Terms and Conditions
Understand our Terms and Conditions
Ronin-Pentest: Terms of Service
1. Introduction
1.1 These Terms of Service are a contract between you and Ronin-Pentest. Ltd Limited, company number 12160360 and registered office at 2 Villiers Court, 40 Upper Mulgrave Road, Cheam, Surrey, SM2 7AJ (we, us).
1.2 You confirm your legal agreement to be bound by these Terms of Service and that you have authority to bind any organisation that you represent to these Terms of Service.
1.3 The Service (as defined below) provided by us shall be on these Terms of Service and to the extent permitted by law we exclude all other terms and conditions of business, including any that you may send to us, and all terms otherwise implied by law, custom or previous course of dealing to the maximum extent permitted by law.
1.4 If we offer our Security Scanning Service (as defined below) to you to test the vulnerability of your domestic appliances, then you are a Consumer for the purposes of these Terms of Service, or if we do so for your business needs, then you are a Business for the purposes of these Terms of Service. Certain provisions of these Terms of Service apply only to a Consumer, and other provisions apply only to a Business each as marked. You may not purchase any other Services from us if you are a Consumer.
2 Definitions and Interpretation
2.1 In these Terms of Service, the words defined in Condition 1 have the meaning set out above, and in addition, the following words have the following meanings:
Client Data: all data and computer programs on your System that we access during the provision of the Security Scanning Service including the Client Personal Data;
Client Personal Data: any personal data which we may access during the provision of the Security Scanning Service or which we use in the Email Tracking Service;
Confidential Information: has the meaning given to it in Condition 9;
Credits: credits purchased by you to be exchanged for Services;
Data Protection Legislation: any laws and regulations of the UK relating to the processing of personal data including the Data Protection Act 2018, the General Data Protection Regulation 2016/679 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. The terms controller, processor, process, processed, and processing, personal data shall have the meaning given to them in the Data Protection Legislation.
Domain the company you select for the OSINT Service;
Email Tracking Service: the collection of data relating to access of emails;
Firewall: any software or system designed to prevent or inhibit access to or from your System;
IP Rights: any patent, trade mark, registered design or any application for registration of the same, or the right to apply for registration of the same, any copyright or related rights, database right, design right, rights in trade, business or domain names, rights in trade dress, rights in inventions, performers rights, rights in confidential information or know-how or any similar or equivalent rights in any part of the world;
OSINT Services: the collection of information on a Domain;
Report: the report that is made available to you on completion of the Service;
Security Scanning Service: the security and vulnerability scanning;
Service: any services that we provide to you, including the Security Scanning Service, the OSINT Service and/or the Email Tracking Services;
System: the systems, appliances, software and/or hardware that we may access in providing the Security Scanning Services to you;
Website: our website available at https://ronin-pentest.com; and
Working Days: any day that is not a Saturday, Sunday or public holiday in England and Wales.
2.2 Words in the singular include the plural and, in the plural, include the singular.
2.3 The headings shall not affect the interpretation of these Terms of Service.
2.4 References to Conditions are references to the numbered provisions of these Terms of Service.
2.5 Unless a right or remedy of a party is expressed to be an exclusive right or remedy, the exercise of it by a party is without prejudice to that party's other rights and remedies.
2.6 Any phrase introduced by the words including shall be construed as illustrative and shall not limit the generality of the related general words.
2.7 A reference to a statute or statutory provision is a reference to it as it is in force for the time being, taking account of any amendment, extension or re-enactment and includes any subordinate legislation for the time being in force made under it.
3. Sign Up
3.1 To sign up and create an account on our Website, you must:
(a) be at least 18 years old;
(b) be legally capable of entering into a contract;
(c) not have previously been convicted of any computer misuse or online fraud or similar crime.
3.2 You are responsible for keeping your account password confidential and you are responsible for any activity under your account. Please take precautions to protect your password and contact us immediately if you believe there has been any unauthorised use of your account. You must always follow the two factor authentication within the Website.
3.3 When you use our Website you must comply with all applicable laws and you agree not to:
(a) try to gain unauthorised access to the Website or any networks, servers or computer systems connected to the Website;
(b) reproduce, redistribute, sell, create derivative works from, decompile, reverse engineer, or disassemble all or part of the Website save to the extent expressly permitted by law not capable of lawful exclusion;
(c) send any unauthorised communications relating to your own commercial purposes, or otherwise sending "spam" or "junk mail"; and
(d) use or access the Website to build or support, and/or assist a third party in building or supporting, products or services competitive to us.
3.4 We may freely use any anonymous data that we learn, acquire or obtain in connection with your use of the Website and our provision of the Services in order to improve, review and analyse the Website and Services.
3.5 We shall use reasonable endeavours to make the Website available at all times, but you acknowledge that there may be occasions when access to the Website may be interrupted, including for scheduled maintenance or upgrades, for emergency repairs, or due to failure of telecommunications links and/or equipment. We shall have no liability to you for such interruption but shall try to restore access as soon as we can.
4. The Security Scanning Service
4.1 You agree that we cannot provide the Security Scanning Service if there is a Firewall in place on your System. Therefore, before we carry out a Security Scanning Service, we will check your System for Firewalls. If we establish that there is a Firewall in place, we shall notify you accordingly. You must then whitelist us to bypass the Firewall to enable us to perform the Security Scanning Service. We will not provide a refund of any Credits or any sums paid for the Credit if you do not whitelist us to bypass the Firewall and we are therefore unable to access the System to provide the Security Scanning Service.
4.2 You grant to us a non-exclusive right and licence to use your System to perform the Security Scanning Service.
4.3 You warrant and represent that:
(a) you are the owner of the System and Client Data and/or have the right to engage us and allow us to perform the Security Scanning Service on the System and Client Data. Immediately on our request you shall provide documentary evidence of your compliance with this Condition 4.3(a);
(b) you have a backup of all Client Data immediately before we begin to provide the Security Scanning Services to enable you to reinstate any Client Data lost or damaged through the Security Scanning Services;
(c) your use and operation of the System is lawful and you do not operate the System in order to carry out any unlawful activities;
(d) you have obtained the permission of any third party service providers, including ISPs, third party software vendors and equipment owners to allow us to perform the Security Scanning Service on the System and Client Data; and
(e) to the best of your knowledge, the System is currently operating in accordance with its specification, and there are no known viruses or other harmful code within the System.
4.4 All third party consents required under Condition 4.3 shall include authorisation for the purposes of the Computer Misuse Act 1990, and confirmation that the Security Scanning Service may impair the operation of the System, the Client Data, and the access to the System.
4.5 You shall indemnify and keep us, our officers and agents, indemnified from and against any costs, claims, liabilities, expenses, damages, fees (including court and legal fees) and losses that we may suffer as a result of a breach of the warranties contained in Condition 4.3, including any third party any claim we receive that through accessing the System to provide the Security Scanning Service we are in breach of any applicable laws or infringing any third party rights, including IP Rights.
4.6 You agree that if at any time you fail to provide any information, assistance and/or access that we deem reasonably necessary to provide the Security Scanning Service, including access to Systems, then we shall be entitled to suspend the provision of the Security Scanning Service on notice to you without liability until such failure is remedied.
4.7 You agree that the Report relates to your System only. You cannot interpret the Report as applicable to any other systems, appliances, software and/or hardware however similar.
4.8 There may be issues with your System that prevent us from providing you with a Report, including:
(a) a Firewall;
(b) hardware faults;
(c) any systems misconfiguration; and/or
(d) third party network, issues or suspensions including public network issues or suspensions.
4.9 If we are unable to provide you with a Report, our sole liability shall be to reinstate to your account the Credits exchanged for the Security Scanning Service.
5. OSINT Service
5.1 You agree that we shall only provide the OSINT Service in respect of a Domain that is operating in the course of a trade, business or profession. We shall not provide the OSINT Service in respect of any individual not acting for the purposes of a trade, business or profession.
5.2 We shall use reasonable endeavours to provide the OSINT Service and deliver the Report for the OSINT Service in accordance with any timetable agreed with you, provided that time shall not be of the essence.
5.3 In providing the OSINT Service we collect data from publicly available sources and the Report shall contain personal data. You agree that it is not commercially realistic to obtain the consent of each individual identified in the Report for the OSINT Service, and accordingly, we collect and process this personal data for our legitimate business interests in accordance with the lawful grounds for processing personal data under the Data Protection Legislation. On receipt of the Report, you become the controller of the personal data within the Report, and you must ensure that you use, process and store such personal data in accordance with the Data Protection Legislation.
6. Email Tracking Service
6.1 If you provide us with personal data in order that we can provide the Email Tracking Service, you warrant and represent to us that you have provided such data to us in accordance with the lawful grounds for processing personal data under the Data Protection Legislation. At our request you shall provide us with documentary evidence of your compliance with this warranty. We shall process such personal data in accordance with Condition 11.
6.2 If you request that we process the personal data collected under the OSINT Service to provide the Email Tracking Service, you agree that the provisions of Condition 5.3 apply, and accordingly, we shall process such personal data in accordance with Condition 11.
6.3 You shall indemnify and keep us, our agents and officers, indemnified from and against any costs, claims, liabilities, expenses, damages, fees (including court and legal fees) and losses that we may suffer because of any claim or complaint arising as a result of the provision of the Email Tracking Service including from:
(a) any regulatory authority or court;
(b) any data subject who receives an email under the Email Tracking Service including any claim that they should not have received the email, and/or that we had no right to track their access to and use of the email and any link in the email; and/or
(c) any third party that claims the content of the email infringes their IP Rights, except where we have provided such content.
6.4 Notwithstanding any other provision of this Condition 6, we shall use reasonable endeavours not to contact any data subject that we know has expressly requested that they do not receive email marketing materials.
6.5 We shall use reasonable endeavours to provide the Email Tracking Service in accordance with any timetable agreed with you, provided that time shall not be of the essence.
7. Credits
7.1 You can purchase Credits on our Website. We may from time to time offer you free Credits if you provide feedback to us about our Service.
7.2 Credits are valid for a period of 12 months from the date of purchase and accordingly must be exchanged for a Service within such 12 month period.
7.3 Credits have no value except as set out in these Terms of Service, are non-refundable (except in accordance with Condition 13) and cannot be redeemed for cash. Credits may not be transferred to any third party.
7.4 The purchase price of Credits may change and we determine at our sole discretion the number of Credits to be exchanged for a Service. If your Credit balance is below the Credits required for a Service, you must purchase additional Credits to exchange before you can purchase the Service.
7.5 You can check your Credit balance within your account on our Website.
8. Intellectual Property
8.1 The copyright in the Website, the Services and the Reports is owned by or licensed to us. You may access the Report on our Website on completion of the Service, and you may use the Report for your own purposes. You may share the Report with third parties only if those parties will use the Report for your purposes. However, you agree that a Report may contain personal data, and accordingly, you are responsible for ensuring that you have lawful grounds under the Data Protection Legislation for sharing such personal data.
8.2 If you are a Business, you agree that we shall be entitled to reproduce and use your name and associated logos within publicity for the Website, the Services and our business generally.
8.3 You grant to us the right and licence to use, edit, copy, modify and distribute any feedback you provide to us within publicity for the Website, the Services and our business generally.
9. Confidential Information
9.1 Confidential Information shall mean all information that is marked confidential or is manifestly by its nature confidential and whether written or oral and in whatever medium and relates to the business, products, financial and management affairs, customers, employees or authorised agents, plans, proposals, strategies or trade secrets disclosed by one party (the Disclosing Party) to the other party (the Receiving Party). We acknowledge and agree that the System and the Client Data is your Confidential Information.
9.2 The Receiving Party shall not, and shall ensure that its employees shall not, use copy or disclose any of the Confidential Information of the Disclosing Party except to carry out its obligations and exercise its rights under these Terms of Service.
9.3 The Receiving Party shall disclose the Disclosing Party’s Confidential Information only to those of its employees to the extent that they need to know the same in order to carry out its obligations under these Terms of Service and where those employees are bound by written obligations of confidentiality and non-use and such obligations apply to the Confidential Information disclosed to them.
9.4 The provisions of Conditions 9.1, 9.2 and 9.3 shall not apply to any Confidential Information which:
(a) is or becomes generally available to the public other than as a result of any act or omission of the Receiving Party;
(b) is already in or comes into the possession of the Receiving Party from a person lawfully in possession of the information and owing no obligation of confidentiality to the Disclosing Party in respect of the information;
(c) is already known to the Receiving Party; or
(d) is required to be disclosed by any court, government or administrative authority competent to require disclosure.
10. Disclaimer – Your attention is particularly drawn to this Condition
10.1 Whilst we provide the Security Scanning Services using reasonable skill and care, you understand and agree that there are limitations on the effectiveness of any security and vulnerability testing and reporting. In particular, you agree that:
(a) you should not consider the Report as the sole source of monitoring the security and vulnerability of your System. You should continue to use all other data and information available to you in relation to the System;
(b) the Report may contain false positives, false negatives and other errors and omissions and we cannot guarantee that all information in the Report is or will remain accurate, timely or complete;
(c) the results or outcomes of the Security Scanning Service are in any event dependent on your ability to implement any content of the Report; and
(d) if you are Business, you acknowledge and agree that the Security Scanning Service is an investigation service and is not, and should not, replace your IT support service.
10.2 The Security Scanning Service is designed to test for security flaws and can do damage to the Systems due to the nature of its functionality. Testing for security flaws inherently involves interacting with Systems in non-standard ways which can cause problems in some vulnerable Systems. You expressly accept that there is a risk of damage and risk of loss of data or loss of use in respect of any data on your System.
10.3 Whilst we provide the OSINT Service and the Email Reporting Services using reasonable skill and care, you understand and agree that we do not warrant that:
(a) the Report shall be accurate, timely or complete; or
(b) the Service shall generate any particular information or results.
10.4 You are solely responsible for ensuring that the Service is appropriate and suitable for your needs.
10.5 You agree that the Report is for information only and does not constitute any form of advice, recommendation or arrangement by us.
10.6 If you are a Business, you agree that you have not been induced to enter into these Terms of Service by any representation or by any warranty (whether oral, or in writing, or in any other form) except those expressly made part of these Terms of Service. To the extent permitted by law, no representations, warranties or conditions are given or assumed by us in relation to the Service except as set out in these Terms of Service.
10.7 If you are a Business, we shall not be liable to you for:
(a) loss of profits;
(b) loss of business;
(c) loss or corruption of data or information including the Client Data;
(d) business interruption;
(e) loss of goodwill or reputation;
(f) loss of or wasted expenditure and/or staff or management time; and/or
(g) any kind of special, indirect, consequential loss or pure economic loss whether or not advised of the possibility of the same.
Our total liability to you for all claims or series of claims under these Terms of Service whether in contract, negligence or otherwise for any damages, losses or expenses shall be limited to the cost of the Credits exchanged for the Service in question.
10.8 If you are a Consumer, we shall be liable only for direct losses that you suffer as a result of our breach of these Terms of Service and/or our negligent act or omission.
10.9 If at any time either party is prevented or hindered from carrying out its obligations under these Terms of Service for reasons beyond its control, including war, invasion, armed conflict, terrorism, strike, lock-out, labour dispute, pandemic, epidemic, riot, civil commotion, accident, act of God, fire, flood and storm it shall notify the other party accordingly, and its obligations under these Terms of Service shall be suspended.
10.10 Nothing in these Terms of Service limits or excludes our liability for death or personal injury resulting from our negligence, fraud or fraudulent misrepresentation, and/or any other liability that cannot lawfully be excluded under English law.
11. Data Processing
11.1 This Condition 11 applies only to a Business.
11.2 The parties acknowledge that during the provision of the Service, we may access names, email addresses and other personal data included within the System. For the purposes of the Data Protection Legislation we are the processor of the Client Personal Data, and you are the controller of the Client Personal Data.
11.3 The parties shall both comply at all times with the Data Protection Legislation and shall not do anything (or fail to do anything) to cause the other party to breach any of its obligations under the Data Protection Legislation. Each party shall promptly notify the other party if it becomes aware of any breach of the Data Protection Legislation by it in connection with the Service.
11.4 You warrant that you have the right to engage us to process the Client Personal Data under the Data Protection Legislation.
11.5 You agree that we shall be entitled to sub-contract processing of the Client Personal Data provided that it shall be fully responsible for the acts and omissions of all sub-processor as if they were our acts and omissions.
11.6 In processing the Client Personal Data on your behalf, we shall:
(a) process the Client Personal Data only as necessary to provide the Service;
(b) co-operate with you, and promptly provide such information and assistance as you may reasonably require, to enable you to comply with your obligations under the Data Protection Legislation taking into account the nature of the processing and the information available to us;
(c) comply with any request from you requiring us to amend, transfer or delete Client Personal Data (to the extent we store the Client Personal Data on our systems) or to restrict processing and we shall confirm that such request has been implemented;
(d) take and implement all such technical and organisational security procedures and measures necessary and appropriate which ensure a level of security to preserve the security and confidentiality of any Client Personal Data processed by us having regard to the types of personal data being processed and to the extent we store the Client Personal Data on our systems;
(e) upon termination of the Service or as may be requested in writing at any time by you, cease to use the Client Personal Data and at your discretion return the Client Personal Data and delete all copies of it to the extent commercially possible (to the extent we store the Client Personal Data on our systems); and
(f) notify you if we become aware of any security breach affecting the Client Personal Data on our system;
(g) permit you and/or your auditor to inspect and audit our activities under this Condition 11 during working hours and on reasonable notice at non more than once in each 12 (twelve) month period; and
(h) co-operate and assist you or any regulator where you are required to deal or comply with any assessment, enquiry, notice or investigation by a relevant regulator so as to enable you to comply with all of your obligations as a controller which arise as a result of such an assessment, enquiry, notice or investigation.
11.7 You agree that we may process Client Personal Data outside the UK or European Economic Area, including through our sub-contractors, provided that we shall ensure that any processing that does take place, complies with the Data Protection Legislation or to a country, a territory or sector to the extent that the European Commission has decided that the country, territory or sector ensures an adequate level of protection for Personal Data.
11.8 Notwithstanding any other provision of these Terms of Service, we may process the Client Personal Data if and to the extent that we are required to do so by applicable law. In such a case, we shall inform you of the legal requirement before processing, unless that law prohibits such information.
12. Non-solicitation
12.1 This Condition 12 applies only to a Business.
12.2 While you have an account on our Website and for a period of 12 (twelve) months after termination, you may not solicit for hire or hire as an employee, or engage as an independent contractor any of our members of staff.
12.3 If you breach the provisions of Condition 12.2, without prejudice to any other right or remedy available to us, you shall pay to us an amount equal to the salary or other payment payable to the employee in question during its contractual notice period or such equivalent amount where the member of the staff is not an employee.
12.4 The provisions of this Condition 12 shall not stop you from hiring any individual who responds to a public advertisement in relation to a vacancy.
13. Termination
13.1 If you are a Consumer and you exchange your Credits for a Service then you have the right to cancel the Service and we shall refund you the sums paid for the Credit using the same method you used to purchase the Credits, provided that:
(a) you email [email protected] requesting cancellation within 14 days from the date of the exchange of Credits; and
(b) we have not carried out the Service during that 14 day period.
13.2 If you are a Business you have no right to cancel the Service once you have exchanged your Credits.
13.3 You may terminate your account at any time and without liability. We may terminate your account at any time too, if for example we cease to provide the Service.
13.4 Termination shall not affect the accrued rights of the parties or the operation of any condition which expressly or by implication should continue after termination, including the right to claim damages in respect of any breach of these Terms of Service which existed at or before the date of termination.
13.5 If on termination you have Credits in your account and all Services have been provided to you in accordance with these Terms of Service, then:
(a) if you are a Consumer, within 30 days of the date of termination, we shall refund to you the price paid for any Credits that you have not exchanged at the date of termination using the same method you used to purchase the Credits; and
(b) if you are a Business, we shall be under no obligation to refund any Credits to you.
14. Dispute Resolution, Governing Law
14.1 This Condition 14 applies only to a Business.
114.2 If a dispute arises between us in respect of the provision of these Terms of Service, then within 7 (seven) days of the dispute arising, the dispute shall be escalated to a director or such other person of equivalent seniority as agreed between the parties. Within 7 (seven) days of escalation such nominated persons shall meet or speak in a good faith effort to resolve the dispute.
14.3 If no resolution to the dispute so referred has been agreed within a further 21 (twenty-one) days, then the parties will attempt to settle it by mediation in accordance with the Dispute Resolution (CEDR) Model Mediation Procedure. To initiate the mediation a party must give notice in writing to the other party to the dispute requesting mediation. Unless agreed between the parties, the mediator will be nominated by CEDR. The mediation will start no later than 7 (seven) days after the date of the notice. The commencement of mediation will not prevent the parties commencing or continuing court proceedings.
14.4 These Terms of Service are governed by and will be construed in accordance with the laws of England and Wales. The parties submit to the exclusive jurisdiction of the courts of England and Wales in relation to any legal actions or proceedings arising out of or in connection with these Terms of Service. Your consumer statutory rights are not affected by any provision of this Condition 14.
15. General
15.1 In providing the Services, we shall comply with the Bribery Act 2010, and our own anti-bribery policy as we may amend and update from time to time.
15.2 You shall not assign or delegate your rights and/or obligations under these Terms of Service, in whole or in part, to any third party by operation of law or otherwise, without our prior written consent. We may assign or delegate our rights and/or obligations under these Terms of Service at our discretion.
15.3 If any provision of these Terms of Service is found to be unenforceable, the remainder shall be enforced as fully as possible and the unenforceable provision shall be deemed modified to the limited extent required to permit its enforcement in a manner most closely approximating the intention of the parties.
15.4 Nothing in these Terms of Service shall confer or purport to confer on any other third party any benefit or the right to enforce any provision of these Terms of Service, whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise.
15.5 No waiver or delay by a party in enforcing its rights will prejudice or restrict those rights and no waiver of any right will operate as a waiver of any later right or breach.