Legal

Terms of Service

Last updated: 1 January 2026  ·  Effective date: 1 January 2026

These Terms govern your use of our website and the professional security services we provide. All penetration testing engagements are conducted under a separate signed Statement of Work (SoW) and, where required, a Mutual Non-Disclosure Agreement (MNDA). These Terms form the baseline legal framework for all interactions with PentesterHub.

1. Acceptance of Terms

By accessing our website at pentesterhub.com, submitting an enquiry, or engaging PentesterHub for services, you ("Client", "you") agree to be bound by these Terms of Service. If you do not agree, please do not use our website or engage our services.

These Terms may be updated from time to time. Continued use of our website or services after changes constitutes acceptance of the updated Terms.

2. Services

PentesterHub provides professional offensive security services including, but not limited to:

  • Web application penetration testing
  • Mobile application security assessments (Android & iOS)
  • API security testing
  • Thick client application assessments
  • Network penetration testing (internal and external)
  • Cloud configuration reviews (AWS, Azure, GCP)
  • Security consultancy and remediation support

All services are described in detail within a mutually agreed Statement of Work (SoW) executed prior to commencement of any engagement.

3. Engagement & Scope

Every security assessment conducted by PentesterHub is governed by a signed SoW that defines:

  • The specific systems, applications, or networks in scope
  • Testing windows and timelines
  • Testing methodology and constraints
  • Points of contact and escalation procedures
  • Deliverables and reporting format

Any activity outside the agreed scope is strictly prohibited. PentesterHub will not conduct any testing beyond what is explicitly authorised in the SoW.

4. Client Obligations

The Client agrees to:

  • Provide accurate and complete information about the systems and infrastructure in scope
  • Ensure all necessary internal approvals and third-party authorisations are obtained before the engagement begins
  • Notify relevant internal teams (IT, DevOps, SOC) of the planned assessment to avoid unnecessary incident responses
  • Designate a technical point of contact available during testing hours
  • Notify PentesterHub immediately if any unexpected impact is observed during testing
  • Pay all agreed fees in accordance with the payment terms in the SoW

5. Authorisation & Legal Compliance

Important: The Client warrants that they have full legal authority to authorise security testing of all systems included in the agreed scope. PentesterHub operates exclusively within legally authorised boundaries. Misrepresentation of authorisation is a serious legal matter and PentesterHub accepts no liability for consequences arising from unauthorised access claims made by third parties.

The Client is responsible for obtaining written authorisation from any third-party providers (cloud hosts, SaaS platforms, CDN providers, etc.) whose infrastructure may be affected by testing activities, where such authorisation is required by those providers' terms.

All testing activities are conducted in compliance with applicable laws including, but not limited to, the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act 1990 (UK), and equivalent legislation in the Client's jurisdiction.

6. Confidentiality

Both parties agree to treat all non-public information shared during an engagement as strictly confidential. This includes:

  • Security vulnerabilities identified during testing
  • Client system architecture and technical details
  • Penetration testing reports and findings
  • Pricing, methodologies, and proprietary tools

PentesterHub will not disclose any Client information to third parties without prior written consent, except where required by applicable law. A formal Mutual Non-Disclosure Agreement (MNDA) is available on request prior to any scoping discussion.

Confidentiality obligations survive termination of any engagement for a period of three (3) years.

7. Intellectual Property

Upon full payment of all agreed fees, the Client receives a non-exclusive, non-transferable licence to use the deliverables (reports, findings, recommendations) produced by PentesterHub for their internal security improvement purposes.

PentesterHub retains ownership of all proprietary methodologies, tools, frameworks, and techniques developed independently of the Client engagement. Nothing in these Terms transfers ownership of PentesterHub's pre-existing intellectual property to the Client.

The Client may not publicly disclose, republish, or share PentesterHub deliverables without prior written consent.

8. Payment Terms

Payment terms are agreed in the SoW for each engagement. Unless otherwise stated:

  • A deposit (typically 50%) is due upon signing the SoW before testing commences
  • The remaining balance is due upon delivery of the final report
  • Invoices are payable within 14 days of issue
  • Late payments may attract interest at 1.5% per month on the outstanding balance
  • PentesterHub reserves the right to withhold delivery of the final report until payment is received

9. Limitation of Liability

To the fullest extent permitted by applicable law:

  • PentesterHub's total aggregate liability arising from any engagement shall not exceed the total fees paid by the Client for that specific engagement
  • PentesterHub shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of data, loss of revenue, or business interruption
  • PentesterHub is not liable for system disruption caused by pre-existing vulnerabilities or instabilities in the Client's environment that manifest during authorised testing

The Client is advised to maintain appropriate backups of all systems before the commencement of testing. PentesterHub will exercise reasonable care but cannot guarantee that all testing activities will be without impact on live systems.

10. Warranties & Disclaimers

PentesterHub warrants that:

  • Services will be performed by qualified professionals using industry-standard methodologies
  • We will exercise reasonable skill and care in delivering our services
  • We carry appropriate professional indemnity insurance

PentesterHub does not warrant that our testing will identify every vulnerability in the assessed systems. Penetration testing is a point-in-time assessment and does not guarantee the ongoing security of any system. The absence of findings in a report does not mean a system is free of vulnerabilities.

11. Termination

Either party may terminate an engagement by providing written notice. In the event of termination:

  • The Client remains liable for fees covering work completed up to the termination date
  • PentesterHub will cease all testing activities immediately upon receipt of a termination notice
  • PentesterHub will deliver a partial report covering findings identified up to the point of termination
  • All confidentiality obligations survive termination

12. Governing Law

These Terms shall be governed by and construed in accordance with applicable law. In the event of any dispute, the parties agree to first attempt resolution through good-faith negotiation. If a resolution cannot be reached, disputes shall be subject to binding arbitration or, where not applicable, the exclusive jurisdiction of the courts of the relevant territory.

13. Contact Us

For questions about these Terms of Service, or to request a formal MNDA prior to engagement discussions, please contact us: