LUMA Mobile Threat Analysis Software
Effective Date: March 2026 | Version 2.1
"Software" means LUMA Mobile Threat Analysis, including updates, documentation, and related materials.
"Licensor" means TSCM Intelligence Agency Ltd., Company ID 515887677.
"Licensee" means the individual or entity purchasing a license.
"Authorized Device" means a device owned by Licensee or for which proper written authorization exists from the device owner or valid legal authority.
LUMA is classified as a defensive forensic analysis tool. It is designed exclusively for the detection and identification of surveillance software, spyware, and unauthorized monitoring tools on mobile devices. LUMA does not create, deploy, distribute, or facilitate the installation of any surveillance or intrusion software.
For the avoidance of doubt, LUMA is fundamentally distinct from offensive cyber tools such as spyware, intrusion software, or commercial surveillance products. LUMA:
LUMA operates within the same legal framework as established defensive forensic tools such as Amnesty International's Mobile Verification Toolkit (MVT), anti-malware software, and endpoint detection and response (EDR) solutions. Specifically:
LUMA operates in two analysis modes:
Online Mode (Cloud AI Analysis): When internet connectivity is available, LUMA transmits forensic scan findings to secure cloud-based AI servers for advanced forensic analysis. Data transmitted includes IOC matches, behavioral indicators, process anomalies, and device metadata. No raw device backups, personal content (photos, messages, files), passwords, or contact lists are transmitted. Cloud AI providers process data solely for forensic analysis and do not retain data beyond the processing session.
Offline Mode (Local Analysis): When no internet connection is available, or when selected by the user, all data processing occurs entirely on the local machine. No data is transmitted to external servers. If cloud AI services become unavailable during a scan, LUMA automatically falls back to offline mode.
Scan Telemetry: In both modes, anonymous operational metadata (scan identifier, processing duration, analysis engine used, device type, and threat level classification) is transmitted to TSCM Intelligence Agency Ltd. servers for quality assurance purposes. This telemetry contains no personal data from scanned devices.
Internet Connectivity Requirement: Full AI-powered forensic analysis requires an active internet connection to communicate with cloud-based AI servers. Without internet access, the Software will operate in offline mode using a local computation engine, which may provide different or reduced analytical depth. TSCM Intelligence Agency Ltd. does not guarantee the availability, uptime, or performance of third-party cloud AI infrastructure, and shall not be liable for any service disruptions, outages, or modifications to third-party services that may affect online analysis capabilities.
Subject to the terms of this Agreement, Licensor grants Licensee a limited, non-exclusive, non-transferable, revocable license to use the Software for lawful defensive forensic analysis purposes only.
The Software may only be used under the following conditions:
Written or digital consent from the device owner must be obtained and documented prior to any scan. Verbal consent alone is insufficient.
A valid court order, search warrant, or other legally sufficient authorization issued by a competent authority. Users should consult with legal counsel to ensure compliance with all applicable laws in their jurisdiction.
The device is owned by the individual performing the scan (personal use only).
The following uses of LUMA are strictly prohibited and may constitute criminal offenses:
Licensee shall not, and shall not permit or encourage any third party to: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover or derive the source code, artificial intelligence models, algorithms, or underlying Indicators of Compromise (IOC) databases of the Software; (ii) modify, translate, or create derivative works based on the Software; or (iii) attempt to defeat, avoid, bypass, or remove any security or licensing mechanism of the Software.
Licensee is strictly prohibited from using the Software, its outputs, forensic reports, interface, or any underlying Indicators of Compromise (IOC) data to train, fine-tune, or develop any artificial intelligence models, machine learning algorithms, LLMs (Large Language Models), or any competing threat analysis software. All generated outputs are licensed solely for the Licensee's internal security and forensic assessment purposes.
If Licensee (e.g., a security contractor, investigation agency, or MSSP) utilizes the Software to provide scanning, forensic, or threat analysis services to third-party end-clients ("End-Clients"), Licensee represents, warrants, and explicitly agrees to the following:
Licensee shall not, under any circumstances, conduct any unauthorized security testing, vulnerability scanning, penetration testing (pen-testing), stress testing, load testing, or Denial of Service (DoS) attacks against the Software, its associated APIs, or the cloud infrastructure of TSCM Intelligence Agency Ltd. and its third-party service providers.
The CFAA (18 U.S.C. 1030) prohibits intentionally accessing a computer without authorization or exceeding authorized access. LUMA does not access any device without authorization; it analyzes backup data provided with device owner consent. Users must ensure proper authorization exists prior to any scan.
The ECPA (18 U.S.C. 2510-2522) prohibits the unauthorized interception of electronic communications. LUMA does not intercept live communications. It analyzes static forensic artifacts from device backups. Users must ensure their handling of extracted data complies with ECPA provisions regarding stored communications.
Many U.S. states have their own computer crime and privacy laws. Some states require all-party consent for recording or monitoring activities. Users are responsible for understanding and complying with the laws of their jurisdiction.
The GDPR imposes strict requirements on the processing of personal data of EU residents. Users must ensure they have a lawful basis for processing any personal data obtained through device scans, and must comply with data subject rights including the right to access, rectification, and erasure.
The ePrivacy Directive provides additional protections for electronic communications. Users must ensure their activities comply with national implementations of this directive.
EU member states may have additional national laws governing computer forensics and surveillance detection activities. Users operating within the EU must comply with all applicable national legislation.
The Software, related technology, and services may be subject to export control and economic sanctions laws of the State of Israel, the United States, and the European Union. Licensee represents and warrants that it is not located in, under the control of, or a national or resident of any country or territory subject to a comprehensive embargo by the aforementioned authorities, nor is it listed on any government's restricted party list (e.g., the U.S. Treasury Department's Specially Designated Nationals List). Licensee agrees not to export, re-export, transfer, or make available the Software to any prohibited destination, entity, or person in violation of applicable export control laws.
LUMA is classified as a defensive cybersecurity tool and is not subject to the export restrictions applicable to intrusion software or offensive cyber capabilities under the Wassenaar Arrangement or U.S. Export Administration Regulations (EAR). However, Licensee remains responsible for compliance with all applicable export control laws in their jurisdiction.
While LUMA employs advanced detection techniques and maintains comprehensive threat intelligence databases, no forensic tool can guarantee detection of all threats or the absence of false indications.
LUMA's Indicators of Compromise are derived from publicly available threat intelligence. New or previously unknown threats may not be detectable until IOC databases are updated.
Scan results require professional forensic interpretation. Raw findings should not be treated as definitive evidence without expert analysis and corroboration.
The Software provides technical indications only. Any legal, organizational, or personal actions taken based on scan findings are the sole responsibility of the user.
The Software, including all code, algorithms, detection methodologies, correlation engines, report templates, and documentation, is the exclusive property of TSCM Intelligence Agency Ltd. and is protected by Israeli and international copyright, trade secret, and intellectual property laws.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SOFTWARE, IN BOTH ONLINE AND OFFLINE MODES, IS PROVIDED STRICTLY ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS, IMPLIED, OR STATUTORY. TSCM INTELLIGENCE AGENCY LTD. EXPLICITLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. TSCM DOES NOT WARRANT THAT THE SOFTWARE WILL BE ERROR-FREE, UNINTERRUPTED, COMPLETELY SECURE, OR THAT IT WILL DETECT ALL PAST, PRESENT, OR FUTURE THREATS, SPYWARE, OR MALWARE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL TSCM INTELLIGENCE AGENCY LTD., ITS AFFILIATES, OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR BUSINESS INTERRUPTION. IN NO EVENT SHALL THE TOTAL AGGREGATE LIABILITY OF TSCM INTELLIGENCE AGENCY LTD. ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY THE LICENSEE FOR THE SOFTWARE OR APPLICABLE SERVICE DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
Licensee agrees to indemnify, defend, and hold harmless Licensor from any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from Licensee's use or misuse of the Software, violation of applicable laws, or breach of this Agreement.
This Agreement is effective until terminated. Licensor may terminate this Agreement immediately if Licensee breaches any term. Upon termination, Licensee must cease all use and destroy all copies of the Software. Sections 2, 5, 6, 9, 10, 11, 12, 13, and 14 shall survive termination.
This EULA, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter, shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of law principles. The parties irrevocably agree that the competent courts of Tel Aviv-Jaffa, Israel, shall have exclusive jurisdiction to settle any dispute or claim arising under this Agreement.
The Software may contain or be provided alongside third-party software components, including open-source software (OSS). These components are licensed to the Licensee under their respective applicable OSS licenses, and not this EULA. Nothing in this EULA limits the Licensee's rights under, or grants rights that supersede, the terms of any applicable OSS license. To the maximum extent permitted by law, all OSS components are provided "AS IS" without any warranty or indemnity of any kind from TSCM Intelligence Agency Ltd.
TSCM Intelligence Agency Ltd. shall not be liable for any failure or delay in performing its obligations, including the unavailability of Online Mode (Cloud AI Analysis), if such failure or delay is caused by events beyond its reasonable control. These events include, but are not limited to, acts of God, war, terrorism, state-sponsored cyberattacks, regional internet service provider failures, cloud infrastructure outages, severe power grid failures, or government mandates.
This Agreement was originally drafted in the English language. Even if the Software interface, reports, or this Agreement are translated into other languages for convenience, the English version shall exclusively govern, control, and prevail in the event of any discrepancy, ambiguity, or conflict.
TSCM Intelligence Agency Ltd.
Email: support@luma-scan.com | Web: www.luma-scan.com