.
  2. Indemnity. ThreatModeler will defend the Licensee from all third party claims, actions and lawsuits that are caused by the Product’s infringement of a copyright, trademark or patent under United States Law. ThreatModeler’s obligations under this clause are subject to (i) Licensee providing ThreatModeler with prompt written notice of any claim or lawsuit, (ii) ThreatModeler having sole control of the defense and all negotiations for settlement or compromise thereof and (iii) Licensee reasonably cooperating in the defense of such claim or lawsuit. ThreatModeler agrees to pay all settlements entered into by ThreatModeler, judgments finally awarded against Licensee and all attorney’s fees and expenses for counsel hired by ThreatModeler.  Licensee may elect to participate in any such action with counsel of its own choice and expense.  ThreatModeler will have no liability if the alleged infringement is based upon: (i) a combination of non ThreatModeler products, (ii) use for a purpose or in a manner not proscribed by ThreatModeler, (iii) use of an older version of Product when use of a newer Product would have avoided infringement (iv) any modification not made with ThreatModeler’s written approval or any modification made by ThreatModeler due to Licensee’s specific instructions, or (v) any intellectual property right owned or license by Licensee, its end users or any of its/their affiliates. Licensee will indemnify, hold harmless and, upon ThreatModeler’s request, defend ThreatModeler against any third party claims, liabilities and expenses (including court costs and reasonable attorney’s fees) arising from or related to any failure by Licensee to comply with any provision of this EULA, Licensee’s intellectual property, or arising from or related to the acts or omissions of Licensee. Company will indemnify ThreatModeler and, at its option, defend any action brought against ThreatModeler to the extent that it is based upon a third party claim arising out of (i) the unauthorized or unlicensed use of the Product; (ii) Company’s Intellectual Property or products violation of a third party’s intellectual property rights or privacy rights in the countries in which the Products are used; (iii) Company’s gross negligence or willful acts resulting in the death, disability or damage or real property of such third party; or (iv) ThreatModeler’s compliance with Company’s designs, specifications, or instructions where such claim would have been avoided but for such compliance with Company’s request, and will pay any costs, damages and reasonable attorneys’ fees attributable to such claim that are awarded against ThreatModeler, provided that ThreatModeler (a) notifies Company in writing of the claim within ten (10) days after becoming aware of such claim; (b) grants Company sole control of the defense and settlement of the claim, if Company assumes such defense; and (c) provides Company with all assistance, information and authority reasonably required for the defense and settlement of the claim.
  3. Notice to United States Government End Users. The Product and accompanying Documentation are deemed to be “commercial computer software” and “commercial computer software documentation,” respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable.  Any use, modification, reproduction, release, performance, display or disclosure of the Product and accompanying Documentation by the United States Government shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement.
  4. Export Controls. Licensee acknowledges that the Product is subject to the export control laws and regulations of the United States of America (“US”), and any amendments thereof. Licensee shall not export or re-export the Product, directly or indirectly, to (i) any countries that are subject to US export restrictions; (ii) any end user known, or having reason to be known, will utilize them in the design, development or production of nuclear, chemical or biological weapons; or (iii) any end user who has been prohibited from participating in the US export transactions by any federal agency of the US government.  Licensee further acknowledges that Product may include technical data subject to export and re-export restrictions imposed by US law.
  5. High Risk Activities. The Product is not fault-tolerant and is not designed or intended for use in hazardous environments requiring fail-safe performance, including without limitation, in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines, or any other application in which the failure of the Product could lead directly to death, personal injury, or severe physical or property damage (collectively, “High Risk Activities“). ThreatModeler EXPRESSLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES.
  6. Governing Law. This Agreement will be governed by and construed in accordance with the substantive laws in force: (a) in the State of New York for Products delivered in North America, and (b) the laws of England and Wales for Products delivered outside of North America. This Agreement will not be governed by the conflict of laws rules of any jurisdiction or the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded.  The State and Federal Courts of New Jersey shall each have non-exclusive jurisdiction over all disputes relating to this Agreement for Products delivered in North America and the Courts in London, England shall non-exclusive jurisdiction over all disputes relating to this Agreement for Products delivered outside of North America.
  7. Free Software. This Product may include some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar software licenses, which among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format that the source code also be made available to those users.  For any such software, the source code is made available in a designated directory created by installation of the Product or designated internet page.  If any Free Software licenses require that ThreatModeler provide rights to use, copy or modify a software program that are broader than the rights granted in this Agreement, then such rights shall take precedence over the rights and restrictions herein.
  8. Privacy. By entering into this Agreement, Licensee agrees that the ThreatModeler privacy policy, as it exists at any relevant time, shall be applicable to Licensee. The most current privacy policy can be found on the ThreatModeler web site at www.threatmodeler.com. By entering into this Agreement, Licensee agrees to the transfer of Licensee’s personal information to ThreatModeler’s offices in the United States and other countries outside of Licensee’s own.
  9. Collection of Certain System Information. ThreatModeler may employ certain applications and tools through its website and within the Product, to retrieve information about Licensee’s Appliance to assist us in the provision and support of Product that Licensee have chosen to subscribe to or use. This information is essential to enable us to provide Licensee with quality service and monitoring; and for these reasons, there is no opt-out available for this information collection.
  10. Audit. ThreatModeler may, at its expense and upon reasonable notice to Licensee during standard business hours audit Licensee with respect to its compliance with the terms of this Agreement.  License understands and acknowledges that ThreatModeler utilizes a number of methods to verify and support Product use by its customers.  These methods may include technological features of the ThreatModeler Product that prevent unauthorized use and provide Product deployment verification, which will be automatically reported to ThreatModeler.  In the event that ThreatModeler requests a report for confirmation, License will provide a system generated report verifying License’s Product deployment, such request to occur no more than four (4) times per year.  In the event that ThreatModeler requires a physical audit, such audit shall be preceded by thirty (30) days written notice and shall occur no more than once per year unless otherwise required for compliance with applicable law.
  11. Publicity. You shall not use the name of ThreatModeler in publicity releases or similar activity without the express written consent of ThreatModeler. ThreatModeler may use your name in its client list and your logo on ThreatModeler’s website.
  12. Miscellaneous. This Agreement is dated and will be archived when it is superseded by a newer version. ThreatModeler shall not change any EULA retroactively with regard to any Product or support services listed on a Quote issued prior to the date of the applicable EULA. This Agreement sets forth all rights for the user of the Product and is the entire Agreement between the parties. This Agreement supersedes any other communications, representations or advertising relating to the Product and Documentation, except for a duly executed written agreement between ThreatModeler and Licensee for the Product.  This Agreement may not be modified except by a written addendum issued by a duly authorized representative of ThreatModeler.  No provision hereof shall be deemed waived unless such waiver shall be in writing and signed by ThreatModeler.  If any provision of this Agreement is held invalid, the remainder of this Agreement shall continue in full force and effect.
  13. ThreatModeler Customer Contact. If Licensee have any questions concerning these terms and conditions, or if Licensee would like to contact ThreatModeler for any other reason, please write: ThreatModeler Software Inc, Attention: Customer Service, 101 Hudson Street, Suite 2100, 21st Floor Jersey City, NJ 07302. Alternatively, Licensee may contact the local ThreatModeler office at the number listed at www.threatmodeler.com.


ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >


Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >


DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >