Terms of Service

1. Acceptance of Terms

1.1 Agreement to Terms

By creating an account, accessing, or using our Services, you acknowledge that you have read, understood, and agree to be bound by these Terms, our Privacy Policy, our GDPR Compliance Notice, and any additional terms applicable to specific features you use. If you do not agree to these Terms, you must not access or use our Services.

1.2 Authority to Bind

If you are using the Services on behalf of an organization, company, or other legal entity ("Organization"), you represent and warrant that:

• You have the legal authority to bind that Organization to these Terms
• You have obtained all necessary approvals and authorizations
• The Organization agrees to be bound by these Terms
• References to "you" in these Terms include both you and the Organization

1.3 Eligibility

You must be at least 18 years of age and capable of forming a binding contract to use our Services. By using our Services, you represent and warrant that you meet these eligibility requirements.

2. Definitions

For the purposes of these Terms, the following definitions apply:

• "Content" means any data, text, graphics, images, reports, or other materials uploaded, submitted, or generated through the Services
• "Scan" or "Security Scan" means any automated or manual security testing performed through the Services
• "Target" means any system, application, network, domain, or asset that is the subject of a Security Scan
• "Findings" means vulnerabilities, security issues, or observations discovered during a Scan
• "Subscription" means your paid plan that grants access to specific Service features
• "User Data" means all data you submit to or generate through the Services
• "Authorized User" means any individual authorized by you to access the Services under your account

3. Description of Services

3.1 Platform Overview

NegevSecure provides an enterprise penetration testing platform that includes:

• Automated Vulnerability Scanning: Template-based security scanning powered by Nuclei with 9,000+ security templates
• AI-Powered Penetration Testing: Intelligent security testing using our Strix AI engine
• Web Application Security Testing: Comprehensive testing for OWASP Top 10 and beyond
• API Security Testing: REST, GraphQL, and SOAP API security assessment
• Infrastructure Assessment: Network and cloud configuration analysis
• Compliance Reporting: Detailed reports for regulatory compliance
• Findings Management: Triage, tracking, and remediation workflows

3.2 Service Availability

We strive to maintain 99.9% uptime for our Services. However, we reserve the right to:

• Perform scheduled maintenance with reasonable advance notice
• Perform emergency maintenance without prior notice when necessary
• Modify, suspend, or discontinue features with 30 days' notice

3.3 Service Limitations

You acknowledge that:

• No security testing tool can identify all vulnerabilities
• Results depend on proper configuration and scope definition
• Some security issues require manual verification
• False positives and false negatives may occur

4. Account Registration & Security

4.1 Account Creation

To use our Services, you must create an account by providing:

• Accurate and complete registration information
• A valid email address that you control
• Organization details (for business accounts)

4.2 Account Security

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Enabling multi-factor authentication (MFA) for enhanced security
• All activities that occur under your account
• Notifying us immediately of any unauthorized access at [email protected]

4.3 Account Restrictions

You agree not to:

• Share your account credentials with unauthorized parties
• Create multiple accounts to circumvent limitations
• Use another person's account without permission
• Sell, transfer, or assign your account

5. Authorized Use & Scanning Policy

5.1 Authorization Requirements

By initiating any Scan, you represent and warrant that:

• You own the Target system(s) being scanned, OR
• You have obtained explicit written authorization from the Target owner
• Your authorization covers the specific types of tests being performed
• Your testing falls within the authorized scope and timeframe
• You have notified all relevant stakeholders as required

5.2 Documentation

You must maintain documentation of your authorization to scan Targets, including:

• Written permission from asset owners
• Defined scope of testing
• Authorized testing windows
• Emergency contact information

You must provide this documentation upon request.

5.3 Scope Restrictions

Your scans must be limited to:

• Systems within your authorized scope
• The types of tests explicitly permitted
• The timeframes specified in your authorization

5.4 Prohibited Targets

You may not scan the following without explicit authorization:

• Government systems or critical infrastructure
• Financial institutions or payment systems
• Healthcare systems containing patient data
• Third-party systems or shared hosting environments
• NegevSecure's own infrastructure

6. Prohibited Activities

You agree not to engage in any of the following prohibited activities:

6.1 Unauthorized Access

• Scanning systems without proper authorization
• Attempting to access accounts or data belonging to others
• Circumventing security measures or access controls
• Using the Services to gain unauthorized access to any system

6.2 Malicious Activities

• Using findings to exploit vulnerabilities maliciously
• Distributing malware, ransomware, or malicious code
• Conducting denial-of-service attacks
• Using the Services to harm third parties

6.3 Service Abuse

• Interfering with or disrupting the Services
• Reverse engineering or decompiling our software
• Attempting to bypass rate limits or quotas
• Reselling or redistributing the Services without authorization
• Using automated means to access the Services beyond permitted APIs

6.4 Legal Violations

• Violating any applicable laws, regulations, or industry standards
• Infringing intellectual property rights
• Violating export control laws
• Processing data in violation of privacy laws

7. Payment, Billing & Taxes

7.1 Subscription Fees

Access to certain features requires a paid Subscription. By subscribing, you agree to:

• Pay all fees according to your selected plan
• Provide accurate billing information
• Keep your payment method current

7.2 Billing Cycles

• Monthly Plans: Billed in advance on a monthly basis
• Annual Plans: Billed in advance for the full year with applicable discount
• Enterprise Plans: Billed according to your specific contract terms

7.3 Automatic Renewal

Subscriptions automatically renew at the end of each billing period unless cancelled. You may cancel at any time through your account settings or by contacting support.

7.4 Price Changes

We may modify pricing with at least 30 days' advance notice. Price changes will take effect at the start of your next billing period. If you do not agree to a price change, you may cancel your subscription before it takes effect.

7.5 Taxes

All fees are exclusive of taxes. You are responsible for paying all applicable taxes, including VAT, GST, sales tax, and withholding taxes. We will collect taxes where required by law.

7.6 Late Payment

If payment fails or is overdue:

• We may suspend access to the Services after 7 days
• Interest may accrue at 1.5% per month on unpaid balances
• You remain liable for all accrued fees

7.7 Refunds

Refunds are handled according to our Refund Policy.

8. Intellectual Property Rights

8.1 Our Intellectual Property

NegevSecure and its licensors retain all rights, title, and interest in:

• The Services, including all software, algorithms, and technology
• Our trademarks, logos, and brand elements
• Documentation, templates, and educational materials
• Aggregated, anonymized data and analytics

8.2 Your Content

You retain ownership of your User Data and Content. By using our Services, you grant us a limited, non-exclusive license to:

• Process your data to provide the Services
• Store and back up your data
• Generate reports and analysis as requested

8.3 Feedback

If you provide feedback, suggestions, or ideas about our Services, we may use them without restriction or obligation to you.

9. Data & Security

9.1 Data Processing

Our collection and processing of personal data is governed by our Privacy Policy and GDPR Compliance Notice.

9.2 Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• 24/7 security monitoring
• SOC2 Type II certified infrastructure

9.3 Your Responsibilities

You are responsible for:

• Protecting scan results and findings as sensitive data
• Maintaining appropriate access controls within your organization
• Complying with applicable data protection laws
• Maintaining backups of critical data

10. Confidentiality

10.1 Confidential Information

Each party agrees to protect the other's confidential information with the same degree of care it uses to protect its own confidential information, but no less than reasonable care.

10.2 Exceptions

Confidentiality obligations do not apply to information that:

• Is or becomes publicly available through no fault of the receiving party
• Was known to the receiving party before disclosure
• Is independently developed without use of confidential information
• Is disclosed pursuant to legal requirement

11. Warranties & Disclaimers

11.1 Our Warranties

We warrant that:

• We will provide the Services with reasonable skill and care
• The Services will substantially conform to their documentation
• We have the right to provide the Services to you

11.2 Disclaimers

We do not warrant that:

• The Services will be uninterrupted, error-free, or secure
• All vulnerabilities will be detected
• Scan results will be complete or accurate
• The Services will meet your specific requirements
• Any errors will be corrected

12. Limitation of Liability

12.1 Exclusion of Damages

12.2 Liability Cap

Our total liability for all claims arising from or related to these Terms or the Services shall not exceed the greater of:

• The fees you paid to us in the 12 months preceding the claim, or
• $100 USD

12.3 Exceptions

These limitations do not apply to:

• Your breach of Section 5 (Authorized Use) or Section 6 (Prohibited Activities)
• Your indemnification obligations
• Fraud or willful misconduct
• Liability that cannot be limited by law

13. Indemnification

You agree to indemnify, defend, and hold harmless NegevSecure, its officers, directors, employees, agents, and affiliates from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

• Your use of the Services
• Your violation of these Terms
• Your violation of any applicable law or third-party rights
• Unauthorized scanning or testing
• Your User Data or Content

14. Term & Termination

14.1 Term

These Terms are effective from when you first access the Services and continue until terminated.

14.2 Termination by You

You may terminate your account at any time by:

• Cancelling your subscription through account settings
• Contacting support at [email protected]

14.3 Termination by Us

We may suspend or terminate your access immediately if:

• You violate these Terms, particularly Sections 5 or 6
• You fail to pay fees when due
• Required by law or legal process
• We reasonably believe your account poses a security risk

14.4 Effect of Termination

Upon termination:

• Your right to access the Services ends immediately
• You must pay any outstanding fees
• We may delete your data after 30 days (or as required by your plan)
• Provisions that should survive termination will survive

14.5 Data Export

You may export your data before termination through your account settings or by contacting support.

15. Dispute Resolution

15.1 Informal Resolution

Before initiating formal proceedings, you agree to contact us at [email protected] to attempt to resolve any dispute informally. We will attempt to resolve the dispute within 30 days.

15.2 Arbitration

If informal resolution fails, any dispute shall be resolved by binding arbitration administered by JAMS under its Commercial Arbitration Rules. The arbitration shall take place in San Francisco, California, and be conducted in English.

15.3 Class Action Waiver

You agree to resolve disputes only on an individual basis and waive the right to participate in class actions, class arbitrations, or representative actions.

15.4 Exceptions

Either party may seek injunctive relief in any court of competent jurisdiction for intellectual property violations or unauthorized access.

16. Governing Law & Jurisdiction

These Terms shall be governed by the laws of the State of California, USA, without regard to its conflict of law provisions. For any disputes not subject to arbitration, you consent to the exclusive jurisdiction of the state and federal courts located in San Francisco County, California.

17. Modifications to Terms

17.1 Changes

We may update these Terms from time to time. We will provide notice of material changes by:

• Posting the updated Terms on our website
• Sending an email to your registered address
• Displaying a notice in the Services

17.2 Acceptance

Your continued use of the Services after changes take effect constitutes acceptance of the updated Terms. If you do not agree to the changes, you must stop using the Services and terminate your account.

18. General Provisions

18.1 Entire Agreement

These Terms, together with our Privacy Policy and any applicable order forms, constitute the entire agreement between you and NegevSecure.

18.2 Severability

If any provision of these Terms is found unenforceable, the remaining provisions will continue in full force and effect.

18.3 No Waiver

Our failure to enforce any right or provision shall not constitute a waiver of that right or provision.

18.4 Assignment

You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

18.5 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from circumstances beyond their reasonable control.

18.6 Notices

Notices to you will be sent to your registered email address. Notices to us should be sent to [email protected].

18.7 Export Compliance

You represent that you are not located in a country subject to U.S. government embargo or designated as a "terrorist supporting" country, and you are not on any U.S. government prohibited or restricted party list.

19. Contact Information

For questions about these Terms of Service, please contact us: