Legal Agreement

Terms of Service

Legal terms and conditions governing penetration testing services provided by Akinciborg Security

Last Updated: January 1, 2025

§ 1

Introduction & Acceptance

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client", "Customer", or "You") and Akinciborg Security, SIRET 891 836 413 00015, based in Metz, Grand Est, France ("Akinciborg", "We", "Us", or "Our").

By engaging our penetration testing services, requesting a quote, or signing a Statement of Work (SOW), you acknowledge that you have read, understood, and agree to be bound by these Terms.

Important: If you do not agree to these Terms, do not use our services. These Terms apply to all services provided by Akinciborg Security, including but not limited to web application penetration testing, API security testing, and security audits.

§ 2

Services Description

2.1 Scope of Services

Akinciborg Security provides professional penetration testing and security assessment services, including but not limited to:

  • Web application security testing
  • API security assessment (REST, GraphQL, SOAP)
  • Frontend and backend security analysis
  • Authentication and authorization testing
  • Secure code review
  • Cloud infrastructure security testing
  • Vulnerability assessment and remediation guidance

2.2 Testing Methodology

Our testing follows industry-standard methodologies including OWASP Testing Guide, PTES (Penetration Testing Execution Standard), and NIST SP 800-115. We employ both automated tools and manual testing techniques to identify security vulnerabilities.

2.3 Service Limitations

Our services do NOT include:

  • Physical security testing or on-site assessments
  • Social engineering attacks against employees
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) testing
  • Testing of systems not explicitly authorized by the Client
  • Remediation or fixing of discovered vulnerabilities (unless separately contracted)
  • Guarantee that all vulnerabilities will be discovered
§ 3

Authorization & Legal Compliance

3.1 Written Authorization Required

Client must provide explicit written authorization before any testing begins. This authorization must clearly specify:

  • All target systems, domains, IP addresses, and applications in scope
  • Systems and areas explicitly out of scope
  • Testing window and time restrictions
  • Any special conditions or limitations

Critical: Client represents and warrants that they have full legal authority to authorize testing on all systems within the engagement scope. Client must own or have explicit written permission from the system owner for all systems to be tested.

3.2 Third-Party Systems

If testing involves third-party systems (cloud providers, hosting services, etc.), Client is responsible for obtaining necessary permissions and notifying relevant parties. Akinciborg is not responsible for violations resulting from Client's failure to obtain proper authorization.

3.3 Rules of Engagement

A detailed Rules of Engagement (RoE) document will be agreed upon before testing begins, specifying:

  • Testing boundaries and restrictions
  • Communication protocols and emergency contacts
  • Data handling and privacy requirements
  • Acceptable testing techniques and forbidden actions
§ 4

Client Responsibilities

4.1 Information Provision

Client agrees to provide:

  • Accurate scope definition and target information
  • Test accounts and credentials (for grey/white box testing)
  • Technical documentation when applicable
  • Designated technical point of contact
  • Prompt responses to clarification questions during testing

4.2 System Preparation

Client is responsible for:

  • Ensuring systems are stable and properly configured before testing
  • Maintaining backups of all data and systems
  • Notifying relevant stakeholders about the testing
  • Coordinating with hosting providers if required

4.3 Cooperation

Client agrees to cooperate fully during the engagement, including providing timely access to systems and responding to questions. Delays caused by Client non-cooperation may result in extended delivery timelines or additional fees.

§ 5

Confidentiality & Data Protection

5.1 Mutual Confidentiality

Both parties agree to maintain strict confidentiality regarding all information disclosed during the engagement. This includes:

  • Technical architecture and system details
  • Discovered vulnerabilities and security findings
  • Source code and proprietary information
  • Business processes and sensitive data

5.2 Data Handling

Akinciborg will:

  • Handle all Client data in accordance with GDPR and applicable data protection laws
  • Use Client data solely for the purpose of providing contracted services
  • Implement appropriate security measures to protect Client data
  • Delete or return all Client data upon request after engagement completion

5.3 Non-Disclosure Agreement

A separate Non-Disclosure Agreement (NDA) may be executed upon Client request. Akinciborg is willing to sign Client's standard NDA or mutual NDA templates.

5.4 Vulnerability Disclosure

Akinciborg will NEVER publicly disclose vulnerabilities discovered during testing without explicit written permission from Client. All findings remain strictly confidential and are disclosed only to authorized Client personnel.

§ 6

Pricing & Payment Terms

6.1 Pricing

Services are priced according to our published pricing packages or custom quotes provided in the Statement of Work. All prices are in Euros (EUR) unless otherwise specified.

6.2 Payment Terms

Standard payment terms are:

  • 50% deposit: Due upon signing the Statement of Work, before testing begins
  • 50% final payment: Due upon delivery of the final report

Enterprise clients may negotiate alternative payment terms in their Statement of Work.

6.3 Accepted Payment Methods

We accept:

  • Bank transfer (SEPA, SWIFT)
  • Credit/Debit cards (via Stripe)
  • PayPal
  • Cryptocurrency (via Stripe)

6.4 Late Payments

Invoices not paid within 30 days of the due date will incur a late fee of 1.5% per month (18% annually) or the maximum rate permitted by law, whichever is lower. Akinciborg reserves the right to suspend services for accounts with overdue payments.

6.5 Additional Fees

Scope changes or additional testing requests may result in additional fees. Any scope expansion must be documented in writing and agreed upon by both parties before implementation.

§ 7

Deliverables & Timeline

7.1 Final Report

Upon completion of testing, Client will receive a comprehensive penetration testing report including:

  • Executive summary
  • Detailed vulnerability findings with severity ratings
  • Proof of concept demonstrations
  • Risk assessment and business impact analysis
  • Remediation recommendations
  • OWASP Top 10 mapping

7.2 Delivery Timeline

Standard delivery timelines:

  • Starter Package: 7 business days from testing start
  • Professional Package: 10-14 business days from testing start
  • Enterprise Package: As specified in Statement of Work

Timelines may be extended due to Client delays, scope changes, or unforeseen technical issues.

7.3 Critical Findings

If critical vulnerabilities are discovered during testing, Akinciborg will immediately notify Client's designated technical contact via email and phone (if provided). A preliminary report of critical findings will be provided within 24 hours of discovery.

7.4 Retest Services

Retest services are provided as follows:

  • Professional Package: One free retest within 90 days
  • Starter Package: Retest available at €50 per vulnerability
  • Enterprise Package: Unlimited retests as per agreement
§ 8

Limitations of Liability & Disclaimers

8.1 No Guarantee of Complete Coverage

While we employ industry-best practices and experienced security professionals, penetration testing cannot guarantee discovery of all vulnerabilities. Security testing is a point-in-time assessment, and new vulnerabilities may be introduced after testing is complete.

8.2 Limitation of Liability

To the maximum extent permitted by law, Akinciborg's total liability for any claims arising from or related to services provided shall not exceed the total fees paid by Client for the specific engagement giving rise to the claim.

8.3 No Liability for System Damage

Akinciborg employs non-destructive testing techniques and takes reasonable precautions to avoid system damage or disruption. However, Client acknowledges that penetration testing inherently involves risk and agrees that Akinciborg is not liable for:

  • System downtime or performance degradation during testing
  • Data loss or corruption (Client must maintain backups)
  • Business interruption resulting from testing activities
  • Third-party claims arising from authorized testing

8.4 Client's Security Responsibilities

Client acknowledges that they are ultimately responsible for their own security. Our report and recommendations are advisory in nature. Client is responsible for:

  • Implementing recommended security fixes
  • Maintaining ongoing security monitoring
  • Conducting regular security assessments
  • Training employees on security best practices

8.5 Exclusion of Consequential Damages

Neither party shall be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, or business opportunities, even if advised of the possibility of such damages.

§ 9

Intellectual Property Rights

9.1 Report Ownership

The final penetration testing report and all findings are the property of Client upon full payment. Client may use the report for internal purposes, compliance requirements, and sharing with authorized parties under NDA.

9.2 Methodology and Tools

Akinciborg retains all rights to its testing methodologies, tools, techniques, and processes. Client receives no license or rights to these proprietary methods.

9.3 Restrictions on Report Use

Client may not:

  • Publicly disclose the report without written permission
  • Use the report for marketing purposes without consent
  • Share the report with competitors or unauthorized third parties
  • Modify or alter the report content
§ 10

Termination & Cancellation

10.1 Client Termination

Client may terminate the engagement at any time by providing written notice. In case of termination:

  • Before testing begins: Client receives full refund minus 10% administrative fee
  • During testing: Client is charged for work completed up to termination date, with no refund
  • After report delivery: No refund available

10.2 Akinciborg Termination

Akinciborg reserves the right to terminate the engagement if:

  • Client fails to provide necessary authorization or cooperation
  • Client breaches these Terms
  • Testing activities are deemed illegal or unauthorized
  • Client fails to make required payments
  • Continuing the engagement poses legal or ethical concerns

In such cases, Client remains liable for all fees due for work completed.

10.3 Survival of Terms

Sections related to confidentiality, intellectual property, limitations of liability, and dispute resolution survive termination of the agreement.

§ 11

Warranties & Representations

11.1 Akinciborg Warranties

Akinciborg warrants that:

  • Services will be performed by qualified security professionals
  • Testing will follow industry-standard methodologies
  • We will exercise reasonable care and skill in performing services
  • We hold appropriate professional certifications (CEH)

11.2 Client Warranties

Client warrants and represents that:

  • They have legal authority to authorize testing on all in-scope systems
  • All provided information is accurate and complete
  • They have obtained necessary third-party permissions
  • Testing will not violate any laws or third-party agreements
  • They will maintain appropriate backups of all data

11.3 Disclaimer of Warranties

EXCEPT AS EXPRESSLY STATED HEREIN, SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

§ 12

Indemnification

12.1 Client Indemnification

Client agrees to indemnify, defend, and hold harmless Akinciborg, its officers, employees, and contractors from any claims, damages, losses, liabilities, and expenses (including reasonable attorney fees) arising from:

  • Client's breach of these Terms
  • Client's failure to obtain proper authorization for testing
  • Third-party claims related to Client's systems or data
  • Client's use or misuse of the penetration testing report
  • Any illegal or unauthorized activities by Client

12.2 Akinciborg Indemnification

Akinciborg agrees to indemnify Client from third-party claims arising solely from Akinciborg's gross negligence or willful misconduct in performing services, provided Client:

  • Promptly notifies Akinciborg of any such claim
  • Cooperates fully in the defense
  • Allows Akinciborg to control the defense and settlement
§ 13

Dispute Resolution & Governing Law

13.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of France, without regard to its conflict of law provisions.

13.2 Jurisdiction

Any disputes arising from these Terms or the services provided shall be subject to the exclusive jurisdiction of the courts of Metz, Grand Est, France.

13.3 Dispute Resolution Process

In the event of a dispute, the parties agree to:

  1. Negotiation: First attempt to resolve the dispute through good faith negotiation (30 days)
  2. Mediation: If negotiation fails, submit to mediation with a mutually agreed mediator (60 days)
  3. Litigation: Only after exhausting negotiation and mediation may either party pursue litigation

13.4 Limitation Period

Any claim arising from services provided must be brought within one (1) year from the date of report delivery, after which such claims are forever barred.

§ 14

Compliance & Ethical Standards

14.1 Legal Compliance

Both parties agree to comply with all applicable laws and regulations, including but not limited to:

  • Computer Fraud and Abuse Act (CFAA) and equivalent laws
  • General Data Protection Regulation (GDPR)
  • Export control and sanctions laws
  • Anti-corruption and anti-bribery laws

14.2 Ethical Standards

Akinciborg adheres to the EC-Council Code of Ethics and commits to:

  • Acting with integrity and honesty
  • Respecting Client confidentiality
  • Not exploiting discovered vulnerabilities for personal gain
  • Reporting findings only to authorized Client personnel
  • Refusing engagements that violate ethical or legal standards

14.3 Prohibited Uses

Client agrees not to use our services or reports to:

  • Attack or harm third-party systems
  • Violate laws or regulations
  • Engage in cyber warfare or cyber terrorism
  • Facilitate criminal activities
§ 15

Force Majeure

Neither party shall be liable for failure to perform obligations due to events beyond reasonable control, including but not limited to:

  • Natural disasters (earthquakes, floods, fires)
  • War, terrorism, civil unrest
  • Government actions or restrictions
  • Pandemics or public health emergencies
  • Internet or telecommunications failures
  • Cyberattacks on our own systems

The affected party must notify the other party promptly and make reasonable efforts to resume performance as soon as possible.

§ 16

General Provisions

16.1 Entire Agreement

These Terms, together with any Statement of Work and NDA, constitute the entire agreement between the parties and supersede all prior agreements, understandings, and communications regarding the subject matter.

16.2 Amendments

Akinciborg reserves the right to modify these Terms at any time. Updated Terms will be posted on our website with a new "Last Updated" date. Continued use of services after changes constitutes acceptance of modified Terms. Material changes will be communicated to active clients via email.

16.3 Severability

If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

16.4 Waiver

Failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision. No waiver shall be effective unless made in writing and signed by authorized representatives.

16.5 Assignment

Client may not assign or transfer these Terms or any rights hereunder without prior written consent from Akinciborg. Akinciborg may assign these Terms to an affiliate or successor in connection with a merger, acquisition, or sale of assets.

16.6 Independent Contractors

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between the parties.

16.7 Notices

All notices under these Terms must be in writing and sent to:

Akinciborg Security
Email: [email protected]
Address: Metz, Grand Est, France

16.8 Language

These Terms are provided in English. In case of conflict between English and any translation, the English version shall prevail.

16.9 Headings

Section headings are for convenience only and do not affect interpretation of these Terms.

§ 17

Acceptance & Acknowledgment

By engaging our services, signing a Statement of Work, or submitting payment, you acknowledge that:

  • You have read and understood these Terms
  • You agree to be legally bound by these Terms
  • You have authority to bind your organization to these Terms
  • You understand the risks associated with penetration testing
  • You have obtained all necessary authorizations for testing

Questions about these Terms? Contact us before engaging our services. We're happy to clarify any provisions or discuss modifications for enterprise clients.

Questions or Concerns?

If you have any questions about these Terms of Service, please contact us:

Email: [email protected]

Legal Entity: Akinciborg Security

SIRET: 891 836 413 00015

Location: Metz, Grand Est, France

We use cookies to improve your experience and analyze site traffic. Learn more