Terms of Service

Last updated: December 5, 2025

Welcome to ModernPentest. These Terms of Service ("Terms") govern your access to and use of the ModernPentest platform, website, and services (collectively, the "Services") operated by ModernPentest ("Company," "we," "us," or "our"). Please read these Terms carefully before using our Services.

1. Agreement to Terms

By accessing or using our Services, you agree to be bound by these Terms. If you disagree with any part of these Terms, you may not access the Services.

  • You must be at least 18 years of age to use the Services.
  • You must have the legal capacity to enter into a binding agreement.
  • If you are using the Services on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.
  • Your continued use of the Services following any changes to these Terms constitutes acceptance of those changes.

2. Description of Services

ModernPentest provides AI-powered automated penetration testing services designed to help organizations identify security vulnerabilities in their web applications and APIs.

2.1 Core Services

Our Services include:

  • Automated Vulnerability Scanning: AI-powered security testing covering OWASP Top 10 vulnerabilities including injection attacks, broken access control, security misconfigurations, and more.
  • Multi-Stage Testing Pipeline: Comprehensive testing through reconnaissance, vulnerability scanning, safe exploitation validation, and detailed reporting.
  • SOC 2-Ready Reports: Compliance-focused security reports suitable for auditor review and regulatory requirements.
  • Continuous Monitoring: Scheduled and on-demand security assessments to maintain ongoing security posture.
  • Platform-Specific Testing: Specialized security checks for modern platforms including Supabase, Firebase, and Vercel deployments.

2.2 Subscription Tiers

We offer multiple subscription tiers with varying features and usage limits. Current pricing and features are available on our pricing page. We reserve the right to modify pricing with 30 days notice to existing subscribers.

3. Account Registration and Security

3.1 Account Creation

To use our Services, you must:

  • Provide accurate, current, and complete information during registration.
  • Maintain and promptly update your account information.
  • Keep your login credentials secure and confidential.
  • Notify us immediately of any unauthorized access to your account.

3.2 Account Security

You are responsible for all activities that occur under your account. We strongly recommend enabling multi-factor authentication (MFA) when available. You agree not to share your account credentials with any third party.

4. Authorization and Access Control

4.1 Gated Registration

Access to ModernPentest is provided through a gated registration process. This means that account creation may require approval, invitation, or verification by our team to ensure appropriate use of our security testing services.

4.2 Authorization Requirements

You represent and warrant that you have proper legal authorization to conduct security testing on any systems you scan using our Services. This includes:

  • You own the target systems, applications, or domains being tested.
  • You have explicit written permission from the system owner to conduct security testing.
  • Your testing activities comply with all applicable laws and regulations.
  • You will not test systems belonging to third parties without proper authorization.

4.3 Legal Acknowledgment

Unauthorized access to computer systems is illegal under laws including the Computer Fraud and Abuse Act (CFAA) in the United States, the Computer Misuse Act in the United Kingdom, and similar laws in other jurisdictions. You acknowledge full legal responsibility for ensuring proper authorization before initiating any security tests.

5. Acceptable Use Policy

5.1 Permitted Use

You agree to use the Services only for:

  • Legitimate security testing of systems you own or have authorization to test.
  • Improving the security posture of your applications and infrastructure.
  • Compliance and audit purposes for your organization.
  • Educational purposes within your organization's security program.

5.2 Prohibited Activities

You agree NOT to use the Services to:

  • Test unauthorized systems: Scan or test any system, network, or application without proper authorization.
  • Conduct denial of service attacks: Perform DDoS attacks, load testing, or any activity designed to disrupt service availability.
  • Perform destructive testing: Execute tests that modify, delete, or corrupt data on target systems.
  • Brute force attacks: Conduct password attacks beyond reasonable testing limits (maximum 3 attempts per credential).
  • Data exfiltration: Extract, copy, or steal sensitive data from target systems.
  • Credential stuffing: Test stolen or leaked credentials against target systems.
  • Lateral movement: Attempt to pivot from tested systems to access other networks or internal systems.
  • Cloud metadata access: Attempt to access cloud provider metadata services (AWS, GCP, Azure).
  • Bypass security controls: Circumvent rate limits, access controls, or other security measures of our platform.
  • Illegal activities: Use the Services for any purpose that violates applicable laws or regulations.

5.3 Responsible Scanning

Our scanning agents are designed to perform responsible security testing. You agree to:

  • Respect rate limits and scanning intensity settings.
  • Configure appropriate scanning windows to minimize impact on production systems.
  • Monitor scan progress and stop scans if unexpected issues arise.
  • Report any unintended consequences or system impacts to our support team.

6. Subscription and Payment Terms

6.1 Billing

Subscription fees are billed in advance on a monthly or annual basis through Stripe, our payment processor. You agree to provide accurate billing information and authorize us to charge your payment method for all fees incurred.

6.2 Automatic Renewal

Subscriptions automatically renew at the end of each billing period unless cancelled before the renewal date. You will receive a reminder before renewal.

6.3 Cancellation

You may cancel your subscription at any time through your account settings. Cancellation takes effect at the end of the current billing period. No refunds are provided for partial billing periods.

6.4 Refund Policy

We offer a 30-day money-back guarantee for new subscribers. If you are not satisfied with our Services within the first 30 days, contact us for a full refund. After 30 days, refunds are provided at our sole discretion.

6.5 On-Demand Scans

On-demand scans purchased outside of subscription limits are charged separately. Credits for on-demand scans expire 12 months from purchase date unless otherwise specified.

7. Intellectual Property Rights

7.1 Our Intellectual Property

The Services, including all software, algorithms, user interfaces, designs, trademarks, and content, are owned by ModernPentest and protected by intellectual property laws. Nothing in these Terms grants you any right to use our trademarks, logos, or brand features.

7.2 Your Data

You retain all rights to your data, including target configurations, scan results, and reports generated through the Services. We claim no ownership over your content or data.

7.3 License Grant

You grant us a limited license to process your data as necessary to provide the Services. This includes analyzing target responses, generating reports, and improving our detection capabilities through aggregated, anonymized data analysis.

8. Data and Security

Your privacy is important to us. Please review our Privacy Policy for information about how we collect, use, and protect your data.

  • We implement industry-standard security measures including encryption at rest and in transit.
  • We maintain SOC 2 Type II compliance for our infrastructure and operations.
  • Scan data is retained for 1 year to support compliance requirements.
  • You may request deletion of your data at any time, subject to legal retention requirements.

9. Third-Party Services

We use third-party service providers to deliver our Services. By using ModernPentest, you acknowledge that your data may be processed by:

  • Clerk: Authentication, single sign-on (SSO), and identity management.
  • Stripe: Payment processing and subscription management.
  • Anthropic (Claude): AI-powered vulnerability analysis and report generation.
  • Convex: Database, real-time functionality, and file storage.
  • Google Cloud Platform: Scanning infrastructure, compute, and storage.
  • Vercel: Web application hosting and content delivery.

Each third-party provider operates under their own terms of service and privacy policies. We maintain Data Processing Agreements (DPAs) with all providers handling personal data.

10. Disclaimer of Warranties

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.

  • We do not warrant that the Services will detect all security vulnerabilities in your systems.
  • We do not guarantee that our Services will be uninterrupted, error-free, or secure.
  • We make no warranties regarding the accuracy or completeness of scan results.
  • Security testing may produce false positives (reporting vulnerabilities that do not exist) or false negatives (missing actual vulnerabilities).
  • You are solely responsible for remediating vulnerabilities identified by our Services.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

  • Our total liability for any claims arising from these Terms or your use of the Services shall not exceed the amount you paid us in the 12 months preceding the claim.
  • We shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, goodwill, or business opportunities.
  • We are not liable for any damages resulting from unauthorized access to or alteration of your systems, even if caused by our Services.
  • We are not liable for any damages resulting from your failure to maintain adequate security measures or to remediate identified vulnerabilities.

12. Indemnification

You agree to indemnify, defend, and hold harmless ModernPentest, its officers, directors, employees, and agents from any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

  • Your use of the Services.
  • Your violation of these Terms.
  • Your violation of any applicable law or regulation.
  • Your testing of systems without proper authorization.
  • Any claim by a third party related to your use of the Services.

13. Suspension and Termination

13.1 Suspension

We may suspend your access to the Services immediately if we reasonably believe:

  • You are using the Services in violation of these Terms.
  • Your use poses a security risk to us or other users.
  • Your use may subject us to legal liability.
  • Your account is being used for fraudulent or illegal activities.

13.2 Termination

Either party may terminate this agreement at any time. Upon termination:

  • Your right to access the Services ends immediately.
  • You remain responsible for all fees incurred prior to termination.
  • We will retain your data for 30 days, after which it will be permanently deleted (subject to legal retention requirements).
  • Provisions that by their nature should survive termination will remain in effect.

14. Dispute Resolution

14.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to conflict of law principles.

14.2 Informal Resolution

Before initiating any formal dispute resolution, you agree to contact us at legal@modernpentest.com to attempt to resolve the dispute informally within 30 days.

14.3 Arbitration

Any dispute that cannot be resolved informally shall be resolved by binding arbitration in accordance with the rules of the American Arbitration Association. The arbitration shall be conducted in English and the seat of arbitration shall be Delaware, USA.

14.4 Class Action Waiver

YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.

15. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify you of material changes by email or through the Services at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the modified Terms.

16. Miscellaneous

  • Severability: If any provision of these Terms is found unenforceable, the remaining provisions will continue in effect.
  • Waiver: Our failure to enforce any right or provision does not constitute a waiver of that right or provision.
  • Entire Agreement: These Terms, together with our Privacy Policy, constitute the entire agreement between you and ModernPentest.
  • Assignment: You may not assign these Terms without our prior written consent. We may assign our rights and obligations without restriction.
  • Force Majeure: We are not liable for failures or delays resulting from circumstances beyond our reasonable control.

17. Contact Information

If you have any questions about these Terms, please contact us:

  • Email: legal@modernpentest.com
  • Website: https://modernpentest.com

By using ModernPentest, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.