Terms of Service
Last updated: June 11, 2026
Acceptance of Terms
By accessing and using the Cybersecify Consulting (OPC) Private Limited ("Cybersecify", "we", "us", or "our") website (cybersecify.com) and our services, you agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use our website or services.
Services
Cybersecify provides penetration testing, security consulting, cyber threat intelligence, and compliance readiness services. All services are provided under separate engagement agreements that define the scope, timeline, deliverables, and terms specific to each project.
Service Delivery Terms
The following terms apply to standard service engagements unless otherwise specified in a signed engagement agreement:
- Penetration test reports are delivered within 7 to 10 calendar days per scope from the conclusion of active testing.
- Retests are included at no additional cost if requested within 30 calendar days of the initial report delivery date.
- Security Retainer (10 hours of founder-led consulting per month, 3-month minimum commitment, INR 24,999/month) refreshes hours each calendar month. Includes 1 automated external attack surface scan + 1 Brand Protection scan per month. Security Retainer fees are non-refundable. Cancellable after the 3-month minimum with 30 days notice.
- All prices displayed on the website are in Indian Rupees (INR) and exclude applicable taxes (GST or other duties). Tax will be added at the time of invoicing as required by law.
Payment Terms
Unless otherwise specified in a signed engagement agreement, the following payment terms apply:
- Security Retainer (INR 24,999/month, 3-month minimum): First-month payment is due before work begins. Subsequent monthly invoices are issued on the engagement start date each month and payable within 7 days. Payment is accepted via UPI or bank transfer (NEFT/RTGS).
- Penetration Testing (Startup & Growth plans): 50% of the engagement fee is due before testing begins. The remaining 50% is due upon delivery of the final report. Payment is accepted via bank transfer (NEFT/RTGS).
- Audit & Compliance (one-time engagements): 50% of the engagement fee is due before work begins. The remaining 50% is due upon delivery. Payment is accepted via bank transfer (NEFT/RTGS).
- Cyber Threat Intelligence (one-time engagements): 50% of the engagement fee is due before work begins. The remaining 50% is due upon delivery. Payment is accepted via bank transfer (NEFT/RTGS).
- Cyber Threat Intelligence (continuous monitoring): Invoiced monthly at the end of each calendar month. Payment is due within 15 days of invoice date via UPI or bank transfer (NEFT/RTGS).
- Fractional Security (consulting engagements): Invoiced monthly at the end of each calendar month for work delivered during that month. Payment is due within 15 days of invoice date via UPI or bank transfer (NEFT/RTGS).
OpenEASD
OpenEASD is offered as two distinct products that share a brand: a self-hosted open source tool and a hosted scan service we run on your behalf. Terms differ for each and are listed separately below.
OpenEASD Self-Hosted (Open Source)
The self-hosted version of OpenEASD is distributed by Cybersecify under the MIT License at github.com/cybersecify/OpenEASD. Users clone the repository and run OpenEASD themselves on their own infrastructure. Cybersecify does not receive scan data, does not store findings, and does not provide commercial support for self-hosted use. By downloading, installing, or running OpenEASD yourself, you agree to the following:
- Use against authorised targets only. You represent and warrant that you will use OpenEASD only against domains and infrastructure that you own or have explicit written authorisation to scan. Using OpenEASD against any other target is prohibited and may constitute unauthorised computer access under applicable laws.
- No warranty. OpenEASD is provided "as is" without warranty of any kind. Cybersecify makes no guarantee that the tool will detect all vulnerabilities, will produce accurate findings, or will be free of defects. The MIT License terms in the repository govern all warranty and liability.
- No liability for findings or actions. Cybersecify is not liable for any findings produced by OpenEASD, any actions you or any third party take (or fail to take) based on those findings, or any consequence arising from your use of the tool. All risk of use rests with you.
- External, non-intrusive reconnaissance only. OpenEASD is designed to perform external, non-intrusive reconnaissance using publicly observable configuration. It is not a substitute for a penetration test or a full security assessment.
- No substitute for professional advice. Findings reflect publicly observable configuration at the time of scanning and may not capture all risks. For a qualified review of findings or a full security assessment, engage a certified security professional.
- Community support model. Support for self-hosted OpenEASD is provided on a best-effort basis through the public GitHub repository (issues and pull requests). Cybersecify does not provide direct commercial support for self-hosted use.
OpenEASD Hosted Scan Service
Cybersecify operates a free hosted version of OpenEASD at cybersecify.com/openeasd/. You submit a domain through the form on that page; we run an external attack surface scan against the submitted domain on our infrastructure and email the report to the address you provide. By submitting a domain for a hosted scan, you agree to the following:
- Authorisation required. You represent and warrant that you own the submitted domain, or hold explicit written authorisation from the domain owner to request a scan. We will not run scans where authorisation is unclear. Submitting a domain you are not authorised to scan is prohibited and may constitute unauthorised computer access under applicable laws.
- Data handling. The information you submit (name, work email, domain, optional role and company) is used to deliver the scan report and follow up with you about your results. We do not sell submission data to third parties. We may retain submissions and the resulting reports for our internal records and to inform future product improvements. You can request deletion of your submission by emailing contact@cybersecify.com.
- External, non-intrusive scope only. The hosted scan performs external, non-intrusive reconnaissance using publicly observable configuration of the submitted domain. It does not authenticate, exploit, or perform any intrusive action against the target. It is not a substitute for a penetration test or a full security assessment.
- Founder-reviewed best-effort delivery. Reports are reviewed by a Cybersecify founder before delivery. We target 48 business hours from submission to report delivery but do not guarantee a specific turnaround. We reserve the right to decline, delay, or cancel a scan request without explanation.
- No warranty on findings. Hosted scan findings are provided "as is." We make no guarantee that the scan will detect all vulnerabilities, will produce accurate findings, or will be free of defects. Cybersecify is not liable for any findings, for any action you or any third party take based on the report, or for any consequence arising from your use of the report.
- No substitute for professional advice. Findings reflect publicly observable configuration at the time of scanning and may not capture all risks. For a qualified review of findings or a full security assessment, engage a certified security professional or one of our paid services.
- Free of charge with no obligation. The hosted scan is free. Receiving a report does not create a contractual relationship and does not obligate you to purchase any paid service from Cybersecify.
Website Content Disclaimer
The content on this website, including blog posts, articles, guides, pricing information, comparison tables, and technical descriptions, is provided for informational purposes only and does not constitute professional security advice, legal advice, or a guarantee of any outcome. While we make reasonable efforts to ensure accuracy, we do not warrant that all content is complete, current, or error-free.
Blog posts and articles may contain general security guidance that may not be applicable to your specific environment, technology stack, or regulatory requirements. You should not rely solely on website content to make security decisions. Always consult with a qualified professional for advice tailored to your situation.
Pricing information displayed on the website represents entry-level pricing and is subject to change. Final engagement pricing is determined based on scope, complexity, and requirements discussed during consultation.
If you spot an error, inaccuracy, or outdated reference on our website or in our content, please email contact@cybersecify.com. We aim to review and correct reported errors on a best-effort basis. We do not, however, guarantee continuous monitoring of all third-party references or that all corrections will be made.
Scam Awareness Content
Blog posts and guides categorised under Scam Awareness (including content on digital arrest scams, fake recruiter campaigns, sextortion, fake loan apps, SMS scams, and similar citizen-facing topics) are provided as free public information. References to the National Cybercrime Helpline 1930, cybercrime.gov.in, and other government-operated reporting channels are intended to help citizens reach the correct authorities and do not constitute professional legal advice, formal incident response, law enforcement liaison, or a contracted service.
Where we offer free verification of whether something appears to be a scam via WhatsApp or email, this is a best-effort community service. We may decline to respond, may not respond within any stated timeframe, and do not guarantee accuracy. Verification responses are informational and do not create a contractual relationship, do not constitute legal counsel, and do not transfer any duty of care to Cybersecify. For paid hands-on help with active scam incidents, evidence preservation, or post-incident response, separate scoping and a written engagement agreement apply.
If you have already lost money or believe you are being actively defrauded, contact the National Cybercrime Helpline (1930) and your bank immediately. Time-sensitive recovery actions are the responsibility of those institutions; Cybersecify is not an emergency response service.
Investigations and Original Research
Content published at /investigations/ consists of original forensic research and observational analysis based on publicly observable signals (including WHOIS data, registry filings, DNS records, public web content, regulator databases, and similar open sources). Investigations may name specific entities, individuals, websites, or campaigns where the public-interest value of identifying them outweighs the cost.
Investigations are journalistic and research output, not legal findings or attribution determinations. Patterns we identify (shared infrastructure, registrant overlap, infrastructure clustering, behavioural similarity to known threat actors, etc.) are provided as observations, not legal conclusions. Cybersecify makes reasonable efforts to verify claims and to issue defensive clearances where ambiguity exists, but we do not warrant that every interpretation will be correct.
If you are named in an investigation and believe a factual claim is in error, or you have additional context that would correct or contextualise a claim, please email contact@cybersecify.com. We maintain a visible changelog on each investigation page and will publish verifiable corrections promptly. We do not, however, agree to remove published content based on objection alone in the absence of a factual error.
Website Content Changes
Website content, including pricing, service descriptions, marketing claims, blog posts, and tool documentation, may change without notice as our offerings evolve. We do not maintain a public archive of prior versions. Final terms for any engagement are those captured in the signed engagement agreement or proposal between Cybersecify and the client. Where website content and a signed agreement conflict, the signed agreement governs. Screenshots, archived copies (including third-party archives such as the Internet Archive), or earlier versions of our website do not modify the terms of any engagement.
Use of Automated Tools
Cybersecify uses automated tools, proprietary scripts, and industry-standard scanning utilities as part of our security assessment methodology. These tools assist with reconnaissance, vulnerability discovery, and data analysis. All findings are manually verified, validated, and documented by our certified security professionals before inclusion in any client deliverable.
Website content, including blog articles and guides, may be assisted by automated tools and is reviewed and edited by our team before publication.
Sample Report Disclaimer
The sample penetration test report available on our website (at /sample-report) is provided for illustrative purposes only. It uses entirely fictional data, including fabricated company names, domains, IP addresses, and vulnerability findings. Any resemblance to real organizations or systems is coincidental.
Actual report content, structure, depth, and findings will vary based on the specific engagement scope, target environment, testing methodology, and vulnerabilities discovered during the assessment. The sample report should not be used as a benchmark for the volume or severity of findings in any real engagement.
No Guarantee of Security
Penetration testing and security assessments are best-effort, point-in-time evaluations based on the scope, access, and information available during the engagement period. A completed penetration test or security assessment does not guarantee that your systems are free from all vulnerabilities, nor does it guarantee that your systems will not be breached in the future.
Security is an ongoing process. New vulnerabilities, attack techniques, and threat actors emerge continuously. Our assessments reflect the state of your systems at the time of testing and cannot account for changes made after the engagement, zero-day vulnerabilities, or threats outside the defined scope.
Cybersecify shall not be held liable for any security incident, data breach, or loss that occurs after or outside the scope of our engagement.
Scope of Testing
All penetration testing activities are performed only on systems explicitly authorized by the client within a signed scope agreement. We do not test systems without proper written authorization. Clients are responsible for ensuring they have the legal right to authorize testing on the specified systems.
Penetration testing engagements include standard reconnaissance against the authorized scope, using only publicly accessible sources. Ongoing monthly Brand Protection scans (typosquatting domains, leaked credentials, fake mobile apps, phishing infrastructure) and external attack surface scans are bundled with the Security Retainer (INR 24,999/month, 3-month minimum), not the pentest plans. All such checks use only publicly accessible sources and do not access private systems or data.
Confidentiality
We treat all client information, including vulnerability findings and assessment reports, as strictly confidential. We will not disclose any information to third parties without your explicit written consent, except as required by law.
Limitation of Liability
While we exercise professional care in performing our services, penetration testing inherently involves testing security controls and may occasionally cause disruptions. To the maximum extent permitted by applicable law:
- Cybersecify shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from our services, website content, or any information provided by us.
- Our total liability for any claim arising from an engagement shall not exceed the fees paid by the client for that specific engagement.
- We are not liable for damages resulting from the client's failure to implement recommended remediation measures.
- We are not liable for any loss or damage caused by reliance on information published on our website, blog, or social media channels.
Indemnification
You agree to indemnify, defend, and hold harmless Cybersecify, its founders, employees, and contractors from any claims, damages, losses, or expenses (including legal fees) arising from: (a) your misuse of our reports, findings, or deliverables; (b) your failure to maintain adequate security controls after our engagement; (c) your provision of inaccurate information about systems in scope; or (d) any unauthorized use of our testing methodologies, tools, or techniques disclosed during an engagement.
Intellectual Property
All content on this website, including text, graphics, logos, and design elements, is the property of Cybersecify and protected by applicable intellectual property laws. You may not reproduce, distribute, or create derivative works without our express written permission.
Client Obligations
Clients engaging our services agree to provide accurate information about the systems to be tested, ensure proper authorization for all in-scope systems, notify us of any changes to the testing scope or schedule, and not use our reports or findings for any unlawful purpose.
Report Ownership and Usage
Upon completion of an engagement and receipt of full payment, clients receive an exclusive, non-transferable license to use the assessment report and its findings for internal security purposes, compliance audits, and remediation. Clients may share the report with their auditors, investors, or legal counsel on a need-to-know basis.
Clients may not publish, publicly distribute, or share the report with competitors or unauthorized third parties without our written consent. We retain the right to reference the engagement (without disclosing confidential details) for our portfolio, unless otherwise agreed in writing.
Letter of Attestation. Growth Pentest engagements include a one-page Letter of Attestation as a standard deliverable, issued for the engagement period and signed by our Lead Penetration Tester (OSCP certified). The Letter references the testing methodology used (OWASP, PTES, CVSS scoring), the engagement window, and the ISO 27001:2022 Annex A controls that penetration testing supports as evidence (A.8.8 and A.8.29). The Letter does not contain technical findings or vulnerability detail. It is a point-in-time engagement attestation suitable for audit evidence and customer security questionnaires; it is not a certification, accreditation, or guarantee of the client's overall security posture. Clients may share the Letter with auditors, customers, regulators, and procurement teams on a need-to-know basis. Startup Pentest engagements do not include a Letter of Attestation by default; one can be issued on request as a paid add-on.
Third-Party Tools and Services
Our website may contain links to third-party tools, resources, and services. We do not endorse, guarantee, or assume responsibility for the accuracy, reliability, or safety of any third-party content. Your use of third-party tools and services is at your own risk and subject to those parties' terms and conditions.
Engagement Cancellation
If a client cancels an engagement after the advance payment has been made but before testing begins, Cybersecify will refund the advance minus any costs already incurred for scoping, scheduling, or preparation. If testing has already begun, no refund is provided for work completed, but the client will not be billed for the remaining balance unless deliverables are provided.
If Cybersecify is unable to deliver due to circumstances beyond our reasonable control (including but not limited to natural disasters, internet outages, government actions, or client-side access issues), timelines will be extended accordingly. If delivery becomes impossible, we will refund any fees paid for undelivered work.
Price Lock
Once a client accepts a proposal and pays the required advance, the quoted price is locked for that engagement. Price changes on the website do not affect active or paid engagements.
Governing Law and Dispute Resolution
These terms shall be governed by and construed in accordance with the laws of India. Any disputes arising from these terms or our services shall be resolved through good-faith negotiation. If negotiation fails, disputes shall be subject to the exclusive jurisdiction of courts in Bengaluru, Karnataka, India.
Modifications
We reserve the right to modify these Terms of Service at any time. Changes become effective upon posting to this page. Continued use of our website or services after modifications constitutes acceptance of the updated terms.
Contact
For questions about these Terms of Service, please contact us at:
Email: contact@cybersecify.com
Address: Bengaluru, Karnataka, India