These Terms of Service (“Terms”) govern the relationship between APIVAPT (“we”, “us”, “our”) and the client (“you”, “your”) engaging our API security assessment services.
1. Scope of Services
APIVAPT provides manual API penetration testing, security assessments, and vulnerability analysis services. The specific scope, targets, and methodology for each engagement will be defined in a separate Statement of Work (SOW) agreed upon by both parties before testing begins.
2. Service Limitations
Our assessments represent a point in time evaluation of your systems' security posture. We do not guarantee that your systems are free of vulnerabilities after an assessment. We are not responsible for pre-existing vulnerabilities in your systems, nor for any exploitation of such vulnerabilities by third parties.
- Our findings and recommendations are advisory. The client is solely responsible for implementing remediation measures.
- We do not provide ongoing monitoring or real-time threat detection unless explicitly agreed upon in the SOW.
3. Ethical Hacking Agreement
By engaging our services, the client confirms and warrants that:
- The client has legal authorization to commission security testing on all target systems and APIs.
- The client owns or has explicit written permission from the owner of all systems to be tested.
- The client will provide a signed authorization letter before any testing begins.
- APIVAPT will conduct testing only within the agreed-upon scope and will not intentionally cause data loss or service disruption.
- Any vulnerabilities discovered will be reported solely to the client and not disclosed publicly without mutual written consent.
4. Intellectual Property
Assessment reports, findings, and deliverables produced during an engagement are the intellectual property of APIVAPT until full payment is received, at which point they are licensed to the client for internal use. Testing methodologies, tools, and proprietary techniques remain the exclusive intellectual property of APIVAPT.
- The client retains all intellectual property rights to their own systems, code, and data.
- Neither party may use the other’s name, logo, or trademarks in marketing materials without prior written consent.
5. Confidentiality
Both parties agree to maintain strict confidentiality of all information exchanged during the engagement. This includes but is not limited to system architectures, API specifications, vulnerability findings, and business processes. Confidentiality obligations survive the termination of the engagement for a period of 5 years.
6. Limitation of Liability
To the maximum extent permitted by law, APIVAPT’s total liability for any claims arising from our services shall not exceed the total fees paid by the client for the specific engagement in question. We shall not be liable for indirect, incidental, consequential, or punitive damages.
7. Termination
Either party may terminate an engagement with 14 days’ written notice. In the event of termination, the client will be billed for all work completed up to the termination date. Completed deliverables will be provided to the client upon payment.
8. Governing Law
These Terms shall be governed by and construed in accordance with applicable law. Any disputes shall be resolved through good-faith negotiation before pursuing formal legal proceedings.
9. Contact
For any questions regarding these Terms, please use our contact form or email us directly at info@apivapt.com.