Terms of Service

By accessing or using the website at unlocksec.com (the "Site") or engaging UnlockSec Cybersecurity Private Limited ("UnlockSec", "we", "us", or "our") to provide security services, you agree to be bound by these Terms of Service ("Terms"). If you are entering these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to these Terms.

If you do not agree to these Terms, please do not use the Site or engage our services. Use of our services is also subject to our Privacy Policy, which is incorporated into these Terms by reference.

UnlockSec provides offensive cybersecurity services including, but not limited to, vulnerability assessment and penetration testing (VAPT), red team operations, AI security assessments, cloud security reviews, and related advisory services (collectively, "Services").

We also operate the Security Blueprint platform, an external attack surface management tool available under separate subscription terms. Where conflicts exist between these Terms and a platform-specific agreement, the platform-specific agreement shall prevail.

The specific scope, deliverables, timelines, and fees for each security engagement are defined in a separate Statement of Work ("SOW") and Master Services Agreement ("MSA") executed between UnlockSec and the client. In cases of conflict between these Terms and an executed MSA, the MSA shall prevail.

Our Services are intended for business clients only. By engaging our services, you represent and warrant that:

• You are at least 18 years of age and have legal capacity to enter a binding agreement.
• You are duly authorised to enter these Terms on behalf of the contracting entity.
• You have the legal right to authorise security testing of all systems in the agreed scope.
• All information you provide to us is accurate and complete.

All security engagements require a signed Statement of Work or equivalent written authorisation before testing commences. Verbal or email-only authorisations are not sufficient to commence active testing.

Clients are responsible for:

• Providing written authorisation covering all in-scope systems, IP ranges, applications, and third-party assets.
• Ensuring that third-party systems included in scope have been separately authorised by those third parties.
• Notifying their own hosting providers, ISPs, or cloud providers of scheduled testing where required.
• Promptly communicating changes to scope or environment that may affect the engagement.

UnlockSec will not commence or continue testing if we believe the scope authorisation is unclear or insufficient. Testing that is paused for this reason does not entitle the client to a refund of fees already incurred.

Use of our website is subject to the following restrictions. You must not:

• Use the Site in any way that violates applicable laws or regulations.
• Attempt to probe, scan, or test the vulnerability of our own systems without written permission.
• Transmit unsolicited communications, spam, or malicious code through the Site.
• Misrepresent your identity or organisational affiliation when requesting services.
• Use our services to perform testing against systems you do not have explicit authorisation to test.
• Reverse engineer, copy, or derive competitive intelligence from our proprietary methodologies.

Violation of these restrictions may result in immediate termination of your engagement and may be reported to relevant law enforcement authorities.

All content on this Site — including text, graphics, logos, and software — is the property of UnlockSec Cybersecurity Private Limited or its licensors and is protected by applicable intellectual property laws. You may not reproduce, distribute, or create derivative works without our express written consent.

With respect to security engagement deliverables (reports, findings, recommendations):

• Clients receive a perpetual, non-transferable licence to use the deliverables internally.
• UnlockSec retains ownership of all underlying methodologies, tooling, and know-how.
• Clients may not publish, distribute, or share raw report content with third parties without written consent.
• Anonymised, aggregate, or generalised findings may be used by UnlockSec for research and marketing purposes unless the client explicitly opts out in the MSA.

Both parties acknowledge that during the course of an engagement, each may receive confidential information from the other. Each party agrees to:

• Hold confidential information in strict confidence using at least the same safeguards applied to their own confidential information (minimum: reasonable care).
• Not disclose confidential information to third parties without the other party's prior written consent.
• Use confidential information solely for the purposes of the engagement.
• Return or destroy confidential information upon request or upon termination of the engagement.

These confidentiality obligations survive termination of any agreement by a period of three (3) years, except where longer periods are required by law.

To the maximum extent permitted by applicable law:

Disclaimer of warranties. Our website and services are provided "as is" and "as available." UnlockSecmakes no warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement. We do not warrant that security testing will identify all vulnerabilities in your environment.

Cap on liability. In no event shall UnlockSec's total aggregate liability to a client exceed the fees paid by that client in the twelve (12) months preceding the event giving rise to the claim.

Exclusion of consequential damages. Neither party shall be liable for indirect, incidental, special, punitive, or consequential damages — including lost profits, lost data, or business interruption — regardless of the theory of liability, even if advised of the possibility of such damages.

Nothing in these Terms limits liability for fraud, gross negligence, willful misconduct, or death or personal injury caused by negligence.

You agree to indemnify, defend, and hold harmless UnlockSec Cybersecurity Private Limited and its officers, directors, employees, and agents from and against any claims, damages, losses, and expenses (including reasonable legal fees) arising from:

• Your breach of these Terms or any executed MSA or SOW.
• Your misrepresentation of authorisation to test in-scope systems.
• Any third-party claims arising from your use of our deliverables.
• Your violation of any applicable law or the rights of any third party.

Unless otherwise stated in an executed SOW or MSA:

• 50% of the engagement fee is payable upon SOW execution to reserve the engagement slot.
• The remaining 50% is payable upon delivery of the final report.
• Invoices are due within 14 days of issue. Late payments attract interest at 1.5% per month.
• All fees are exclusive of applicable taxes (including GST where applicable in India).
• Refunds are available only for the deposit portion if an engagement is cancelled more than 5 business days before the agreed start date.

Either party may terminate an engagement in accordance with the terms of the executed MSA or SOW. In the absence of such terms, either party may terminate with 14 days written notice.

UnlockSec reserves the right to immediately suspend or terminate any engagement — without refund of fees already paid — if:

• We have reasonable grounds to believe the engagement is being used for unauthorised or illegal purposes.
• The client fails to provide adequate authorisation documentation.
• The client's conduct creates material risk to our operators, personnel, or systems.
• The client is in material breach of payment or confidentiality obligations.

Sections covering IP rights, confidentiality, liability, indemnification, and dispute resolution survive termination of these Terms.

Informal resolution. The parties agree to first attempt to resolve any dispute informally by contacting legal@unlocksec.com. We will make reasonable efforts to resolve the issue within 30 days of receiving written notice.

Arbitration. If informal resolution fails, disputes shall be submitted to binding arbitration under the rules of [Arbitration Body — e.g., Indian Council of Arbitration or SIAC] in Hyderabad, India. The arbitration shall be conducted in English by a single arbitrator mutually agreed upon by the parties.

Class action waiver. You agree to resolve disputes only in your individual capacity. You waive the right to participate in any class, collective, or representative action.

Nothing in this section prevents either party from seeking emergency injunctive or other equitable relief from a court of competent jurisdiction.

These Terms are governed by and construed in accordance with the laws of India, without regard to its conflict of law principles. Subject to the arbitration clause above, the courts of Hyderabad, Telangana, India shall have exclusive jurisdiction over any dispute arising from or related to these Terms.

We reserve the right to modify these Terms at any time. We will notify you of material changes by posting a notice on our website. Your continued use of the Site or services following such notice constitutes acceptance of the revised Terms.

For active engagements, changes to Terms do not affect the rights and obligations set out in your executed MSA or SOW unless both parties agree in writing.

For legal enquiries, contract questions, or to report a Terms violation: