GoSafe – Terms of Service
Last updated: 14 January 2026
PART A – TERMS OF SERVICE
1. About GoSafe
GoSafe is a cybersecurity monitoring service operated by GoBig Online LTD (“we”, “us”, “our”). GoSafe provides monitoring of email addresses and related identifiers against known data breaches and publicly available breach intelligence sources, including third‑party services.
GoSafe is provided on a best‑effort, informational basis only and is not a guarantee of security, safety, or the absence of data breaches.
2. Acceptance of Terms
By accessing or using GoSafe, you: – Confirm that you are legally able to enter into these Terms – Agree to be bound by these Terms and our Privacy Policy – Agree to use the service only for lawful purposes
If you do not agree, you must not use GoSafe.
3. Description of the Service
GoSafe is a restricted-access security intelligence platform operated for authorised customers and internal systems.
GoSafe: – Aggregates and processes real-world breach intelligence data from third-party providers and security research disclosures – Ingests such data into controlled environments using hashing, encryption, and obfuscation techniques – Allows authorised users to search for the existence of identifiers within breach datasets – Applies additional safeguards where breach data is classified as sensitive
Users do not submit breach data for storage.
GoSafe is not a publicly available service or open API. Access is strictly controlled and monitored.
4. Authorised Use, Resellers & User Responsibilities
You agree that:
- You are an authorised user, customer, or reseller permitted to access GoSafe
- Where you act as a reseller, you do so on behalf of your own customers and remain responsible for their compliance
- You will ensure that any end user for whom you perform searches has a lawful basis for such processing and has been provided with appropriate notices
- You will use GoSafe solely to search for the presence of identifiers within breach datasets for legitimate security purposes
- You will not attempt to submit, upload, or inject personal data into GoSafe for storage
- You will not expose GoSafe outputs to unauthorised third parties
- You will not attempt to access or extract underlying datasets, storage, or correlation mechanisms
- You will comply with all applicable data protection and cybercrime laws
Any unauthorised use constitutes a material breach of these Terms.
5. Accuracy, Scope & No Warranty
GoSafe provides breach intelligence on a best-effort, informational basis only.
- GoSafe does not guarantee that all breaches, exposures, or incidents will be identified
- Breach intelligence is limited to data made available through third-party sources and research disclosures
- Results may be incomplete, delayed, duplicated, inaccurate, or historical
- The absence of a result does not indicate the absence of exposure
The service is provided “as is” and “as available”, without warranties of any kind, express or implied.
6. Limitation of Liability
To the fullest extent permitted by law:
- GoBig Online LTD shall not be liable for any direct, indirect, incidental, consequential, special, or punitive damages
- This includes (without limitation) loss of data, revenue, reputation, business opportunity, regulatory exposure, or security incidents
- We are not liable for decisions, actions, or inaction taken by resellers or end users based on GoSafe results or omissions
- We are not responsible for how resellers present, interpret, integrate, or rely upon GoSafe outputs
GoSafe does not provide guarantees of security, prevention, or remediation of breaches.
Nothing in these Terms excludes liability for death or personal injury caused by negligence or for fraud where prohibited by law.
7. Third‑Party Services & Reseller Responsibility
GoSafe relies on third‑party breach intelligence providers and infrastructure services.
Where GoSafe is provided via a reseller arrangement: – The reseller acts as an independent data controller in respect of its own customers – GoBig Online LTD does not have a direct contractual relationship with reseller end users – GoBig Online LTD is not responsible for the reseller’s contractual terms, representations, or compliance obligations – Resellers are responsible for ensuring that their own terms and privacy notices accurately describe the use of GoSafe and its limitations
Third‑party services operate under their own terms and policies.
8. Suspension, Monitoring & Termination
We reserve the right to:
- Monitor access and usage for security, abuse prevention, and compliance
- Rate-limit or restrict searches to prevent enumeration or misuse
- Suspend or terminate access immediately for unauthorised use, excessive querying, or attempted circumvention of controls
- Remove or restrict access where required by law or to protect data subjects
Suspension or termination may occur without prior notice.
9. Changes to the Service or Terms
We may: – Modify or discontinue parts of GoSafe at any time – Update these Terms as required
Continued use after changes constitutes acceptance.
10. Governing Law
These Terms are governed by the laws of England and Wales, and courts of England shall have exclusive jurisdiction.
PART B – PRIVACY POLICY
11. Data Controller
GoSafe is operated by:
GoBig Online LTD
Unit 4, East Horton Business Park, Knowle Lane, Fair Oak, Eastleigh, Southampton, SO507DZ
We are the Data Controller under UK GDPR.
12. Data We Collect
We collect and process data strictly necessary to operate GoSafe as a search and intelligence platform.
Breach Intelligence Data – GoSafe independently aggregates real-world breach datasets from third-party breach intelligence providers, security research disclosures, and publicly available breach datasets – All breach data is transformed prior to storage using hashing, encryption, and obfuscation – Stored data is non-human-readable, non-attributable, and unusable outside GoSafe’s systems
Search Queries – When a user performs a search, the queried identifier is processed transiently – Search inputs are hashed and compared against stored representations – Search queries are not retained in plaintext
Operational & Security Data – Access logs, authentication events, and audit records – Metadata required to enforce access controls and detect misuse
13. How We Use Data
We process data to: – Provide breach monitoring services – Notify users of detected breaches – Maintain service security and performance – Comply with legal obligations
We do not sell personal data.
14. Legal Basis for Processing
Under UK GDPR, our lawful bases include: – Legitimate interests (security monitoring) – Contractual necessity (service delivery) – Legal obligations
15. Breach Data Nature, Handling & Accuracy
GoSafe aggregates and processes real breach data for defensive security and intelligence purposes.
- All ingested breach data is immediately cryptographically transformed and rendered non-human-readable
- Stored representations cannot be reverse-engineered by third parties
Breach data may be incomplete, delayed, inaccurate, or historical in nature.
The presence of an identifier within GoSafe does not confirm active compromise, misuse, or wrongdoing.
16. Data Retention & Suppression
- GoSafe retains transformed breach intelligence data for as long as it remains relevant for security and research purposes
- We do not guarantee deletion of breach source intelligence where data was not collected directly from the data subject
- Where appropriate, we may suppress the display of results linked to an identifier following verified requests
- Account data and access records are retained in accordance with legal and operational requirements
17. Data Sharing
We may share data with: – Infrastructure providers (hosting, security) – Breach intelligence providers (where required) – Authorities where legally compelled
All processors are subject to confidentiality and security obligations.
18. International Transfers
GoSafe is designed to operate within controlled jurisdictions.
Where data is processed or stored outside the UK or EEA, we ensure appropriate safeguards are in place, including: – Adequacy decisions – Standard contractual clauses
No international transfers are made for public access purposes.
19. Security Measures & Sensitive Breach Handling
We implement layered security controls, including:
- One-way hashing of identifiers used for search
- Bespoke encryption and obfuscation mechanisms
- Strong access controls and segregation of duties
- Mandatory multi-factor authentication
- Continuous monitoring and audit logging
Sensitive Breach Classification
Certain breach datasets may be classified as sensitive due to their nature, including (by way of example) breaches relating to healthcare services, adult-oriented services, or other categories where disclosure could cause heightened harm or distress.
Where a breach is classified as sensitive: – The existence or details of that breach are not displayed by default – Results are withheld until successful ownership verification has been completed – Ownership verification requires completion of two-factor authentication linked to the searched email address
This approach is designed to prevent unauthorised disclosure and reduce the risk of harm to data subjects.
20. Data Subject Rights
You have rights under applicable data protection law, including the right to access, rectification, and objection.
However: – Rights may be limited where data was not collected directly from you – The right to erasure does not apply where processing is necessary for security research, public interest, or legitimate interests, or where data has been irreversibly transformed – Requests will be assessed on a case-by-case basis in accordance with applicable law
You may lodge a complaint with the Information Commissioner’s Office (ICO).
21. Children’s Data
GoSafe is not intended for children under 16. We do not knowingly collect such data.
22. Risk, Breach & Disclosure Handling
- GoSafe is designed to minimise the risk of exposure by storing only cryptographically protected data
- In the event of a security incident, notification obligations will be assessed based on the likelihood of risk to the rights and freedoms of individuals
- Not all security incidents constitute a personal data breach under applicable law
We may disclose information where legally compelled by law enforcement, regulators, or courts.
End of document