Terms of Service
Last updated: March 2026
1. Introduction
These Terms of Service ("Terms") govern your access to and use of encryptcodec.com and the EncryptCodec API, operated by Aviera Labs ("EncryptCodec", "we", "us", or "our"). By accessing or using the site or API, you agree to be bound by these Terms. If you do not agree, please do not use the service. These Terms apply to all visitors, registered users, and API consumers, including use of the security training platform, cryptographic tools, REST API, security simulations, educational games, team features, certificates, monitoring services, and blog content.
2. Description of Service
EncryptCodec is a security training platform and developer toolkit. The service includes: • Security Simulations — 16 interactive, browser-based attack simulations covering SQL injection, XSS, CSRF, JWT forgery, padding oracle attacks, and more, for educational purposes. Simulations run entirely in your browser. • Security Games — 13 score-based educational games including log analysis, certificate inspection, cipher challenges, and others. Games run entirely in your browser. • Training Progress — for signed-in users, we track simulation completions, game scores, achievements, streaks, and learning path progress to provide a structured training experience. • Browser-Based Tools — 49 tools including AES encryption/decryption, SHA hashing, Base64 encoding/decoding, JWT decoding and signing, HMAC generation, RSA key generation, TOTP generation, bcrypt and Argon2 hashing, password strength checking, JSON/YAML/CSV formatting, regex testing, cron building, diff checking, and more. These run entirely in your browser. • REST API — a programmatic API offering 35+ endpoints for cryptography, hashing, encoding, JWT operations, format conversion, utilities (cron parsing, user agent parsing, email validation, regex testing, markdown rendering, password policy checking), and IP geolocation. API access requires an account and API key. • Teams — team creation, member invites, role management, aggregated progress reports, and CSV export for team admins. • Certificates — completion certificates for learning paths, linked to your account. • Public Profiles — optional, user-controlled profiles displaying achievements and training progress. • Monitoring Services — SSL certificate monitoring, uptime monitoring, and security header scanning for domains and URLs you configure. • Blog — technical articles on cryptography, web security, and developer best practices.
3. Accounts and Registration
3.1 Account Creation To access training progress tracking, team features, certificates, API access, and monitoring services, you must create an account by providing a valid email address, name, and password. You are responsible for maintaining the confidentiality of your account credentials. Simulations, games, and browser tools are available without an account, but progress will not be tracked. 3.2 Account Security You are responsible for all activity that occurs under your account. You must notify us immediately at contact@avieralabs.com if you become aware of any unauthorised use of your account. We are not liable for any loss arising from unauthorised use of your account. 3.3 Activity Logging By creating an account, you agree that we will log your account activity (logins, simulation completions, game scores, achievements, profile updates, and other actions) along with associated metadata (IP address, user agent, timestamp) for the purposes of service delivery, security monitoring, and providing your activity history. This logging is part of the core service and is not optional for authenticated users. 3.4 Accurate Information You agree to provide accurate and complete information when creating your account and to keep it up to date. We reserve the right to suspend or terminate accounts with false or misleading information. 3.5 One Account Per Person Each individual or organisation should maintain only one account. Creating multiple accounts to circumvent rate limits, usage quotas, or plan restrictions is prohibited.
4. API Keys and Usage
4.1 API Keys Upon account creation, you may generate API keys from your dashboard. API keys are shown once at creation — we store only a SHA-256 hash and cannot recover lost keys. You are responsible for keeping your API keys secure. 4.2 API Key Security • Do not share your API keys publicly (in client-side code, public repositories, blog posts, etc.) • Do not embed API keys in mobile apps or browser-facing JavaScript • If you suspect a key has been compromised, revoke it immediately from your dashboard and generate a new one • You are responsible for all API usage under your keys 4.3 Rate Limits and Quotas API usage is subject to rate limits and monthly quotas based on your plan. Exceeding your rate limit returns a 429 status code. Exceeding your monthly quota returns a 403 status code unless you have opted into overage billing. 4.4 Fair Use You agree not to: • Use the API to build a competing service • Resell API access without prior written agreement • Use automated tools to circumvent rate limits • Make excessive requests intended to degrade service performance
5. Plans, Billing, and Payments
EncryptCodec offers separate plan tiers for Training and API access. 5.1 Training Plans • Free — access to all simulations, games, and browser tools without an account. No progress tracking. • Developer ($9/month) — full training progress tracking, achievements, streaks, certificates, and learning paths for an individual user. • Team ($10/seat/month) — everything in Developer, plus team creation, member invites, aggregated progress reports, and CSV export. Billed per seat. • Enterprise (custom pricing) — custom training deployments, dedicated support, and tailored content. Contact us for details. 5.2 API Plans • Free — limited API access at no cost, subject to usage quotas and rate limits. • Pro ($9/month) — higher quotas, rate limits, and additional API features. • Business ($49/month) — production-grade quotas, priority rate limits, and monitoring services. • Enterprise (custom pricing) — custom API limits, SLA options, and dedicated support. Plan details and pricing are listed at encryptcodec.com/pricing. 5.3 Team Billing Team plans are billed per seat. The team admin is responsible for managing seats and is billed for all active seats. Adding a seat takes effect immediately with prorated billing. Removing a seat takes effect at the end of the current billing period. 5.4 Billing Cycle Paid subscriptions are billed on a 30-day rolling cycle from your subscription start date. Your billing period resets automatically on each renewal. Training and API subscriptions are managed and billed separately. 5.5 Payment Processing Payments for both Training and API plans are processed by Stripe. By subscribing to a paid plan, you agree to Stripe's terms of service (stripe.com/legal). We do not store your payment card details. 5.6 Overage Billing If you opt into overage billing from your dashboard, API usage beyond your plan quota will be charged at the per-request overage rate for your plan, up to the dollar cap you set. Overage charges are billed via Stripe at the end of each billing period. 5.7 Cancellation You may cancel your subscription at any time from your dashboard or Stripe customer portal. Cancellation takes effect at the end of your current billing period. No prorated refunds are provided for partial periods. Upon cancellation, you retain access to your account and data, but features revert to the Free plan. 5.8 Plan Changes Upgrading or downgrading your plan takes effect immediately. Stripe handles proration automatically — you are charged or credited for the remaining time on your current period. 5.9 Payment Failures If a payment fails, we will notify you by email. After repeated failures, your subscription may be downgraded to the Free plan. You will retain access to your account and data, but usage will be subject to Free plan limits.
6. Teams
6.1 Team Creation and Administration Any user on a Team plan can create a team and invite members. The team creator becomes the team admin. Team admins are responsible for managing membership, monitoring usage, and ensuring team members comply with these Terms. 6.2 Seats and Invitations Team members are added via email invitation. Each active member occupies one seat. The team admin is billed for all active seats. Pending invitations do not count as seats until accepted. 6.3 Progress Visibility Team admins can view aggregated and individual training progress for team members, including simulation completions, game scores, achievements, and learning path progress. Team members should be aware that their training activity is visible to their team admin. 6.4 Data Export Team admins can export team progress reports as CSV files. Exported data may include member names, email addresses, and training progress. Team admins are responsible for handling exported data in compliance with applicable privacy laws. 6.5 Team Deletion If a team is deleted, all team-specific data (team name, member associations, progress reports) is removed. Individual members retain their own accounts and training data.
7. Certificates
7.1 Completion Certificates When you complete a learning path, EncryptCodec generates a completion certificate linked to your account. Certificates include your name, the learning path completed, and the date of completion. 7.2 Nature of Certificates EncryptCodec certificates are informational records of training completion. They are not accredited credentials, professional certifications, or academic qualifications. They do not confer any professional licence, regulatory compliance status, or industry certification. EncryptCodec makes no representations about the recognition or acceptance of these certificates by employers, institutions, or regulatory bodies. 7.3 Certificate Accuracy You are responsible for ensuring that the name on your certificate is accurate. Certificates reflect the name on your account at the time of completion.
8. Monitoring Services
8.1 Service Description Monitoring services (SSL certificate monitoring, uptime monitoring, security header scanning) check your configured domains and URLs on a recurring schedule and alert you to issues. 8.2 Availability and Limits The number of monitors you can create depends on your plan. Monitoring schedules (check intervals) are best-effort and may vary slightly. 8.3 Alerts Alerts are sent via email to your registered email address. We are not liable for missed or delayed alerts due to email delivery failures, spam filters, or service interruptions. 8.4 No SLA Monitoring services are provided on a best-effort basis. We do not guarantee specific uptime, check frequency, or alert delivery times. Monitoring results are informational and should not be your sole method of monitoring critical infrastructure.
9. Eligibility
You must be at least 13 years of age to use EncryptCodec. By using the site or API, you represent and warrant that you meet this age requirement. If you are using the service on behalf of an organisation, you represent that you have the authority to bind that organisation to these Terms.
10. Permitted Use
EncryptCodec is provided for lawful educational, development, and professional use. You are permitted to: • Use any browser tool or API endpoint for personal or commercial development and testing purposes • Use the simulations and games for educational and security awareness purposes • Complete learning paths and earn certificates for training purposes • Create teams and invite members for organisational training • Integrate the API into your applications, scripts, and workflows • Share links to tools, simulations, games, and blog posts • Reference EncryptCodec in your own documentation or teaching materials You must not use EncryptCodec to: • Process data you are not authorised to handle • Conduct or facilitate actual attacks on systems, networks, or individuals • Violate any applicable laws or regulations • Misrepresent certificates as accredited credentials or professional certifications • Scrape, crawl, or systematically extract content from the site • Attempt to reverse engineer, decompile, or tamper with the site's infrastructure • Use the site or API in any way that could damage, disable, or impair our servers or networks • Circumvent authentication, rate limiting, or usage controls • Use monitoring services to scan domains or URLs you do not own or have authorisation to test
11. Security Simulations — Acceptable Use
The security simulations on EncryptCodec are designed exclusively for educational purposes. They simulate attack techniques in a fully contained, browser-based environment with no connection to real systems. By using the simulations, you acknowledge that: • All simulated attacks run entirely in your browser against fictional, locally-generated data • The knowledge gained is intended to help you build more secure systems and understand defensive techniques • You will not use techniques demonstrated in these simulations against real systems, networks, or services without explicit written authorisation from the system owner • Applying attack techniques against real systems without authorisation is illegal in most jurisdictions and may result in criminal prosecution EncryptCodec is not liable for any misuse of educational content provided on the site.
12. Intellectual Property
12.1 Our Content The design, layout, written content (blog posts, tool descriptions, simulation narratives), game mechanics, and code underlying EncryptCodec are our intellectual property and are protected by applicable copyright and intellectual property laws. You may not reproduce, distribute, or create derivative works from our content without prior written permission. 12.2 Open Source Components Portions of EncryptCodec's source code are open source. Where open source licences apply, those licences govern use of those specific components. 12.3 Your Content Data you submit through the API is processed and returned to you. We do not claim ownership of your data. We do not store or log API request/response payloads.
13. Disclaimer of Warranties
EncryptCodec is provided "as is" and "as available" without warranty of any kind, either express or implied, including but not limited to: • Warranties of merchantability or fitness for a particular purpose • Warranties that the service will be uninterrupted, error-free, or secure • Warranties regarding the accuracy, reliability, or completeness of any tool or API output • Warranties that monitoring services will detect all issues or deliver alerts without delay • Warranties regarding the value, recognition, or acceptance of completion certificates Cryptographic tools and API endpoints are provided for development, testing, and educational use. You are solely responsible for validating output before relying on it in production or security-critical systems. We strongly recommend independent verification of any cryptographic implementation for production use.
14. Limitation of Liability
To the fullest extent permitted by applicable law, EncryptCodec and its operators shall not be liable for any: • Direct, indirect, incidental, special, consequential, or punitive damages • Loss of data, revenue, profits, goodwill, or business opportunities • Security incidents, data breaches, or losses arising from reliance on tool or API output • Damages resulting from service interruptions, API downtime, or monitoring failures • Damages resulting from unauthorised access to or alteration of your data • Claims related to the value or recognition of completion certificates This limitation applies regardless of the theory of liability (contract, tort, negligence, strict liability, or otherwise) and even if EncryptCodec has been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion of certain warranties or limitation of liability, so the above limitations may not apply to you in full.
15. Indemnification
You agree to indemnify, defend, and hold harmless EncryptCodec and its operators from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: • Your use of the service in violation of these Terms • Your violation of any applicable law or regulation • Any misuse of educational content or API services provided on the site • Any misrepresentation of certificates as accredited credentials • Any claim by a third party arising from your actions • Unauthorised use of your API keys
16. Account Suspension and Termination
We reserve the right to suspend or terminate your account and API access at our discretion if: • You violate these Terms • You engage in abusive, fraudulent, or illegal activity • Your usage patterns suggest automated circumvention of rate limits or quotas • Payment for a paid plan remains overdue after notification Upon termination: • Your API keys will be revoked immediately • Your account data (profile, training progress, activity logs, usage logs, certificates, team memberships, monitors) will be deleted within 30 days • Any outstanding charges remain payable • You may export your data before account deletion by contacting us You may delete your own account at any time from your dashboard settings.
17. Third-Party Services and Links
The site is hosted on AWS Amplify, the API on AWS EC2, and payments for both Training and API plans are processed by Stripe. Our blog and documentation may contain links to external websites. These third-party sites are not under our control and we are not responsible for their content, privacy practices, or terms of service. Use of third-party services in connection with EncryptCodec is subject to those services' own terms and privacy policies.
18. Availability and Modifications
We reserve the right to: • Modify, suspend, or discontinue any part of the service at any time • Update, change, or remove tools, API endpoints, simulations, games, learning paths, or blog content • Change plan pricing, quotas, or rate limits with 30 days' notice to registered users • Change these Terms at any time by posting an updated version on this page We will update the "Last updated" date when changes are made. For material changes to pricing or Terms, we will notify registered users by email. Your continued use of the service after changes are posted constitutes acceptance of the revised Terms. We do not guarantee continuous, uninterrupted availability of the service. Downtime may occur due to maintenance, infrastructure issues, or circumstances beyond our control.
19. Privacy
Your use of EncryptCodec is also governed by our Privacy Policy, available at encryptcodec.com/privacy-policy. The Privacy Policy is incorporated into these Terms by reference. By agreeing to these Terms, you also agree to the Privacy Policy.
20. Governing Law and Jurisdiction
These Terms are governed by and construed in accordance with the laws of India, without regard to conflict of law principles. Any disputes arising from or relating to these Terms or your use of EncryptCodec shall be subject to the exclusive jurisdiction of the courts of India. If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.
21. Entire Agreement
These Terms, together with the Privacy Policy, constitute the entire agreement between you and EncryptCodec regarding your use of the service and supersede any prior agreements or understandings, whether written or oral, relating to the same subject matter.
22. Contact Us
If you have questions about these Terms or wish to report a violation, please contact us at: Email: contact@avieralabs.com Website: encryptcodec.com We aim to respond to all enquiries within 7 business days.