Terms of use, privacy policy, and important disclaimers.
Last updated: June 2026
⚠️ Important: Risk Posture Tools are provided for informational and educational purposes only. They are not professional security advice and do not constitute a formal security assessment, audit, or certification. Use at your own risk.
The tools, content, and outputs provided by Risk Posture Tools ("the Service") are for general informational and educational purposes only. Nothing in the Service constitutes professional legal, regulatory, or cybersecurity advice.
Completing an assessment using these tools does not certify, authorize, or validate the security posture of any system, organization, or product. Framework scores, gap analyses, and risk statements generated by the tools are guidance aids only — they should be reviewed and validated by qualified security professionals before being relied upon for any compliance, regulatory, or risk management purpose.
Risk Posture Tools expressly disclaims all liability for damages of any kind arising from use of the Service, including but not limited to data loss, security incidents, regulatory non-compliance, or reliance on tool outputs.
All NIST framework references (CSF, RMF, SP 800-series, etc.) are to publicly available U.S. government publications. Risk Posture Tools is not affiliated with or endorsed by the National Institute of Standards and Technology (NIST) or any government agency.
Risk Posture Tools offers two tiers:
Pro features are unlocked by entering the email address used for your subscription purchase. Your email is validated against the LemonSqueezy subscriptions API to confirm active status. No password or separate account is required. You may sign in on any device using your purchase email.
You may not: reverse engineer, redistribute, resell, or sublicense the tools; share your subscription credentials for others to use commercially; or use the Service for any unlawful purpose.
If you are unsatisfied with your Pro subscription, contact us within 7 days of your original purchase date and we will issue a full refund. Refunds are available once per customer — if a refund has previously been issued on a prior subscription, subsequent purchases are not eligible for a refund. Contact us through LemonSqueezy, the platform managing subscriptions.
We reserve the right to modify or discontinue the Service at any time. Reasonable advance notice will be provided for material changes that affect active Pro subscribers.
Risk Posture Tools runs entirely in your browser. Your assessment data — system names, control responses, risk scores, and any other content you enter — is never transmitted to our servers. It is stored only in your browser's localStorage and is cleared when you clear your browser data.
When you sign in to verify a Pro subscription, your email address is sent to a Cloudflare Worker endpoint, which queries the LemonSqueezy subscriptions API to confirm active status. Only your email address is transmitted — no assessment data is included in this request. Upon successful validation, your subscription status and renewal date are stored in your browser's localStorage for future sessions.
We do not use cookies, analytics services, or tracking pixels on the assessment tools or site pages. Standard server-side access logs (IP address, request URL, timestamp) may be retained by Cloudflare Pages as part of normal web hosting operations, but no third-party behavioral analytics are employed.
Questions about this policy or the Service can be directed through the LemonSqueezy purchase platform used for Pro subscriptions.
Risk Posture Tools