LUMA
Capabilities Who We Serve Government Position
Schedule Briefing
EULA

End User License Agreement

Version 2.4 · TSCM Intelligence Agency Ltd.

1. DEFINITIONS

"Software" means LUMA Mobile Threat Analysis, including updates, documentation, and related materials.

"Licensor" means TSCM Intelligence Agency Ltd., Company ID 515887677.

"Licensee" means the individual or entity purchasing a license.

"Authorized Device" means a device owned by Licensee or for which proper written authorization exists from the device owner or valid legal authority.

"Machine ID" means a non-reversible cryptographic hash derived from the Licensee's hardware characteristics, used to bind the License to a specific device. Where a License authorizes more than one Seat, each Seat is bound to its own Machine ID up to the Seat Cap recorded in the License.

"Seat" means one device authorized to draw scans from the Licensee's Magazine. "Seat Cap" means the maximum number of Seats permitted by the License, as recorded in the license file.

"Scan Credit" means a single-use entitlement to perform one device scan, drawn from the prepaid scan magazine ("Magazine") associated with the Licensee's License.

"Partner Portal" means the online portal provided by Licensor through which Licensees may manage their licenses, access downloads, and view account status.

"Qualified Forensic Examiner" means an individual who, by virtue of training, certification, experience, or professional licensure, is competent to interpret mobile forensic evidence and to testify or opine on such findings in a professional, administrative, or judicial setting.

"IOC Database" means the Indicators of Compromise database distributed with or retrieved by the Software, containing process names, domains, file hashes, bundle identifiers, and other markers used to identify known threats.

"Bug Database" means the known-limitations and detector-behaviour database distributed with the Software, which records threshold calibrations, false-positive patterns, and detector version history.

2. SOFTWARE CLASSIFICATION AND LEGAL STANDING

2.1  Defensive Forensic Log Analysis Tool

LUMA is classified as a Defensive Forensic Log Analysis Tool. It is designed exclusively for the detection and identification of surveillance software, spyware, and unauthorized monitoring tools on mobile devices, through analysis of forensic log artifacts. LUMA does not create, deploy, distribute, or facilitate the installation of any surveillance or intrusion software.

2.2  Distinction from Offensive Cyber Tools

For the avoidance of doubt, LUMA is fundamentally distinct from offensive cyber tools such as spyware, intrusion software, or commercial surveillance products. LUMA:

- Does NOT access, intercept, or monitor any live communications

- Does NOT exploit vulnerabilities or bypass device security mechanisms

- Does NOT install, deploy, or deliver any code to target devices

- Analyzes forensic artifacts extracted from device backups with device owner consent

- Compares static forensic data against known Indicators of Compromise (IOCs)

- Performs all forensic analysis locally on the analysis workstation using a deterministic Forensic Computation Engine; it does not transmit forensic artifacts, findings, or scan content to any external analysis service or provider

- Transmits only limited operational data - license validation and, outside Air-Gap Mode, anonymous operational scan telemetry (Section 2.5) - to Licensor's own servers; no third-party analysis provider receives any device data

2.3  Regulatory Context

LUMA operates within the same legal framework as established defensive forensic tools such as Amnesty International's Mobile Verification Toolkit (MVT), anti-malware software, and endpoint detection and response (EDR) solutions. Specifically:

- U.S. Executive Order 14093 (March 2023) restricts government use of offensive commercial spyware; it does not restrict defensive detection tools

- The Wassenaar Arrangement (December 2017) explicitly exempts vulnerability disclosure and cyber incident response from intrusion software export controls

- The U.S. Department of Commerce Entity List targets entities that develop and supply offensive spyware, not tools that detect such threats

- All IOCs used by LUMA are derived from publicly available research by organizations including Amnesty International, Citizen Lab, and peer-reviewed security publications

2.4  Data Processing Modes

All forensic analysis performed by LUMA is executed locally on the analysis workstation by a deterministic Forensic Computation Engine. LUMA does not send forensic artifacts, scan findings, or report contents to any external analysis service or third-party provider under any circumstances. LUMA operates in two modes, which differ only in whether limited operational data is exchanged with Licensor's own servers:

Standard Mode: All forensic analysis is performed locally. The Software exchanges only (i) license validation data with Licensor's license server and (ii) anonymous operational scan telemetry (Section 2.5), and only when the workstation is online under a networked license. Where the operating Examiner chooses to use the optional Remote Upload feature (Privacy Policy Section 3.4), a device backup file is transmitted to Licensor's secure storage solely to make the file available to the Examiner's workstation for local analysis; it is not sent to any analysis or artificial-intelligence provider, and it is automatically deleted per the Privacy Policy.

Air-Gap Mode (No Network): When Air-Gap Mode is enabled by the operator, the Software makes no outbound network calls of any kind, including license validation, telemetry, and IOC and Bug Database update checks. Air-Gap Mode is intended for classified, diplomatic, or highly sensitive engagements in which no information may leave the analysis workstation. Operators selecting Air-Gap Mode are responsible for manually sideloading IOC and Bug Database updates when required, and the License continues to operate against its cached local state.

2.5  Scan Telemetry

In Standard Mode, and only when the workstation is online under a networked license, anonymous operational metadata is transmitted to TSCM Intelligence Agency Ltd. servers for license quota management, operational analytics, and quality assurance purposes. The specific fields transmitted are enumerated in the LUMA Privacy Policy, Section 3.3. Telemetry is metadata only: it contains no forensic findings, no forensic report contents, no scan artifacts, and no personal data from scanned devices; it carries a numeric count of findings rather than the findings themselves, together with device metadata, the verdict category, and the Licensee's company name and contractor identifier. Air-Gap Mode, and any offline license, suppress all telemetry.

2.6  Internet Connectivity

Forensic analysis does not require an internet connection; the Software performs all analysis locally using its deterministic Forensic Computation Engine, in both Standard and Air-Gap Modes. An internet connection in Standard Mode is used only for license validation, operational telemetry, IOC and Bug Database updates, and the optional Remote Upload feature. TSCM Intelligence Agency Ltd. does not guarantee the availability, uptime, or performance of its own online services and shall not be liable for service disruptions or outages that may affect license validation, updates, or remote upload; scan functionality remains available offline against the License's cached local state.

3. LICENSE GRANT

Subject to the terms of this Agreement, Licensor grants Licensee a limited, non-exclusive, non-transferable, revocable license to use the Software for lawful defensive forensic analysis purposes only.

3.1  License Model - Prepaid Scan Magazine (per-scan License)

(a) Grant. LUMA is licensed as a prepaid magazine of device scans. At purchase, the Licensee acquires a quantity of Scan Credits (the "Magazine"), subject to the minimum first purchase and increment sizes then in effect commercially. Each device scan initiated and completed by the Software consumes one (1) Scan Credit from the Magazine, regardless of the scan outcome (including a clean finding). Unused Scan Credits do not carry over beyond the License expiration date and are non-refundable. The License is bound to the Licensee's Machine ID(s) up to the Seat Cap recorded in the license file. The quantity of Scan Credits, the Seat Cap, and the expiration are set at issuance and recorded in the signed license file; the license file carries no price.

(b) Top-Up. The Licensee may purchase additional Scan Credits at any time. A top-up raises the Scan Credit quota of the same License (the same license identity); it does not create a second License and does not reset the consumed count. Where the Licensee is connected to Licensor's license server, a top-up is applied automatically on the next license synchronization; where the Licensee operates in Air-Gap Mode, a top-up is delivered as a re-issued license file carrying the same license identity and the increased quota.

(c) Seats (multi-device). A License may authorize more than one Seat up to its Seat Cap. Under the per-scan model, all Seats draw from the same Magazine. Where the Licensee is connected to Licensor's license server, all Seats draw from a single shared pool. Where the Licensee operates in Air-Gap Mode, each Seat is issued its own license file with its own sub-quota, enforced independently, because a live shared pool is not possible without connectivity. Activation of a device beyond the Seat Cap will be refused until the Licensor raises the Seat Cap.

(d) Evaluation. Licensor does not offer a free evaluation license as a standard product; product evaluation is conducted through a supervised live demonstration by Licensor or its authorized representative. Where Licensor elects, at its discretion, to issue an evaluation license, that license is a per-scan License under this Section 3.1 with a limited quota and a short expiration, is provided solely for evaluation, and is not intended for production casework or for any engagement in which forensic findings may be relied upon for legal, investigative, or evidentiary purposes.

3.2  Prevailing Master Agreements

Where a Licensee (for example, a large organization or government body) executes a separate master agreement, enterprise agreement, or government order with Licensor, that agreement governs the number of authorized Seats, deployment scope, support terms, and any additional conditions it specifically addresses. In the event of a conflict between this EULA and such an agreement, that agreement shall prevail with respect to the terms it specifically addresses.

3.3  Government Annual License (Fair Use)

3.3.1  Nature. The Government Annual License is a separately negotiated, non-public product available only to governmental, defense, intelligence, or law-enforcement bodies under a written government order or master agreement. It is not offered on Licensor's public price menu and is not available to commercial resellers or private contractors. In the event of any conflict between this Agreement and the applicable government order or master agreement with respect to a matter that order specifically addresses, that order controls for that matter.

3.3.2  Scan usage - "unlimited" subject to Fair Use. The Government Annual License is not metered by a fixed Scan Credit quota; the Software imposes no numerical scan limit for the duration of the term. This uncapped operation is provided subject to a contractual fair-use expectation: normal forensic use of up to approximately three hundred (300) device scans per twelve-month term, or such other reference figure as is stated in the applicable government order. Sustained use materially and persistently above that reference level entitles Licensor to require good-faith renegotiation of the commercial terms for the balance of the term or upon renewal. Exceeding the fair-use reference is NOT a breach of this Agreement and does NOT cause the Software to stop functioning; it is solely a commercial-review trigger.

3.3.3  Air-Gap and non-enforcement of the scan reference. The Licensee acknowledges, and Licensor expressly states, that where the Software is operated in Air-Gap Mode the number of scans performed is not technically measurable or reportable to Licensor. Accordingly, the fair-use reference in Section 3.3.2 is an honor-based contractual expectation only. Licensor does not represent, warrant, or promise any technical metering, counting, throttling, or enforcement of the scan reference in Air-Gap operation, and the Licensee shall not rely on the Software to enforce or report scan volume. The Software's local scan counter, where present, is retained for the Licensee's own recordkeeping and optional voluntary reporting only, and is not a fair-use enforcement mechanism.

3.3.4  Enforceable terms - Term and Seats. The enforceable limits of the Government Annual License are (a) its term and (b) its Seat count, both of which are cryptographically bound into the signed license file:

(a) Term. The License has a hard expiration of twelve (12) months from activation, unless a different term is stated in the government order. On expiration the Software ceases to perform new scans (Section 4.2). The term is the primary enforcement lever and the natural checkpoint for usage review and renewal. Because Air-Gap deployments cannot be revoked remotely, expiration is the sole kill-switch and the term is set accordingly.

(b) Seats. The base License includes one (1) Seat. Each additional Seat is licensed under the government order and is bound to a specific Machine ID. Seat count is enforced offline through the signed license file and is the principal quantitative control available to Licensor for an Air-Gap deployment. Activation beyond the licensed Seat count is refused.

3.3.5  No refund; renewal. Unused capacity, term, or Seats are non-refundable. Renewal is by a new government order at Licensor's then-current negotiated terms.

4. LICENSE EXPIRATION AND RENEWAL

4.1  Expiration Date

All licenses issued under this Agreement have a defined expiration date established at the time of issuance or activation. The expiration date is recorded in the license file and enforced by the Software.

4.2  Effect of Expiration

Upon expiration of the license term, the Software will cease to perform new device scans. All forensic reports previously generated during the active license period shall remain accessible to the Licensee in read-only mode. Expiration of the license does not require uninstallation of the Software.

4.3  Advance Expiration Notifications

Licensor will provide advance notifications to the Licensee at approximately thirty (30), fourteen (14), and seven (7) calendar days prior to the license expiration date. Notifications may be delivered via in-application messages, the Partner Portal, or email, at Licensor's discretion.

4.4  Effect of Expiration on Scans

Upon expiration of the License term, any unused Scan Credits remaining in the Magazine are automatically forfeited, are non-refundable, and are non-transferable. For the Government Annual License (Section 3.3), expiration ends all scan functionality at the end of the twelve-month term (or the term stated in the government order). Licensee is encouraged to utilize all Scan Credits, and to complete government engagements, before the expiration date. Previously generated forensic reports remain accessible in read-only mode (Section 4.2).

4.5  Renewal

License renewal is available by contacting the Licensor directly or through the Partner Portal. Renewal terms and pricing are subject to the Licensor's then-current pricing schedule. Renewal or top-up issues additional Scan Credits into the Licensee's Magazine; it does not restore previously expired credits.

4.6  Grace Period

For online-validated licenses, a grace period of up to seven (7) calendar days following the expiration date may be provided at the Licensor's sole and absolute discretion to allow the Licensee to complete in-progress work. The provision of a grace period in one instance does not create an obligation to provide a grace period in any future instance. The grace period does not extend the license term and does not entitle the Licensee to commence new engagements.

5. SCAN QUOTA AND EXHAUSTION

This Section applies to all per-scan Licenses (Section 3.1). It does not apply to the Government Annual License (Section 3.3), which is not metered by a fixed quota and is governed instead by the fair-use, term, and Seat provisions of Section 3.3.

5.1  Scan Credit Consumption

Each device scan initiated and completed by the Software consumes one (1) Scan Credit from the Licensee's Magazine. A Scan Credit is consumed regardless of the scan outcome, including scans that result in a clean finding.

5.2  Quota Exhaustion

When all Scan Credits in the Magazine have been consumed, the Software will not perform additional device scans until the Licensee tops up the Magazine with additional Scan Credits (Section 3.1(b)).

5.3  Low Quota and Exhaustion Notifications

The Software will notify the Licensee when Scan Credits are running low (at approximately twenty percent (20%) of the current quota remaining) and again when all Scan Credits have been fully exhausted. Notifications are provided as a courtesy; failure to receive or acknowledge a notification does not extend or restore Scan Credits.

5.4  Non-Transferability

Scan Credits are non-transferable between licenses, between devices beyond the licensed Seats, and between Licensees. Unused Scan Credits are non-refundable under any circumstances, including but not limited to early termination, license transfer, or hardware replacement.

6. HARDWARE BINDING AND MACHINE IDENTIFICATION

6.1  Machine ID Binding

Each license issued under this Agreement is bound to one or more specific hardware configurations through a unique Machine ID per Seat. The Machine ID is generated from characteristics of the Licensee's device at the time of license activation. The License may only be used on the device(s) corresponding to the registered Machine ID(s), up to the Seat Cap.

6.2  Privacy of Machine ID

The Machine ID is a non-reversible cryptographic hash (SHA-256) derived from hardware identifiers including, but not limited to, CPU serial number, motherboard identifier, disk identifier, operating system identifier, and network adapter address. The Machine ID does not contain personally identifiable information and cannot be reverse-engineered to reconstruct the underlying hardware identifiers.

6.3  Hardware Changes and Re-Hosting

If the Licensee's hardware configuration changes (e.g., device replacement, significant hardware upgrade, or operating system reinstallation that alters the Machine ID), the Licensee must contact the Licensor to request re-hosting of the License to the new hardware. Re-hosting is performed at Licensor's discretion by deactivating the old Machine ID and re-issuing the License bound to the new Machine ID. Licensor may reasonably limit the frequency of re-hosting requests to prevent abuse and may apply a re-hosting fee for excessive requests.

6.4  Unauthorized Use

Attempting to use the Software on a device that does not match a registered Machine ID, or attempting to circumvent, spoof, or manipulate the Machine ID verification mechanism, constitutes a material breach of this Agreement and may result in immediate license revocation without refund.

7. AUTHORIZED USE

The Software may only be used under the following conditions:

7.1  Device Owner Consent

Written or digital consent from the device owner must be obtained and documented prior to any scan. Verbal consent alone is insufficient.

7.2  Legal Authority

A valid court order, search warrant, or other legally sufficient authorization issued by a competent authority. Users should consult with legal counsel to ensure compliance with all applicable laws in their jurisdiction.

7.3  Personal Device Ownership

The device is owned by the individual performing the scan (personal use only).

8. STRICTLY PROHIBITED USES

The following uses of LUMA are strictly prohibited and may constitute criminal offenses:

X Scanning devices without proper authorization from the device owner or valid legal authority

X Stalking, harassment, or domestic surveillance

X Monitoring employees without proper notice and consent as required by applicable law

X Industrial espionage or competitive intelligence gathering

X Accessing devices of minors without parental or legal guardian authority

X Any use that violates applicable privacy, computer crime, or data protection laws

X Using scan results for blackmail, extortion, or coercion

X Reverse engineering, decompiling, or disassembling the Software

X Redistributing, sublicensing, or reselling the Software without written authorization

9. RESTRICTIONS ON USE

9.1  No Reverse Engineering

Licensee shall not, and shall not permit or encourage any third party to: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover or derive the source code, detection algorithms, correlation logic, or underlying Indicators of Compromise (IOC) and detector databases of the Software; (ii) modify, translate, or create derivative works based on the Software; or (iii) attempt to defeat, avoid, bypass, or remove any security or licensing mechanism of the Software.

9.2  Restriction on AI Training and Data Scraping

Licensee is strictly prohibited from using the Software, its outputs, forensic reports, interface, IOC data, or detector logic to train, fine-tune, or develop any artificial intelligence or machine-learning model, or any competing threat-analysis, forensic, or IOC product. This restriction protects Licensor's IOC data, detector methodology, and generated outputs regardless of the technology any such competing product employs. All generated outputs are licensed solely for the Licensee's internal security and forensic assessment purposes.

9.3  Use by Managed Service Providers (MSPs) and Contractors

If Licensee (e.g., a security contractor, investigation agency, or MSSP) utilizes the Software to provide scanning, forensic, or threat analysis services to third-party end-clients ("End-Clients"), Licensee represents, warrants, and explicitly agrees to the following:

1. Sole Responsibility for Consent: Licensee is solely responsible for obtaining all legally required consents, authorizations, and device release forms from the End-Clients prior to running any analysis using the Software.

2. Data Processing Agreements (DPA): Licensee shall be solely responsible for executing any required Data Processing Agreements (DPAs) directly with its End-Clients. In this relationship, Licensee acts as the "Data Processor" and TSCM Intelligence Agency Ltd. acts solely as a "Sub-Processor".

3. Flow-Down of Disclaimers: Licensee must explicitly inform its End-Clients of the operational modes of the Software (Standard and Air-Gap) and must pass through all relevant disclaimers, including the "AS IS" nature of the Software and the fact that results are decision-support indications subject to mandatory human verification, not legal advice or conclusive evidence.

4. Indemnification: Licensee agrees to fully indemnify, defend, and hold harmless TSCM Intelligence Agency Ltd. from and against any claims, lawsuits, regulatory fines, or damages brought by any End-Client or third party arising out of Licensee's failure to obtain proper consent, breach of privacy laws, or misuse of the Software.

5. Audit Rights: TSCM Intelligence Agency Ltd. reserves the right, upon reasonable written notice, to request and receive documented proof of such End-Client consents, authorizations, and executed DPAs to verify Licensee's compliance with this section.

9.4  No Unauthorized Security Testing

Licensee shall not, under any circumstances, conduct any unauthorized security testing, vulnerability scanning, penetration testing (pen-testing), stress testing, load testing, or Denial of Service (DoS) attacks against the Software, its associated APIs, or the cloud infrastructure of TSCM Intelligence Agency Ltd. and its third-party service providers.

10. APPLICABLE LAWS - UNITED STATES

10.1  Computer Fraud and Abuse Act (CFAA)

The CFAA (18 U.S.C. 1030) prohibits intentionally accessing a computer without authorization or exceeding authorized access. LUMA does not access any device without authorization; it analyzes backup data provided with device owner consent. Users must ensure proper authorization exists prior to any scan.

10.2  Electronic Communications Privacy Act (ECPA)

The ECPA (18 U.S.C. 2510-2522) prohibits the unauthorized interception of electronic communications. LUMA does not intercept live communications. It analyzes static forensic artifacts from device backups. Users must ensure their handling of extracted data complies with ECPA provisions regarding stored communications.

10.3  State Laws

Many U.S. states have their own computer crime and privacy laws. Some states require all-party consent for recording or monitoring activities. Users are responsible for understanding and complying with the laws of their jurisdiction.

11. APPLICABLE LAWS - EUROPEAN UNION

11.1  General Data Protection Regulation (GDPR)

The GDPR imposes strict requirements on the processing of personal data of EU residents. Users must ensure they have a lawful basis for processing any personal data obtained through device scans, and must comply with data subject rights including the right to access, rectification, and erasure.

11.2  ePrivacy Directive

The ePrivacy Directive provides additional protections for electronic communications. Users must ensure their activities comply with national implementations of this directive.

11.3  National Laws

EU member states may have additional national laws governing computer forensics and surveillance detection activities. Users operating within the EU must comply with all applicable national legislation.

12. EXPORT CONTROLS AND SANCTIONS COMPLIANCE

The Software, related technology, and services may be subject to export control and economic sanctions laws of the State of Israel, the United States, and the European Union. Licensee represents and warrants that it is not located in, under the control of, or a national or resident of any country or territory subject to a comprehensive embargo by the aforementioned authorities, nor is it listed on any government's restricted party list (e.g., the U.S. Treasury Department's Specially Designated Nationals List). Licensee agrees not to export, re-export, transfer, or make available the Software to any prohibited destination, entity, or person in violation of applicable export control laws.

LUMA is classified as a defensive cybersecurity tool and is not subject to the export restrictions applicable to intrusion software or offensive cyber capabilities under the Wassenaar Arrangement or U.S. Export Administration Regulations (EAR). However, Licensee remains responsible for compliance with all applicable export control laws in their jurisdiction.

13. SCAN RESULTS DISCLAIMER AND DECISION-SUPPORT CLASSIFICATION

13.1  Software Classification: Defensive Forensic Log Analysis Tool Operating in a Decision-Support Capacity

LUMA is a Defensive Forensic Log Analysis Tool that operates in a decision-support capacity. It is designed for forensic log analysis and the identification of known and behaviourally-suspicious markers on mobile devices. Findings produced by LUMA are generated locally through a combination of deterministic IOC matching, rule-based behavioral detectors, and a deterministic Bayesian probability model (the Forensic Computation Engine). Findings are probabilistic indications, not determinations of fact.

13.2  Human-in-the-Loop Requirement

The Software is intended for preliminary analysis only. Every finding presented by the Software requires independent verification by a Qualified Forensic Examiner before being presented as evidence in any professional, administrative, investigative, or judicial context. Licensee acknowledges that no finding emitted by the Software may be relied upon or presented as conclusive without such independent verification.

13.3  No Guarantee of Accuracy

The Licensor does not warrant that log analysis performed by the Software will be free from errors or misinterpretations arising from data complexity, log format changes, operating-system version drift, undocumented vendor behavior, or previously unknown adversary techniques. False positives and false negatives are inherent to any forensic analysis tool that operates on incomplete or evolving data.

13.4  Scope of Use

Use of the Software's output as sole evidence in legal, administrative, or investigative proceedings is at the user's sole responsibility. Licensor expressly disclaims any representation that the Software's output, standing alone, is sufficient to support a legal determination, probable cause finding, or evidentiary conclusion. Findings should be corroborated with independent forensic analysis, chain-of-custody documentation, and, where applicable, expert testimony.

13.5  IOC and Detector Limitations

LUMA's IOC Database and detector rule sets are derived from publicly available threat intelligence and the Licensor's internal research. New, novel, or previously unknown threats may not be detectable until the IOC Database and detectors are updated. The absence of findings does not constitute proof of the absence of compromise.

13.6  Technical Indications Only

The Software provides technical indications only. Any legal, organizational, human-resources, family-law, criminal-referral, or personal actions taken by the Licensee or by the Licensee's End-Clients based on scan findings are the sole responsibility of the user. Licensor disclaims any liability for such actions.

13.7  Acknowledgment by Licensee and Examiners

Licensee, and each Qualified Forensic Examiner operating the Software on Licensee's behalf, is required to acknowledge the foregoing at first-run initialization (Section 24.3) and again prior to the export of each forensic report (Section 24.4). Acknowledgments are recorded by the Software with a timestamp and the Machine ID and are incorporated into the exported report metadata as a sworn statement that the findings have been independently reviewed.

14. INTELLECTUAL PROPERTY

The Software, including all code, algorithms, detection methodologies, correlation engines, report templates, and documentation, is the exclusive property of TSCM Intelligence Agency Ltd. and is protected by Israeli and international copyright, trade secret, and intellectual property laws.

15. DISCLAIMER OF WARRANTIES

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SOFTWARE, IN STANDARD AND AIR-GAP MODES, IS PROVIDED STRICTLY ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS, IMPLIED, OR STATUTORY. TSCM INTELLIGENCE AGENCY LTD. EXPLICITLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. TSCM DOES NOT WARRANT THAT THE SOFTWARE WILL BE ERROR-FREE, UNINTERRUPTED, COMPLETELY SECURE, OR THAT IT WILL DETECT ALL PAST, PRESENT, OR FUTURE THREATS, SPYWARE, OR MALWARE.

16. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL TSCM INTELLIGENCE AGENCY LTD., ITS AFFILIATES, OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR BUSINESS INTERRUPTION. IN NO EVENT SHALL THE TOTAL AGGREGATE LIABILITY OF TSCM INTELLIGENCE AGENCY LTD. ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY THE LICENSEE FOR THE SOFTWARE OR APPLICABLE SERVICE DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

17. INDEMNIFICATION

Licensee agrees to indemnify, defend, and hold harmless Licensor from any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from Licensee's use or misuse of the Software, violation of applicable laws, or breach of this Agreement.

18. TERMINATION

18.1  Termination by Expiration

This Agreement terminates automatically upon expiration of the license term as described in Section 4. Upon natural expiration:

(a) Licensee must cease performing new device scans.

(b) All forensic reports previously generated during the active license period remain accessible to the Licensee in read-only mode.

(c) All unused Scan Credits, if applicable, are forfeited and non-refundable.

(d) Licensee is not required to uninstall or destroy the Software solely due to expiration, but may not use it to perform scans until a valid license is obtained.

18.2  Termination for Breach

Licensor may terminate this Agreement immediately upon written notice if Licensee breaches any material term of this Agreement. Upon termination for breach:

(a) Licensee must immediately cease all use of the Software.

(b) Licensee must destroy all copies of the Software in its possession or control.

(c) All license rights granted under this Agreement are immediately revoked without refund.

18.3  Termination by Licensee

Licensee may terminate this Agreement at any time by ceasing all use of the Software and destroying all copies. No refund of license fees or unused Scan Credits will be issued upon voluntary termination.

18.4  Survival

Sections 2, 6, 8, 9, 12, 13, 14, 15, 16, 17, 19, and 25 shall survive termination or expiration of this Agreement.

19. NOTIFICATIONS AND COMMUNICATIONS

19.1  Operational Notifications

Licensor may send operational notifications to the Licensee regarding license status, including but not limited to: expiration warnings, Scan Credit quota alerts, renewal reminders, software update availability, and service status updates.

19.2  Delivery Methods

Notifications may be delivered via email (to the address associated with the Licensee's account), through the Partner Portal, or as in-application messages within the Software.

19.3  Nature of Communications

These operational communications are transactional and administrative in nature. They are necessary for the proper functioning and management of the licensed Software and are not marketing communications. Operational notifications cannot be opted out of while the license is active. Licensor will not use the Licensee's contact information for marketing purposes without separate, explicit consent.

20. GOVERNING LAW AND JURISDICTION

This EULA, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter, shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of law principles. The parties irrevocably agree that the competent courts of Tel Aviv-Jaffa, Israel, shall have exclusive jurisdiction to settle any dispute or claim arising under this Agreement.

21. THIRD-PARTY AND OPEN SOURCE SOFTWARE

The Software may contain or be provided alongside third-party software components, including open-source software (OSS). These components are licensed to the Licensee under their respective applicable OSS licenses, and not this EULA. Nothing in this EULA limits the Licensee's rights under, or grants rights that supersede, the terms of any applicable OSS license. To the maximum extent permitted by law, all OSS components are provided "AS IS" without any warranty or indemnity of any kind from TSCM Intelligence Agency Ltd.

22. FORCE MAJEURE

TSCM Intelligence Agency Ltd. shall not be liable for any failure or delay in performing its obligations, including the unavailability of Licensor's online services (license validation, telemetry, database updates, and the optional Remote Upload feature), if such failure or delay is caused by events beyond its reasonable control. These events include, but are not limited to, acts of God, war, terrorism, state-sponsored cyberattacks, regional internet service provider failures, cloud infrastructure outages, severe power grid failures, or government mandates.

23. GOVERNING LANGUAGE

This Agreement was originally drafted in the English language. Even if the Software interface, reports, or this Agreement are translated into other languages for convenience, the English version shall exclusively govern, control, and prevail in the event of any discrepancy, ambiguity, or conflict.

24. ACKNOWLEDGMENT HIERARCHY

Licensee acknowledges that, in addition to acceptance of this Agreement at installation, the Software enforces a four-tier acknowledgment hierarchy to preserve the evidentiary integrity of its output:

24.1  Tier 1 - This End User License Agreement

Acceptance of this Agreement constitutes binding contractual acknowledgment by the Licensee of every term herein.

24.2  Tier 2 - First-Run User Interface Warning

At first launch of each installed version of the Software, a mandatory modal is presented summarising the Human-in-the-Loop requirement, the no-guarantee-of-accuracy disclaimer, and the scope-of-use limitation. The Licensee or operator must acknowledge the modal before the Software becomes functional. The acknowledgment is recorded with a timestamp and Machine ID.

24.3  Tier 3 - Report-Embedded Disclaimer

Every forensic report generated by the Software contains an embedded evidentiary-limitations chapter summarising the disclaimers set forth in Section 13. This chapter is a non-removable part of the report and is intended to accompany the report through its entire lifecycle.

24.4  Tier 4 - Pre-Export Examiner Acknowledgment

Before the Software permits export of any forensic report, the operating Qualified Forensic Examiner is required to complete an active acknowledgment modal confirming that each finding has been independently reviewed, that any ambiguity has been recorded in the report, and that the examiner accepts personal professional responsibility for the interpretation presented. The acknowledgment, including examiner name, timestamp, and Machine ID, is embedded as metadata in the exported report and constitutes a sworn statement of verification.

25. VERSION RETENTION AND TOOL REPRODUCIBILITY

25.1  Purpose

To preserve the evidentiary value of reports generated by the Software over their entire admissibility lifecycle, Licensor maintains a long-horizon retention programme for all release artifacts. This programme is intended to permit reproducibility of any analysis, independent verification of binary authenticity, and response to discovery or expert-witness requests years after the original engagement.

25.2  Retained Artifacts

For each public release of the Software, Licensor retains:

(a) The signed installer binaries for each supported platform (Windows and macOS);

(b) The IOC Database snapshot bundled with or retrievable by that release, together with its SHA-256 hash and source manifest;

(c) The Bug Database snapshot associated with that release;

(d) The public release manifest (manifest.sha256.txt) enumerating all artifacts, hashes, and signatures;

(e) The corresponding Validation Report and Known Limitations document (Sections 25.5 and 25.6); and

(f) The source-code commit identifier against which the release was built.

25.3  Retention Period

(a) General retention: not less than seven (7) years in the United States, ten (10) years in the European Union, and seven (7) years in the State of Israel, measured from the date the release is superseded by a successor release.

(b) Reference-based retention: Any release cited or referenced in a forensic report delivered by Licensee to an End-Client or to a tribunal shall be retained indefinitely by Licensor. Licensee shall notify Licensor of the release version and report identifier upon delivery of a report to a tribunal of record.

25.4  Storage and Tamper-Resistance

Retained artifacts are stored in immutable object storage (Google Cloud Storage with Bucket Lock, configured for Write Once Read Many ("WORM") compliance). The public manifest (manifest.sha256.txt) is published at a stable URL and signed with Licensor's Ed25519 release key; the public half of the Ed25519 key is published on the Licensor's website. Third parties, including opposing-party experts, may verify the authenticity of any retained binary without contacting Licensor by retrieving the manifest and verifying the detached signature and SHA-256 digest.

25.5  Validation Report per Release

For each release, Licensor produces and retains a Validation Report documenting (i) the commit identifier and build timestamp, (ii) the results of Licensor's regression test vectors (including iOS suspicious, iOS clean, and Android clean reference cases), (iii) the IOC Database snapshot hash and Bug Database snapshot hash, and (iv) the release manifest hash. The Validation Report is signed by Licensor's release engineer and is made available to End-Clients upon reasonable request for purposes of expert-witness preparation.

25.6  Known Limitations Document per Release

For each release, Licensor produces and retains a Known Limitations document enumerating new detectors, threshold changes, known false-positive patterns, known blind spots, tested operating-system versions, deprecated features, and migration notes from the prior release.

25.7  Reproducibility Metadata in Every Report

Every forensic report generated by the Software contains a Reproducibility Block stating the Software version, IOC Database version, Bug Database version, analysis mode (Standard or Air-Gap), and the ISO 8601 timestamp of report generation. The Reproducibility Block permits a third-party examiner to retrieve the retained artifacts for that specific release and reproduce the analysis.

26. CONTACT

TSCM Intelligence Agency Ltd.

www.luma-scan.com

BY INSTALLING OR USING LUMA, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY ALL TERMS OF THIS AGREEMENT.

End of document. TSCM Intelligence Agency Ltd. | www.luma-scan.com

For legal inquiries: legal@luma-scan.com

(c) 2026 TSCM Intelligence Agency Ltd. All rights reserved.

Governing language: English. Translations provided for convenience only.

LUMA

Defensive Mobile Forensic Platform. Built by TSCM Intelligence Agency. Deployed by government agencies, intelligence services, and executive protection units worldwide.

Active engagements in 12 jurisdictions

Capabilities

iOS Forensic Analysis Android Forensic Analysis Remote Forensic Scan Air-Gap Deployment Multi-Language Reports

Government

Procurement Information Compliance Documentation Operational Scope Statement Sample Reports (NDA) Briefing Request

Contact

briefings@luma-scan.com procurement@luma-scan.com compliance@luma-scan.com support@luma-scan.com
© 2026 LUMA - TSCM Intelligence Agency Ltd. (Israel registered company 515887677). All rights reserved. PrivacyTerms of UseEULAExport ControlResponsible DisclosureStatus
LUMA IS DEFENSIVE FORENSIC TECHNOLOGY - NOT A SURVEILLANCE OR OFFENSIVE CYBER PRODUCT