The operator of the Services provided under these Terms of Service is the company whose details are listed below:
Company Title: DARK RADAR BİLGİ GÜVENLİĞİ A.Ş.
Trade Registry Number: 39325
MERSIS Number: 0270135016100001
Registered Address:
Yeniköy Merkez Mah. Vatan Cad. Teknopark Sitesi No: 83 Internal Door No: B33 41275 Başiskele / Kocaeli, Türkiye
Contact E-Mail:
[email protected]
These Terms of Service (“Terms”) apply to the website under the domain https://darkradar.co/ operated by DARK RADAR BİLGİ GÜVENLİĞİ A.Ş. (“Dark Radar”), including the Beacon and Shadow platforms, as well as all software, user interfaces, APIs, data services, and cyber threat intelligence solutions (“Service”) offered within these platforms.
Any natural or legal person accessing or using the Service (“User”) declares that they have read, understood, and accepted these Terms. These Terms, together with the Dark Radar Privacy Policy, constitute the sole and binding agreement between Dark Radar and the User. Dark Radar reserves the right to unilaterally update the Terms. Continued use of the Service after the publication of the updated Terms constitutes acceptance of the changes.
Dark Radar provides cyber threat intelligence services aimed at helping organizations detect cyber risks at an early stage and strengthen their defense capabilities through cybercrime ecosystems, infostealer-sourced data leaks, threat surface data, and related technical artifacts. The Service provided is a professional B2B platform covering data breach intelligence, leak detection, vulnerability identification, and operational cybersecurity analysis. Dark Radar personally determines the detection sources and methodologies within the scope of the service; in this context, it does not purchase datasets from malicious actors, does not pay for access to stolen data, and is not a party to such offers in any way. Therefore, it is explicitly stated that Dark Radar should not be contacted for the purpose of data sale, data supply, or similar purposes.
All data acquisition processes used by Dark Radar are carried out in accordance with the principle of legitimate interest and the principles defined under the heading “Legal Basis for Data Processing and Global Compliance,” using OSINT (Open Source Intelligence) and CINT (Cyber Intelligence) methods, based on passive observation and lawfulness. Dark Radar does not trade in raw, unverified, or source-unknown data, does not engage in activities that would lead to the disclosure of personal data, facilitate attacks, or constitute unlawful surveillance, and limits the Service only to corporate and professional use. Certain Service components are designed to be used by cybersecurity teams, SOC units, MSSP firms, and authorized employees working in these institutions.
In the event that Dark Radar subsequently determines that any dataset was obtained unlawfully, was not intended to be public, or poses a legal risk, it reserves the right to remove, restrict access to, or mask the relevant content from its own systems and databases within a reasonable period. This restriction is limited only to systems under the control of Dark Radar; if the data was obtained from public sources, it is not possible to interfere with third-party sources or content on the open internet. Throughout the platform, there are pre-query and restriction screens that prevent direct viewing of sensitive data. If the User detects content that they believe belongs to them or the institution they represent, or data they request to be removed, they may notify Dark Radar in accordance with Section 13 of these Terms.
Dark Radar’s data processing and threat intelligence activities are based on the following legal grounds, acknowledging that cybersecurity constitutes a matter of public interest, corporate defense necessity, and the protection of critical infrastructures:
KVKK Article 5/2(f) and GDPR Article 6(1)(f): Data processing activities are carried out within the scope of legitimate interest for the purposes of preventing cyber attacks, detecting infostealer-sourced risks, and ensuring network security. GDPR Recital 49 explicitly defines the provision of network and information security as a legitimate interest.
CCPA / CPRA (California, USA): Data is processed for the "business purpose" of detecting security incidents and protecting against unlawful activities.
Sectoral and Regional Regulations: Threat intelligence sharing and increasing operational resilience are supported in line with regulatory frameworks such as EU DORA, Saudi Arabia SAMA / NCA, UAE NESA, and UK NCSC.
Dark Radar conducts its data acquisition activities in accordance with the recognition that cybersecurity is a matter of public interest and corporate defense is a legitimate interest. In this context, Dark Radar collects data only by using OSINT (Open Source Intelligence) and CINT (Cyber Intelligence) methods from legally open or legally accessible sources, based on passive observation and analysis. Dark Radar’s data acquisition processes strictly do not include providing unauthorized access to any system, bypassing security measures, active exploitation activities, malware distribution, data exfiltration, or obtaining personal or corporate data through unlawful methods. Under no circumstances does Dark Radar conduct active attacks, interference, manipulation, or unlawful data collection activities; it limits all data acquisition processes in accordance with applicable national and international legislation.
4.1 Beacon: Beacon is a cyber threat intelligence and risk analysis service that operates in isolation on a per-customer basis and is provided only on behalf of the relevant customer. All data processed within the scope of Beacon is logically segregated per customer, is strictly not shared with other customers, is not included in a general or common threat pool, and is used only to serve the corporate defense, risk detection, and cybersecurity operational needs of the relevant customer. If the Beacon service is provided through an MSSP, SOC, or an authorized third-party service provider; all contractual relations and obligations regarding the presentation, scope, and use of the service are established between the relevant service provider and the final customer. In this context, any legal, administrative, and operational responsibility arising from the use of the service belongs to the relevant MSSP/SOC or the party providing the service; Dark Radar is not a party to these relations and cannot be held responsible for any claims arising from them. In order to initiate the Beacon service via the Dark Radar platform, the MSSP, SOC, or authorized service provider must submit contracts, authorization documents, or approval documents indicating their authority to act on behalf of the relevant customer through the authorization and verification panels defined on the platform and be approved by Dark Radar. Beacon service cannot be initiated or activated without the required authorization and customer approval.
4.2 Shadow: Shadow is a professional threat research and vulnerability identification tool powered by Dark Radar’s cybercrime ecosystems and infostealer-sourced threat data infrastructure. The Shadow service is provided for corporate and professional user profiles such as SOC teams, MSSPs, and cybersecurity consultancy and sales teams. The platform is designed to support the detection, analysis, and identification of risks associated with past or ongoing data leaks and security vulnerabilities as quickly as possible. Within the scope of Shadow; operational and defensive intelligence is produced using filters such as country, IP address, HWID, timestamp, domain/subdomain, technologies used (e.g., webmail, admin login panels, etc.), and sensitive credential filters. Shadow does not provide users with publicly accessible, downloadable, or bulk raw datasets; however, it allows for the analysis of raw vulnerable files with verified sources and defined technical context for the purposes of technical analysis, forensic investigation, and vulnerability detection. These analyses are performed in a controlled and logged manner within the platform. Access to the Shadow platform is provided through a credit-based usage model. Users can perform queries, analyses, and transactions up to the credit amount they have loaded onto the platform. To become a member of Shadow and benefit from the service, users must submit information and documents proving that they operate within the scope of the “Legal Basis for Data Processing and Global Compliance” heading. This verification process is carried out through manual approval, corporate or related domain e-mail verification, and/or other identity and authorization verification methods deemed appropriate by Dark Radar. Platform access is not activated until the necessary approval processes are completed. Shadow can be used by cybersecurity firms not only for the technical analysis of data leaks but also for the detection and identification of institutions harboring potential security vulnerabilities. Users evaluate the analysis results obtained through Shadow entirely under their own responsibility, can prepare reports in white-label format, and present them to the relevant institutions. Except for institutions receiving the Beacon service directly from Dark Radar, analyses regarding all institutions that have experienced data leaks or vulnerabilities are carried out within the framework of the user's credit limit and entirely under the user's legal and operational responsibility. All queries, analyses, file reviews, reporting, and API usage performed within Shadow are recorded. Any legal, administrative, or criminal liability that may arise during the use of the Shadow service belongs to the user performing the relevant activity. Dark Radar cannot be held responsible for the consequences of users' activities on Shadow. In case of detection of unlawful use, exceeding authority, or activities contrary to these Terms, Dark Radar reserves the right to suspend or permanently cancel the relevant account.
For the purposes of public order, national security, and the protection of critical infrastructures, Dark Radar applies an internal filtering and blacklisting mechanism covering high-risk, sensitive, or potentially exploitable domains. In this context, domains that do not produce results or whose analysis may pose security, legal, or ethical risks are closed to searching, viewing, and content access within the Service. The said list is determined by Dark Radar and can be expanded, narrowed, or updated without prior notice. Domains belonging to the public institutions, judicial bodies, defense and security structures, regulatory and supervisory authorities, and organizations providing social security and critical public services of the Republic of Türkiye are filtered by default. Examples include, but are not limited to: Extensions such as *.gov.tr, *.k12.tr, *.edu.tr, Domains such as cb.gov.tr, tbmm.gov.tr, csb.gov.tr, icisleri.gov.tr, adalet.gov.tr, emniyet.gov.tr, jandarma.gov.tr, tsk.tr, msb.gov.tr, saglik.gov.tr, sgk.gov.tr, uyap.gov.tr, kvkk.gov.tr, bddk.org.tr, tcmb.gov.tr, and their associated subdomains are excluded from the Service. Regarding domains belonging to institutions that do not fall under this list but carry sensitivity such as critical infrastructure, strategic sectors, financial systems, energy, transportation, telecommunications, health, defense industry, or similar; Dark Radar may request the User to prove their authority to act on behalf of the relevant institution through manual verification, documentation, and reasonable evidence before allowing searches or access to content leaks. Access is not provided for the relevant domains until this verification is completed.
Dark Radar does not include any dataset in the Service that cannot be clearly identified, is not supported by technical evidence, or whose accuracy cannot be verified. In this context, raw and non-associable datasets, known publicly as “combolists,” with uncertain integrity, accuracy, and source, are not hosted, processed, presented, or distributed in Dark Radar systems. Each record within Dark Radar is associated with a specific infection point, device, or machine, and records are kept with timestamps, original file structures, technical context, and analysis metadata. This structure ensures that each data point is suitable for forensic investigation, root cause analysis, and technical verification processes. All data processed and stored by Dark Radar is protected using AES-256 symmetric encryption and RSA-4096 key infrastructure in accordance with industry standards; it is maintained with high security measures against unauthorized access in line with the principles of data security, privacy, and integrity.
All associated datasets processed within the scope of Dark Radar platforms are considered sensitive by nature, are kept in masked (obfuscated) form, and are never presented in open, full, or raw data form. These data are protected with cryptographic keys that are regularly renewed based on the rotate-key architecture, and key management is conducted through isolated security layers to prevent unauthorized access. No user, reseller, third-party service provider, or API client has the right to raw, downloadable, or bulk access to associated datasets. All data access on the platform is limited by role-based access control (RBAC), defined purpose of use, behavioral monitoring, and rate/speed limits (rate limiting), and all access activities are recorded in an auditable manner.
Within the scope of Dark Radar platforms, no integration, reseller, or third party can access general, unlimited, uncontrolled, or bulk downloadable raw datasets. API usage within the scope of the Beacon service is offered only limited to the domains and/or subdomains protected and authorized by the customer, and this usage is configured according to the defense and monitoring needs of the relevant customer. Beacon API access is subject to customer-based isolation, authorization, and logging principles and does not provide access to other customer data. API usage within the scope of the Shadow service is carried out within the framework of previously defined usage limits, masking rules, and credit-based transaction models. Shadow API access does not allow any user or institution to access all datasets at once or in a short period. To prevent abuse and systematic data scraping, daily rate and speed limits (rate limiting) are applied on a per-account basis on the Shadow platform; query volume, transaction frequency, and behavioral usage patterns are continuously monitored. Shadow API outputs are presented in accordance with defined field constraints, masking policies, and principles of suitability for the purpose of use.
The Services are provided only for corporate and professional use for the following user profiles and organizations: Cybersecurity Companies (CSC), Managed Security Service Providers (MSSP), Corporate Security Operations Centers (SOC) and authorized SOC analysts and security experts working in these centers, Cyber Insurance and Risk Analysis Providers, and other corporate security stakeholders deemed appropriate by Dark Radar. Individual, academic, experimental, or personal curiosity-based uses are not directly open to access, and the acceptance, scope, and duration of such requests are entirely at Dark Radar's discretion. Dark Radar reserves the right to evaluate the suitability of user profiles, request additional documents, limit access, or deny access.
The right to register and use the Service applies only to natural persons who have reached the age of 18. It is prohibited for persons under the age of 18 to access the Service, create a registration, or use the Service in any way. The User represents and warrants that they have reached the age of 18 at the time of registration. In the event that this representation is found to be false, Dark Radar reserves the right to immediately suspend or terminate access to the Service, and Dark Radar cannot be held responsible for any damages arising from this situation.
Dark Radar Services are offered on a prepaid subscription model. Subscription plans are collected via wire transfer/EFT and credit card methods through Dark Radar’s authorized payment infrastructure and are renewed on a monthly basis. Upon successful completion of the payment transaction, the relevant Service and content become immediately accessible. The products and services offered within the scope of the Service are digital and intangible contents that are performed instantly and come into effect along with the contract and information texts explicitly approved by the User during the payment step. In this context, the right of withdrawal regarding distance sales does not apply to digital services whose performance has started immediately within the framework of the relevant legislation. Services offered by Dark Radar are primarily designed for corporate and professional use (B2B). For corporate users, no right of withdrawal, refund, or price claim arises. Even if individual access is provided, due to the nature of the Service, no cancellation or refund is made once performance has begun. Subscription cancellation only stops the renewal of the next billing period; payments made for the period in which the cancellation request is submitted are not refunded. Dark Radar reserves the right to unilaterally suspend or terminate the subscription in case of detection of abuse, violation of the Terms, or legal risk. Even in this case, no refund obligation arises for the periods used.
The User may cancel their subscription at any time via the Settings > Billing and Plans > Manage Billing section. The cancellation process is carried out through the billing infrastructure belonging to Dark Radar where the User manages their subscription and payment information. Subscription cancellation only prevents the renewal of the next billing period; the Service continues to be actively provided until the end of the current billing period for which the cancellation request was submitted. For current or past billing periods, no refund is made for unused periods, except in mandatory legal cases. Since Dark Radar Services are offered within the scope of digital and intangible services performed instantly, no refund of fees can be requested after cancellation for services started after payment.
The Service may not be used for the purpose of unauthorized access, unlawful monitoring or surveillance, pressure, threat, blackmail, or using data for disclosure purposes, attack planning, active exploitation, exceeding authority, causing harm, interfering with the system, disabling services, disrupting data integrity, or performing any unlawful activity directly or indirectly. The User agrees to use the Service only within the scope of defense, risk detection, security analysis, and corporate cybersecurity activities. In case of detection of use contrary to these provisions, Dark Radar reserves the right to immediately suspend or permanently terminate access to the Service without any notice; it may also notify authorized authorities where necessary.
All intellectual and industrial property rights on all software, data structures, data models, algorithms, analysis methods, interfaces, visual designs, report formats, documentation, and all kinds of content offered within the scope of the Service belong exclusively to Dark Radar. These Terms do not grant the User any ownership, transfer, sub-license, or commercial use right over the said rights; it only provides a non-transferable and non-exclusive right of access for the limited use of the Service in accordance with these Terms. The Dark Radar brand is registered before the Turkish Patent and Trademark Office (TÜRKPATENT) for a period of 10 (ten) years, with registration number 2025 059415, under class 42; this registration covers scientific and industrial research services, computer programming and software services, cybersecurity, data security, network and system security, vulnerability detection, security software consultancy, and information technology security services. The User agrees not to use, reproduce, imitate, or allow third parties to use the Dark Radar brand, logo, or distinctive elements without the explicit and written permission of Dark Radar.
Dark Radar has no control over third-party websites, software, services, links, content, data, or services included in or accessible through the platform and accepts no responsibility for the accuracy, timeliness, security, lawfulness, or availability of such content. The User agrees that they access third-party content or services at their own discretion and risk and that they are solely responsible for any legal, administrative, or technical consequences that may arise from the use of such content.
The User agrees to indemnify, defend, and hold harmless Dark Radar, its affiliates, directors, employees, and representatives from and against any and all claims, demands, damages, losses, liabilities, administrative sanctions, lawsuits, and expenses (including but not limited to attorney's fees and litigation costs) arising out of or in connection with the User's use of the Service, access to the Service, or violation of any provision of these Terms.
The Service is provided “as is” and “as available.” Dark Radar makes no warranties, express or implied, that the Service will be uninterrupted, timely, error-free, secure, continuously accessible, or fit for a particular purpose. Dark Radar cannot be held responsible for any technical failure, loss of performance, data delay, maintenance work, system updates, or consequences that may arise from third-party-sourced interruptions that may occur during the use or inability to use the Service.
Dark Radar shall in no event be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, business interruption, loss of reputation, loss of data, or failure to obtain the expected benefit. The total liability of Dark Radar under these Terms, for any reason and arising from any legal basis, is limited to the amount actually paid by the User for the relevant Service.
Dark Radar reserves the right to temporarily suspend, limit, or permanently terminate access to all or part of the Service without any justification and without prior notice. This situation applies particularly in cases of violation of these Terms, unlawful use, exceeding authority, security risk, suspicion of abuse, or the necessity to protect system integrity, and Dark Radar shall have no liability or obligation for compensation in this context.
These Terms shall be interpreted and applied in accordance with the laws of the Republic of Türkiye, excluding conflict of laws rules. Kocaeli Courts and Enforcement Offices are exclusively authorized to resolve any dispute arising from or in connection with these Terms.
