Terms of Service
1. Acceptance of Terms
By accessing or using RedTeamKit's services, you ("Client," "you," or "your") agree to be bound by these Terms of Service ("Terms"). These Terms constitute a legally binding agreement between you and RedTeamKit ("we," "us," or "our").
If you are entering into these Terms on behalf of a company or organization, you represent that you have the authority to bind that entity to these Terms.
Important: If you do not agree to these Terms, do not use our services. Proceeding with an engagement constitutes full acceptance of these Terms.
2. Service Description
RedTeamKit provides AI-powered security testing and penetration testing services for web applications, mobile applications, and APIs. Our services include:
- Automated Security Scanning: AI-driven vulnerability detection and analysis
- Manual Penetration Testing: Human security experts performing targeted attacks
- Security Audits: Comprehensive reviews of application security posture
- Vulnerability Reports: Detailed documentation of findings, risk ratings, and remediation guidance
- Consultation: Post-audit support and security recommendations
Our services are designed to identify security weaknesses before malicious actors do. We test for common vulnerabilities including but not limited to OWASP Top 10, authentication flaws, injection attacks, and business logic vulnerabilities.
3. Eligibility
To use our services, you must:
- Be at least 18 years of age or the age of majority in your jurisdiction
- Have the legal authority to engage security testing services
- Own or have explicit written authorization to test the target application
- Comply with all applicable laws and regulations
Legal Notice: Unauthorized security testing of systems you do not own is illegal. RedTeamKit will not engage in testing without proper authorization and reserves the right to request proof of ownership or written consent.
4. Engagement Process
Security testing engagements follow this process:
- Initial Consultation: You submit project details via our contact form or email
- Scope Definition: We review requirements and provide a detailed scope of work
- Agreement and Payment: You agree to the scope, sign authorization, and make payment
- Testing Phase: We conduct automated and manual security testing (typically 48 hours)
- Report Delivery: You receive a comprehensive PDF report with findings
- Consultation: We provide a debrief call to discuss findings and remediation
Changes to the agreed scope during an engagement may require additional fees and timeline adjustments.
5. Payment Terms
5.1 Pricing
RedTeamKit offers fixed-price security audits based on application complexity and scope. Pricing is provided in writing before engagement begins and includes:
- Full security audit (automated + manual testing)
- Comprehensive vulnerability report
- Post-audit consultation (30 minutes)
- 30-day email support for clarifications
5.2 Payment Schedule
Payment is due in full before testing begins.
We accept payment via bank transfer, credit/debit card (Stripe), and mobile money (PayStack for African clients). Testing will not commence until payment is confirmed.
5.3 Refund Policy
- Before Testing Begins: Full refund if you cancel before we start testing
- During Testing: 50% refund if engagement is cancelled mid-testing
- After Delivery: No refunds once the final report is delivered
5.4 Late Payments
For enterprise clients on NET-30 payment terms, invoices unpaid after 30 days will incur a 2% monthly late fee. Access to reports may be suspended until payment is received.
6. Deliverables and Timelines
6.1 Standard Deliverables
Each security audit includes:
- Executive Summary: High-level overview of findings for non-technical stakeholders
- Vulnerability Report: Detailed technical findings with severity ratings (Critical, High, Medium, Low, Info)
- Proof of Concept: Screenshots and reproduction steps for each vulnerability
- Remediation Guidance: Step-by-step instructions to fix identified issues
- OWASP/CWE References: Industry-standard classifications for each finding
6.2 Turnaround Time
Standard Turnaround: 48 hours from testing start to report delivery for typical web/mobile applications.
Complex Applications: 3-5 business days for enterprise-scale applications or extended scope engagements.
6.3 Report Format
Reports are delivered as professional PDF documents. Upon request, we can also provide findings in JSON/CSV format for integration with your issue tracking systems.
6.4 Re-Testing
After you remediate vulnerabilities, we offer free re-testing for critical and high-severity issues within 30 days of the original engagement.
7. Confidentiality
7.1 Our Commitment
RedTeamKit treats all client information as strictly confidential. We will not disclose:
- Vulnerabilities discovered during testing
- Application architecture, code, or business logic
- Test credentials or access keys
- Any proprietary or sensitive information obtained during the engagement
7.2 Non-Disclosure
We will never publicly disclose or share findings with third parties without your explicit written consent. For high-profile clients, we can sign your NDA before engagement begins.
7.3 Data Handling
All engagement data is encrypted at rest and in transit. Test data is securely deleted within 90 days of engagement completion unless you request earlier deletion or extended retention.
7.4 Anonymized Learning
We may use anonymized, non-identifying data from engagements to improve our testing methodologies and AI models. No client-specific or sensitive information is used.
8. Limitation of Liability
8.1 Service Scope
RedTeamKit provides security testing services to identify vulnerabilities. We do not:
- Guarantee that all vulnerabilities will be discovered
- Provide a certification of "secure" or "vulnerability-free"
- Assume responsibility for securing your application
- Guarantee protection against future attacks
No Absolute Security: Security testing is a point-in-time assessment. New vulnerabilities may be introduced with code changes, dependency updates, or evolving attack techniques. Regular testing is recommended.
8.2 Maximum Liability
To the fullest extent permitted by law, RedTeamKit's total liability for any claims arising from services provided shall not exceed the fees paid for the specific engagement in question.
8.3 Excluded Damages
We are not liable for indirect, incidental, consequential, or punitive damages including but not limited to:
- Loss of profits, revenue, or business opportunities
- Data loss or corruption (we test read-only when possible)
- Service downtime or degradation (testing is designed to be non-disruptive)
- Reputational damage
- Third-party claims
8.4 Client Responsibility
You are responsible for:
- Implementing security fixes and recommendations
- Maintaining backups before testing begins
- Notifying affected parties if required by law (e.g., data breach notifications)
- Ensuring your application's legal and regulatory compliance
9. Intellectual Property
9.1 Ownership of Reports
You own the security report and findings. Once delivered and paid for, the report is your property. You may share it internally, with auditors, investors, or compliance bodies as needed.
9.2 Ownership of Methodology
We own our testing methodologies, tools, and processes. The techniques, scripts, AI models, and proprietary tools used during testing remain RedTeamKit's intellectual property.
9.3 Client IP
We do not claim any ownership of your application, code, or data. All client intellectual property remains yours.
9.4 Trademarks
With your permission, we may list you as a client (company name/logo) on our website or marketing materials. You may opt out at any time.
11. Termination
11.1 By Client
You may terminate an engagement at any time by providing written notice. Refunds are subject to the terms in Section 5.3.
11.2 By RedTeamKit
We may terminate or suspend services immediately if:
- You violate these Terms
- We discover the testing is unauthorized or illegal
- Payment is not received as agreed
- You engage in abusive or threatening behavior toward our team
11.3 Effect of Termination
Upon termination:
- We will cease all testing activities immediately
- You will receive a report of findings discovered up to that point (if paid)
- Confidentiality obligations remain in effect
- Payment obligations for completed work remain due
12. Warranties and Disclaimers
12.1 Service Warranty
We warrant that:
- Services will be performed in a professional manner by qualified security experts
- Testing will follow industry-standard methodologies (OWASP, PTES, NIST)
- Reports will accurately reflect vulnerabilities discovered during testing
12.2 Disclaimer
SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. To the extent permitted by law, we disclaim all implied warranties including merchantability, fitness for a particular purpose, and non-infringement.
12.3 No Guarantee of Results
Security testing is inherently exploratory. We cannot guarantee:
- Discovery of all vulnerabilities
- That your application will pass compliance audits
- That you will be protected from future breaches
- Specific CVSS scores or vulnerability counts
13. Governing Law
These Terms are governed by the laws of Nigeria. Any disputes arising from these Terms or services provided will be resolved through:
- Negotiation: Good-faith attempt to resolve disputes directly
- Mediation: Binding mediation in Abuja, Nigeria
- Arbitration: Final arbitration if mediation fails
Both parties agree to waive the right to jury trial and class action lawsuits.
14. Changes to Terms
We may update these Terms from time to time. When we make significant changes:
- We will update the "Last Updated" date
- Active clients will be notified via email
- Continued use of services constitutes acceptance
Changes do not apply retroactively to engagements already in progress or completed.
15. Contact Information
Questions about these Terms? Need to request changes or clarifications? Contact us:
Get In Touch
Email: hello@redteamkit.com
Website: redteamkit.com
We respond to all inquiries within 24-48 hours.
By using RedTeamKit's services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.