Do small businesses really need cybersecurity?

Yes. 43% of cyberattacks target small businesses, and 60% of small businesses that suffer a breach close within 6 months. Even basic security measures like email authentication, SSL certificates, and security headers can dramatically reduce your risk.

How much does cybersecurity cost for a small business?

Vigil starts with a free security scan and offers paid plans from $79/month. Compare that to hiring a full-time CISO ($200k–$400k/year) or a traditional security consultant ($150–$300/hour). Vigil gives you automated, always-on cybersecurity leadership at a fraction of the cost.

What is a vCISO and why do SMBs need one?

A virtual CISO (vCISO) provides the cybersecurity leadership of a Chief Information Security Officer without the full-time hire. For small and mid-sized businesses that can't justify a $300k salary, a vCISO delivers security strategy, compliance guidance, risk management, and incident response planning on demand.

What compliance frameworks does Vigil support?

Vigil maps your security controls to NIST CSF, SOC 2, HIPAA, CIS Controls, and ISO 27001. It tracks compliance gaps, generates audit-ready reports, and provides specific remediation steps to help your small business meet regulatory requirements.

How does Vigil's security scan work?

Enter your domain and Vigil automatically checks your email security (SPF, DKIM, DMARC), SSL/TLS configuration, security headers, DNS settings, exposed services, and known vulnerabilities. You get a 0-100 security score with prioritized, plain-English remediation steps.

Terms of Service

Vigil vCISO Platform

Effective Date: March 29, 2026

1. Acceptance of Terms

These Terms of Service ("Terms") govern your access to and use of the Vigil vCISO Platform (the "Service"), operated by Parity Labs LLC ("Vigil," "we," "our," or "us"). By creating an account, accessing, or using the Service, you agree to be bound by these Terms. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

If you do not agree to these Terms, you must not access or use the Service.

2. Description of the Service

Vigil is an automated virtual CISO platform that provides security scanning, monitoring, compliance tracking, risk management, and advisory tools for small and medium-sized businesses (SMBs) and managed service providers (MSPs). The Service includes:

External domain security scanning (email authentication, SSL/TLS, website headers, infrastructure)
Technology detection and CVE vulnerability matching
Microsoft 365 and Google Workspace security configuration assessments
Cloud infrastructure scanning (AWS, Azure, GCP)
Continuous monitoring with configurable alerting
AI-generated security policies, roadmaps, and budget plans
Compliance framework tracking (NIST CSF, SOC 2, HIPAA)
Risk register, evidence locker, and task management
Vendor risk management
Brand impersonation monitoring via Certificate Transparency logs
PDF and white-label report generation
Executive dashboards and MSP client management

3. Advisory Nature of the Service — No Professional Advice

THIS IS A CRITICAL SECTION. PLEASE READ IT CAREFULLY.

The Service is an automated advisory and informational tool. All scan results, security scores, grades, compliance tracking, risk assessments, AI-generated policies, roadmaps, budget estimates, remediation recommendations, and reports produced by the Service are provided for informational and educational purposes only.

The Service does not constitute and shall not be construed as:

Professional cybersecurity consulting or advisory services
Legal advice, including advice regarding regulatory compliance or legal obligations
A guarantee, certification, or attestation of security, compliance, or risk posture
A substitute for qualified cybersecurity professionals, attorneys, auditors, or compliance officers
An insurance policy or warranty against security incidents, data breaches, or cyberattacks

3.1 AI-Generated Content Disclaimer

The Service uses artificial intelligence to generate security policies, improvement roadmaps, budget estimates, and remediation guidance. AI-generated content:

Is produced algorithmically based on your organization's scan data and profile information
May contain errors, omissions, or recommendations that are not appropriate for your specific circumstances
Should be reviewed, validated, and customized by qualified professionals before adoption
Does not reflect the judgment of a licensed or certified cybersecurity professional
Is not tailored to your organization's unique legal, regulatory, or contractual obligations

3.2 Compliance Framework Tracking Disclaimer

The compliance tracking features (NIST CSF, SOC 2, HIPAA) provide a structured interface for documenting your organization's control implementation status. These features:

Do not determine or certify your actual compliance with any law, regulation, or standard
Do not replace formal audits, assessments, or certifications conducted by qualified auditors
Provide readiness percentages that are mathematical calculations based on self-reported control statuses, not independent compliance evaluations
Do not guarantee that your organization will pass any audit or regulatory examination

3.3 Security Scanning Limitations

Security scans performed by the Service:

Assess only the specific technical configurations and externally observable attributes checked by the scanning engine at the time of the scan
Do not constitute a comprehensive penetration test, vulnerability assessment, or security audit
May not detect all vulnerabilities, misconfigurations, or security risks present in your environment
Produce scores and grades that are relative indicators, not absolute measures of security
Are point-in-time assessments that may not reflect changes occurring between scans

3.4 Limitation of Reliance

You acknowledge and agree that:

You will not rely solely on the Service for security, compliance, or risk management decisions
You are responsible for engaging qualified professionals to validate and implement any recommendations
Vigil shall not be liable for any actions taken or not taken based on information provided by the Service
No output of the Service creates a professional–client relationship between you and Vigil

4. Account Terms

4.1 Account Registration

You must provide a valid email address to create an account via OAuth authentication. Business email addresses automatically associate your account with your organization's domain. Consumer email addresses (Gmail, Outlook, Yahoo, etc.) create standalone organizations. You are responsible for maintaining the security of your authentication credentials.

4.2 Organization and Multi-Tenancy

Each user belongs to one organization. All data is scoped to your organization and is not accessible by other organizations. Your organization is classified as either Business (default 3 seats) or MSP (default 10 seats) at signup.

4.3 Team Management

Organization administrators may invite additional users via invite links with a 7-day expiration. Invited users join with a Viewer role by default. Seat limits are enforced per your account type and subscription tier. Administrators are responsible for managing team membership and access levels.

4.4 Domain Verification

You may only scan domains that you own or are authorized to scan. Domain verification is required via matching business email or DNS TXT record. Attempting to scan domains you do not own or control is a violation of these Terms.

5. Subscription Tiers and Billing

5.1 Tier Structure

The Service is offered in five tiers: Free ($0/month), Visibility ($79/month), Management ($299/month), Compliance ($799/month), and vCISO ($2,500/month). Each tier includes all features from lower tiers plus additional capabilities. Feature availability and pricing are subject to change with reasonable notice.

5.2 Billing

Paid subscriptions are billed through Stripe. By subscribing, you authorize recurring charges at the applicable tier rate. You may manage payment methods, view invoices, and cancel subscriptions through the Stripe Customer Portal.

5.3 Cancellation and Downgrade

Upon cancellation, your subscription remains active through the end of the current billing period. After expiration, your organization is automatically downgraded to the Free tier. Features exclusive to paid tiers will no longer be accessible, though data may be retained in a read-only state for a limited transition period.

5.4 Free Tier Limitations

The Free tier provides a single external security scan of one verified domain. Technical finding details are hidden, re-scans are not permitted, and no remediation guidance, monitoring, or reporting features are available.

6. Acceptable Use

You agree not to:

Scan domains you do not own or are not authorized to scan
Circumvent domain verification requirements or seat limits
Use the Service to conduct unauthorized security testing against third-party systems
Reverse engineer, decompile, or attempt to extract the source code of the Service
Use automated tools to scrape, harvest, or extract data from the Service beyond its intended API
Resell, sublicense, or redistribute the Service or its outputs without authorization
Upload malicious files to the evidence locker or any other storage feature
Misrepresent Vigil-generated reports as formal audits, certifications, or professional assessments
Use white-label reports in a manner that misrepresents the nature or source of the underlying analysis
Interfere with the operation of the Service or other users' use of the Service

7. Auto-Remediation

The Service offers optional auto-remediation for certain workspace security configurations at the Compliance tier and above. By using auto-remediation features:

You acknowledge that each auto-remediation action modifies live configuration settings in your connected workspace environment (e.g., Microsoft 365).
You confirm that you have reviewed and approved each action via the in-app confirmation dialog before execution.
You accept full responsibility for any effects of auto-remediation actions on your environment, including service disruptions, user access changes, or unintended configuration impacts.
You understand that Vigil logs all auto-remediation actions for audit purposes but does not guarantee the ability to reverse changes.

Vigil is not liable for any damages, disruptions, or losses arising from auto-remediation actions that you authorize.

8. Third-Party Integrations

Certain features require connecting third-party services (Microsoft 365, Google Workspace, AWS, Azure, GCP) via OAuth or service credentials. By connecting these services:

You represent that you have administrative authority to grant the requested permissions.
You understand that Vigil accesses configuration metadata only and does not access email content, files, or application data.
You may disconnect integrations at any time, which revokes Vigil's access and deletes stored tokens.
You acknowledge that the availability and functionality of integrations depend on third-party APIs and may change without notice from Vigil.

9. MSP-Specific Terms

If your organization is classified as an MSP:

You are responsible for obtaining appropriate authorization from your managed clients before scanning their domains, connecting their workspaces, or accessing their security data through the platform.
Client reports and white-label reports generated through the Service are your deliverables to your clients. You are responsible for any representations made to clients based on these reports.
You shall not represent Vigil-generated outputs as your own proprietary analysis, formal security audits, or professional certifications unless you have independently validated and supplemented the outputs.
Managed client data remains subject to these Terms and our Privacy Policy regardless of the branding applied to reports.

10. Intellectual Property

The Service, including all software, algorithms, scanning engines, AI models, user interface designs, and documentation, is the property of Vigil and is protected by intellectual property laws. Your subscription grants you a limited, non-exclusive, non-transferable license to use the Service for your internal business purposes during the subscription term.

You retain ownership of data you provide to the Service (organization information, evidence files, vendor data, manually created tasks and risk entries). Vigil retains ownership of all scan methodologies, scoring algorithms, report templates, and AI-generated output structures.

11. Data Handling and Security

Our handling of your data is governed by our Privacy Policy, which is incorporated into these Terms by reference. Key commitments include:

Multi-tenant data isolation ensures your data is accessible only to your organization.
OAuth tokens are encrypted at rest using AES-256-GCM.
We do not sell your data or scan results to third parties.
We maintain system health monitoring and scheduled maintenance capabilities to ensure service reliability.

12. Disclaimers of Warranties

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, accuracy, completeness, non-infringement, or reliability.

Without limiting the foregoing, Vigil does not warrant that:

The Service will detect all security vulnerabilities, misconfigurations, or threats
Scan results, scores, or grades are complete or error-free
AI-generated content (policies, roadmaps, budgets) is accurate or suitable for your specific needs
Compliance tracking will ensure you meet regulatory requirements
The Service will prevent security incidents, data breaches, or cyberattacks
The Service will be uninterrupted, timely, secure, or error-free
CVE matching will identify all known vulnerabilities affecting your technology stack
Brand impersonation monitoring will detect all phishing or look-alike domains

13. Limitation of Liability

To the maximum extent permitted by applicable law, in no event shall Vigil, its officers, directors, employees, agents, or affiliates be liable for any indirect, incidental, special, consequential, or punitive damages, including without limitation damages for loss of profits, data, goodwill, business opportunity, or other intangible losses, arising out of or related to your use of or inability to use the Service.

This limitation applies regardless of the theory of liability (contract, tort, negligence, strict liability, or otherwise) and regardless of whether Vigil has been advised of the possibility of such damages.

In no event shall Vigil's total aggregate liability to you for all claims arising out of or related to the Service exceed the amounts you have paid to Vigil in the twelve (12) months immediately preceding the event giving rise to the claim.

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, our liability shall be limited to the greatest extent permitted by law.

14. Indemnification

You agree to indemnify, defend, and hold harmless Vigil and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

Your use of the Service or reliance on its outputs
Your violation of these Terms
Your scanning of domains you are not authorized to scan
Auto-remediation actions you authorize
Representations you make to third parties (including MSP clients) based on Service outputs
Your failure to engage qualified professionals for security, compliance, or legal matters
Any claim that your use of the Service infringed or violated the rights of a third party

15. Suspension and Termination

Vigil may suspend or terminate your account or organization access at any time if:

You violate these Terms or the Acceptable Use policy
Your subscription payment fails and remains past due
We determine your use of the Service poses a risk to the platform, other users, or third parties
Required by law or legal process

Suspension is non-destructive and preserves your data. Terminated accounts may have their data deleted after a reasonable retention period. You may terminate your account at any time by canceling your subscription and contacting us.

16. Modifications to the Service and Terms

We reserve the right to modify, suspend, or discontinue any aspect of the Service at any time. We may update these Terms from time to time. Material changes will be communicated via the Service or email. Continued use of the Service after changes take effect constitutes acceptance. If you do not agree to modified Terms, you must stop using the Service.

17. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of law provisions. Any disputes arising under these Terms shall be resolved exclusively in the state or federal courts located in Hillsborough County, Florida, and you consent to personal jurisdiction in such courts.

18. General Provisions

Entire Agreement. These Terms, together with the Privacy Policy, constitute the entire agreement between you and Vigil regarding the Service.

Severability. If any provision of these Terms is found to be unenforceable, the remaining provisions shall continue in full force and effect.

Waiver. Failure to enforce any provision of these Terms shall not constitute a waiver of that provision.

Assignment. You may not assign your rights under these Terms without our prior written consent. Vigil may assign its rights and obligations without restriction.

Force Majeure. Vigil shall not be liable for any delay or failure to perform resulting from causes outside its reasonable control, including natural disasters, acts of government, internet outages, or third-party service failures.

Notices. Notices to you may be sent to the email address associated with your account. Notices to Vigil must be sent to the contact address below.

19. Contact Information

For questions about these Terms of Service, please contact:

Parity Labs LLC

Email: security@paritylabs.ai

Phone: 813.323.1231

Web: paritylabs.ai