Terms of Service

Last updated: March 28, 2026

1. Acceptance of Terms

Welcome to Pentrust (“Company,” “we,” “us,” or “our”). By accessing or using our website at pentrust.dev (“Website”), our automated penetration testing platform (“Services”), or any related applications, APIs, or services, you agree to be bound by these Terms of Service (“Terms”). If you do not agree to these Terms, you must not access or use our Services.

These Terms constitute a legally binding agreement between you and Pentrust regarding your use of our Services. Please read them carefully.

2. Eligibility and Account Registration

2.1 Age Requirement.

You must be at least 18 years old or the age of legal majority in your jurisdiction to use our Services. By using our Services, you represent and warrant that you meet this eligibility requirement.

2.2 Account Creation.

To access certain features of our Services, you must create an account. You agree to provide accurate, current, and complete information during registration and to keep your account information updated. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

2.3 Account Security.

You agree to notify us immediately of any unauthorized access to or use of your account. We will not be liable for any loss or damage arising from your failure to secure your account credentials.

3. Critical: Authorization Requirement for Security Testing

BY USING OUR PENETRATION TESTING SERVICES, YOU EXPLICITLY CONFIRM AND WARRANT THAT:

3.1 Ownership or Authorization.

You either (a) own the domain, website, application, or system being tested (“Target”), or (b) have explicit, documented authorization from the owner to conduct security testing on the Target. This includes obtaining written permission from all relevant stakeholders, including hosting providers, cloud service providers, and any third-party service integrators whose systems may be impacted.

3.2 Legal Compliance.

Your use of our Services complies with all applicable laws, regulations, and industry standards, including but not limited to:
  • The Computer Fraud and Abuse Act (CFAA) and similar laws in your jurisdiction
  • Data protection and privacy laws (GDPR, CCPA, etc.)
  • Bug bounty program terms and responsible disclosure policies
  • Service provider terms of service

3.3 Domain Verification.

Before initiating any scan, you must complete our domain verification process, which may include DNS TXT record verification, meta tag verification, or HTML file upload. This verification does not replace the need for explicit authorization to test the Target.

3.4 Prohibited Targets.

You may not use our Services to test:
  • Domains or systems you do not own or have explicit authorization to test
  • Government systems without proper authorization
  • Critical infrastructure without authorization
  • Financial institutions' production systems without authorization
  • Healthcare systems containing protected health information (PHI) without proper authorization
  • Educational institutions' systems without authorization
  • Any system where such testing would violate applicable laws

3.5 Indemnification.

You agree to indemnify, defend, and hold harmless Pentrust, its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or relating to your violation of this Section 3 or any unauthorized use of our Services to test systems without proper authorization.

4. Acceptable Use Policy

4.1 Permitted Uses.

You may use our Services only for lawful purposes and in accordance with these Terms. Our Services are designed to help authorized security professionals and developers identify and remediate security vulnerabilities in systems they own or are authorized to test.

4.2 Prohibited Activities.

You agree not to:
  • Use our Services for any illegal purpose or in violation of any laws
  • Attempt to bypass or circumvent any security measures of our Services
  • Interfere with or disrupt the integrity or performance of our Services
  • Attempt to probe, scan, or test the vulnerability of our systems without authorization
  • Transmit any viruses, worms, malware, or other malicious code through our Services
  • Engage in any activity that could damage, disable, overburden, or impair our Services
  • Use our Services to send unsolicited communications or spam
  • Use our Services to harvest or collect email addresses or other contact information
  • Use automated scripts or bots to access our Services except as expressly permitted
  • Reverse engineer, decompile, or disassemble any portion of our Services
  • Remove or alter any copyright, trademark, or other proprietary notices
  • Share your account credentials with any third party
  • Use our Services to test systems without proper authorization
  • Exploit vulnerabilities found through our Services for malicious purposes

5. Service Description and Limitations

5.1 Service Description.

Pentrust provides automated AI-driven penetration testing and security scanning services. Our Services use automated tools and AI agents to identify potential security vulnerabilities in authorized targets.

5.2 Safety Guarantees.

We implement the following safety measures:
  • Domain verification required before scanning
  • No destructive actions (DELETE requests are blocked)
  • Rate limiting (maximum 500 requests per scan, 30 requests per minute per agent)
  • Scope locking (agents do not follow external domain links)
  • 30-minute hard limit per scan
  • Emergency kill switch functionality

5.3 Limitations.

You acknowledge and agree that:
  • Our Services may not detect all vulnerabilities
  • False positives and false negatives may occur
  • Scanning may cause temporary performance impacts on the Target
  • We do not guarantee complete security coverage
  • AI-generated findings should be validated by qualified security professionals
  • Our Services are not a substitute for manual penetration testing in all cases

6. Data and Scan Results

6.1 Ownership of Results.

You retain ownership of all scan results and findings generated for your authorized Targets. We grant you a license to use these results for your internal security purposes.

6.2 Data Storage.

Scan results are stored in our systems for the duration of your subscription and as required by law. You may delete your scan history at any time through your dashboard.

6.3 Confidentiality.

We treat your scan results as confidential and will not disclose them to third parties except as required by law or with your explicit consent.

6.4 Responsible Disclosure.

If you discover vulnerabilities through our Services, you agree to follow responsible disclosure practices, including:
  • Not exploiting vulnerabilities for malicious purposes
  • Not disclosing vulnerabilities publicly before giving the owner reasonable time to remediate
  • Following applicable bug bounty program rules

7. Subscriptions and Payments

7.1 Subscription Plans.

We offer various subscription plans with different features and limitations. Details of current plans are available on our Pricing page.

7.2 Payment Terms.

By subscribing to a paid plan, you agree to pay all fees associated with your subscription. All fees are non-refundable except as required by law or as expressly stated in these Terms.

7.3 Cancellation.

You may cancel your subscription at any time. Cancellation will take effect at the end of your current billing period. You will not receive a refund for any unused portion of your subscription.

7.4 Changes to Pricing.

We reserve the right to modify our pricing at any time. Price changes will take effect at the start of your next billing period after notice is provided.

8. Intellectual Property

8.1 Our Intellectual Property.

The Website, Services, and all content, features, and functionality (including but not limited to software, algorithms, AI models, text, graphics, logos, icons, images, audio clips, and the selection and arrangement thereof) are owned by Pentrust or our licensors and are protected by copyright, trademark, patent, and other intellectual property laws.

8.2 License to You.

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use our Services for their intended purpose.

8.3 Feedback.

Any feedback, suggestions, or ideas you provide regarding our Services may be used by us without restriction or compensation to you.

9. Disclaimer of Warranties

OUR SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

WE DO NOT WARRANT THAT OUR SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE, OR THAT ANY VULNERABILITIES WILL BE DETECTED. YOU USE OUR SERVICES AT YOUR OWN RISK.

10. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL PENTRUST, ITS OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM:

  • Your access to or use of, or inability to access or use, our Services
  • Any conduct or content of any third party on our Services
  • Any content obtained from our Services
  • Unauthorized access, use, or alteration of your transmissions or content
  • Any vulnerabilities that were not detected by our Services
  • Any damage caused by scans to your Target systems

OUR TOTAL LIABILITY TO YOU FOR ALL CLAIMS ARISING FROM OR RELATING TO THESE TERMS OR OUR SERVICES SHALL NOT EXCEED THE AMOUNT YOU PAID TO US FOR THE SERVICES DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR ONE HUNDRED DOLLARS ($100), WHICHEVER IS GREATER.

11. Termination

11.1 Termination by You.

You may terminate your account at any time by following the instructions on our Website or contacting us.

11.2 Termination by Us.

We may suspend or terminate your account and access to our Services immediately, without prior notice or liability, for any reason, including but not limited to:
  • Violation of these Terms
  • Suspected unauthorized use of our Services
  • Suspected fraudulent or illegal activity
  • Non-payment of fees
  • Conduct that we determine, in our sole discretion, to be harmful to other users, us, or third parties

11.3 Effect of Termination.

Upon termination, your right to use our Services will immediately cease. All provisions of these Terms which by their nature should survive termination shall survive, including but not limited to intellectual property provisions, warranty disclaimers, limitations of liability, and indemnification obligations.

12. Governing Law and Dispute Resolution

12.1 Governing Law.

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions.

12.2 Dispute Resolution.

Any dispute arising from or relating to these Terms or our Services shall first be addressed through good faith negotiation. If the dispute cannot be resolved through negotiation, it shall be submitted to binding arbitration in accordance with the rules of the American Arbitration Association.

12.3 Class Action Waiver.

YOU AGREE THAT ANY PROCEEDINGS, WHETHER IN ARBITRATION OR COURT, WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.

13. Changes to Terms

We reserve the right to modify or replace these Terms at any time. If a revision is material, we will provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion. By continuing to access or use our Services after any revisions become effective, you agree to be bound by the revised Terms.

14. Miscellaneous

14.1 Entire Agreement.

These Terms constitute the entire agreement between you and Pentrust regarding our Services and supersede all prior agreements and understandings.

14.2 Severability.

If any provision of these Terms is held to be invalid or unenforceable, such provision shall be struck and the remaining provisions shall be enforced to the fullest extent permitted by law.

14.3 Waiver.

Our failure to enforce any right or provision of these Terms shall not be considered a waiver of such right or provision.

14.4 Assignment.

You may not assign or transfer these Terms without our prior written consent. We may assign or transfer these Terms without restriction.

14.5 Contact Information.

If you have any questions about these Terms, please contact us at [email protected].