The terms and conditions governing your use of our platform.
These Terms of Service ("Terms") are the terms and conditions governing the Subscriber's use of the Services and constitute a legally binding agreement between (I) the corporate entity, LLP, corporation, LLC, partnership, sole proprietorship, or other business entity ("Subscriber," "you," or "your") accepting these Terms and (II) 10x Pentest AI, Inc., a corporation organized under the laws of the State of Delaware, having its principal place of business at 2261 Market Street STE 61091, San Francisco, CA 94114, United States (the "Company," "we," "us," or "our").
These Terms govern your use of and access to the Services provided by the Company, including the AI-powered autonomous penetration testing platform accessible at portal.10xpentest.com and related websites, APIs, and professional services.
By accessing or using our Services in any manner, you signify that you have read, understood, and irrevocably agree to be bound by these Terms. If you do not agree with all of these Terms, you must immediately discontinue any use or access to the Services.
Unless context otherwise requires, capitalized terms used in these Terms shall have the following meanings:
The meanings set forth for defined terms herein shall be equally applicable to both singular and plural forms as context may require. Any reference to any statute shall be construed as including a reference to that statute as from time to time amended. The words "include" and "including" shall be deemed followed by "without limitation." All capitalized terms not defined in Section 1.1 shall have the meaning assigned to them elsewhere in the Agreement.
By electronically accepting the Agreement, executing a Service Order, or by accessing or using the Services, you represent and warrant that you have the legal capacity and authority to enter into this binding Agreement on behalf of yourself or the entity you represent, and that you have obtained all necessary internal authorizations to do so.
The Agreement, including these Terms and any executed Service Order(s), represents the entire understanding between the Parties regarding the subject matter herein and supersedes all prior oral or written agreements, representations, and understandings.
All Service Orders must be separately executed and signed (including via electronic signature) by duly authorized representatives of each Party and shall form an integral part of these Terms upon execution.
The Company agrees to provide Subscribers with access to its AI-driven autonomous penetration testing platform and, where separately contracted, Professional Services. The Services include, without limitation:
The scope of Services, any modifications thereto, Fees, Credits, timelines, deliverables, and other commercial or technical terms shall be negotiated in good faith and documented in dedicated Service Orders. Any Service Order may be amended or replaced by mutual written agreement.
The Subscriber acknowledges that Services may vary depending on the specific Service Order, the Target Scope, and associated technical requirements. The Company makes no warranties or guarantees beyond those expressly stated in the relevant Service Order.
No Services shall be deemed authorized or provided unless supported by a fully executed Service Order or, for self-service Platform Audits, a valid Credit balance or completed payment.
The Subscriber hereby agrees and undertakes that it shall, and shall procure that its employees, sub-contractors, agents, or representatives shall:
The Company charges a fixed Audit Fee per Audit, as published on the Platform or as set forth in the applicable Service Order. Audit Fees are exclusive of applicable taxes, including federal, state, and local sales tax, VAT, GST, and any other statutory levies, which shall be payable by the Subscriber unless otherwise stated in writing.
The Company offers a Credit-based prepayment system through which Subscribers may purchase Credits to fund future Audits or other eligible Services. Key terms governing Credits:
The Subscriber agrees to pay all Fees within 30 days from receipt of the respective invoice, unless otherwise specified in the Service Order. For Credit purchases and self-service Audit Fees made through the Platform, payment is due immediately at the time of purchase.
If payment is not received by the due date, the Company reserves the right to charge interest on the overdue amount at the maximum rate permitted under Applicable Law or 1.5% per month on the unpaid balance, whichever is lower.
The Company may suspend or terminate Services if payment of Fees is overdue or if the Subscriber materially breaches these Terms or the applicable Service Order. Suspension does not relieve the Subscriber of the obligation to pay all outstanding Fees or forfeit unused Credits.
Either Party may terminate the Agreement immediately upon written notice to the other Party if: (a) the other Party materially breaches the Agreement and fails to cure such breach within 15 days of written notice; (b) the other Party becomes insolvent, bankrupt, or assigns all or a substantial part of its business for the benefit of creditors; or (c) in the case of the Subscriber, the Subscriber fails to meet its payment obligations.
In the event of termination by the Company due to Subscriber breach, the Subscriber shall become liable to pay the entire amount of Fees set forth in the applicable Service Order immediately, together with any applicable interest. Any unused Credits shall be forfeited without refund.
Upon termination or expiry, both Parties shall ensure that all Confidential Information and Intellectual Property materials of the other Party are returned or securely destroyed, except to the extent that retention is required by Applicable Laws.
Background IP: All IPR existing prior to the Agreement shall remain the sole property of the Party owning such rights. Neither Party acquires any ownership interest in the other Party's Background IP by virtue of the Agreement.
Company Platform & AI IP: The Company retains all right, title, and interest in and to the Platform, the AI Pentest Engine, AI models, algorithms, machine learning systems, automation scripts, methodologies, tools, techniques, software, and all improvements, updates, and derivative works thereof. The Subscriber's use of the Services does not transfer any rights in the Platform or AI Pentest Engine to the Subscriber.
Deliverables & Reports: Subject to full payment of all applicable Fees, the Company grants the Subscriber a perpetual, non-exclusive, royalty-free, internal-use license to use, reproduce, and distribute the specific Audit reports and deliverables produced for the Subscriber. All methodologies, tools, and processes underlying such deliverables remain the exclusive property of the Company.
Feedback & Improvements: If the Subscriber provides feedback, suggestions, or ideas regarding the Services ("Feedback"), the Subscriber hereby grants the Company an irrevocable, perpetual, royalty-free, worldwide license to use, incorporate, and commercialize such Feedback without restriction or compensation.
Each Party agrees to keep confidential and not to disclose or use any Confidential Information of the other Party except to fulfill its obligations under the Agreement, as otherwise expressly permitted by the Agreement, or as required by Applicable Laws.
The receiving Party shall exercise at least the same degree of care to protect the disclosing Party's Confidential Information as it does for its own confidential information, but in no event less than a reasonable standard of care.
Confidential Information may be disclosed only to those Representatives who have a strict need to know such information for the purpose of performing obligations under the Agreement.
The confidentiality obligations in this Section 8 shall survive termination or expiration of the Agreement for a period of 3 years, except with respect to trade secrets, which shall be protected for so long as they remain trade secrets under Applicable Laws.
In the course of providing the Services, the Company and its Representatives may obtain access to Personal Data. Such Personal Data shall be considered Confidential Information and protected in accordance with the Agreement and Applicable Laws, including the CCPA, CPRA, and other applicable U.S. federal and state privacy laws.
The Company shall: implement all reasonable technical and organizational measures to prevent unauthorized or unlawful access to Personal Data; promptly notify the Subscriber in writing upon becoming aware of any data breach affecting Personal Data; not provide, share, sell, or transfer any Personal Data to any third party except as required by Applicable Laws; access, use, maintain, and process Personal Data solely to fulfill its obligations under the Agreement; and maintain a Privacy Policy at www.10xpentest.com/privacy-policy that complies with Applicable Laws.
Each Party represents and warrants that: (a) it has the full power and authority to enter into and perform its obligations under these Terms; (b) it will comply with all Applicable Laws in its performance; and (c) it will not use the Services for any unlawful or unauthorized purpose.
The Subscriber specifically represents and warrants that all information provided to the Company is accurate and complete; it has obtained all necessary rights, licenses, consents, and authorizations for the Company to access and test the Target Scope systems; it is the owner of, or has explicit written authorization from the owner of, all systems, applications, and assets designated within the Target Scope; and its use of the Services will at all times comply with all Applicable Laws, including computer fraud and abuse statutes, data protection laws, and cybersecurity regulations.
The Company represents and warrants that it will perform the Services using qualified personnel and in a professional manner consistent with prevailing industry standards.
THE COMPANY SHALL USE REASONABLE EFFORTS CONSISTENT WITH PREVAILING INDUSTRY STANDARDS TO MAINTAIN THE SERVICES AND MINIMIZE ERRORS AND INTERRUPTIONS. HOWEVER, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NON-INFRINGEMENT.
The Company does not warrant that the Services will identify all vulnerabilities in the Subscriber's systems or that Audit results will be exhaustive or error-free. Penetration testing, whether AI-driven or manual, is inherently limited in scope and is not a guarantee of security. The Company shall not be liable for any security incident, data breach, or system compromise that occurs before, during, or after the performance of Services.
Each Party shall indemnify, hold harmless, and defend the other Party and its respective directors, officers, employees, agents, and representatives from any and all losses, damages, costs, claims, and expenses (including reasonable attorneys' fees) arising from: (a) the indemnifying Party's failure to perform any obligation required under the Agreement; (b) any material breach by the indemnifying Party of any covenant or obligation under the Agreement; or (c) any representation made by the indemnifying Party that is knowingly untrue, false, or inaccurate.
The Subscriber shall additionally indemnify and hold harmless the Company against any claims, losses, damages, or expenses arising from: (a) the Subscriber's testing of systems or assets it did not have authorization to test; (b) the Subscriber's use of Audit results or deliverables in violation of Applicable Laws; or (c) any third-party claim arising from the Subscriber's access to or use of the Services.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAWS, THE TOTAL AGGREGATE LIABILITY OF THE COMPANY TO THE SUBSCRIBER UNDER OR IN CONNECTION WITH THE AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY THE SUBSCRIBER TO THE COMPANY UNDER THE APPLICABLE SERVICE ORDER DURING THE 6 MONTHS IMMEDIATELY PRECEDING THE EVENT OR CLAIM GIVING RISE TO SUCH LIABILITY.
IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOST PROFITS, LOSS OF REVENUE, LOSS OF GOODWILL, LOSS OR CORRUPTION OF DATA, BUSINESS INTERRUPTION, OR ANY OTHER ECONOMIC LOSS, WHETHER OR NOT THE PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The limitations and exclusions in this Section 13 shall not apply to liability arising from: (a) fraud, willful misconduct, or gross negligence; (b) breach of confidentiality obligations; or (c) breach of applicable data protection or Personal Data obligations.
Neither Party may transfer, assign, subcontract, novate, or dispose of any of its rights or obligations under the Agreement without the prior written consent of the other Party, except that the Company may assign the Agreement to a successor entity in connection with a merger, acquisition, or sale of substantially all of its assets.
Neither Party shall be liable for any delay or failure in performance (other than payment obligations) caused by events beyond the reasonable control of the affected Party, including acts of God, war, insurrection, riots, cyberattacks on third-party infrastructure, or pandemic. If the Force Majeure event continues beyond 90 days resulting in material deficiency in Services, either Party may terminate the Agreement.
The Company reserves the right to amend or update these Terms at any time by posting the revised version on its website and notifying registered Subscribers via email at least 30 days prior to the effective date of material changes. Continued use of the Services following any such amendment constitutes the Subscriber's acceptance of the revised Terms.
The Company, in performing its obligations under the Agreement, shall act solely as an independent contractor. Nothing in the Agreement shall create any partnership, joint venture, agency, franchise, or fiduciary relationship between the Parties.
For a period of 2 years following the expiry or termination of the Agreement, the Subscriber shall not, without the Company's prior written consent, directly or indirectly solicit or encourage any person to leave the employment of the Company, or hire any person who was employed by the Company at any point within the 1 year period immediately preceding the expiry or termination of the Agreement.
If any provision of the Agreement is held to be invalid, illegal, or unenforceable under Applicable Laws, such provision shall be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, severed from the Agreement without affecting the validity and enforceability of the remaining provisions.
This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of laws principles.
The Parties shall first attempt to resolve any dispute through good-faith negotiation between senior representatives of both Parties for a period of 30 days after written notice of the dispute. If unresolved, the dispute shall be finally settled by binding arbitration administered by JAMS in San Francisco, California. The language of the arbitration shall be English.
The following provisions shall survive the expiration or termination of the Agreement: Section 1 (Definitions), Section 5.2 (Credits), Section 7 (Intellectual Property Rights), Section 8 (Confidentiality), Section 9 (Data Protection), Section 12 (Indemnification), Section 13 (Limitation of Liability), and Section 14 (General Terms).
10x Pentest AI, Inc.
2261 Market Street STE 61091, San Francisco, CA 94114, United States
Website: www.10xpentest.com
Platform: portal.10xpentest.com
Legal Inquiries: legal@10xpentest.com
Privacy / DPO: privacy@10xpentest.com
BY ACCESSING OR USING THE SERVICES, PURCHASING CREDITS, OR EXECUTING ANY SERVICE ORDER, YOU CONFIRM THAT YOU HAVE READ, UNDERSTOOD, AND ACCEPT THESE TERMS OF SERVICE IN THEIR ENTIRETY AND AGREE TO BE LEGALLY BOUND BY THEM.
© 2025 10x Pentest AI, Inc. All rights reserved. This document does not constitute legal advice. Consult qualified legal counsel for advice specific to your jurisdiction and business circumstances.