Terms of Service

1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client," "you," or "your") and Red Badger Security, the cybersecurity practice of Red Badger Labs LLC ("Company," "we," "our," or "us"), regarding your use of our website redbadgersecurity.com and our cybersecurity services.

By accessing our website or engaging our services, you agree to be bound by these Terms. If you do not agree with these Terms, you must not use our services.

2. Services Description

Red Badger Security, operating under Red Badger Labs LLC, provides professional cybersecurity services including, but not limited to:

• Penetration Testing (Web Applications, Mobile Apps, APIs, Networks)
• Vulnerability Assessments
• Cloud Security Assessments
• Red Team Operations
• AI/LLM Security Testing
• Source Code Security Reviews
• Thick Client Application Testing
• Security Consulting and Advisory Services

Specific services will be detailed in individual Statements of Work (SOW) or service agreements.

3. Service Engagement and Scope

3.1 Scope Definition

All security testing engagements require a signed Statement of Work (SOW) that clearly defines:

• Testing scope (systems, applications, networks, IP ranges)
• Testing methodology and approach
• Rules of engagement and constraints
• Timeline and deliverables
• Pricing and payment terms

3.2 Authorization

Client warrants that they have legal authority to authorize security testing on all systems, applications, and infrastructure included in the scope. Client must obtain any necessary third-party permissions before testing begins.

3.3 Out-of-Scope Testing

We will not conduct testing outside the agreed scope without explicit written authorization. Any out-of-scope discoveries will be reported but not exploited without additional authorization.

4. Client Responsibilities

The Client agrees to:

• Provide accurate information about systems and infrastructure to be tested
• Designate a technical point of contact available during the engagement
• Ensure all necessary authorizations and permissions are obtained
• Provide testing credentials, access, or VPN connections as required
• Notify us immediately of any concerns or issues during testing
• Implement appropriate change control procedures during testing periods
• Backup critical systems before testing begins (where applicable)

5. Non-Disclosure and Confidentiality

5.1 Mutual Confidentiality

Both parties agree to maintain the confidentiality of all proprietary and sensitive information disclosed during the engagement. This includes:

• System architecture and configurations
• Vulnerability findings and security weaknesses
• Business processes and proprietary information
• Testing methodologies and tools

5.2 Non-Disclosure Agreement

All engagements are conducted under a separate Non-Disclosure Agreement (NDA) that provides additional protections for both parties.

5.3 Data Handling

We implement strict data handling procedures:

• All client data is encrypted in transit and at rest
• Assessment data is stored on secure, access-controlled systems
• Data is retained only as long as necessary per contractual obligations
• Secure data destruction procedures are followed upon engagement completion

6. Testing Methodology and Conduct

6.1 Professional Standards

Our testing follows industry-standard frameworks including OWASP, PTES, NIST, and relevant compliance standards. We adhere to ethical hacking principles and professional conduct at all times.

6.2 Responsible Disclosure

All vulnerabilities and findings are disclosed exclusively to the Client. We do not publicly disclose vulnerabilities without explicit written permission.

6.3 Testing Limitations

Our testing is limited to the agreed scope and timeline. We cannot guarantee discovery of all vulnerabilities. Security testing provides a point-in-time assessment and does not guarantee future security.

7. Deliverables and Reports

Upon completion of testing, we will deliver:

• Technical Report: Detailed vulnerability findings with CVSS scores, proof-of-concept evidence, and remediation guidance
• Executive Summary: High-level overview suitable for management and stakeholders
• Remediation Support: Consultation on fixing identified vulnerabilities (as agreed in SOW)

Reports are confidential and intended solely for the Client. Redistribution requires our written consent.

8. Payment Terms

8.1 Fees

Service fees are specified in the Statement of Work. Unless otherwise stated:

• 50% deposit due upon SOW execution
• Remaining balance due upon delivery of final report
• Payment terms: Net 30 days from invoice date

8.2 Late Payment

Late payments may incur interest charges at 1.5% per month or the maximum rate permitted by law, whichever is less.

8.3 Expenses

Unless otherwise stated, all expenses (travel, software licenses, cloud resources) are included in the quoted price.

9. Limitation of Liability

9.1 Service Disruption

While we take all reasonable precautions to avoid service disruption, security testing inherently carries risks. We are not liable for:

• Temporary service disruptions or downtime during authorized testing
• Data loss resulting from testing activities conducted within scope
• Issues arising from system configurations or vulnerabilities we identify

9.2 Liability Cap

Our total liability for any claims arising from our services shall not exceed the total fees paid by Client for the specific engagement giving rise to the claim.

9.3 No Warranty

Our services are provided "as is" without warranty of any kind. We do not guarantee that all vulnerabilities will be discovered or that systems will be secure after remediation.

10. Indemnification

Client agrees to indemnify and hold harmless Red Badger Security from any claims, damages, or expenses arising from:

• Client's unauthorized testing or use of our methodologies
• Testing conducted without proper authorization
• Client's failure to implement recommended remediation
• Breach of Client's obligations under these Terms

11. Termination

11.1 Termination by Client

Client may terminate services with written notice. Client remains responsible for fees incurred up to the termination date.

11.2 Termination by Company

We may terminate services if:

• Client breaches these Terms or the SOW
• Client requests out-of-scope or illegal activities
• Payment is not received according to agreed terms

11.3 Effect of Termination

Upon termination, confidentiality obligations continue, and all unpaid fees become immediately due.

12. Intellectual Property

12.1 Client Data

All client data, systems, and intellectual property remain the property of the Client.

12.3 Our Tools and Methodology

Our testing methodologies, tools, and proprietary techniques remain our intellectual property.

12.3 Reports

Reports delivered to Client are for Client's internal use only. Client owns the findings specific to their systems but cannot redistribute our report format, methodology descriptions, or recommendations without permission.

13. Insurance and Compliance

Red Badger Security maintains professional liability insurance (Errors & Omissions) and cyber liability insurance appropriate for the services we provide.

14. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the United States and the State of [Your State], without regard to conflict of law principles.

Any disputes shall first be attempted to be resolved through good-faith negotiation. If unresolved, disputes shall be submitted to binding arbitration in accordance with the rules of the American Arbitration Association.

15. Modifications to Terms

We reserve the right to modify these Terms at any time. Updated Terms will be posted on our website with a revised "Last Updated" date. Continued use of our services after changes constitutes acceptance of the modified Terms.

16. Severability

If any provision of these Terms is found to be unenforceable or invalid, the remaining provisions shall continue in full force and effect.

17. Entire Agreement

These Terms, together with any SOW, NDA, and related agreements, constitute the entire agreement between the parties and supersede all prior agreements or understandings.

18. Contact Information

For questions about these Terms of Service, please contact: