These Terms of Service ("Terms") govern all security assessment and consulting engagements provided by HEXSTRIKE ("Company", "we", "us") to its clients ("Client", "you"). By signing a Statement of Work referencing these Terms, you agree to be bound by them.
2.1 The Company will provide the services described in the applicable SoW. Any material changes to the scope, timeline, or deliverables must be agreed in writing by both parties via a Change Request.
2.2 The Company reserves the right to decline or discontinue any engagement that, in its professional judgement, poses unacceptable ethical, legal, or safety risks.
2.3 Services are performed remotely unless otherwise specified in the SoW. On-site services are subject to additional terms and travel reimbursement.
3.1 The Client warrants that it has full legal authority to authorise security testing of all Target Systems, including any third-party or co-hosted systems within scope. The Client indemnifies the Company against any claims arising from unauthorised testing resulting from inaccurate or incomplete authorisation.
3.2 The Client is responsible for obtaining any necessary consents from third parties whose data may be processed during testing.
3.3 All Engagements are conducted within the bounds of the signed RoE. Any testing outside agreed scope is strictly prohibited.
3.4 The Company conducts all Engagements in compliance with applicable law. The Company does not conduct testing designed to facilitate illegal activity.
The Client agrees to:
5.1 Both parties agree to maintain strict confidentiality of all information exchanged during the Engagement, including findings, methodologies, credentials, and system architecture.
5.2 The Company will not disclose findings, client identity, or engagement details to any third party without explicit written consent, except as required by law.
5.3 All engagement data will be securely stored using AES-256 encryption and deleted within the retention period specified in the Privacy Policy or SoW.
5.4 Confidentiality obligations survive termination of the Engagement indefinitely.
6.1 Deliverables (reports, findings, remediation guidance) become the property of the Client upon receipt of full payment.
6.2 The Company retains ownership of all pre-existing tools, methodologies, templates, and frameworks used during the Engagement. No licence to these is granted to the Client unless explicitly stated in the SoW.
6.3 The Company may reference the existence of an engagement in aggregated, anonymised statistics (e.g., "500+ assessments completed") without identifying the Client unless the Client has granted permission for case study use.
7.1 Security assessments are performed with professional care but cannot guarantee the identification of all vulnerabilities. The absence of a finding does not guarantee the absence of a vulnerability.
7.2 The Company's total liability to the Client for any claim arising from an Engagement shall not exceed the total fees paid by the Client for that specific Engagement.
7.3 The Company is not liable for indirect, incidental, or consequential damages, including business interruption, loss of data, or loss of profit, except in cases of gross negligence or wilful misconduct.
7.4 The Company shall not be liable for any system impact resulting from testing conducted within the agreed RoE, provided that the Company exercised reasonable professional care.
8.1 Unless otherwise stated in the SoW, payment terms are: 50% deposit upon SoW signing, 50% upon delivery of the final report.
8.2 Invoices are due within 30 days of issuance. Overdue amounts accrue interest at 1.5% per month.
8.3 Cancellation with less than 5 business days notice will result in forfeiture of the deposit. Cancellation with more than 5 business days notice may receive a full deposit refund at our discretion.
9.1 Either party may terminate an Engagement immediately by written notice if the other party materially breaches these Terms and fails to cure such breach within 5 business days.
9.2 Upon termination, the Company will securely delete all Client data and provide a summary of work completed to date. Fees for completed work are non-refundable.
10.1 These Terms are governed by the laws of the jurisdiction specified in the SoW. If no jurisdiction is specified, the laws of Argentina shall apply.
10.2 Any disputes arising from these Terms shall first be subject to good-faith negotiation between the parties. If unresolved within 30 days, disputes shall be referred to binding arbitration.
These Terms are incorporated by reference into all Statements of Work issued by HEXSTRIKE. For questions, contact legal@hexstrike.io.