Terms of Service

1. Agreement to Terms

These Terms of Service (“Terms”) constitute a legally binding agreement between you (“User”, “you”, or “your”) and BIT SENTINEL SECURITY SRL (“BIT SENTINEL”, “we”, “us”, or “our”), a company registered in Romania (EU) under registration number RO34300479, governing your access to and use of the Red Team Cockpit platform (“Platform”, “Service”).

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree, you must not use the Platform.

Access to the Platform is granted exclusively under a service contract between you (or your organization) and BIT SENTINEL. These Terms supplement your service agreement. Additional terms, conditions, and obligations specific to your engagement - including data processing agreements (DPAs), confidentiality clauses, and service level commitments - may apply as defined in your individual contract. In the event of any conflict between these Terms and your service agreement, the terms of the service agreement shall prevail.

2. Description of Service

Red Team Cockpit is an enterprise-grade penetration testing and red team management platform. The Platform provides:

• Project and engagement lifecycle management
• Scope definition and client approval workflows
• Vulnerability finding documentation with CVSS scoring
• AI-powered writing assistant for vulnerability descriptions and remediation guidance
• Secure credential storage for penetration testing engagements
• Report generation in PDF and DOCX formats
• Real-time team collaboration, comments, and task assignments
• Client portal for scope approval, finding review, and remediation tracking
• Security tool integrations (Nessus, Nuclei, Burp Suite, Nmap)
• Finding templates and reusable vulnerability libraries
• Multi-language support (English, German, French, Romanian)

3. Account Registration & Security

To use the Platform, you must create an account with accurate and complete information. You are responsible for:

• Maintaining the confidentiality of your account credentials
• Enabling and maintaining two-factor authentication (2FA) where required by your organization
• All activities that occur under your account
• Promptly notifying us of any unauthorized use of your account

We reserve the right to suspend or terminate accounts that violate these Terms or pose a security risk.

4. Acceptable Use

You agree to use the Platform only for lawful purposes and in accordance with these Terms. Specifically, you agree to:

• Use the Platform solely for authorized penetration testing, red team engagements, and security assessment activities
• Ensure all testing activities documented in the Platform have proper written authorization from the asset owner
• Not use the Platform to store, process, or manage data related to unauthorized or illegal security testing
• Not attempt to gain unauthorized access to the Platform, other accounts, or our infrastructure
• Not reverse engineer, decompile, or disassemble any part of the Platform
• Not use the Platform to develop a competing product or service
• Comply with all applicable laws and regulations, including data protection laws

5. Data Ownership & Responsibility

5.1 Your Data

Data ownership, usage rights, intellectual property, and any related obligations are defined in your service contract with BIT SENTINEL. Unless your contract specifies otherwise, you retain ownership of data you upload, create, or store on the Platform, including project data, vulnerability findings, scope definitions, credentials, reports, and client information (“Your Data”).

5.2 License to Operate

By using the Platform, you grant us a limited, non-exclusive license to process Your Data solely for the purpose of providing, maintaining, and improving the Service, including processing data through AI-assisted features as part of service delivery. The specific scope of this license and any additional rights or restrictions are governed by your service contract.

5.3 Your Responsibilities

You are solely responsible for:

• The accuracy, legality, and appropriateness of all data stored on the Platform
• Obtaining all necessary authorizations for penetration testing activities
• Ensuring that sharing vulnerability data with clients and team members is done in accordance with applicable confidentiality agreements
• Managing access permissions and roles within your organization's account
• Backing up critical data according to your own data management policies

6. AI-Assisted Processing

The Platform includes optional AI-powered features that assist with generating and processing security-related content such as vulnerability descriptions, remediation guidance, impact assessments, and other engagement documentation. By using the Platform, you acknowledge that:

• AI-assisted features may be used directly by your team through the Platform, or by BIT SENTINEL's penetration testing team as part of a managed security engagement on your behalf
• When AI features are used, relevant engagement data may be processed through third-party AI providers (such as Google Gemini, OpenAI, or Anthropic)
• AI-generated content is provided as a starting point and is reviewed by qualified security professionals before inclusion in deliverables
• We do not guarantee the accuracy, completeness, or suitability of AI-generated content
• The specific scope and limitations of AI-assisted processing may be further defined in your service contract or data processing agreement

If you engage BIT SENTINEL for managed penetration testing or red team services, our security professionals may use AI-assisted tools within the Platform to process engagement-related information as part of the contracted service delivery. This usage is governed by the terms of your service agreement.

7. Subscription, Payment & Contractual Terms

Access to the Platform is provided exclusively under a contractual agreement. Specific pricing, payment terms, feature availability, service scope, and data processing obligations are defined in your service agreement, order form, or statement of work. Platform fees may be billed as a standalone subscription or included as part of a broader service contract that covers additional services such as penetration testing, red team engagements, or other security assessments delivered by BIT SENTINEL. Unless otherwise agreed in your contract:

• Fees are billed in accordance with the terms defined in your service agreement
• Fees are non-refundable except as required by applicable law
• We reserve the right to modify pricing with 30 days' prior written notice
• Failure to pay may result in suspension or termination of access

All commercial terms, including pricing structure, billing cycles, and scope of included services, are governed by your individual contract with BIT SENTINEL.

8. Intellectual Property

The Platform, including its design, code, features, documentation, trademarks, and all related intellectual property, is and remains the exclusive property of BIT SENTINEL SECURITY SRL. These Terms do not grant you any rights to our intellectual property except the limited right to use the Platform as described herein.

9. Service Availability & Support

We strive to maintain high availability of the Platform but do not guarantee uninterrupted access. We may perform scheduled maintenance, updates, or upgrades that temporarily affect availability. We will make reasonable efforts to notify users in advance of planned downtime.

Service level commitments, uptime guarantees, support response times, and escalation procedures - where applicable - are defined in your service contract. Technical support is provided in accordance with the terms of your agreement with BIT SENTINEL.

10. Limitation of Liability

Liability terms, caps, and exclusions may be specifically defined in your service contract. Where your contract includes liability provisions, those provisions shall apply. To the extent not addressed in your contract, and to the maximum extent permitted by applicable law:

• The Platform is provided “as is” and “as available” without warranties of any kind, either express or implied
• We shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Platform
• Our total aggregate liability shall not exceed the amount you paid for the Service in the twelve (12) months preceding the claim, unless otherwise specified in your contract
• We are not liable for any damages resulting from unauthorized access to your account caused by your failure to maintain adequate security measures

11. Indemnification

Indemnification obligations may be specifically defined in your service contract. Where your contract includes indemnification provisions, those provisions shall apply. To the extent not addressed in your contract, you agree to indemnify and hold harmless BIT SENTINEL SECURITY SRL, its officers, employees, and affiliates from any claims, damages, losses, or expenses (including reasonable legal fees) arising from:

• Your use of the Platform in violation of these Terms or your service agreement
• Unauthorized penetration testing activities documented or managed through the Platform
• Your violation of any applicable law or third-party rights
• Data you store or process through the Platform

12. Termination

Termination conditions, notice periods, and post-termination obligations are defined in your service contract. Either party may terminate the service relationship in accordance with the applicable service agreement. Unless your contract specifies otherwise, upon termination:

• Your access to the Platform will be revoked
• You may request an export of Your Data within the period specified in your contract (or 30 days if not specified)
• After the data export period, Your Data will be permanently deleted unless retention is required by law or your contract
• Provisions regarding intellectual property, limitation of liability, indemnification, and governing law survive termination

13. Governing Law & Dispute Resolution

These Terms are governed by and construed in accordance with the laws of Romania. Where your service contract specifies governing law or dispute resolution mechanisms, those provisions shall take precedence. Otherwise, any disputes arising from or relating to these Terms or the use of the Platform shall be resolved by the competent courts in Bucharest, Romania, unless otherwise required by mandatory consumer protection laws in your jurisdiction.

14. Changes to These Terms

We reserve the right to modify these Terms at any time. We will notify you of material changes at least 30 days before they take effect by posting the updated Terms on our website and, where appropriate, by email. Continued use of the Platform after the effective date constitutes acceptance of the updated Terms.

15. Contact