Securing Connection

Initializing security protocols...

Back to Home

Terms of Service

Last updated: January 2025

1. Acceptance of Terms

By accessing and using the services provided by Scorpiones ("we," "our," or "us"), you ("Client" or "you") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, please do not use our services.

These Terms constitute a legally binding agreement between you and Scorpiones. By engaging our services, you represent that you have the authority to bind your organization to these Terms.

2. Security Assessment Services

2.1 Scope of Services

We provide professional penetration testing and security assessment services. For a comprehensive list of our service offerings, including network testing, application security, cloud assessments, and compliance testing, please visit our Services page.

All services are delivered by certified security professionals following industry-standard methodologies and best practices.

2.2 Service Execution

All security assessments will be conducted according to:

  • The agreed-upon scope and Rules of Engagement (ROE)
  • Industry-standard methodologies (OWASP, NIST, PTES, MITRE ATT&CK)
  • Responsible disclosure practices and coordinated vulnerability disclosure
  • Applicable legal and regulatory requirements
  • Professional ethical standards and hacker ethics
  • Minimal impact approach to avoid service disruption

3. Client Responsibilities

3.1 Authorization

You warrant and represent that:

  • You own or have explicit written authorization to test all systems, networks, and applications in scope
  • You have obtained all necessary approvals from system owners, including cloud providers and third-party vendors
  • You will clearly identify production systems, critical infrastructure, and any out-of-scope assets
  • You have notified relevant third parties (hosting providers, ISPs, cloud services) about authorized testing activities
  • All provided IP addresses, domains, and URLs are accurate and belong to your organization

3.2 Information and Access

You agree to provide:

  • Complete and accurate target lists including IP ranges, domains, and application URLs
  • Test accounts and credentials for authenticated testing
  • VPN access or whitelisting for internal network testing
  • Application architecture diagrams and API documentation
  • Emergency contacts available 24/7 during testing windows
  • Timely responses to critical findings requiring immediate attention
  • Testing environment access separate from production when applicable

4. Confidentiality

4.1 Mutual Non-Disclosure

Both parties agree to maintain strict confidentiality regarding:

  • All discovered vulnerabilities, exploits, and security weaknesses
  • Proof-of-concept code and exploitation techniques
  • Network topologies, system configurations, and credentials
  • Sensitive data encountered during testing
  • Business logic flaws and process vulnerabilities
  • Proprietary information and intellectual property
  • Any data exfiltrated as proof during testing

4.2 Data Protection

We implement industry-standard security measures to protect all confidential information, including:

  • AES-256 encryption for all client data and findings
  • Isolated testing infrastructure per client engagement
  • Secure evidence collection and chain of custody procedures
  • Encrypted communication channels for all sensitive discussions
  • Client data stored in encrypted NAS for 1 year per compliance requirements
  • Secure deletion of data after retention period expires
  • Background-checked and NDA-bound security professionals
  • Regular third-party security audits of our infrastructure

5. Limitations and Disclaimers

5.1 No Guarantee of Complete Security

While we employ industry-leading methodologies and expertise, we cannot guarantee:

  • Detection of all vulnerabilities (including zero-days)
  • Prevention of all future security breaches or incidents
  • Complete protection against Advanced Persistent Threats (APTs)
  • Discovery of vulnerabilities requiring extensive time or resources
  • Detection of insider threats or physical security issues
  • Absolute security of any system or application

5.2 System Impact

Security testing may potentially cause:

  • Temporary system performance degradation during scanning
  • Service interruptions from exploitation attempts
  • Account lockouts from brute-force testing
  • IDS/IPS alerts and security incident triggers
  • WAF blocks and rate limiting activations
  • Database locks during SQL injection testing
  • Memory consumption from fuzzing activities

We will make reasonable efforts to minimize such impacts and coordinate testing windows with you.

6. Liability

6.1 Limitation of Liability

To the maximum extent permitted by law, our total liability for any claims arising from or related to these Terms or our services shall not exceed the total fees paid by you for the specific service giving rise to the claim.

6.2 Exclusion of Damages

Neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, or use, even if advised of the possibility of such damages.

6.3 Indemnification

You agree to indemnify and hold us harmless from any claims, damages, or expenses arising from:

  • Your breach of these Terms
  • Unauthorized access or testing of third-party systems
  • Misrepresentation of ownership or authorization
  • Failure to properly implement our security recommendations

7. Intellectual Property

7.1 Ownership

Each party retains ownership of its pre-existing intellectual property. We retain ownership of:

  • Our proprietary testing methodologies and frameworks
  • Custom exploitation tools and scripts
  • Report templates and vulnerability rating systems
  • General penetration testing techniques and procedures
  • Security research and knowledge gained (excluding your specific vulnerabilities)

7.2 Deliverables

Upon full payment, you own the specific deliverables created for your engagement, including:

  • Detailed penetration testing reports with CVSS scores
  • Proof-of-concept exploits for discovered vulnerabilities
  • Risk-prioritized remediation roadmaps
  • Executive summaries and technical appendices
  • Retest reports validating remediation efforts
  • Compliance attestation letters when applicable

8. Termination

8.1 Termination Rights

Either party may terminate the engagement:

  • For material breach with 30 days written notice to cure
  • Immediately for breach of confidentiality
  • For convenience with 30 days written notice

8.2 Effect of Termination

Upon termination:

  • All testing activities will cease immediately
  • Confidentiality obligations survive termination
  • We will provide reports for work completed to date
  • All collected data will be handled per our retention policy

9. General Provisions

9.1 Governing Law

These Terms are governed by the laws of the jurisdiction where Scorpiones is registered, without regard to conflict of law provisions.

9.2 Dispute Resolution

Any disputes will be resolved through:

  • Good faith negotiations between the parties
  • Mediation if negotiations fail
  • Binding arbitration as a last resort

9.3 Entire Agreement

These Terms, together with any applicable Statement of Work and Non-Disclosure Agreement, constitute the entire agreement between the parties.

9.4 Amendments

We reserve the right to update these Terms. Material changes will be communicated to active clients with at least 30 days notice.

9.5 Severability

If any provision of these Terms is found unenforceable, the remaining provisions will continue in full force and effect.

10. Contact Information

For questions about these Terms of Service, please contact us:

Legal: [email protected]

Security: [email protected]