Terms & Conditions

1. Service Description

VulnX is a website security review platform that provides professional vulnerability assessments and security audits for web applications. Our services include:

• Automated security scanning for common vulnerabilities
• Manual security review by professional security engineers
• Detailed reports with findings, severity ratings, and remediation guidance
• Consultation and support for understanding findings
• Exposure checks to identify publicly available sensitive information

2. Eligibility & Authorization

⚠️ IMPORTANT: You must only submit websites you own or are explicitly authorized to test.

By using VulnX, you represent and warrant that:

• You are at least 18 years of age or the age of majority in your jurisdiction
• You are authorized to enter into legally binding agreements
• You are the owner of, or have written authorization from the owner of, the website(s) submitted for review
• You are authorized to have the website scanned and analyzed for security vulnerabilities
• You agree that all information provided is accurate and truthful
• You have the right to collect and share any data visible on or accessed through the submitted website

⚠️ Unauthorized Testing: You are strictly prohibited from submitting third-party websites without explicit authorization. VulnX will not take responsibility for unauthorized testing, and you may face legal consequences.

3. Acceptable Use Policy

You agree to use VulnX only for legitimate security review purposes. You will not:

• Submit websites you do not own without authorization
• Use VulnX for illegal activities or to harm others
• Attempt to bypass, reverse-engineer, or modify VulnX systems
• Conduct unauthorized penetration testing or security assessments
• Distribute or republish security findings independently without VulnX's consent
• Attempt to gain unauthorized access to our systems or data
• Use VulnX to develop tools that attack other systems
• Spam, abuse, or disrupt the platform or its users
• Violate any applicable laws, regulations, or third-party rights

4. Service Scope & Limitations

VulnX security reviews are professional assessments but have specific limitations:

What We Review

• Public-facing web applications and websites
• Web Server configuration and common security issues
• Authentication mechanisms and input validation
• API security (for accessible endpoints)
• Exposed information and potential data exposures
• Third-party service integrations

What We May Not Cover

• Physical security or data center security
• Internal network testing (if not accessible externally)
• Detailed code review (available in Priority tier only)
• Denial-of-Service (DoS) testing or load testing
• Compliance certifications (we provide findings, not certifications)
• Zero-day vulnerability discovery (we test known attack vectors)
• Systems outside the agreed scanning scope

Important Notes

• Reports are based on the state of your website at the time of review
• We cannot guarantee discovery of every vulnerability
• Environmental changes may affect findings (different servers, versions, configurations)
• Findings depend on access level and website responsiveness
• Some findings may vary between review runs

5. Report Usage & Intellectual Property

Report Ownership: You own the security findings in your report. However, you agree not to:

• Publicly disclose findings without responsible disclosure practices
• Share reports with competitors for competitive advantage
• Republish the report claiming you conducted the review
• Use findings to attack or harm the tested website

VulnX IP: The VulnX platform, tools, methodology, templates, and processes are proprietary intellectual property. You may not copy, modify, or create derivative works without permission.

6. Account Responsibilities

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Not sharing your login information with unauthorized persons
• Immediately notifying VulnX of unauthorized access
• Ensuring all information in your account is accurate and current
• All activities that occur under your account

7. Payment Terms

Pricing: VulnX offers clearly defined pricing tiers. Prices are in Indian Rupees (₹) and are subject to change with notice.

Payment Processing: Payments are processed securely through Razorpay. You authorize VulnX to charge your chosen payment method for the selected plan.

Billing: Payment is due upon confirmation of your audit request. Your review will not begin until payment is successfully processed.

Invoices: Receipts and invoices are available in your dashboard.

8. Refunds & Cancellations

Please see our separate Refund Policy and Cancellation Policy for detailed information on when refunds are available and how to request them.

In summary:

• Refunds are available before review work begins
• No refunds after the review is started
• Cancellations must be requested in writing
• Refunds are processed within 5-7 business days

9. Limitation of Liability

Disclaimer: VulnX is provided "as is" without warranties of any kind.

To the fullest extent permitted by law:

• VulnX is not liable for indirect, incidental, special, or consequential damages
• VulnX's total liability is limited to the amount paid for the service
• VulnX is not liable for data loss, unauthorized access, or network issues beyond our control
• VulnX is not liable if you disregard security recommendations
• VulnX is not liable if your website is compromised after the review

Security reviews reduce risk but do not eliminate it. Implementation of recommendations is your responsibility.

10. Warranties Disclaimer

VulnX makes no express or implied warranties:

• We do not warrant that the platform will be error-free or uninterrupted
• We do not guarantee discovery of all vulnerabilities
• We do not provide compliance certifications or legal advice
• We do not guarantee that your website will be secure after following recommendations

11. Indemnification

You agree to indemnify and hold harmless VulnX from any claims, damages, or costs arising from:

• Your violation of these terms
• Your use of VulnX services
• Your unauthorized testing of third-party systems
• Misuse of security findings
• Your violation of applicable laws

12. Service Availability & Interruptions

VulnX strives for reliable service but does not guarantee 100% uptime. We are not liable for:

• Service interruptions or downtime
• Data loss due to service failures
• Delays in report delivery due to technical issues
• Third-party service failures (hosting, payment processors)

13. Suspension & Termination

VulnX reserves the right to:

• Suspend or terminate your account if you violate these terms
• Refuse service to unauthorized or fraudulent requests
• Terminate service for illegal activities
• Suspend accounts with fraudulent payment methods

Upon termination, your access to reports and account data will be disabled.

14. Governing Law & Dispute Resolution

Governing Law: These terms are governed by and construed in accordance with the laws of India, without regard to conflict of law principles.

Jurisdiction: Any legal action or claim will be filed exclusively in the courts of India, and you consent to the exclusive jurisdiction and venue.

Dispute Resolution: We encourage you to contact us to resolve any disputes. If informal resolution fails, disputes may proceed to arbitration or litigation.

15. Changes to Terms

VulnX may update these terms at any time. Material changes will be communicated via email or notice on the website. Your continued use of the platform constitutes acceptance of updated terms.

Questions?

If you have questions about these terms, please contact us at: