Terms of Service

Last updated: March 2026

IMPORTANT: Please read these Terms of Service carefully before using the APVISO platform. By accessing or using our Service, you are agreeing to be bound by these terms. If you do not agree, do not use the Service.

1. Definitions

In these Terms of Service, the following terms have the meanings set out below:

  • "Service" or "APVISO" means the AI-powered penetration testing platform operated by Penterep Security s.r.o., including all web interfaces, APIs, AI agents, scanning infrastructure, reports, and related documentation.
  • "User," "you," or "your" means any individual or legal entity that accesses or uses the Service, including all authorized users under your account.
  • "We," "us," or "our" means Penterep Security s.r.o., a company registered in the Czech Republic under IČO 17749433, with its registered office at Ševčenkova 570/4, 642 00 Brno, CZ.
  • "Target" means any web application, domain, subdomain, IP address, or network resource that you submit to the Service for security testing.
  • "Scan" means an automated security testing session initiated by you through the Service, during which AI agents perform reconnaissance, vulnerability detection, and related testing activities against a verified Target.
  • "Scan Results" means all output generated by the Service during and after a Scan, including vulnerability reports, findings, severity ratings, evidence, and recommendations.
  • "Ownership Verification" means the process by which you demonstrate control over a Target through DNS record, HTML meta tag, or .well-known file verification methods provided by the Service.
  • "Subscription" means your paid plan for accessing the Service, including the associated scan quotas, features, and billing terms.
  • "AI Agents" means the autonomous artificial intelligence systems that perform security testing on your behalf through the Service.

2. Acceptance of Terms

2.1 Agreement

By creating an account, completing Ownership Verification, initiating a Scan, or otherwise accessing or using the Service, you confirm that you have read, understood, and agree to be bound by these Terms of Service, our Privacy Policy, and any applicable Data Processing Agreement. If you are accepting these terms on behalf of a legal entity, you represent and warrant that you have the authority to bind that entity to these terms.

2.2 Eligibility

You must be at least 18 years of age and have the legal capacity to enter into binding agreements in your jurisdiction. The Service is intended for use by security professionals, IT administrators, and organizations conducting authorized security assessments.

2.3 Updates to Terms

We may modify these terms from time to time. We will provide at least 30 days' notice of material changes by email to your registered address and by posting a notice on the Service. If you do not agree with the updated terms, you may terminate your Subscription before the changes take effect. Your continued use of the Service after the effective date of updated terms constitutes acceptance of those terms.

3. Service Description

3.1 Overview

APVISO provides AI-powered automated penetration testing for web applications. The Service uses autonomous AI agents to identify security vulnerabilities in your Targets. The testing methodology covers common vulnerability categories including, but not limited to, the OWASP Top 10 and related web application security risks.

3.2 Service Scope

The Service performs the following types of testing:

  • Passive and active reconnaissance of Target attack surface
  • Automated vulnerability scanning and detection
  • Proof-of-concept validation of identified vulnerabilities where safe to do so
  • Generation of vulnerability reports with severity ratings and remediation guidance

The Service does not perform:

  • Denial-of-service or load testing
  • Social engineering, phishing, or physical security testing
  • Destructive exploitation that intentionally damages data or systems
  • Testing of targets not explicitly verified and authorized by you
  • Network infrastructure testing beyond the scope of the verified web application

3.3 AI Agent Behavior

AI Agents operate autonomously within defined safety boundaries. While the AI Agents are designed to minimize impact on Target availability and data integrity, automated security testing inherently involves sending requests that probe for vulnerabilities. You acknowledge that:

  • AI Agent behavior may vary between Scans due to the nature of AI-driven testing
  • Scans may generate unusual traffic patterns that could trigger security alerts on your systems
  • While designed to be non-destructive, there is an inherent risk that testing interactions could affect Target availability or data in unexpected ways
  • The Service implements safety controls to prevent destructive actions, but no automated system can guarantee zero impact

3.4 Results Disclaimer

Scan Results are provided on a best-effort basis. The Service does not guarantee that all vulnerabilities will be discovered, that all reported findings are accurate, or that Scan Results are free from false positives or false negatives. AI-generated findings may require verification by qualified security professionals. Scan Results are not a substitute for a comprehensive security program, manual penetration testing, or compliance audit.

4. Ownership Verification and Authorization

4.1 Verification Requirement

Before initiating any Scan, you must complete Ownership Verification for each Target using one of the following methods provided by the Service: DNS TXT record verification, HTML meta tag verification, or .well-known file verification.

4.2 Authorization Representation

By completing Ownership Verification and initiating a Scan, you represent and warrant that:

  • You are the legal owner of the Target, or you have obtained explicit, written authorization from the Target owner to conduct security testing
  • Your authorization encompasses the full scope of testing that the Service may perform, as described in Section 3.2
  • Your use of the Service does not violate any applicable law, regulation, contractual obligation, or third-party right
  • You have obtained any necessary consents from third parties whose data may reside on the Target
  • You will retain documentation of your authorization for the duration of your Subscription and for at least 12 months thereafter

4.3 Verification Is Not Authorization

You acknowledge that Ownership Verification is a technical control to reduce the risk of unauthorized scanning. Successful Ownership Verification does not constitute legal authorization to perform security testing. You remain solely and fully responsible for ensuring that you have the legal right to authorize testing of each Target.

4.4 Verification of Authorization

We reserve the right to request evidence of your authorization to test any Target at any time. If you cannot provide satisfactory evidence of authorization within 5 business days of our request, we may suspend or terminate your access to the Service and report the matter to relevant authorities if we reasonably believe unauthorized testing has occurred.

5. Acceptable Use

5.1 Permitted Use

You may use the Service solely for the purpose of conducting authorized security assessments of your own web applications or web applications for which you have documented authorization to test.

5.2 Prohibited Conduct

You agree not to:

  • Scan any Target that you do not own or for which you do not have explicit written authorization to test
  • Use the Service to conduct attacks, cause disruption, or inflict damage on any system
  • Attempt to circumvent Ownership Verification, scan quotas, rate limits, or any other technical controls or safety mechanisms
  • Use the Service to identify vulnerabilities for the purpose of exploiting them maliciously or for unauthorized access
  • Resell, sublicense, or redistribute the Service or Scan Results to third parties without our prior written consent
  • Use the Service in any manner that violates applicable laws or regulations, including but not limited to computer fraud and abuse laws, data protection laws, and export control regulations
  • Reverse engineer, decompile, or attempt to extract the source code, AI models, or scanning methodologies of the Service
  • Interfere with or disrupt the integrity or performance of the Service or its infrastructure
  • Create multiple accounts to circumvent restrictions or quotas

5.3 Enforcement

We reserve the right to suspend or terminate your access to the Service immediately and without prior notice if we reasonably believe you have violated this Section 5. We may also report violations to law enforcement or other relevant authorities.

6. Subscription and Billing

6.1 Plans and Pricing

APVISO offers Subscription-based pricing with monthly and annual billing options as described on our pricing page. All prices are exclusive of applicable taxes unless otherwise stated.

6.2 Scan Quotas

Each Subscription plan includes a defined number of Scans per billing cycle. Scan quotas reset at the beginning of each billing cycle. Unused Scans do not roll over to subsequent billing cycles.

6.3 Payment Terms

Payments are processed through Stripe, our third-party payment provider. You agree to provide accurate and complete billing information and to keep it up to date. If a payment fails, we will attempt to notify you and may suspend access to the Service if payment is not received within 7 days of the failed charge.

6.4 Price Changes

We may adjust our pricing from time to time. We will provide at least 30 days' notice of any price increase. Price changes take effect at the start of your next billing cycle following the notice period. If you do not agree with a price change, you may cancel your Subscription before the new pricing takes effect.

6.5 Cancellation

You may cancel your Subscription at any time through the Service dashboard or by contacting us. Cancellation takes effect at the end of your current billing cycle. You retain access to the Service until the end of the paid period. We do not provide prorated refunds for partial billing cycles unless required by applicable law.

6.6 Right of Withdrawal (EU)

If you are a consumer within the European Union, you have the right to withdraw from your Subscription within 14 days of purchase without giving any reason, in accordance with the Consumer Rights Directive (2011/83/EU). If you have initiated a Scan during the withdrawal period, you agree that the withdrawal right is waived for that portion of the Service already performed, and you may be charged proportionally for Scans consumed.

7. Intellectual Property

7.1 APVISO IP

The Service, including all software, AI models, scanning methodologies, algorithms, user interfaces, documentation, and related intellectual property, is and remains the exclusive property of APVISO or its licensors. These Terms do not grant you any right, title, or interest in the Service beyond the limited right to use it in accordance with these Terms.

7.2 Your IP

You retain all rights in your Targets and any data you provide to the Service. By using the Service, you grant us a limited, non-exclusive license to access and interact with your Targets solely for the purpose of providing the Service during your Subscription.

7.3 Scan Results

Scan Results are licensed to you for your internal use during and after your Subscription. You may share Scan Results with your employees, contractors, and advisors who have a need to know, and with third parties as required for remediation purposes. You may not publicly publish, resell, or redistribute Scan Results without our prior written consent.

7.4 Aggregated Data

We may use anonymized and aggregated data derived from your use of the Service (which cannot be used to identify you, your organization, or your Targets) to improve the Service, train and improve our AI models, generate industry benchmarks, and for research purposes. If you object to this use, you may notify us in writing and we will exclude your data from future aggregation.

8. Confidentiality

8.1 Confidential Information

Each party acknowledges that it may receive information from the other party that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure ("Confidential Information"). For clarity, your Scan Results, Target information, and account data are your Confidential Information. Our pricing (other than published prices), technical architecture, and unpublished features are our Confidential Information.

8.2 Obligations

Each party agrees to: (a) protect the other party's Confidential Information using at least the same degree of care it uses for its own confidential information, but no less than reasonable care; (b) use Confidential Information only for purposes related to these Terms; and (c) not disclose Confidential Information to third parties except to employees, contractors, and advisors who have a need to know and are bound by confidentiality obligations at least as protective as these.

8.3 Exceptions

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, regulation, or court order, provided that the receiving party gives prompt notice to the disclosing party where permitted.

9. Data Protection

9.1 Privacy Policy

Our collection, use, and protection of personal data is governed by our Privacy Policy, which is incorporated into these Terms by reference.

9.2 Data Processing Agreement

To the extent that we process personal data on your behalf in the course of providing the Service (for example, personal data contained in or discovered through your Targets), we will do so in accordance with our Data Processing Agreement ("DPA"), which is available upon request and forms part of these Terms. The DPA sets out the subject matter, duration, nature, and purpose of processing, the types of personal data, and the obligations and rights of the controller and processor in accordance with Article 28 of the GDPR.

9.3 Your Responsibilities

You are responsible for ensuring that your use of the Service complies with applicable data protection laws, including obtaining any necessary consents from data subjects whose personal data may be processed during Scans. If a Scan discovers exposed personal data on your Target (such as leaked credentials or personally identifiable information), you acknowledge that you, as the controller of that data, are responsible for responding to and remediating such exposure.

10. Limitation of Liability

10.1 Liability Cap

To the maximum extent permitted by applicable law, the total aggregate liability of APVISO arising out of or in connection with these Terms or the Service, whether in contract, tort (including negligence), strict liability, or any other legal theory, shall not exceed the total fees paid by you to APVISO in the 12 months preceding the event giving rise to the claim.

10.2 Exclusion of Indirect Damages

To the maximum extent permitted by applicable law, in no event shall APVISO be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, business opportunities, or goodwill, whether or not APVISO has been advised of the possibility of such damages.

10.3 Exceptions to Limitations

The limitations in Sections 10.1 and 10.2 do not apply to: (a) APVISO's gross negligence or willful misconduct; (b) APVISO's breach of its confidentiality obligations under Section 8; (c) APVISO's obligations under applicable data protection law; or (d) any liability that cannot be limited or excluded under applicable law.

10.4 Your Acknowledgment

You acknowledge that: (a) automated AI-driven security testing may produce incomplete or inaccurate results; (b) the Service does not guarantee the security of your Targets; (c) you are responsible for independently verifying Scan Results and making your own security decisions; and (d) APVISO is not responsible for any consequences of your reliance on Scan Results or your failure to act on identified vulnerabilities.

11. Indemnification

11.1 Your Indemnification

You agree to indemnify, defend, and hold harmless APVISO, its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in connection with:

  • Your use of the Service in violation of these Terms
  • Your breach of the representations and warranties in Section 4.2
  • Scanning of any Target without proper legal authorization
  • Any third-party claim that your use of the Service infringed upon or violated the rights of a third party
  • Your failure to comply with applicable laws or regulations in connection with your use of the Service

11.2 Indemnification Procedure

We will promptly notify you of any claim subject to indemnification, provide you with reasonable cooperation in the defense of such claim (at your expense), and allow you to control the defense and settlement of such claim, provided that you may not settle any claim in a manner that imposes obligations on us or admits fault on our behalf without our prior written consent.

12. Warranty Disclaimer

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. APVISO DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, THAT ALL VULNERABILITIES IN YOUR TARGETS WILL BE DISCOVERED, OR THAT SCAN RESULTS WILL BE ACCURATE OR COMPLETE.

WITHOUT LIMITING THE FOREGOING, APVISO MAKES NO WARRANTY REGARDING THE RELIABILITY, ACCURACY, OR COMPLETENESS OF AI-GENERATED FINDINGS. AI AGENTS MAY PRODUCE FALSE POSITIVES, FALSE NEGATIVES, OR OTHERWISE INACCURATE RESULTS. YOU ARE SOLELY RESPONSIBLE FOR VALIDATING SCAN RESULTS AND MAKING INFORMED SECURITY DECISIONS.

NOTHING IN THIS SECTION EXCLUDES OR LIMITS WARRANTIES THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

13. Termination and Suspension

13.1 Termination for Convenience

Either party may terminate these Terms by canceling the Subscription in accordance with Section 6.5.

13.2 Termination for Cause

Either party may terminate these Terms immediately upon written notice if the other party: (a) materially breaches these Terms and fails to cure such breach within 30 days of receiving written notice; or (b) becomes insolvent, files for bankruptcy, or ceases to operate in the ordinary course of business.

13.3 Suspension

We may suspend your access to the Service immediately and without prior notice if: (a) we reasonably believe you have violated Section 4 or Section 5; (b) your use of the Service poses a security risk to us or third parties; (c) we are required to do so by law or by a law enforcement request; or (d) your account is more than 14 days past due on payment.

13.4 Effects of Termination

Upon termination or expiration of these Terms: (a) your right to use the Service immediately ceases; (b) you will have 30 days from the effective date of termination to export your Scan Results through the Service dashboard; (c) after the 30-day export period, we will delete your data in accordance with our Privacy Policy; and (d) Sections 7, 8, 10, 11, 12, 14, 15, and 16 survive termination.

14. Governing Law and Dispute Resolution

14.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the Czech Republic, without regard to its conflict of law provisions. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

14.2 Jurisdiction

Any disputes arising out of or in connection with these Terms shall be submitted to the exclusive jurisdiction of the courts of the Czech Republic, with venue in Krnov. This does not affect any mandatory consumer protection rights that entitle you to bring proceedings in the courts of your country of residence.

14.3 Amicable Resolution

Before initiating formal proceedings, both parties agree to attempt to resolve any dispute amicably through good-faith negotiation for a period of at least 30 days after written notice of the dispute.

15. Force Majeure

Neither party shall be liable for any failure or delay in performance of its obligations under these Terms to the extent caused by circumstances beyond its reasonable control, including but not limited to natural disasters, pandemics, war, terrorism, riots, government actions, power failures, internet or telecommunications failures, cyber attacks against the party's infrastructure, and failures of third-party service providers. The affected party shall promptly notify the other party and use reasonable efforts to mitigate the impact of the force majeure event.

16. General Provisions

16.1 Entire Agreement

These Terms, together with the Privacy Policy and any applicable DPA, constitute the entire agreement between you and APVISO regarding the Service and supersede all prior and contemporaneous agreements, proposals, and representations.

16.2 Severability

If any provision of these Terms is held to be invalid or unenforceable, that provision shall be modified to the minimum extent necessary to make it valid and enforceable, and the remaining provisions shall continue in full force and effect.

16.3 Waiver

No failure or delay by either party in exercising any right under these Terms shall constitute a waiver of that right. A waiver of any provision shall be effective only if in writing and signed by the waiving party.

16.4 Assignment

You may not assign or transfer these Terms or any rights or obligations hereunder without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets, upon notice to you.

16.5 Notices

Notices to you will be sent to the email address associated with your account. Notices to us should be sent to legal@apviso.com. Notices are deemed received upon confirmed delivery.

17. Responsible Disclosure

If you discover a security vulnerability in the APVISO platform itself, we encourage you to report it to security@apviso.com. We commit to: (a) acknowledging your report within 3 business days; (b) providing an initial assessment within 10 business days; (c) not taking legal action against good-faith security researchers who follow responsible disclosure practices; and (d) crediting you publicly (with your consent) if we confirm and remediate the reported vulnerability.

18. Contact

For questions about these Terms of Service:

These Terms of Service were last updated in March 2026. Prior versions are available upon request.