Terms of Service

0. Agreement & Priority of Documents

These Terms of Service (“Terms”) govern your use of the Bastionity website (the “Website”) and any testing, consulting, or other cybersecurity services provided by Bastionity (“Bastionity”, “we”, “us”, “our”). If you sign a separate written agreement (such as a Master Services Agreement) or a Statement of Work (“SOW”), then that document will control if there is a conflict, but only for the scope of that engagement.

1. Definitions

In these Terms:

• “Client” / “You” means the individual, company, or legal entity using the Website or ordering Services.
• “Services” means security services such as penetration testing, security assessments, advisory/consulting, or similar offerings described on the Website or in an SOW.
• “Deliverables” means reports, summaries, risk ratings, remediation guidance, or other outputs provided as part of the Services.
• “Client Systems” means the domains, applications, APIs, networks, cloud accounts, IPs, hardware, and other assets you authorize us to assess.
• “Client Data” means data you provide or that is accessed/processed during the Services, including logs and evidence collected for reporting.
• “Confidential Information” means non-public information disclosed by either party that a reasonable person would consider confidential (including business, technical, and security information).
• “Bastionity IP” means our proprietary methods, tools, templates, processes, know-how, and report formats used to deliver Services.

2. Eligibility & Account Responsibilities

You represent that you have the legal authority to enter into these Terms. If you use the Website or Services on behalf of an organization, you represent that you are authorized to bind that organization. You are responsible for ensuring your contact information is accurate and for safeguarding any credentials used to access portals or shared resources.

3. Scope of Services & Authorization

Authorized testing only. You must ensure that you have explicit permission from the asset owner (or authorized representative) for Bastionity to test the Client Systems listed in the SOW (or otherwise confirmed in writing).

• You will provide accurate scope, testing windows (if any), and points of contact (including incident escalation contacts).
• You are responsible for ensuring testing does not violate third-party terms or laws that apply to your assets (including your customers’ assets).
• You acknowledge that security testing may identify weaknesses and may produce logs/alerts on your infrastructure.

4. Orders, Fees, Taxes, and Payments

Fees, milestones, deliverables, and timelines will be described in the applicable SOW or quote. Unless otherwise stated:

• Invoices are due according to the payment terms in the SOW/quote.
• All prices exclude applicable taxes, duties, or withholdings that may apply in your jurisdiction.
• Due to the nature of cybersecurity services, fees are generally non-refundable once work begins, unless explicitly agreed in writing.

5. Acceptable Use

You agree not to use the Website or our materials to:

• Perform unauthorized testing or illegal activity.
• Distribute malware, exploit code for malicious use, or instructions intended to cause harm.
• Interfere with the Website, attempt to bypass security, or scrape content in a way that burdens our infrastructure.
• Misrepresent your identity, affiliation, or authorization to request security testing.

6. Confidentiality

Each party may receive Confidential Information from the other. The receiving party will:

• Use Confidential Information only to perform obligations under these Terms and any applicable SOW.
• Protect it using reasonable care (no less than the care used to protect its own confidential information).
• Not disclose it to third parties except to personnel/contractors who need to know and are bound by confidentiality obligations.

Confidentiality obligations do not apply to information that is public without breach, independently developed without access to Confidential Information, or rightfully obtained from a third party. A party may disclose Confidential Information if required by law, and will provide notice when legally permitted.

7. Data Handling & Privacy

Our handling of personal information is described in our Privacy Policy. For engagement data (e.g., evidence, logs, and findings), we limit collection to what is necessary to provide Services and produce Deliverables. Client Data remains owned by the Client, subject to the licenses necessary for Bastionity to deliver the Services. See Privacy Policy.

8. Intellectual Property

You retain ownership of Client Data and your pre-existing IP. Bastionity retains ownership of Bastionity IP. Unless otherwise agreed in writing:

• Deliverables are licensed to you for internal business use (including compliance/audit purposes).
• You may share Deliverables with your auditors, regulators, and professional advisors under confidentiality.
• You may not resell, white-label, or publish Deliverables externally without our prior written consent (except where legally required).

9. Disclaimers

The Website and Services are provided “AS IS” and “AS AVAILABLE” to the maximum extent permitted by law. No security assessment can guarantee that all vulnerabilities will be identified or that systems will be free from compromise. We do not warrant uninterrupted or error-free operation of the Website.

10. Limitation of Liability

To the maximum extent permitted by law:

• Bastionity will not be liable for indirect, incidental, consequential, special, punitive, or exemplary damages (including lost profits, lost data, or business interruption).
• Bastionity’s total liability arising out of or related to the Services will not exceed the total fees paid by you to Bastionity for the specific SOW giving rise to the claim (or, if no SOW applies, the fees paid in the prior twelve (12) months).

11. Indemnification

You agree to defend, indemnify, and hold harmless Bastionity from claims arising from (a) your breach of these Terms, (b) your lack of authorization to request testing on Client Systems, or (c) your misuse of Deliverables or Services. Bastionity will notify you of any such claim and reasonably cooperate (at your expense) in the defense.

12. Termination

We may suspend or terminate Website access if we reasonably believe you are violating these Terms, attempting unauthorized access, or creating security risk. Engagement termination will be governed by the applicable SOW where provided.

Sections that by their nature should survive will survive termination, including confidentiality, IP, disclaimers, limitation of liability, and indemnification.

13. Compliance With Law

Each party will comply with applicable laws and regulations, including laws related to export controls, cybersecurity testing tools, and authorized access to computer systems. You are responsible for ensuring you have rights to authorize testing.

14. Governing Law & Dispute Resolution

These Terms are governed by the laws of [GOVERNING LAW / JURISDICTION], without regard to conflict-of-law rules. The courts located in [VENUE / CITY] will have exclusive jurisdiction, unless the applicable SOW states otherwise.

15. Changes to These Terms

We may update these Terms from time to time. The updated version will be posted on this page and becomes effective when published. Your continued use of the Website after changes are posted constitutes acceptance of the updated Terms.

16. Contact

If you have questions about these Terms, contact us at legal@bastionity.com or through the contact page on the Website.