top of page

Terms & Conditions

1) Parties & Acceptance

These Subscription Terms (the “Terms”) are a binding agreement between Manriq Solutions LLC ("Manriq," "we") and the business purchaser ("Customer," "you"). By clicking “I agree,” paying an invoice, or using the Services, you accept these Terms.

1A) Definitions & Acronyms

ASV – PCI Approved Scanning Vendor solution used to perform/attest external scans.
Asset – One externally reachable public IP address or FQDN (domain or subdomain) registered under your plan.
Plan Term – Twelve (12) months from activation/renewal.
CDE – Cardholder Data Environment.
TPSP – Third‑Party Service Provider (e.g., host, CDN/WAF, payment processor).
WAF/CDN – Web Application Firewall / Content Delivery Network used to filter or proxy traffic.

2) Service Description

We provide ASV brokerage/managed coordination for external vulnerability scans of your public‑facing assets. Deliverables include: (a) ASV scan report(s); and (b) if a passing result is achieved, the ASV Attestation of Scan Compliance (issued by the ASV of record). We are not a QSA and do not provide legal advice, internal scans, authenticated scans, penetration testing, web‑app testing, or remediation unless separately purchased.

3) Plans, Scope & Asset Counting

3.1 Plans. Plans are sold by asset count (e.g., 1 / 5 / 10 Assets) and cover those Assets for the one‑year Plan Term.

3.2 Asset Definition. An Asset is a single routable public IPv4/IPv6 address or a single public FQDN (domain or subdomain) resolved via public DNS. If an FQDN resolves to multiple IP addresses that must be scanned separately by the ASV platform, each such IP address may be counted as an Asset.

3.3 One Swap Per Term (errors/changes). You may swap one (1) registered Asset per Plan Term at no additional charge (e.g., replace a retired IP/FQDN). Any additional swap requires (i) purchasing an add‑on 1‑Asset subscription or (ii) upgrading to the next tier plan.

3.4 Optional Add-on: Advisory & Dispute Assist. Manriq will provide up to 3 labor hours per quarter across the covered assets (up to five) for scope tuning, remediation guidance, and coordination with the ASV. Includes one (1) false-positive/dispute package per quarter. Coverage for more than five (5) assets or three (3) labor hours requires a custom quote.

4) “Unlimited Scans” — Fair Use “Unlimited Scans” — Fair Use

“Unlimited PCI ASV scans” means unlimited rescan attempts for the same in‑scope Assets during the subscription term to obtain a passing result, subject to:

  • Operation during standard windows and at a reasonable frequency; and

  • A fair‑use cap of 6 scheduled scan events per Asset per quarter (initial + rescans). Additional events are available at the then‑current rate or by upgrading your plan.

5) Support Boundaries

Included support for: (a) intake/scoping; (b) scheduling and execution; (c) guidance for allowlisting ASV scanner IPs via WAF/CDN/firewalls; (d) triage summaries; (e) preparation/submission of reasonable false‑positive packages to the ASV.  (d) and (e) are exclusive services provided by the add-on "Advisory & Dispute Assist".

Excluded (available only via separate, prepaid custom quote/SOW): We are making firewall/WAF/CDN changes on your behalf; performing vulnerability remediation/patching; implementing configuration hardening; conducting authenticated or internal scans; performing penetration testing; executing web-application DAST; performing segmentation testing; authoring policies beyond basic templates; and providing incident response.

6) Customer Responsibilities (PCI Ownership)

You are solely responsible for your PCI DSS program and for maintaining controls between scans, promptly fixing vulnerabilities, providing accurate scope (including IPs/FQDNs/ports), selecting maintenance windows, coordinating TPSPs, and submitting evidence to your acquirer/payment brand.

Authorization to Scan. You represent and warrant that you own/control the registered Assets or have written authorization from the owner to permit external scanning; and you expressly authorize Manriq and our ASV Platform Vendor to conduct external vulnerability scans against those Assets.

7) Payment & Activation

7.1 Prepaid Annual. Plans are prepaid for one year and activate after payment is received and the basic intake is complete.

7.2 Invoices (Custom Quotes). Custom quotes are billed by invoice and are due upon receipt. Work begins only after payment clears. Unpaid invoices may be cancelled; we reserve the right to suspend Services for non-payment.

7.3 Taxes. Prices exclude taxes; you are responsible for applicable taxes.

7.4 No Refunds After Activation. Except where required by law, fees are non-refundable once activation has occurred. If you cancel before activation, we will refund prepaid amounts minus reasonable payment processing and administrative costs.

8) Term, Renewal & Cancellation

8.1 Term. Each subscription runs for twelve (12) months from activation.

8.2 Auto‑Renewal. Plans auto‑renew annually at the current pricing unless you cancel at least 30 days before renewal. We will send a renewal notice to the email you used to register at Manriq.com.

8.3 Cancellation Mid‑Term. You may cancel at any time; however, cancellation will stop the renewal but does not trigger a refund.

9) Service Levels & Scheduling

We target (not an SLA) initial scheduling within five business days after intake and triage summaries within three business days after scan completion. Scans are active tests that can impact performance; therefore, you must select appropriate windows and notify the relevant stakeholders.

Pass Criteria. Only the ASV determines pass/fail status according to program rules; we cannot guarantee a pass.

10) Third‑Party Platforms; Pass‑Through Terms

An independent ASV Platform Vendor performs the approved ASV scanning and issues the Attestation for passing results. You agree to any required pass‑through terms. There is no contractual privity between you and the ASV Platform Vendor unless you have a separate contract with them.

10A) PCI DSS 11.3.2 & 11.3.2.1 Coverage

This subscription covers Requirement 11.3.2 (quarterly external vulnerability scans by an ASV) and the rescan cycle in 11.3.2.1 (after significant change), including:

  • Remediation of vulnerabilities ≥ CVSS 4.0 and rescans as needed (for registered Assets).

  • Scans are conducted by qualified personnel (our security staff and/or the ASV platform’s personnel) and with organizational independence from the management/operation of your CDE. If you engage Manriq to manage the day‑to‑day operation of systems under test, you must ensure independent personnel perform the scans for 11.3.2.1 or separately engage an independent tester.

11) Disclaimers; No Guarantee of Compliance

External ASV scanning is only one of the PCI DSS requirements. A passing scan or ASV Attestation does not guarantee overall PCI compliance, acceptance by any third party, or the absence of vulnerabilities.

12) Liability Allocation

12.1 No PCI Penalties. Manriq is not liable for PCI fines, penalties, chargebacks, or actions taken by the brand or acquirer.

12.2 Limitation of Liability. Manriq’s aggregate liability under these Terms shall not exceed the fees you paid to Manriq for the affected Services in the twelve (12) months prior to the event giving rise to liability.

12.3 Exclusion of Damages. No indirect, incidental, consequential, special, exemplary, or punitive damages; no lost profits, revenue, or data.

13) Changes to Terms or Pricing

We may update these Terms to reflect legal or program changes; any material changes will take effect upon renewal. Prices may change upon renewal, provided notice is given.

14) Governing Law; Venue

These Terms are governed by Texas law (conflict‑of‑laws excluded). Exclusive venue and jurisdiction lie in the state courts of Fort Bend County, Texas. Each party consents to the personal jurisdiction of the courts in that location.

15) Entire Agreement & Miscellaneous

These Terms (together with any applicable SOW or invoice terms they reference) are the entire agreement for the Services and supersede prior discussions on this subject. If there is a conflict, the SOW controls over these Terms. If any provision is held invalid, the remainder stays effective. A waiver must be in writing and is not a continuing waiver. Notices may be sent to the billing email you provide at checkout or on your invoice.

16) Contact

Manriq Solutions LLC — info@manriq.com

bottom of page