Terms of Service

Kromeum is the company that builds and maintains the Armour app ("Armour," "the app," "we," "us," or "our" in these terms refer to the Armour app and the Kromeum team behind it). By creating an account or using Armour, you ("you" or "user") agree to these terms.

• Scans links and files you submit. When you paste a URL, upload a file, or open a link through the in-app browser, we send identifiers (a hash of files, the URL string) to third-party threat-intelligence services to check reputation.
• Runs local checks first (Quick Scan). Magic-byte mismatch detection, SHA-256 hash blocklists (MalwareBazaar), YARA rules, and heuristic checks all run on your device. This is the default for offline-friendly, fast scanning.
• Optional cloud antivirus layer (Deep Scan). When Deep Scan is enabled, the file is also sent to Cloudmersive Advanced Virus Scan (up to 1 GB) and MetaDefender Cloud (up to 140 MB) in parallel with local checks to detect viruses, embedded macros, scripts, password-protected archives, and OLE-embedded objects. Files larger than the limits skip the corresponding layer. You can toggle Deep Scan off at any time from the Scan page.
• Sandbox detonation (optional). When enabled, files up to 80 MB can be detonated inside MetaDefender Sandbox's isolated VM to extract behavioural indicators, network IOCs, dropped files, and MITRE ATT&CK technique mappings.
• Auto-scan in-app browser downloads (optional). When enabled, files saved to your device through the Armour in-app browser are automatically run through the same scan pipeline you chose (Quick or Deep). On by default to keep new downloads safe; can be disabled from the Scan page.
• Auto-scan OS-level downloads (optional, native shell only). If you set Armour as your default browser and enable OS download scanning in the native app, downloads triggered by the OS download manager are intercepted and pushed into the same scan queue. This requires the Armour native shell and explicit user opt-in. We never silently watch other apps' downloads.
• Trusted-sources allowlist. You can mark specific domains (e.g. github.com) as trusted to skip auto-scans for downloads originating from them. The allowlist lives only on your device.
• Anti-Phishing Shield. Real-time URL interception in the Armour in-app browser. When the shield is on, every link you tap is scanned before it loads.
• Provides the Vexa AI assistant. A conversational guide (powered by Lovable AI Gateway / Google Gemini) that explains scan results, runs scans on your behalf, and answers security questions. Vexa can navigate the app, trigger scans, read provider status, and analyse files you upload to the chat — all under your direction.
• Acts as an in-app browser shell. We pre-scan every URL before opening it. Most major sites (Google, banks, etc.) block themselves from being embedded — for those we hand off to your system browser after verification.
• Mega Scan — digital-presence check. Looks up identifiers you provide (email, phone, domain, social handle — all optional, run any combination) against breach, reputation, and exposure sources. The "all clear" celebration only appears when every item you submitted comes back safe.
• Ultimate Scan (subscribers). Runs an antivirus pass and a Mega Scan back-to-back from the home screen for a single combined verdict. Available to active subscribers only.

• Not a system-wide antivirus. Even with OS download interception enabled, we do not run as a kernel driver, we don't intercept every network packet, and we don't monitor apps you haven't asked us to scan.
• Not a guarantee. No security tool catches 100% of threats. Brand-new phishing pages, freshly rotated domains, abused tunnels (e.g. ngrok, temporary hosts), and zero-day malware can occasionally slip past. Treat our verdicts asstrong signals, not absolute truth.
• Not a substitute for common sense. Don't enter passwords on sites you don't recognize, even if we said "safe."

Armour is a detection and guidance tool, not a shield against every form of compromise. Cybersecurity is a shared responsibility between the tools you use and your own behaviour. By using Armour you acknowledge and accept that neither Kromeum nor the Armour app shall be liable, directly or indirectly, for any loss, damage, breach, identity theft, financial loss, account compromise, data exfiltration, ransomware infection, reputational harm, or other adverse outcome resulting from any of the following categories of attack — all of which fall outside the technical scope of what a client-side scanning and assistant application can reasonably detect or prevent:

• Social-engineering attacks — phishing calls, SMS smishing, voice cloning, deepfakes, impersonation of friends/family/colleagues, romance scams, pig-butchering scams, business-email-compromise, fake support agents, and any scenario where you are persuaded to act against your own interest by a human or AI on the other end of a conversation.
• Credential reuse and weak passwords — breaches of services we did not flag, password reuse across sites, passwords shared with another person, or passwords stored unprotected.
• Network-layer compromise — malicious or misconfigured Wi-Fi routers, rogue access points, evil-twin hotspots, ARP-spoofing, DNS hijacking on your local network, malicious VPN providers, ISP-level interception, BGP hijacks, and man-in-the-middle attacks upstream of your device.
• Device-level compromise outside our process — jailbroken or rooted devices, malicious browser extensions, keyloggers installed by another app, screen-recorders, accessibility-service abuse by other apps, supply-chain attacks on your operating system, firmware implants, hardware tampering, evil-maid attacks, and physical access to an unlocked device.
• Third-party service breaches — compromise of your email provider, cloud storage provider, social network, bank, employer, school, government registry, or any other service that holds your data and is breached on their side.
• Zero-day and novel threats — brand-new malware variants, freshly registered phishing domains, previously-unknown CVEs, supply-chain compromises in software you install, and any attack that has not yet been catalogued by the threat-intelligence sources we query.
• SIM-swap, port-out fraud, and telecom-layer attacks — fraudulent transfer of your phone number to an attacker-controlled SIM, intercepted SMS-based 2FA codes, SS7 protocol attacks, and any compromise rooted in your mobile carrier's systems.
• Physical theft, coercion, and "wrench attacks" — loss or theft of an unlocked device, shoulder-surfing, coerced disclosure of credentials, and any scenario in which an attacker has physical access to you or your hardware.
• Cloud, IoT, and smart-home device compromise — vulnerable smart speakers, cameras, doorbells, TVs, baby monitors, routers, printers, NAS units, and any internet-connected device on your network that is not running the Armour app.
• Browser, OS, and app vulnerabilities outside the Armour in-app browser — exploits delivered through Safari, Chrome, Edge, Firefox, native messaging apps, social apps, gaming clients, or any other software we do not control.
• Insider threats and account sharing — anyone you have given your password, recovery email, recovery phone, backup codes, or unlocked device to, regardless of the relationship.
• Cryptocurrency, smart-contract, and on-chain losses — wallet drainers, malicious dApps, signed malicious transactions, seed-phrase theft, and any loss of digital assets, regardless of how the attacker obtained access.
• Scans you chose not to run — any threat that would have been flagged had you scanned the relevant link, file, or identifier, but did not.
• Sophisticated, targeted, and state-sponsored attacks — APT groups, nation-state surveillance, commercial spyware (e.g. Pegasus-class), and any adversary with resources beyond the scope of consumer-grade defence.

Armour does its best to detect what is detectable from inside an app sandbox running on your device. To the maximum extent permitted by applicable law, Kromeum, the Armour app, our affiliates, employees, and contractors shall not be liable for any direct, indirect, incidental, special, consequential, exemplary, or punitive damages — including but not limited to loss of profits, revenue, data, goodwill, or other intangible losses — arising out of or related to any of the categories above, or to your use of, or inability to use, the app. Our aggregate liability for any claim arising out of these terms is limited to the greater of (a) the amount you paid us in the twelve months preceding the claim, or (b) USD $50.

You acknowledge that you remain ultimately responsible for your own digital safety: keeping your devices and operating systems updated, using unique passwords, enabling multi-factor authentication on every account that supports it, verifying who you are talking to, and exercising judgement before clicking, downloading, paying, or disclosing.

Everything you give us is primarily saved on your own device, not on our servers. The honest map of your data is below. The default rule: anything you submit, scan, or chat about after you've signed in stays local.

On our servers (the bare minimum):

• Your account: email address, hashed password (we never see your plaintext password), display name, and the version of these Terms you accepted. This is what lets you sign back in on a new device.

On your device only (we genuinely cannot see this):

• Scan history: every URL you've scanned, every file hash, every verdict, every Vexa explanation. Lives in your browser's local database (IndexedDB). Wipe it from Settings → Data & privacy any time.
• Sandbox reports: MetaDefender Sandbox detonation results, network IOCs, MITRE ATT&CK techniques, dropped files, behavioural indicators — all written to your local store when the job finishes.
• Auto-scan queue & per-download history: the live queue position, scan progress, source label (Armour browser / OS download / shared / manual), and retry state for every file pushed into the scanner.
• Trusted-sources allowlist: domains you've marked as trusted to skip auto-scans.
• Files you upload for scanning: processed in memory only. We never persist file contents on our servers. The file hash always goes to upstream hash-lookup scanners; the full file is only uploaded to Cloudmersive / MetaDefender Cloud when Deep Scan (or Auto-scan downloads) is enabled, or to MetaDefender Sandbox when you've enabled detonation (see section 6).
• Encrypted backups: if you export a backup, it's encrypted on your device with your passphrase before it leaves. We don't have your passphrase, so we cannot decrypt it. Lose the passphrase, lose the backup — there's no reset.
• Vexa chat history: stored locally alongside your scans.
• Saved scan inputs (optional). If you tick "Save these details on this device" in any scan intake form (email, phone, domain, social handle, etc.), those values are stored only in your browser's local storage so you don't have to re-enter them. They never leave your device, and you can clear them any time from Settings → Data & privacy. When saved values exist, the app will ask whether you want to reuse or edit them before the next scan.

• Your other apps, files outside scans, or device contents.
• Your microphone, camera, contacts, or location.
• Browsing activity outside the in-app Armour browser. We do not read, monitor, sync, or import anything from Safari, Chrome, Edge, Firefox, or any other browser on your device — even if Armour is set as your default browser.
• OS-level downloads, unless you have explicitly enabled OS download interception in the Armour native shell. Even then, the file goes through the same scan pipeline you chose; we do not transmit it anywhere we wouldn't have if you'd uploaded it manually.
• Your plaintext password — ever.
• The contents of your scan history, sandbox reports, or Vexa chats — they never reach our servers.

To actually check a link or file, we have to ask specialist scanning engines. When you trigger a scan, the URL or file hash is sent directly to these third-party providers — we do not log it on our side, but they receive it under their own terms and privacy policies:

• IPQualityScore — receives URLs you scan to return reputation data.
• Google Web Risk — receives URLs you scan to check Google's malicious-site database.
• MetaDefender Cloud — receives file hashes for multi-engine reputation lookups, and (when Deep Scan is on) files up to 140 MB for full antivirus analysis.
• MetaDefender Sandbox — when sandbox detonation is enabled, files up to 80 MB are detonated in an isolated VM to extract behavioural indicators.
• Hybrid Analysis — listed as an additional intel source for hash lookups when available; vetting status is shown in the Provider Status banner inside the app.
• Cloudmersive Advanced Virus Scan — when Deep Scan or Auto-scan downloads is enabled, the file you submit (up to 1 GB) is uploaded to Cloudmersive for cloud antivirus analysis. Cloudmersive states they do not retain files after scanning, but their handling is governed by their own policy.
• Lovable AI Gateway (Google Gemini) — receives scan results and your Vexa chat messages to generate reasoning and replies.
• Resend — sends transactional email (sign-in, security alerts) on our behalf.

Important: once data is in a third party's hands, it's governed by their policies, not ours. We are not responsible for how they retain, share, or process what you send through their scanners. If that worries you, don't scan things you wouldn't want their providers to see, or check each provider's policy before scanning sensitive material.

• Sell your personal data. To anyone. For any price.
• Show you targeted advertising based on what you scan.
• Share your scan history with marketers, employers, governments, or other users — except as required by valid legal process.
• Read your Vexa chats for training without your permission.

You can delete individual scans and Vexa conversations from inside the app at any time. To delete your entire account and all associated data:

• Go to Settings → Account → Delete account, or email us from your registered address.
• All scan history, chat history, profile data, and consent records tied to your account are permanently erased within 30 days.
• Anonymized, aggregated usage stats (no identifiers) may be retained.
• Backups are rotated within 90 days; deleted data disappears from backups by then.

• Don't use Armour to scan content you don't have a right to handle.
• Per-scan attestation. Every scan intake form requires you to tick two boxes before submission: (1) you have read and accept these Terms and the Privacy Policy, and (2) the data you are entering is your own and only yours. You acknowledge that scanning anyone else's identifiers, accounts, files, or domains without their explicit permission may be illegal in your jurisdiction. If you do so, neither Kromeum nor the Armour app is responsible — the liability is entirely yours.
• Don't try to weaponize the scanner — e.g. submitting illegal malware samples, child sexual abuse material, or targeting third-party systems for harm.
• Keep your account credentials secure. You're responsible for activity on your account.
• Don't resell, scrape, or build a competing service from Armour's API responses.
• You are responsible for the safety of the data on your own device. Because your scan history, sandbox reports, backups, and chats live in your browser's local storage, their security is in your hands — keep your device locked, your OS patched, and your backup passphrase safe. We cannot recover, restore, or protect data we never had a copy of. If your device is lost, stolen, compromised, or wiped, that data is gone.
• Third-party scanners are a separate matter. The one exception to "we don't have your data" is what gets sent to the third-party scanning engines listed in section 6. Any liability for how those providers handle, retain, or share that data falls on them, governed by their privacy policies and terms — not Armour. If a third-party provider mishandles data, your remedy is with that provider directly, subject to whatever their policies allow.

Armour is provided "as is" and "as available". We do not warrant that scans will be 100% accurate or that the service will be uninterrupted. To the maximum extent permitted by law, we are not liable for indirect or consequential damages — including data loss, business loss, or harm caused by malware or phishing that our scanner failed to detect. You agree that you use Armour as one layer of defense among many, not as a sole safeguard.

Paid Armour subscriptions are sold and billed exclusively through the Apple App Store and Google Play. All payments, renewals, refunds and cancellations are governed by the applicable store's terms. Subscriptions auto-renew at the end of each billing period at the then-current price unless you cancel in your store account at least 24 hours before the renewal date. Cancelling stops the next charge; you keep paid access until the end of the current period and are then moved to the free tier. Promotional pricing (e.g. "70% off your first period") applies only to the first billing period; subsequent renewals are at the regular price shown on the pricing page.

Email Protection is opt-in. When you link Gmail or Outlook, Armour requests read-only scopes at the level you choose and never reads your mail on our servers. Phishing and scam detection runs on your device; only flag / label / move actions are performed against your inbox, and only on messages we have surfaced to you. We will not send mail on your behalf, delete mail, or read mail outside the time window you selected. You may disconnect at any time, which wipes the local cache and revokes the access token.

Call & Text Protection does not intercept calls, block calls, or read your messaging apps. Caller lookups are performed only on numbers you submit. SMS analysis is performed on-device on text you paste in. The reputation database is community-sourced and best-effort — a "legit" verdict is not a guarantee, and an "unknown" verdict does not mean safe. Treat verdicts as guidance, not as proof.

We can update these terms when we add features, change providers, or comply with law. When we change anything material, we'll bump the version above and ask you to re-accept the next time you sign in. Trivial fixes (typos, clarifications) won't trigger a re-prompt.

Questions, data-deletion requests, or legal notices:
hello@kromeum.app