Terms of Service

1. Agreement to Terms

By accessing or using the services provided by pentests.work ("Service"), operated by Triton InfoSec ("Company", "we", "us"), you agree to be bound by these Terms of Service. If you do not agree to these terms, do not use the Service.

2. Description of Service

pentests.work provides web application penetration testing services. Our service includes automated scanning, AI-guided testing, and human expert verification of findings. Deliverables include a detailed report with findings, severity ratings, reproduction steps, and remediation guidance.

3. Authorization to Test

By ordering a penetration test, you represent and warrant that you have the legal authority to authorize testing of the target application. You must be the owner of the application or have explicit written permission from the owner. Testing will not commence until a signed Authorization to Test agreement is in place.

4. Testing Scope and Limitations

Testing is performed within the scope defined in the Statement of Work. Our Starter and Professional plans are designed for non-production (staging or development) environments. Production environment testing is available under the Enterprise plan with expert-guided controls.

Our automated systems may interact with application elements including buttons, forms, and links. While we take precautions to minimize impact, we cannot guarantee that testing will not affect application data or state. You are responsible for maintaining backups of your data before testing begins.

5. Payment Terms

All prices are listed in USD and are due at the time of ordering. Payment is processed via Stripe. Testing begins after payment is received and the Authorization to Test agreement is signed. Refunds are available if testing has not yet commenced.

6. Confidentiality

We treat all information obtained during testing as strictly confidential. We will not disclose your data, findings, or engagement details to any third party without your written consent. A mutual Non-Disclosure Agreement (NDA) is signed before each engagement.

7. Data Handling and Destruction

Any data collected during testing (screenshots, logs, evidence) is stored securely and encrypted at rest. Test data is retained for 90 days after report delivery to support re-testing, after which it is permanently destroyed. You may request earlier deletion at any time.

8. Limitation of Liability

Penetration testing, by its nature, involves simulating attacks against systems. While we use industry-standard methods and take precautions, we cannot guarantee that testing will not cause unintended disruption. Our total liability is limited to the amount paid for the specific engagement.

The Service does not guarantee that all vulnerabilities will be found. A penetration test is a point-in-time assessment and should be part of an ongoing security program.

9. Re-Testing

Free re-tests are included as specified in your plan. Re-tests must be requested within the re-test window (30, 90, or 180 days depending on your plan). Re-tests cover only the vulnerabilities identified in the original report.

10. Governing Law

These terms are governed by the laws of the jurisdiction in which the Company is incorporated. Any disputes shall be resolved through binding arbitration.

11. Changes to Terms

We reserve the right to update these terms at any time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the new terms.

12. Contact

For questions about these terms, contact us at legal@pentests.work.