French law applies. Disputes fall under the courts of Paris, France. This choice of court does not deprive a consumer of the protection afforded by the mandatory provisions that allow them to bring proceedings before the courts of their place of domicile.
2. Service
The Service is a breach intelligence and leak discovery platform. It indexes credentials and other data that were technically accessible on the internet at the time of collection without us having to bypass authentication, paywalls or technical protection measures. We do not purchase datasets or pay for access to stolen data.
For some URLs we also crawl the page to extract limited metadata such as the title, HTTP status code, page text and meta description. For eligible text based datasets, some plans include a Raw Search feature that lets you search inside the body of the leak.
The Service is primarily intended for professional use (B2B). Some features may be accessible to consumers; where mandatory, consumer rules apply. We do not encourage or facilitate intrusions. We do not target or intentionally index datasets that primarily contain banking or medical records. If we later become aware that a dataset is unlawful or was not meant to be publicly accessible, we remove or restrict it as soon as reasonably possible. If you identify clearly unlawful content or your own data you want removed, notify us under Section 14.
3. Authorised Use
You confirm a lawful basis to process any personal data you query. You warrant that you are authorised to assess the assets you query, whether your own or those of a client. You are solely responsible for the legality of your use. We do not require submission of mandates and do not pre-validate assets.
Strictly prohibited: credential stuffing, unauthorised account access, doxxing or harassment, publishing full credential dumps, contacting breach victims, re-selling or mirroring our datasets, benchmarking at scale, scraping the UI or API, bypassing geoblocks, or using output to exploit breaches.
Bug bounty: allowed only if the target program explicitly authorises the use of external breach intelligence and OSINT tools of this nature.
Access controls: leak contents are locked by default. Access to original files requires an active subscription and spending points. Per-period limits mitigate abuse. We may cap or deny unlocks for highly sensitive files or where we suspect misuse. Attempting to bypass these controls is a breach.
API and fair use: API access requires a valid key. Do not share keys or exceed plan limits. Automated high-volume extraction, dataset mirroring and re-sale are prohibited. We may apply rate limits and revoke keys that breach these Terms.
Raw Search: where your plan includes the Raw Search mode, you must only use it on assets you are authorised to assess and you must not use it to target obviously sensitive datasets such as banking or medical databases. If you discover that a dataset focuses on such data you must stop using it and report it to us.
Security logging: for searches we log only the timestamp, your account identifier and the type of search (for example email search, domain search or raw search), not the query content itself. For unlock operations we log the timestamp, your account identifier and the internal leak identifier that was unlocked. We may preserve relevant records to handle abuse reports or legal obligations.
4. Sensitive Domains and Geoblocking
We maintain an internal blacklist of high risk domains for which no results are returned at all. This includes *.gouv.fr and certain domains of public institutions and social security bodies (for example elysee.fr, assemblee-nationale.fr, senat.fr, conseil-etat.fr, justice.fr, cnil.fr, defenseurdesdroits.fr, ameli.fr, msa.fr, caf.fr, urssaf.fr, lassuranceretraite.fr, agirc-arrco.fr, pole-emploi.fr and francetravail.fr). We may extend or modify this list at any time. For other sensitive domains we may require manual validation and proof that you are authorised to act for the concerned organisation before allowing searches or access to leak contents. Access to the Service is denied from territories subject to EU, UN or OFAC sanctions, and from Russia, Iran and North Korea. Circumventing these measures (for example via VPN or proxy) is a breach of the Terms and may lead to immediate suspension.
5. Subscriptions and Withdrawal
Plans are prepaid via Stripe or NOWPayments and renew monthly. Lifetime licenses are paid once and do not renew (see Section 6). Content becomes accessible immediately after payment. If you are a consumer, by ticking the consent box at checkout you expressly request immediate performance and acknowledge you lose your 14-day withdrawal right for digital content supplied without a tangible medium, as set out in art. L221-28-13 of the French Consumer Code. Business users are not entitled to this consumer right.
6. Lifetime Licenses
Lifetime licenses are granted for the operational lifetime of the Service. No refund, partial or total, is due in case of Service discontinuation, whatever the cause. In case of a voluntary planned shutdown, LeakRadar will notify lifetime license holders at least 90 days in advance and maintain access to data export features (via the platform or by email if necessary) during this period. This notice commitment does not apply in case of force majeure, insolvency proceedings, or shutdown imposed by an administrative or judicial authority. Plan features are locked for life: in case of tier restructuring, lifetime holders only see upgrades, never downgrades. In case of business transfer or acquisition, the acquirer assumes the obligations toward lifetime license holders under these Terms.
7. Cancellation and Refunds
You may cancel at any time via Settings > Billings & Plans > Manage Billing. This opens the Stripe portal where you can manage your subscription. Service remains active until the current period ends. No refunds are issued for unused time, except where mandatory law requires otherwise.
8. Conformity Guarantee
Where applicable to consumers, the statutory guarantee for digital services applies (French Consumer Code, art. L224-25-12 and following). For one-off supply it covers defects appearing within two years from supply. For continuous supply it applies during the contract term.
9. Compatibility and Interoperability
Works on modern desktop and mobile browsers. CSV export is available from the UI; JSON is returned by the REST API. Volumes and rate limits depend on the selected plan.
10. Cookies
We use functional cookies (e.g., twk_uuid_, TawkConnectionTime) and analytics cookies (e.g., _ga, _gcl_au). You can refuse as easily as accept via the banner. Durations are kept to what is necessary. We do not use dark patterns.
11. Intellectual Property
The Service and datasets are protected by intellectual property and database rights. Publishing or sharing complete credentials or bulk exports is forbidden. Reports are for your lawful internal cybersecurity use only. You may not reproduce, re-sell or create derivative datasets from our index.
12. Liability
The Service is provided "as is" and may contain third-party content whose accuracy we cannot guarantee. To the maximum extent permitted by law, LeakRadar's total liability is capped at the fees paid in the 12 months preceding the event, or, for lifetime licenses, at the price paid for the license. Nothing limits liability where it cannot be limited by law.
Payment Provider Verification. Payments are processed through third-party providers (Stripe, NOWPayments) that may request identity verification (KYC) in accordance with their own policies and applicable anti-money laundering regulations. LeakRadar has no control over such requests. It is your responsibility to comply with any KYC or verification requirements from payment processors. Failure to complete verification may result in delayed or blocked transactions, and LeakRadar cannot be held liable for any consequences arising from KYC procedures initiated by payment providers.
13. Minors
Registration is reserved for users aged 18 or above.
14. Notice and Action
Illegal-content notices (DSA art. 16) and authority requests (DSA art. 11) must be sent to contact@leakradar.io. We follow a notice-and-action process consistent with the EU Digital Services Act, including a statement of reasons where we restrict content or access. Requests are processed within five business days.
15. Changes
Material changes will be announced at least 30 days before they take effect. Continued use equals acceptance.
However, material changes that would reduce the rights or features of lifetime license holders will not apply to existing lifetime licenses without the holder's express acceptance.
16. Severability
If any clause is invalid, the remainder of the Terms stays in force.
17. Misuse and cooperation with authorities
We may suspend or terminate your access to the Service, without refund, if we reasonably suspect that you are using it to commit or facilitate criminal offences, to exploit breaches or to otherwise breach these Terms. Where permitted or required by law, we may share relevant logs and account information with competent authorities in connection with investigations into cybercrime or abuse of our Service.
18. Discount Codes and Promotional Offers
Discount codes and promotional offers are a commercial gesture and not a contractual right. Unless a specific offer states otherwise, they are reserved for consumers and for companies whose total annual revenue, net of tax and based on the last closed financial year, is below EUR 100,000. By entering a code you represent that you meet this condition. Codes are personal, single use per account, non-transferable, cannot be combined with other offers, have no cash value, and apply only to the plans and validity period defined for each code. Where the eligibility condition is not met, or a code is used in breach of these Terms, or in case of error or abuse, we may decline or cancel the code and issue or re-issue the invoice at the standard price. These conditions apply from their date of publication and do not affect a discount already validly applied to a concluded order.
19. Indemnification
You agree to indemnify, defend and hold harmless LeakRadar (Radar Forge SAS), its officers, contractors and partners from and against any claim, demand, liability, damage, loss, cost or expense, including reasonable legal fees, arising out of or related to: (a) your use of the Service; (b) your breach of these Terms or of any applicable law or third-party right; (c) the absence of a lawful basis or of authorisation for the assets, queries or data you process through the Service; or (d) any claim brought by a third party, a data subject or an authority in connection with your use of the Service. This obligation survives the termination of your account. We may, at our discretion, assume the exclusive defence of any matter otherwise subject to indemnification by you, in which case you agree to cooperate with us.
20. General Provisions
Force majeure. We are not liable for any delay or failure to perform caused by events beyond our reasonable control, including acts of God, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, hosting or network provider outages, cyber-attacks, strikes, or shortages of transportation, facilities, fuel, energy, labour or materials. Our obligations are suspended for the duration of the force majeure event.
Entire agreement. These Terms, together with the Privacy Policy and any plan-specific terms presented at checkout, constitute the entire agreement between you and LeakRadar and supersede all prior or contemporaneous communications, proposals and representations, whether oral or written. Marketing materials and public statements do not form part of the agreement.
Governing language. These Terms and the Privacy Policy are drafted in English. Any translation is provided for convenience only; in case of any discrepancy, the English version prevails.
No waiver. Our failure to enforce any provision of these Terms is not a waiver of that provision or of our right to enforce it later.
Assignment. You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign these Terms, in whole or in part, including in connection with a merger, acquisition, reorganisation or sale of assets, provided your rights under these Terms are not reduced.