Terms of Service

Last updated: September 14, 2024 | Effective Date: January 1, 2024

1. Acceptance of Terms

Welcome to Redrays. These Terms of Service ("Terms," "Agreement") constitute a legally binding agreement between you ("Client," "you," or "your") and Redrays ("Company," "we," "us," or "our") governing your access to and use of our website, services, and any related products or offerings.

By accessing our website, requesting information, or engaging our services, you acknowledge that you have read, understood, and agree to be bound by these Terms, as well as our Privacy Policy, which is incorporated herein by reference. If you do not agree to these Terms, you must not access or use our services.

These Terms apply to all visitors, users, and clients of our services. Additional terms may apply to specific services and will be disclosed in separate engagement agreements.

2. Definitions

For the purposes of this Agreement, the following definitions shall apply:

• "Assessment" means any security testing, evaluation, analysis, or related services performed by the Company.
• "Authorized Systems" means the systems, networks, applications, and infrastructure explicitly included in the scope of an engagement.
• "Deliverables" means any reports, documentation, findings, or other materials provided to the Client as part of an engagement.
• "Engagement" means a specific project or set of services agreed upon in a Statement of Work or similar document.
• "Findings" means any vulnerabilities, weaknesses, or security issues identified during an Assessment.
• "Scope" means the defined boundaries, targets, and parameters of an Assessment.
• "Statement of Work" or "SOW" means a document detailing the specific terms, scope, and deliverables of an Engagement.

3. Description of Services

Redrays provides professional security assessment and consulting services, including but not limited to:

• Penetration testing and vulnerability assessments
• Red team operations and adversary simulation
• Application security testing and code review
• Network and infrastructure security assessments
• Social engineering assessments
• Cloud security evaluations
• Security architecture review and consulting
• Incident response support and forensic analysis

The specific services provided in any Engagement will be detailed in a separate Statement of Work, which shall be incorporated into and form part of these Terms.

3.1 Nature of Services

Security assessments involve simulating real-world attack techniques to identify vulnerabilities. While we take all reasonable precautions to minimize impact, you acknowledge that these activities carry inherent risks, including potential system disruptions, data corruption, or service interruptions.

3.2 No Guarantee of Security

While our services aim to identify and help remediate security vulnerabilities, no assessment can guarantee the discovery of all vulnerabilities or provide absolute security. The absence of identified vulnerabilities does not mean a system is secure, and new vulnerabilities may emerge after an assessment is completed.

4. Eligibility

By engaging our services, you represent and warrant that:

• You are at least 18 years of age and have the legal capacity to enter into this Agreement
• You have the authority to bind the organization you represent to these Terms
• Your use of our services will not violate any applicable law or regulation
• You are not located in, under the control of, or a national or resident of any country subject to trade sanctions or embargoes

5. Authorization Requirements

5.1 Written Authorization

All security assessment activities require explicit written authorization from the asset owner(s) before commencement. The Company will not proceed with any assessment without proper documentation confirming authorization.

5.2 Client Warranties

By engaging our services, you warrant and represent that:

• You are the legal owner of, or have obtained authorization from the legal owner of, all systems included in the assessment scope
• You have the legal authority to authorize security testing of all in-scope systems
• The assessment activities will not violate any laws, regulations, or third-party agreements
• You have obtained all necessary approvals from relevant stakeholders, including cloud service providers, hosting providers, and any other applicable third parties
• You will provide accurate and complete information regarding system ownership and authorization

5.3 Third-Party Systems

For systems hosted by or involving third parties (including cloud providers, SaaS vendors, or managed service providers), you are responsible for obtaining necessary permissions and ensuring compliance with their acceptable use policies and terms of service.

6. Client Obligations

6.1 Cooperation

The Client agrees to:

• Provide accurate and complete information necessary for the performance of services
• Designate a primary point of contact with authority to make decisions
• Respond to communications in a timely manner
• Provide reasonable access to systems, documentation, and personnel as needed
• Notify the Company promptly of any changes that may affect the engagement

6.2 Safety and Preparation

Prior to assessment activities, the Client should:

• Ensure appropriate backups of critical systems and data
• Have incident response procedures in place
• Notify relevant internal teams about planned assessment activities
• Document current system configurations and baselines
• Prepare rollback procedures for critical systems

6.3 Restrictions

The Client shall not:

• Use assessment findings for illegal purposes
• Disclose findings in a manner that could harm third parties
• Misrepresent the scope or results of assessments
• Attempt to replicate or reverse-engineer the Company's methodologies or tools

7. Engagement Terms

7.1 Scope Definition

Each engagement will have a defined scope documented in a Statement of Work. The scope defines the boundaries of authorized testing and may include:

• Target systems, networks, and applications
• Testing methodologies and techniques permitted
• Timeframes and testing windows
• Out-of-scope systems and activities
• Rules of engagement and escalation procedures

7.2 Scope Changes

Any changes to the scope must be agreed upon in writing by both parties. Scope changes may affect project timelines and fees, which will be communicated before implementation.

7.3 Testing Windows

Unless otherwise specified, assessment activities will be conducted during agreed-upon testing windows. The Client may request specific timing requirements, which will be accommodated where possible.

7.4 Emergency Stop

Either party may request an immediate halt to testing activities at any time by contacting the designated emergency contact. The Company maintains emergency procedures to pause activities upon request.

8. Fees and Payment

8.1 Service Fees

Fees for services will be specified in each Statement of Work. Unless otherwise agreed, fees are based on the defined scope and estimated effort. Significant scope changes may result in adjusted fees.

8.2 Payment Terms

Unless otherwise specified in the Statement of Work:

• A deposit may be required before work commences
• Invoices are due within thirty (30) days of receipt
• Late payments may incur interest at the rate of 1.5% per month
• The Company reserves the right to suspend services for overdue accounts

8.3 Expenses

Pre-approved travel, equipment, or other expenses incurred in the performance of services will be billed separately at cost unless otherwise agreed.

8.4 Taxes

Fees are exclusive of all applicable taxes, levies, or duties. The Client is responsible for all such taxes, except those based on the Company's income.

9. Confidentiality

9.1 Confidential Information

Each party acknowledges that it may receive confidential information from the other party. "Confidential Information" includes all non-public information disclosed by either party, including but not limited to:

• Technical data, trade secrets, and know-how
• Business information, including plans and strategies
• Assessment findings, reports, and recommendations
• Security vulnerabilities and remediation guidance
• Client systems, networks, and infrastructure details
• Pricing and engagement terms

9.2 Protection of Confidential Information

Both parties agree to:

• Maintain confidential information using at least the same degree of care used to protect their own confidential information
• Use confidential information only for purposes related to this Agreement
• Limit disclosure to employees and contractors with a need to know
• Not disclose confidential information to third parties without prior written consent
• Return or destroy confidential information upon request or termination

9.3 Exceptions

Confidentiality obligations do not apply to information that:

• Is or becomes publicly available without breach of this Agreement
• Was known to the receiving party prior to disclosure
• Is independently developed without use of confidential information
• Is rightfully obtained from a third party without restriction
• Is required to be disclosed by law, regulation, or court order

9.4 Duration

Confidentiality obligations shall survive termination of this Agreement and continue for a period of five (5) years from the date of disclosure.

10. Intellectual Property

10.1 Company Property

All methodologies, tools, techniques, processes, software, and know-how used or developed by the Company in performing services remain the exclusive property of the Company. Nothing in this Agreement transfers ownership of such intellectual property to the Client.

10.2 Client Property

All information, systems, and materials provided by the Client remain the property of the Client. The Company acquires no rights to Client property except as necessary to perform services.

10.3 Deliverables

Upon full payment, the Client receives a non-exclusive, non-transferable license to use Deliverables for internal purposes. The Company retains ownership of all Deliverables and may use anonymized and aggregated data for research, benchmarking, and service improvement.

10.4 Feedback

Any suggestions, ideas, or feedback provided by the Client regarding the Company's services may be used by the Company without restriction or compensation.

11. Warranties and Disclaimers

11.1 Company Warranties

The Company warrants that:

• Services will be performed in a professional and workmanlike manner
• Personnel performing services are qualified and appropriately trained
• Services will comply with applicable laws and regulations
• The Company maintains appropriate professional liability insurance

11.2 Disclaimer of Warranties

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE COMPANY MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT. THE COMPANY DOES NOT WARRANT THAT SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.

11.3 No Security Guarantee

THE COMPANY DOES NOT GUARANTEE THAT ALL VULNERABILITIES WILL BE IDENTIFIED, THAT IDENTIFIED VULNERABILITIES WILL BE SUCCESSFULLY EXPLOITED, OR THAT SYSTEMS WILL BE SECURE AFTER REMEDIATION. SECURITY ASSESSMENTS REPRESENT A POINT-IN-TIME EVALUATION AND DO NOT PROVIDE ONGOING PROTECTION.

12. Limitation of Liability

12.1 Limitation

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

• Loss of profits, revenue, or business opportunities
• Loss of data or data corruption
• System downtime or business interruption
• Cost of substitute services
• Damages arising from security incidents occurring after assessment

12.2 Cap on Liability

THE COMPANY'S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID BY THE CLIENT FOR THE SPECIFIC ENGAGEMENT GIVING RISE TO THE CLAIM.

12.3 Acknowledgment

The Client acknowledges that security assessments involve inherent risks, including potential service disruptions, and agrees that the limitations set forth herein are fair and reasonable given the nature of services provided.

13. Indemnification

13.1 Client Indemnification

The Client agrees to indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• The Client's breach of this Agreement
• Misrepresentation of authorization or ownership
• Unauthorized use of assessment findings
• The Client's violation of any applicable law or regulation
• Third-party claims arising from the Client's actions or omissions

13.2 Indemnification Procedure

The indemnified party shall provide prompt written notice of any claim and cooperate with the indemnifying party in the defense of such claim. The indemnifying party shall have control of the defense and settlement, provided that any settlement that adversely affects the indemnified party requires written consent.

14. Termination

14.1 Termination for Convenience

Either party may terminate an engagement upon thirty (30) days' written notice. The Client shall pay for all services performed and expenses incurred through the termination date.

14.2 Termination for Cause

Either party may terminate immediately upon written notice if the other party:

• Materially breaches this Agreement and fails to cure within fifteen (15) days of notice
• Becomes insolvent or files for bankruptcy
• Engages in illegal or unethical conduct

14.3 Effect of Termination

Upon termination:

• All assessment activities shall immediately cease
• Each party shall return or destroy the other's confidential information
• The Client shall pay all outstanding fees
• Provisions regarding confidentiality, intellectual property, limitation of liability, and indemnification shall survive

15. Dispute Resolution

15.1 Informal Resolution

Before initiating formal proceedings, the parties agree to attempt to resolve disputes informally through good-faith negotiations between designated representatives.

15.2 Mediation

If informal resolution fails, the parties agree to submit the dispute to non-binding mediation before a mutually agreed-upon mediator. Each party shall bear its own costs, with mediation expenses shared equally.

15.3 Arbitration

If mediation is unsuccessful, disputes shall be resolved through binding arbitration in accordance with applicable arbitration rules. The arbitration shall be conducted before a single arbitrator, and the arbitrator's decision shall be final and binding.

15.4 Injunctive Relief

Notwithstanding the above, either party may seek injunctive or other equitable relief in court to prevent irreparable harm or protect confidential information.

16. Governing Law

This Agreement shall be governed by and construed in accordance with applicable law, without regard to conflicts of law principles. The parties consent to the exclusive jurisdiction of courts in the agreed-upon venue for any actions not subject to arbitration.

17. Modifications

The Company reserves the right to modify these Terms at any time. Changes will be effective upon posting to our website. Continued use of services after changes constitutes acceptance of the modified Terms. Material changes will be communicated via email or prominent website notice.

18. General Provisions

18.1 Entire Agreement

This Agreement, together with any Statement of Work and Privacy Policy, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous agreements, representations, and understandings.

18.2 Severability

If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

18.3 Waiver

The failure of either party to enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision.

18.4 Assignment

Neither party may assign this Agreement without the prior written consent of the other party, except that the Company may assign to an affiliate or in connection with a merger or acquisition.

18.5 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from circumstances beyond its reasonable control, including natural disasters, government actions, network failures, or other force majeure events.

18.6 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, employment, or agency relationship.

18.7 Notices

All notices shall be in writing and delivered by email with confirmation, registered mail, or overnight courier to the addresses specified in the Statement of Work.

18.8 Headings

Section headings are for convenience only and shall not affect the interpretation of this Agreement.

19. Contact Information

For questions regarding these Terms of Service, please contact us:

Redrays
Legal Department
Email: legal@redrays.com

For general inquiries, please use the contact form on our website or email info@redrays.com.