Terms & Disclaimer

Last updated Jun 25, 2026.

0. Acceptance

By using BreachCostLab (the "site") you agree to these terms. If you do not agree, please do not use the site.

0.3 Important disclaimer — read this

BreachCostLab provides cost and risk estimates for informational purposes only. The figures are produced by transparent models built on published industry benchmarks (such as IBM/Ponemon Cost of a Data Breach and the Verizon DBIR) and publicly available statutory figures (such as GDPR Article 83, HIPAA and the CCPA), as of the verification date shown on each tool and table.

These figures are estimates for planning only. They are not a prediction of the cost of any specific incident, and they are not legal, financial, insurance, tax or compliance advice. Maximum-exposure figures are statutory or contractual ceilings, not amounts you are likely to pay. Actual breach costs and penalties vary widely and depend on facts, jurisdiction and the decisions of regulators and courts.

For any regulatory obligation, breach response or insurance decision, consult qualified counsel and a professional incident-response provider. Always verify current figures with the cited primary sources.

1. Informational use only

The site and its calculators are planning and education tools. You are responsible for verifying current benchmarks and statutory figures with the cited sources, and for any decisions you make. BreachCostLab is not a security vendor or law firm and does not provide incident response or legal services.

2. Benchmarks and figures change

Breach-cost benchmarks refresh roughly annually and statutory figures are amended over time. Bundled defaults reflect published figures as of the verification date shown on each tool and table, and may be out of date. Every key figure is an editable input — confirm the current value with the primary source before relying on a result.

3. Estimates exclude real-world factors

The models capture cost in a structured, simplified way. Structural coefficients (component shares, size/data/range factors) are documented modeling choices, not measured quantities, and the models do not capture every factor specific to your business. Treat outputs as a planning range, not a forecast.

4. No warranty

The site and tools are provided "as is" and "as available", without warranty of any kind, express or implied, including fitness for a particular purpose and accuracy.

5. Limitation of liability

To the maximum extent permitted by law, Redbit S.r.l.s. shall not be liable for any direct, indirect, incidental, consequential or other loss or damage arising from use of the site or reliance on its estimates, even if advised of the possibility of such loss.

6. Content & data

Formulas and methodology are published for transparency and education. The dataset is provided for personal and internal business use; please link back rather than republishing the tables wholesale.

7. Governing law

These terms are governed by the laws of Italy and the European Union, without regard to conflict-of-laws rules. The operator is established in the EU.

8. Contact

Operated by Redbit S.r.l.s., Viale della Grande Muraglia 494, 00144 Roma, Italy — VAT IT15237911001. Questions: [email protected].