Terms of Service

These Terms of Service ("Terms") form a binding agreement between you ("you", "User") and True Hacking ("True Hacking", "we", "us", "our") and govern your access to and use of the True Hacking platform at https://truehacking.ai, the related APIs, documentation, and any associated services (collectively, the "Service").

By creating an account, signing in via OAuth, or otherwise using the Service, you confirm that you have read, understood, and agree to be bound by these Terms and by the Privacy Policy. If you do not agree, do not access or use the Service.

If you accept these Terms on behalf of an organization, you represent that you have authority to bind that organization, and "you" refers to both you individually and the organization.

True Hacking is an AI-assisted security assessment platform that orchestrates reconnaissance, vulnerability scanning, and evidence-correlated reporting against assets ("targets") that you submit. The Service includes engagement management, scheduled and on-demand scans, finding triage, and report generation.

We may add, change, or remove features at any time. We will not materially reduce features included in a paid plan during a billing period without offering you a prorated refund.

You must be at least 18 years old and capable of forming a binding contract under the laws of your jurisdiction. The Service is not intended for use by minors.

You must provide accurate registration information and keep it current. You are responsible for safeguarding your credentials (including OAuth tokens, passwords, and 2FA secrets) and for all activity that occurs under your account.

Notify us immediately at support@truehacking.ai if you suspect unauthorized access to your account.

Account owners may invite other members into an organization. Owners are responsible for the actions of their members within the organization workspace and for ensuring members comply with these Terms.

This section is critical. The Service performs active reconnaissance and intrusive checks against the targets you submit. Unauthorized scanning of computer systems is illegal in Brazil under Lei 12.737/2012 (Lei Carolina Dieckmann) and in most other jurisdictions.

By submitting any domain, IP address, URL, or other asset to the Service, you represent and warrant that:

• You own the target, or you have explicit prior written authorization from the target's owner to perform security testing of the kind the Service performs;
• That authorization covers the scope, methods, and timing of the scans you initiate;
• You will retain that authorization in writing and produce it on our reasonable request;
• You will respect any rules of engagement, scope restrictions, testing windows, and out-of-band notification requirements set by the target owner;
• Your use of the Service complies with all applicable laws, including export-control, anti-terrorism, and computer-misuse laws.

You are solely responsible for any consequences of scanning a target without proper authorization. We may suspend or terminate your account immediately if we have reasonable grounds to believe you have violated this section, and we may cooperate with law enforcement as required by valid legal process.

You will not, and will not attempt to:

• Use the Service to scan, probe, or attack any system without proper authorization (see Section 4);
• Use the Service to perform denial-of-service, distributed denial-of-service, or sustained traffic-amplification attacks;
• Use the Service to send unsolicited communications (spam), phishing payloads, or malware to third parties;
• Reverse-engineer, decompile, or attempt to extract the source code, models, or proprietary detection logic of the Service, except to the extent that applicable law expressly permits;
• Circumvent, disable, or interfere with security, plan, or quota-enforcement features of the Service;
• Resell, sublicense, white-label, or otherwise commercially redistribute the Service without our prior written agreement;
• Use the Service to build a competing product, or to train an external AI model on Service outputs;
• Upload content that is unlawful, infringing, defamatory, or that contains material you do not have the right to upload;
• Use automated means (scrapers, bots) to access the Service outside of the documented APIs and within published rate limits.

The Service is offered under a Free plan and one or more paid plans. Plan features, scan modes, quotas, and prices are described on the Upgrade page within the Service and may be updated from time to time. Material changes to a plan you are subscribed to will be communicated by email at least 15 days before they take effect.

Paid plans are billed in advance on a recurring monthly or annual basis through the payment processor identified at checkout. By providing payment information you authorize us (and our payment processor) to charge the recurring fee, applicable taxes, and any usage-based overages until you cancel.

You may cancel a paid plan at any time from the billing settings. Cancellation takes effect at the end of the current billing period; you retain access until that date. Except where required by law, fees already paid are non-refundable.

Brazilian consumers covered by the Código de Defesa do Consumidor (Lei 8.078/1990) retain their statutory right of withdrawal within 7 days of an online purchase.

Prices are quoted exclusive of applicable taxes (ISS, PIS, COFINS, VAT, GST, or equivalent), which will be added at checkout where required.

If you downgrade to a plan with lower quotas, the lower limits apply going forward. We will not delete data that exceeds the new limits, but you may be unable to create new resources until usage falls below the new quota.

"User Content" means everything you submit to the Service: engagement metadata, target lists, manual notes, severity adjustments, proof-of-concept text, and similar inputs, plus the scan results and findings generated from those inputs.

You retain all rights to your User Content. You grant us a non-exclusive, worldwide, royalty-free license to host, store, process, transmit, display, and back up your User Content solely to the extent necessary to operate, secure, and improve the Service for you, and to comply with legal obligations.

We do not use your User Content to train general-purpose AI models for the benefit of other customers. AI enrichment of findings is performed using prompt context that stays scoped to your engagement.

Scan outputs frequently contain sensitive information about your (or your client's) infrastructure. We treat User Content as confidential and limit access to staff with a need-to-know for operating the Service.

The Service, including its software, user interface, AI prompts, detection logic, documentation, and brand assets ("True Hacking" name and logo), is owned by True Hacking and protected by intellectual property laws. These Terms do not transfer any ownership rights to you. You may use the Service only as permitted by these Terms.

Feedback you voluntarily provide about the Service is non- confidential and may be used by us without obligation to you.

The Service integrates open-source security tools and third-party services (including LLM providers and transactional email providers) to perform its functions. Those tools are provided under their own licenses and terms. We are not responsible for third-party services beyond our reasonable efforts to integrate them correctly and to disclose them in our Privacy Policy.

We make commercially reasonable efforts to keep the Service available and to schedule maintenance during low-traffic windows. We do not guarantee uptime except as expressly stated in a written service-level agreement signed by an authorized representative of True Hacking.

We may suspend the Service for maintenance, security incidents, or to comply with legal process. We will use reasonable efforts to notify you in advance of planned downtime.

You may terminate your account at any time from Profile → Delete Account. Termination ends your access and triggers the data- deletion timeline described in our Privacy Policy.

We may suspend or terminate your account immediately, with or without notice, if:

• You materially breach these Terms (in particular, Section 4 or 5);
• We have reasonable grounds to believe your use of the Service creates a security, legal, or reputational risk to us, our other users, or third parties;
• We are required to do so by law, court order, or competent authority;
• You fail to pay fees when due, after a 7-day cure period.

Sections that by their nature should survive termination (including 4, 7, 8, 12, 13, 14, and 16) will survive.

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON- INFRINGEMENT, OR THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR- FREE, OR SECURE.

Security testing is inherently incomplete. The Service may report false positives, miss real vulnerabilities, or fail to identify risks specific to your environment. You are responsible for independently validating findings before acting on them and for maintaining a complete security program; the Service is one input, not a substitute for one.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL TRUE HACKING, ITS AFFILIATES, OFFICERS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE.

OUR AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE WILL NOT EXCEED THE GREATER OF (A) THE FEES YOU PAID TO TRUE HACKING IN THE TWELVE MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) BRL 500.

Nothing in these Terms excludes or limits liability that cannot be excluded or limited under applicable law (including for willful misconduct, fraud, or rights of consumers under mandatory consumer-protection law).

You will defend, indemnify, and hold harmless True Hacking and its affiliates from and against any third-party claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Your use of the Service in violation of these Terms or applicable law;
• Your scanning of any target without proper authorization (Section 4);
• Your User Content, or your assertion that you have rights to submit it;
• Your breach of any representation or warranty in these Terms.

We may modify these Terms from time to time. The effective date at the top of this page reflects the most recent revision. For material changes we will notify registered users by email or in- app banner at least 15 days before the new version takes effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Terms; if you do not accept the changes, you must stop using the Service and may delete your account.

These Terms are governed by the laws of the Federative Republic of Brazil, without regard to its conflict-of-laws principles.

Any dispute arising out of or in connection with these Terms or the Service will be submitted to the exclusive jurisdiction of the courts of São Paulo, State of São Paulo, Brazil, except that consumers protected by the Código de Defesa do Consumidor may bring claims in the courts of their domicile as permitted by law.

• Entire agreement. These Terms, together with the Privacy Policy and any order form or written agreement executed by us, constitute the entire agreement between you and True Hacking regarding the Service.
• Severability. If any provision of these Terms is held unenforceable, the remaining provisions will remain in full force and effect.
• No waiver. Our failure to enforce a provision is not a waiver of our right to do so later.
• Assignment. You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.
• Force majeure. Neither party is liable for delay or failure caused by events beyond its reasonable control, including natural disasters, war, civil unrest, labor actions, network outages, or governmental action.
• Notices. We may give notice to you by email to the address on file or by in-app message. You may give notice to us at support@truehacking.ai.

For questions about these Terms, contact us at support@truehacking.ai.