Terms of Service

1. Who we are

"Tuck Sentinel" is a service provided by Rich Gibbs as an independent technical consulting practice ("we", "us"). The service is independent and is not approved, certified, sponsored, or endorsed by Amazon Web Services, AWS, Inc., Google, Yahoo, Microsoft, Cloudflare, Stripe, Tally, any email provider, cloud provider, hosting provider, or hardware vendor. AWS, Amazon EC2, Google, Yahoo, Microsoft, and other vendor or product names are trademarks of their respective owners.

2. What you are buying

You are purchasing a fixed-scope, point-in-time advisory review ("QuickCheck") for the scope shown at checkout or on the offer page. VPS/EC2 Hardening QuickCheck covers one Linux VPS or Amazon EC2 host that you own or are authorized to administer. Inbox/DNS QuickCheck covers one domain's email authentication and sender-DNS posture, such as SPF, DKIM, DMARC, MX, alignment, and authorized sending tools. The deliverable is a written prioritized report plus the clarification pass described for the purchased offer.

3. What this service is not

The QuickCheck is not, and is not represented as, any of the following: a penetration test, exploit validation, red-team exercise, malicious-traffic test, denial-of-service or load test, social engineering or phishing exercise, password cracking, malware removal, incident response, breach response, forensic investigation, compliance certification, regulatory audit, SOC 2 evidence, ISO certification, HIPAA evaluation, PCI evaluation, insurance attestation, legal opinion, deliverability guarantee, inbox-placement guarantee, spam-folder removal service, reputation repair service, or guarantee that any system, domain, or email program is or will remain secure, compliant, breach-proof, accepted, or inboxed.

4. Authorization required

Before any assessment activity occurs, you must complete the requested authorization/intake steps for the purchased offer. By submitting intake, paying for a tier, or sharing evidence, you represent and warrant that: (a) you own, administer, or are explicitly authorized to request the review of the target host or domain; (b) you will not expose regulated, sensitive, or third-party-owned data you are not authorized to share; (c) you have authority over the relevant cloud, hosting, DNS, or email-sending resources; (d) for AWS/EC2 targets, only customer-owned/configured resources are in scope, and AWS infrastructure or AWS-managed services themselves are not in scope; (e) no other party will be tested, scanned, affected, impersonated, or targeted by the review.

5. What you must not send us

Do not submit, share, or upload passwords, SSH private keys, API tokens, OAuth tokens, .env files, shell history, database exports, DNS provider credentials, customer or end-user records, customer lists, campaign exports, payment-card data, full AWS account credentials, or regulated/sensitive personal data. If sensitive material is sent, we will stop work, delete or quarantine the material when feasible, notify you, and request a sanitized resend before continuing.

6. Customer responsibilities

You are solely responsible for the operation, backups, business continuity, change management, DNS/email configuration changes, sender practices, consent practices, and remediation of your systems and domains. You are responsible for evaluating any recommendation in the report before applying it, and for compliance with the terms of service and acceptable-use policy of your cloud, hosting, DNS, email, marketing, or mailbox provider. We do not implement changes in your systems, DNS, or email accounts unless a separate written engagement scope is agreed.

7. Payment, refunds, and chargebacks

Prices are in U.S. dollars and are charged via Stripe. You may request a refund within 14 days of report delivery by emailing the support address listed below. Approved refunds are issued through the original payment method. Payment-processor and chargeback fees may apply. A refund does not convert the report into a certification, attestation, compliance artifact, legal opinion, security guarantee, or warranty of any kind. The QuickCheck is one host or one domain per purchase, depending on the offer purchased; remediation, direct access, DNS implementation, monthly monitoring, AWS-account-wide reviews, deliverability operations, or any other expanded work require a separate written scope and may have separate refund terms.

8. Acceptable use

You agree not to use the service for, or in connection with: unauthorized testing of systems, accounts, domains, or senders you do not own/administer; spam, purchased lists, deceptive headers, phishing, impersonation, evasion, or unsolicited bulk outreach; any activity that violates the law or your provider's terms; any activity that targets third parties; or any attempt to extract, replicate, or resell our deliverables in a way that misrepresents them as a certification, attestation, endorsement, guarantee, or inbox-placement promise.

9. Privacy and data handling

Customer data is handled under our Privacy and Data Handling Policy. Default raw-evidence retention is 30 days after final report delivery or refund-window closure, whichever is later, unless you request earlier deletion or a different period is agreed in writing.

10. Disclaimer of warranties

To the maximum extent permitted by applicable law, the service and the report are provided "as is" and "as available," without any warranty of any kind, whether express, implied, or statutory, including without limitation warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, uninterrupted operation, or that any system will remain secure, compliant, or free from compromise.

11. Limitation of liability

To the maximum extent permitted by applicable law, in no event will our total cumulative liability arising out of or related to the service exceed the amount you actually paid us for the specific QuickCheck giving rise to the claim. We are not liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, or business interruption, even if we have been advised of the possibility of such damages.

12. Indemnification

You agree to indemnify and hold us harmless from any third-party claim arising out of or related to: (a) systems, accounts, content, or data you authorized us to review; (b) your representations of authorization, ownership, or scope; (c) your application or non-application of any recommendation; or (d) your violation of these terms or applicable law.

13. Governing law and disputes

These terms are governed by the laws of the State of Texas, United States, without regard to its conflict-of-laws principles. Any dispute arising out of or related to these terms or the service will be resolved exclusively in the state or federal courts located in Texas, and you consent to personal jurisdiction in those courts. Nothing in this section limits any non-waivable consumer-protection rights you may have under your local law.

14. Changes

We may update these terms from time to time. The "Last updated" date at the top will reflect the most recent change. Material changes that affect a current paid engagement will not apply retroactively to that engagement.

15. Contact

Support, refund requests, and questions: support@richgibbs.dev. For privacy-specific requests, the same email address is the privacy contact.

16. Inbox Cleanup terms

The Inbox Cleanup product line ($19 Pack on Gumroad, $79 QuickCheck, and $499 Enterprise) is advisory only. The deliverable is a written cleanup plan based on counts-and-metadata you share. Tuck Sentinel does not log into your mailbox, does not move or delete messages, and does not implement filters or labels for you.

Customer authorization required. Before any Inbox Cleanup work begins, you must complete the requested intake/authorization steps for the purchased tier. By purchasing or sharing evidence, you represent and warrant that you own, administer, or are explicitly authorized to request a cleanup review of the mailbox(es) listed in scope, and that you will not include mailboxes outside that scope. For Enterprise, you must have authority over the relevant Google Workspace tenant and over the internal-app OAuth path used to authorize the survey script.

You keep your OAuth tokens. You authorize the read-only survey script under your own Google account (or your own Workspace internal-app OAuth path for Enterprise). Tuck Sentinel never holds, stores, refreshes, or proxies your OAuth tokens, refresh tokens, or mail content. Revoke the script's grant in your Google account when you are done.

No deliverability or storage promises. Inbox Cleanup is not, and is not represented as: a deliverability service, inbox-placement service, spam-folder removal service, sender-reputation service, mail recovery service, storage-savings guarantee, compliance certification, legal opinion, or insurance attestation. Recommendations are point-in-time and based only on the survey.json counts and metadata you share. We do not promise any specific GB savings, message-count reduction, or inbox state.

30-day Gmail Trash window. In Gmail and Google Workspace, items moved to Trash are typically purged after 30 days. Plan, label, and verify before bulk-deleting anything. You are responsible for backups and for any deletions you perform inside your own account.

Inbox Cleanup recommendations are advisory; you remain solely responsible for the operation of your mailbox(es), for evaluating each recommendation, and for any change you choose to apply.